Re: [Openvds-devel] The port 80 problem

[Chris Fulton]

Simon,

add this line to httpd.conf (in each vhost):
Port 80
(or Port 443)
and leave Canonical On

Then your server will rewrite proper urls to port 80.







On Thu, 2001-12-13 at 21:06, Simon Garner wrote:
> Hi,
> 
> I've decided that binding Apache to port 8080 and using iptables to forward
> port 80, to enable Apache to be started as non-root, is not at all
> satisfactory, for the following reasons:
> 
> 1) Apache insists on using port 8080 when generating self-referencing URLs
> (even with UseCanonicalName off). This has the following effects:
> 
>     a) Typing directory names without the trailing slash redirects the user
> to domain.dom:8080. I have a client who has an admin page for their site in
> a directory called /maintain which is protected with HTTP basic
> authentication. If they type the URL http://www.foobar.dom/maintain in their
> browser, they are prompted for the password, then redirected to
> http://www.foobar.dom:8080/maintain/ and prompted for the password again,
> which is somewhat irritating.
> 
>     b) Some third-party PHP and CGI scripts generate self-referencing URLs
> based on the SERVER_NAME and SERVER_PORT environment variables, which again
> gives domain.dom:8080.
> 
>     These can be worked around, e.g. by telling users to type the trailing
> slash in the first place, but I'm not happy selling a product with quirks
> like this.
> 
> 2) There's the possibility the Port 8080 setting in httpd.conf may confuse
> some users. They may try to "fix" it by changing the setting to Port 80,
> thus breaking their server.
> 
> 3) The port forwarding only works for traffic originating from other hosts,
> not the host server or virtual servers on that host server (as discussed
> previously). Some users may wish to access their site using e.g. lynx or
> wget while ssh'd into their virtual server, and find it does not work. This
> will require explaining to users the workings of the port 8080 forwarding
> and asking them to connect to their site on port 8080. I imagine this will
> appear as a bit of a "kludge" to them, and reduce their confidence in the
> service.
> 
> 
> The solution? Well, Idaya's process capabilities patch for Apache sounds
> great (although who knows if they'll share it with us?), but that is not
> available yet and I need to resolve this issue now.
> 
> I noticed that included with freeVSD is a patch for linux-2.2.19 which
> changes the port binding restrictions in the linux kernel, to enable any
> user to bind to ports 80 and 443.
> 
> I've modified this patch to make it work with linux-2.4.16. You can find the
> new patch file here if interested:
> 
> http://www.expio.co.nz/~sgarner/freevsd/linux-2.4.16-vsd.patch.txt
> 
> Regards,
> 
> Simon Garner
> 
> 
> _______________________________________________
> Openvds-devel mailing list
> address@hidden
> http://mail.freesoftware.fsf.org/mailman/listinfo/openvds-devel