Mark Rogers wrote:
However the simplest would be to have two configurations, a "known good" and a "current". On startup, you load the current config, and if that fails you restart loading the known good config. Minimal downtime, and (I would have thought) relatively simple to achieve. Indeed this could probably be achieved through scripting; start Apache, if it fails within a few seconds switch to a known-good config and restart. If it fails after a longer period just restart it (to guard against crashes unrelated to the config). Maybe something like this already exists, I'll have to go hunting!
Actually, that's such a reasonable idea and seemingly so trivial for Apache (or lighttpd, or a.n.other webserver) to implement it's a wonder that they don't already. After all, even *Windows* offers a fall-back to a last-known-good configuration if it reboots into a failed state after adding new hardware.