From ef4a1da270f92aaf0c4fdb06fadaaec932149d49 Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Thu, 13 Apr 2017 19:21:45 +0200 Subject: Ensure we configure ssl.conf Every time we call apache module regardless of using SSL we have to configure mod_ssl from puppet-apache or we'll hit issue during package update. File /etc/httpd/conf.d/ssl.conf from mod_ssl package contains Listen 443 while apache::mod::ssl just configures SSL bits but does not add Listen. If the apache::mod::ssl is not included the ssl.conf file is removed and recreated during mod_ssl package update. This causes conflict on port 443. Change-Id: Ic5a0719f67d3795a9edca25284d1cf6f088073e8 Related-Bug: 1682448 Resolves: rhbz#1441977 (cherry picked from commit 9e729c0db22865d036860346eb6b81c4c2108719) --- releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml (limited to 'releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml') diff --git a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml new file mode 100644 index 0000000..92f2360 --- /dev/null +++ b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + With having package mod_ssl by default installed in images we introduced + issue with mod_ssl package update. In case of SSL not being used or + provided by HAproxy the puppet-apache module by default purges the + ssl.conf file. The package update then recreates the file with default + Listen 443 option. This causes conflict on 443 port during httpd restart. + If we include ::apache::mod::ssl the ssl.conf file will be configured and + the Listen option will be used only if there is vhost set to use SSL. -- cgit 1.2.3-korg