Re: [users@httpd] Apache in under attack.
Yeah it's probably not going to matter if you don't know what's attacking you before setting up the rules, you need to find the patterns, either the attack target or the attackers origins. On Mon, Jan 11, 2021 at 8:26 PM Jason Long wrote: > I used a rule like: > > # firewall-cmd --permanent --zone="public" --add-rich-rule='rule port > port="80" protocol="tcp" accept limit value="100/s" log prefix="HttpsLimit" > level="warning" limit value="100/s"' > > But not matter. > > > > > > > On Tuesday, January 12, 2021, 02:47:01 AM GMT+3:30, Filipe Cifali < > cifali.fil...@gmail.com> wrote: > > > > > > You need to investigate your logs and find common patterns there, also > there are different tools to handle small and big workloads like you could > use iptables/nftables to block based on patterns and number of requests. > > On Mon, Jan 11, 2021 at 8:06 PM Jason Long > wrote: > > Hello, > > On a CentOS web server with Apache, someone make a lot of request and it > make slowing server. when I disable "httpd" service then problem solve. How > can I find who made a lot of request? > > [url]https://imgur.com/O33g3ql[/url] > > Any idea to solve it? > > > > > > Thank you. > > > > --------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > -- > [ ]'s > > Filipe Cifali Stangler > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Apache in under attack.
You need to investigate your logs and find common patterns there, also there are different tools to handle small and big workloads like you could use iptables/nftables to block based on patterns and number of requests. On Mon, Jan 11, 2021 at 8:06 PM Jason Long wrote: > Hello, > On a CentOS web server with Apache, someone make a lot of request and it > make slowing server. when I disable "httpd" service then problem solve. How > can I find who made a lot of request? > [url]https://imgur.com/O33g3ql[/url] > Any idea to solve it? > > > Thank you. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Anyone familiar with Docker?
Hi Esteban, it depends if the docker will bind up the ports that HTTPD is using or not, if the project contains a docker-compose file you can check (and even alter) the port binding. One thing that you could do is run the nginx container in a different port and proxy it from HTTPD, it will be a double proxy (httpd <-> nginx <-> bitwarden app) so be careful, but at the same time it would be the easiest to try out. In my general experience, playing with docker is quite fun locally, you could even emulate your own setup inside a docker and put a docker inside docker (dockerception I know) to see this working. Usually certbot behaves well with proxies because you don't want to really proxy the /.well-known/acme-challenge/ request inside docker, you want to leave it for HTTPD to resolve it (and serve the certificate file), that's how I deal with certificates and my docker apps at least. Some people suggest using a certbot docker image but I think it's a bit more clunky since you have to deal with volume mapping between many more variables than a pure rule in HTTPD. On Wed, Aug 5, 2020 at 3:54 PM Esteban L wrote: > Hello, > > I have happily been using an apache server for some time now for all my > various systems, webhosting, webmail, nextcloud, etc. > > I want to try out Bitwarden (password manager), but it is contained > within a docker image which uses an Nginx webserver. I am not too > familiar with Docker, and the forums have only been -- well, not too > helpful. > > I don't want to mess up my current Apache webserver. > > My guess is if I install Docker and the image, that it will assume > control and take traffic on that host?? > > Is that what will happen? My only guess around this issue is setting up > a reverse proxy on my apache server, which routes traffice to bitwarden, > to the container -- how to handle the certbot part of I don't know. > > > Thanks in advance for any hints, helpful ideas, or anything to fill my > empty head. > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Test an SSL certificate before installation
Just an idea, run a separate stance locally on a random port (to avoid collisions) with the certificate, if it fails to start bingo, if it doesn't fail you are good to put the cert on the main instance. On Thu, Jul 2, 2020 at 5:09 PM Yves Goergen wrote: > Hello, > > I'd like to let my users install their own SSL certificates through a > web interface for self-management services. If a user provides a > malicious certificate, the entire server will fail to start and the > whole system is down. This is a bit hard but that's how it is. > > So I'll have to make sure the certificate and key are usable by apache > before generating the config that will use it. > > I could run basic checks like let openssl parse it. But I've managed to > break my test server by providing it a perfectly working certificate and > key - from an old domain from 2016. The server complained with this > message: > > > SSL