RFC: Putting smart-proxy behind Apache

@TimoGoebel I’m sorry for my long winded reply in a developer thread. It would be great to meet some time and chat over a drink :slight_smile:

This may be the development section, but operational input is very useful in steering development. If anything, please continue providing it. It’s much better than building and shipping something only to find out it doesn’t work in practice.

Will do, I’ll try to keep it short though.

PLEASE keep it coming. Let’s be honest, we are living in a bubble. Most of us have past experience with linux server administration (that’s how my job title way back in the days) or devops. However it’s been some time, we are digging in huge codebases for a long time and things change rapidly in the industry.

I am puzzled by this, initially I loved the idea of bringing Apache to the smart proxy and I still slightly lean towards it. But this is maybe because I am biased as a co-maintainer of smart-proxy code and I see that some code could be possibly dropped. We are almost done with moving away from an old version of webrick and moving to puma for smart proxy, this already is a big achievement:

https://github.com/theforeman/smart-proxy/pull/623

The PR just need someone else to read the code for the last time (SSL/X506 involved, extra caution) and we can hopefully merge.

1 Like

Yeah, please keep it coming and do keep it thorough. I was just trying to shift the discussion from general it-security best practices back to the reverse proxy topic.