Following another question I just solved, I wonder: is there anything we can do within Apache to avoid repeating lines of configuration? What about outside apache? In my case it would be AWS EC2's RHEL4, but I trust any **nix* would have a similar solution. Maybe something like sed, maybe using .htaccess... Dunno. But this should be pre-processed, nothing at runtime or something: just like the conf files, once apache is loaded that is it.
Here I'll copy my past solution just to illustrate:
UseCanonicalNames off
NameVirtualHost *:8888
<VirtualHost *:8888>
ServerName example1.com
ServerAlias *.example1.com
# below, stuff that will be repeated
# redirect to HTTPS
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^login\.(.*)$
RewriteRule ^(.*) https://%1/login$1 [L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.([^.]+\.com)$
RewriteRule ^/login(.*) https://%1/login$1 [L]
</VirtualHost>
<VirtualHost *:8888>
ServerAlias *
VirtualDocumentRoot /var/www/html/%-3
# below, stuff that need to be repeated
# redirect to HTTPS
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^login\.(.*)$
RewriteRule ^(.*) https://%1/login$1 [L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.([^.]+\.com)$
RewriteRule ^/login(.*) https://%1/login$1 [L]
</VirtualHost>
And I'm sure there are many instances in which things like this redirection_to_HTTPS could have been a function / procedure / macro / template / include / etc.
Well, thanks all for such great answers, but... Probably
mod_macrowould be the best to do the trick.And its ideals are aligned with the benefits I was looking for:
AllowLocalAccessmight be considered clearer thanallow from 192.54.172.0/24 192.54.148.0/24 10.0.0.0/8Next time I have a chance I'll try all solutions, starting with this one, and add a template of what I've used... Unless someone is kind enough to do all that first! :)
I may get called "old school" just for posting this, but I think the classic solution for this problem is to use a macro processor like M4, which is a POSIX standard. There's a GNU implementation:
http://www.gnu.org/software/m4/
That page mentions autoconf as its most notable user, but I think most sysadmins come into M4 for the first time through the also classic sendmail.
You could, for example, mantain M4 versions of your config files and some Makefiles and then "compile" them into actual running configurations via a simple
make.Apache has an include directive. Something like
with /etc/apache2/redirect_to_https.conf being
The other answers are good for the more general problem of converting code into configuration files, though.
Things like this can be done with management frameworks like Puppet or Capistrano. In these scripts are created to generate httpd.conf files (and associated include files) based on defined conditions. These sorts of routine "do this one thing X places" actions can be functionialized. I don't believe there are out-of-the-box methods for doing this kind of thing, but these frameworks are designed to allow you to make your own.