Library Error: error:140AB18E:SSL > routines:SSL_CTX_use_certificate:ca md too weak > > That's from my letsencrypt archives. A newer one of the same domain from > 2018 works just fine on the same new dev server. So there are obviously > circumstances that let apache fail on the certificate that I can't fully > analyse. > > Is there a method to have apache check that certificate and key in > advance, considering its usual configuration, before I expect it to use > the certificate? I don't want to let it try out the file on a production > system, and learn about an unsupported certificate by a web server > that's down. There has to be a smarter way to handle this. > > -Yves > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Configuring redirects from http to https
grep -i “mismatch” on it may provide something, your config seems correct, which is weird On Fri, 30 Nov 2018 at 21:17 Jack M. Nilles wrote: > I have an access log and an error log. The error log doesn't show much for > today. The access log is full of entries from those who have used the https > address. What should I be looking for to detect the http failures? > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Configuring redirects from http to https
Turn log level and attach log outputs in pastebin/gist or even here (just the text) of a full access, from begin to end of the request. Also, use cURL locally at the httpd server to try to reproduce it On Fri, 30 Nov 2018 at 20:14 Jack M. Nilles wrote: > The interchange also had no effect. Nor did changing the line to: > RedirectPermanent / https://www.host1.com > > > On 30 Nov 2018, at 13:52, Jack M. Nilles wrote: > > This doesn't work for me either with or without the trailing slash. I'll > try it with the name and alias lines interchanged. > > On 30 Nov 2018, at 12:27, Jeff Cox wrote: > > Try it like this. This is mine except my server name and server alias are > reversed. > > > ServerName www.abc.com > ServerAlias abc.com > Redirect 301 / https://www.abc.com/ > > > -- > Jeff Cox > j...@jeffpcox.com > > > > On Fri, Nov 30, 2018 at 1:40 PM Jack M. Nilles wrote: > >> I tried adding trailing slashes as follows, but the result was the same: >> a 111 error. Did I misinterpret your comment? >> >> # http redirect >>>> >>>> ServerName www.host1.com >>>> ServerAlias host1.com *.host1.com >>>>Redirect "/" "https://www.host1.com/; # Here >>>> >>>> >>>> >>>> ServerName www.host2.com >>>> ServerAlias host2.com *.host2.com >>>>Redirect / https://www.host2.com/ # and here >>>> >>>> >>>> # https versions >>>> >>>> ServerAdmin . . . >>>> ServerName www.host1.com >>>> ServerAlias . . . >>>> . . . >>>> >>> >>>> On 29 Nov 2018, at 15:12, Frank Gingras wrote: >> >> The (111) is a networking issue because you're not matching the trailing >> slashes with your redirects. >> >> On Thu, Nov 29, 2018 at 6:06 PM Jonathon Koyle >> wrote: >> >>> Can you reproduce the issue and provide some logs, and maybe more >>> information about the actual response? the 1xx range isn't supposed to be >>> an error code in HTTP. >>> >>> On Thu, Nov 29, 2018 at 3:25 PM Jack M. Nilles wrote: >>> >>>> I have the following configuration file covering two virtual hosts: >>>> >>>> # http redirect >>>> >>>> ServerName www.host1.com >>>> ServerAlias host1.com *.host1.com >>>>Redirect "/" "https://www.host1.com; >>>> >>>> >>>> >>>> ServerName www.host2.com >>>> ServerAlias host2.com *.host2.com >>>>Redirect / https://www.host2.com >>>> >>>> >>>> # https versions >>>> >>>> ServerAdmin . . . >>>> ServerName www.host1.com >>>> ServerAlias . . . >>>> . . . >>>> >>>> The https parts work well but if people try to get http://host1.com or >>>> http://host2.com they get connection (111) errors indicating that the >>>> redirects aren't working. I've tried different versions of the redirects -- >>>> with and without double quotes -- and it doesn't seem to make a difference. >>>> >>>> How to I get the redirects to function? >>>> >>> >>> >>> -- >>> Jonathon Koyle >>> >> >> > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Re: 0 length robot.txt
It's described on the CustomLog docs:
https://httpd.apache.org/docs/current/mod/mod_log_config.html#customlog
"The second argument specifies what will be written to the log file. It can
specify either a ***nickname*** defined by a previous LogFormat
<https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat>
directive, or it can be an explicit ***format*** string as described in the log
formats
<https://httpd.apache.org/docs/current/mod/mod_log_config.html#formats>
section. "
Either you use this way:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
CustomLog /home/user/logs/XXX.access_log combined
Or this way:
CustomLog "/home/user/logs/XXX.access_log" "%h %l %u %t \"%r\" %>s %b
\"%{Referer}i\" \"%{User-Agent}i\""
You see, "combined" is just a nickname to the LogFormat, you can add
something like "my-site-special-log-format" and as long as you call it on
the CustomLog it will work, cause it's just an alias.
