when installing apache with these USE flags USE="apache2 doc mpm-worker ssl threads -debug -ldap -mpm-itk -mpm-leader -mpm-peruser -mpm-prefork -mpm-threadpool -no-suexec -static-modules" then a file /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf is created which contains a VirtualHost configration for SSL. This file should be placed in /etc/apache2/vhosts.d
hannibal apache2 # emerge --info Portage 2.1-r2 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-gentoo-r13 i686) ================================================================= System uname: 2.6.16-gentoo-r13 i686 Intel(R) Pentium(R) M processor 1.80GHz Gentoo Base System version 1.6.15 app-admin/eselect-compiler: [Not Present] dev-lang/python: 2.3.5, 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium-m -O2 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=pentium-m -O2 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="ftp://pandemonium.tiscali.de/pub/gentoo ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo/" LANG="de_DE.utf8" LC_ALL="de_DE.utf8" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X acpi alsa apache2 apm arts avi berkdb bitmap-fonts cdr cli crypt cups dlloader doc dri dvb dvd dvdr eds emboss encode esd foomaticdb fortran gdbm gif gpm gstreamer gtk gtk2 imlib ipv6 isdnlog ithreads java jpeg kde libg++ libwww mad mikmod mmx motif mp3 mpeg ncurses nls nptl oci8 ogg opengl oss pam pcmcia pcre pdflib perl png pppd python qt qt3 qt4 quicktime readline reflection sdl session source spell spl sse sse2 ssl tcpd threads truetype truetype-fonts type1-fonts udev unicode usb userlocales vorbis xml xmms xorg xv zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux userland_GNU video_cards_radeon video_cards_vesa" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
Erm, not really, it's intended. I personally don't see much benefit from moving it solely for consistency sake, would cause quite a bit of confusion b/c of CONFIG_PROTECT.
Jakub is right. The SSL vhost is intended to go beside the SSL configuration, you can't have one without the other, and there are some very specific items in the SSL vhost that require the SSL module to be loaded. The two configuration files go together. Also note that the SSL really doesn't support the concept of vhosts, as you can only have one vhost per IP address. So the configuration file for the SSL vhost is not put in the vhosts.d directory as that would cause confusion when users copy it trying to get multiple SSL vhosts to work. If any change were to be made, it would be to combine the two files, but at this point I'm not going to do that as that makes upgrades more difficult (etc-update), and makes the SSL file rather large.
Michael, > The SSL vhost is intended to go beside the SSL configuration, > you can't have one without the other, and there are some very specific items in > the SSL vhost that require the SSL module to be loaded. I agree. But that does not mean that they belong into the same directory. > The two configuration files go together. Yes, but you can use IfDefine and IfModule statements to check if mod_ssl is loaded. > Also note that the SSL really doesn't support the concept of vhosts, as you can > only have one vhost per IP address. So the configuration file for the SSL vhost > is not put in the vhosts.d directory as that would cause confusion when users > copy it trying to get multiple SSL vhosts to work. I am a user and I am confused if I look into vhosts.d and do not find the SSL vhost configuration file. Also, you can have different vhosts with SSL (as you said, just one per IP address). > If any change were to be made, it would be to combine the two files, but at > this point I'm not going to do that as that makes upgrades more difficult > (etc-update), and makes the SSL file rather large. I vote for the separation of modules and vhosts, so I disagree. One last argument: on my setup, I use the mod_jk module for apache-tomcat connection, and mod_jk comes with config file modules.d/88_mod_jk.conf. I use mod_jk with my SSL vhost, which contains <VirtualHost *:443> <IfModule mod_jk.c> # include mod_jk as tomcat connector Include /etc/apache2/jk.conf </IfModule> </VirtualHost> This configuration does not work with 41_mod_ssl.default-vhost.conf being in modules.d - at the time, where 41_mod_ssl.default-vhost.conf gets loaded, 88_mod_jk.conf has not been loaded and the connector does not work. My solution to this problem: I moved 41_mod_ssl.default-vhost.conf to the directory vhosts.d, and now it works. Summary: I don't think this to be an important issue, and I filed the bug, because I have to modify the apache configuration after every update. If my arguments do not change your mind, then set this bug again to resolved wontfix and I close the bug.
The problems caused by upgrades that move configuration files as this change would cause are not worth the small if any benefit that moving the file to vhosts.d would create. As far as the issue with mod_jk: File a bug for that issue to have the mod_jk configuration file renamed so that it doesn't cause that conflict. Modules are supposed to integrate with the existing apache configuration instead of the existing apache configuration needing to be adjusted to work with modules.
>File a bug for that issue to have the mod_jk >configuration file renamed so that it doesn't cause that conflict. ok, i'll do this.