Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move ssl.conf to main conf directory on EL7
This is solving a problem with the SSL configuration on a Red Hat-based OS that results in a duplicate 'Listen 443' statement after a package update, causing Apache to no longer start. The mod_ssl packaging ships a default ssl.conf in apache's main conf dir, that among other things, contains 'Listen 443'. However, this module puts all the Listen statements in ports.conf centralized. Generally this is no problem, because the module would purge the conf directory. Apache hums along happily -- until the apache package gets an update and it restores the default ssl.conf into /etc/httpd/conf.d/ssl.conf as no such file exists by the name on EL7 (the module's ssl.conf goes into conf.modules.d). Apache will then fail to start with this error until puppet runs again: Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443 The RPM won't overwrite the file if it's changed, but it does put it back when removed. So to avoid this problem, this change moves the ssl.conf to the Apache conf dir on EL7. That replaces the one created by the RPM. When the package is updated, it won't touch the ssl.conf and apache will continue to work.
- Loading branch information
bf9f0d0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Introduces some problems for when the default paths are changed.
we used to do the above to avoid the same problem by ignore the rpm package directory so were immune to package upgrades.
Now however puppet creates the ssl.conf file at the default location but this file is no longer
included.
Need to think of a work around for the work around.
Steve.
bf9f0d0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#1635