On Sat, Oct 6, 2018 at 8:51 PM @lbutlr wrote:
> On 03 Oct 2018, at 17:11, @lbutlr wrote:
> > It’ been over 4 hours now (almost 5) and the site is still responding
> perfectly.
>
> Well, I am more confused. I changed the log from common to debug and the
> site has been fine for days now.
>
> - CustomLog /home/user/logs/XXX.access_log combined
> + CustomLog /home/user/logs/XXX.access_log debug
>
> This was a mistake, as it simply logs “debug” now, so the logs are
> useless, but the site is up.
>
> In https.conf:
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> combined
>
> ¯\_(ツ)_/¯
>
> --
> ALL WORK AND NO PLAY MAKES BART A DULL BOY ALL WORK AND NO PLAY MAKES
> BART A DULL BOY ALL WORK AND NO PLAY MAKES BART A DULL BOY Bart
> chalkboard Ep. 1F07er}i\" \"%{User-Age
> nt}i\"” combined
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
--
[ ]'s
Filipe Cifali Stangler
Re: [users@httpd] Re: 0 length robot.txt
It's a bit strange to say that considering there is a page covering the changes from 2.2 to 2.4: https://httpd.apache.org/docs/2.4/upgrading.html And the docs, this project is open source, we can change (or rather, propose changes) to documentation anytime we want. On Thu, Oct 4, 2018 at 3:54 PM @lbutlr wrote: > On 04 Oct 2018, at 11:50, Filipe Cifali wrote: > > You want to use a CustomLog for virtualhost config to gather the most > info you can from the request: > > > > https://httpd.apache.org/docs/current/mod/mod_log_config.html#customlog > > Ugh. That is a terrible bit of documentation written by and for people who > don’t need documentation. > > It would be nice if there was something that clearly explained all of > this, especially considering how it’s changed since 2.2. > > I’ve enabled the proxy and set CustomLog /path/log debug > > Everything has been working for a bit now; this is annoying. :/ > > -- > FRIDAYS ARE NOT "PANTS OPTIONAL" Bart chalkboard Ep. AABF23 > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] 403 error upon upgrade
Because something else could be listening on those ports, preventing httpd from starting. This is not so uncommon to happen. httpd is complaining on listening to both IPv4 and IPv6, so maybe a greedy virtualhost is trying to map more addresses than it should? On Thu, Oct 4, 2018 at 3:59 PM Jack M. Nilles wrote: > Of course, since Apache isn't running -- failed to start -- why would I > get any LISTEN ports? > > On 4 Oct 2018, at 11:46, Jack M. Nilles wrote: > > Here's what I get for the first part of that: > > * #* netstat -napo | egrep "(:80|:443)" > tcp0 0 1.2.3.4:43160 23.210.206.246*:443* > ESTABLISHED 1961/(squid-1) off (0.00/0/0) > tcp0 0 1.2.3.4:59116 107.14.47.80*:80* TIME_WAIT > - timewait (45.97/0/0) > tcp0 0 1.2.3.4:48181 52.20.156.66*:443* > ESTABLISHED 1961/(squid-1) off (0.00/0/0) > tcp0 0 1.2.3.4:41114 17.248.129.179*:443* TIME_WAIT > - timewait (58.11/0/0) > tcp0 0 1.2.3.4:55151 52.32.170.59*:443* > ESTABLISHED 1961/(squid-1) off (0.00/0/0) > tcp0 0 1.2.3.4:59019 172.217.14.74*:443* TIME_WAIT > - timewait (33.72/0/0) > tcp0 0 1.2.3.4:52752 216.17.8.47*:443* > ESTABLISHED 710/javakeepalive (320.48/0/0) > > > and I get no return for *#* netstat -napo | egrep "(:80|:443)" | grep > LISTEN > > On 4 Oct 2018, at 11:13, Filipe Cifali wrote: > > netstat -napo|egrep "(:80|:443) |grep LISTEN > > > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] 403 error upon upgrade
