| |
@@ -24,7 +24,7 @@
|
| |
Summary: Apache HTTP Server
|
| |
Name: httpd
|
| |
Version: 2.4.58
|
| |
- Release: 2%{?dist}
|
| |
+ Release: 3%{?dist}
|
| |
URL: https://httpd.apache.org/
|
| |
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
| |
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
| |
@@ -418,6 +418,7 @@
|
| |
|
| |
# install conf file/directory
|
| |
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
|
| |
+ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/ssl-conf.d \
|
| |
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
|
| |
install -m 644 $RPM_SOURCE_DIR/README.confd \
|
| |
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
|
| |
@@ -820,6 +821,7 @@
|
| |
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
|
| |
|
| |
%files -n mod_ssl
|
| |
+ %dir %{_sysconfdir}/httpd/ssl-conf.d
|
| |
%{_libdir}/httpd/modules/mod_ssl.so
|
| |
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
|
| |
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
|
| |
@@ -859,6 +861,9 @@
|
| |
%{_rpmconfigdir}/macros.d/macros.httpd
|
| |
|
| |
%changelog
|
| |
+ * Thu Dec 7 2023 Gordon Messmer <gordon.messmer@gmail.com> - 2.4.58-3
|
| |
+ - add TLS-specific configuration snippet directory
|
| |
+
|
| |
* Thu Nov 2 2023 Joe Orton <jorton@redhat.com> - 2.4.58-2
|
| |
- add dependency on apr-util-1(dbm) so a DBM provider is present
|
| |
|
| |
gordonmessmer
commented 5 months ago
I'd like to propose the addition of a TLS-specific configuration snippet directory. This is similar to existing requests such as BZ#1005868, but not identical.
As an example of the problems that this solves:
I would like to use httpd to reverse-proxy access to Jenkins in order to provide access over TLS on the standard https port. This requires several configuration directives, including:
AllowEncodedSlashes NoDecode
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
The first of those is permitted in the global configuration context, but is not inherited by virtual hosts. As a result, if it appears in (e.g.) /etc/httpd/conf.d/jenkins-proxy.conf, it will have no effect for users that access the default https virtual host. That directive must appear in the https virtual host, rather than the global configuration context.
The latter two indicate to Jenkins that the user is accessing via https, so it is only appropriate for them to appear in the context of the https virtual host.
There is not currently any way to merge these configuration directives into the https virtual host, where they should appear, but adding a new "ssl-conf.d" would solve that problem trivially.