[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Making CA certificate available over http, __default__ rewrites



On Wed, Jul 10, 2013 at 04:53:53PM -0400, Luke Meyer wrote:
> 
> > Your points about ensuring that Brokers and Nodes don't own the whole
> > apache context is certainly valid though.  I'm sure we can improve
> > something there.  Please open a bug when you have a specific example
> > you need to get working and we'll take care of it.
> 
> I think it's really the node owning the whole apache namespace, and kindly making an exception for the broker in the all-in-one configuration. Shouldn't be a problem if the broker was separated out.
> 

If the broker is on separate machine, putting the directive to
/etc/httpd/conf.d/000002_openshift_origin_broker_proxy.conf is
certainly enough.

I think the main issue is that the node is making the exception for
the broker by duplicating the broker configuration, rather than by
handing it over to broker and let broker config handle it.

> Should the node apache conf recuse itself if no known gear is matched? I'm not sure that's such an easy thing to implement...

Hmm, it should be possible to do 000003 config file for the node in
addition to the 000001 which would come to play if 000002 (provided by
broker) did not kick in.

-- 
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]