[
https://issues.jboss.org/browse/MODCLUSTER-531?page=com.atlassian.jira.pl...
]
Radoslav Husar updated MODCLUSTER-531:
--------------------------------------
Description:
I am proposing we abandon automagic as much as possible.
h1. Problem
The main idea for automagic is to make deployment simple and easy to migrate/transfer and
provide great user experience out of box. Unfortunately, this IMHO often backfires quite
significantly resulting in configurations that are:
# insecure (listening on all interfaces, allow from all, default security key
"changeme!")
# difficult to debug (not clear what is the actual configuration)
# unstable installations (seemingly unrelated aspects like adding an interface or
connector break the config)
h1. Areas
There are several areas where automagic happens.
h5. Advertised address of the proxy
There were multiple bugs in the past, where 0.0.0.0 would be sent in the advertise
mesages, now if its not explcit in the VirtualHost or passed in to ServerAdvertise, it
automagically picks a non-local interface. Such configurations should be disallowed.
h5. Advertise interfaces
The interfaces are not explicit and advertise messages could be sent/received on more
interfaces (related MODCLUSTER-487). This is also problematic when trying to move to
DatagramChannel interface, which requires interfaces to be defined explicitly
(MODCLUSTER-502). We can require this explicitly.
h5. Connector address
If bound to any-address, the address is inferred from the proxy connection as the local
address. This is solved in the default WildFly configuration as its explicitly bound to a
interface.
h5. Connector selection
This is solved in WildFly where selection is explicit. In tomcat this causes problems like
MODCLUSTER-457 when WS requires http yet ajp is automatically selected by default. We can
make this explicit.
was:
I am proposing we abandon automagic as much as possible.
h1. Problem
The main idea for automagic is to make deployment simple and easy to migrate/transfer and
provide great user experience out of box. Unfortunately, this IMHO often backfires quite
significantly resulting in configurations that are:
# insecure (listening on all interfaces, allow from all, default security key
"changeme!")
# difficult to debug (not clear what is the actual configuration)
# unstable installations (seemingly unrelated aspects like adding an interface can break
advertised address)
h1. Areas
There are several areas where automagic happens.
h5. Advertised address of the proxy
There were multiple bugs in the past, where 0.0.0.0 would be sent in the advertise
mesages, now if its not explcit in the VirtualHost or passed in to ServerAdvertise, it
automagically picks a non-local interface. Such configurations should be disallowed.
h5. Connector selection
This is solved in WildFly where selection is explicit. In tomcat this causes problems like
MODCLUSTER-457 when WS requires http yet ajp is automatically selected by default. We can
make this explicit.
Stop advocating and remove auto-magic aspects from the project
--------------------------------------------------------------
Key: MODCLUSTER-531
URL:
https://issues.jboss.org/browse/MODCLUSTER-531
Project: mod_cluster
Issue Type: Enhancement
Components: Core & Container Integration (Java), Documentation & Demos,
Native (httpd modules)
Reporter: Radoslav Husar
Assignee: Radoslav Husar
I am proposing we abandon automagic as much as possible.
h1. Problem
The main idea for automagic is to make deployment simple and easy to migrate/transfer and
provide great user experience out of box. Unfortunately, this IMHO often backfires quite
significantly resulting in configurations that are:
# insecure (listening on all interfaces, allow from all, default security key
"changeme!")
# difficult to debug (not clear what is the actual configuration)
# unstable installations (seemingly unrelated aspects like adding an interface or
connector break the config)
h1. Areas
There are several areas where automagic happens.
h5. Advertised address of the proxy
There were multiple bugs in the past, where 0.0.0.0 would be sent in the advertise
mesages, now if its not explcit in the VirtualHost or passed in to ServerAdvertise, it
automagically picks a non-local interface. Such configurations should be disallowed.
h5. Advertise interfaces
The interfaces are not explicit and advertise messages could be sent/received on more
interfaces (related MODCLUSTER-487). This is also problematic when trying to move to
DatagramChannel interface, which requires interfaces to be defined explicitly
(MODCLUSTER-502). We can require this explicitly.
h5. Connector address
If bound to any-address, the address is inferred from the proxy connection as the local
address. This is solved in the default WildFly configuration as its explicitly bound to a
interface.
h5. Connector selection
This is solved in WildFly where selection is explicit. In tomcat this causes problems
like MODCLUSTER-457 when WS requires http yet ajp is automatically selected by default. We
can make this explicit.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)