Jack, don't confuse INCOMING/OUTGOING connections with LISTEN. Seems this site is gathering some info from other sites, you can see the commands running *Java* and *squid*, if you have netstat installed (otherwise just install it because it's super flexible and easy to use?) run a `netstat -napo|egrep "(:80|:443) |grep LISTEN` On Thu, Oct 4, 2018 at 3:01 PM Jack M. Nilles wrote: > Here's what I get: > > *#* lsof -i:443 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > java 710 root 245u IPv6 49204 0t0 TCP server.site1.com:52752 > ->central.crashplanpro.com:https (ESTABLISHED) > squid 1961 squid 13u IPv4 19134 0t0 TCP server.site1.com > 55151->ec2-52-32-170-59.us-west-2.compute.amazonaws.com:https > (ESTABLISHED) > squid 1961 squid 20u IPv4 164585 0t0 TCP server.site1.com > 43093->a23-210-206-246.deploy.static.akamaitechnologies.com:https > (ESTABLISHED) > squid 1961 squid 26u IPv4 18354 0t0 TCP server.site1.com > 48181->ec2-52-20-156-66.compute-1.amazonaws.com:https (ESTABLISHED) > > and > > *#* apache2ctl restart > httpd not running, trying to start > (98)Address already in use: AH00072: make_sock: could not bind to address > [::]:443 > (98)Address already in use: AH00072: make_sock: could not bind to address > 0.0.0.0:80 > no listening sockets available, shutting down > AH00015: Unable to open logs > > So four established connections, one of which is IPV6 (a backup resource). > Why am I limited to 4 connections? > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Re: 0 length robot.txt
You want to use a CustomLog for virtualhost config to gather the most info you can from the request: https://httpd.apache.org/docs/current/mod/mod_log_config.html#customlog Also, read the *Context* so you know where you can use them: https://httpd.apache.org/docs/2.4/mod/core.html#LogLevel On Thu, Oct 4, 2018 at 2:46 PM @lbutlr wrote: > On 03 Oct 2018, at 18:27, Filipe Cifali wrote: > > you can for example turn log level to debug and access the site, tailing > the logs should provide some information about what is breaking. > > Is it possible to set the log level just for a virtual host? I thought > that was a server-wide setting. I tried adding > > LogLevel warn rewrite:trace8 > > to the virtual host and didn’t get an error on starting apache, but the > http-error log for the site didn’t appear any different. > > > Also, why you have a ProxyPass on a virtualhost that doesn't run > anything PHP? Create a template without the config and use it. > > All the sites are setup for php so that I don’t have to get an email, go > edit a file, and restart apache just because someone wants to put some php > code in their page. > > At least today it is failing immediately, so debugging should be easier. > > -- > @mdhughes: One of the few regrets I have about lawn-less apartments: > Shallow graves are so much harder to come by. > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Re: 0 length robot.txt
Lewis, you can for example turn log level to debug and access the site, tailing the logs should provide some information about what is breaking. Also, why you have a ProxyPass on a virtualhost that doesn't run anything PHP? Create a template without the config and use it. On Wed, Oct 3, 2018 at 8:11 PM @lbutlr wrote: > On 03 Oct 2018, at 12:27, @lbutlr wrote: > > There is exactly one line in the site configuration that, when > commented, makes the site work again. Though, possibly only for a little > while. I’ll have to check more in 3-4 hours. There is no other proxy logic > at all. > > It’ been over 4 hours now (almost 5) and the site is still responding > perfectly. I still have no idea what is causing it to break if I uncomment > the ProxyPass line considering there is no php anywhere on the site other > than a couple of href to external sites. > > -- > "What's a Velvet Underground?" "You wouldn't like it." "Oh, Be-bop.” > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] 403 error upon upgrade
Jack, the logs saying you can't bind the addresses: Oct 03 14:44:01 donner start_apache2[3998]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443 Oct 03 14:44:01 donner start_apache2[3998]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80 Oct 03 14:44:01 donner start_apache2[3998]: AH00015: Unable to open logs This are the important bits, also, you should set error_log and put debug level on it if you can't find out why. On Wed, Oct 3, 2018 at 7:15 PM Jack M. Nilles wrote: > A few minutes later I get: > > apache2.service - The Apache Webserver >Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled) >Active: *failed* (Result: exit-code) since Wed 2018-10-03 15:10:27 > PDT; 38s ago > Process: 5147 ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k > graceful-stop (code=exited, status=0/SUCCESS) > Process: 5140 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND > -k start *(code=exited, status=1/FAILURE)* > Main PID: 5140 (code=exited, status=1/FAILURE) > > This after I tracked down some port interference. > > > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Re: 0 length robot.txt
Hi Kremels, you can check what virtualhost is being served via apache2ctl like this: $ apache2ctl -S $ apache2ctl -h provides this info: -S : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG After checking that the right vhost is being served, start removing proxy logic and just make the txt work again, then slowly start adding the proxy config to make the php work again. If you can, post the full vhost here regarding the domain that misbehaves. The important part is: Having a zeroed robots.txt doesn't break httpd. On Wed, Oct 3, 2018 at 2:59 PM @lbutlr wrote: > On 03 Oct 2018, at 11:39, @lbutlr wrote: > > Removing that file made the site load properly. > > Well, it did for about 3h25 minutes, in fact. > > Just after posting the message, the site went back to showing only “File > Not Found” > > I’m at a loss. > > The only other issue I see is in the main http-error log there are > repeated instance of: > > [ssl:info] [pid 43234] (70014)End of file found: [client 106.45.1.92:48564] > AH01991: SSL input filter read failed. > > (From various client addresses) > > The site in question gets a grade of A+ from SSL Labs, and this error > message appears to be somewhat spurious in nature as apache tries to use > the default cert for the site before getting the server name, then loads > the correct cert, so I don’t think this is really an issue. > > -- > Han : This is not going to work. > Luke: Why didn't you say so before? > Han : I did say so before! > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] 403 error upon upgrade
Jack, you have to either load mod_php (which comes from compiling / installing PHP in a certain way) or change the way you are using PHP on the overall with httpd. Searching for how to install mod_php on SUSE X (being X the version you are running) should provide frutiferous info, but I'm a debian/rhel user so I'm not sure how YaST does things its way. On Tue, Oct 2, 2018 at 6:47 PM Jack M. Nilles wrote: > Frank, > > My main concern is to get apache to run with php at all, never mind > scalability issues. So far everything looks fine except that it doesn't > work. Maybe somewhere in the bowels of SuSE 42.1 there is an error. > > Jack > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] 403 error upon upgrade
Also double check what version of PHP SUSE server pkg manager is providing now, this seems like a change of version where the pkg manager gone rogue (maybe missing dependency on tree?) On Tue, Oct 2, 2018 at 12:24 PM Frank Gingras wrote: > http://wiki.apache.org/httpd/php is a good starting point - I would > recommend not using mod_php, unless you have a good reason to use it. > > Nowadays, mod_proxy_fcgi and php-fpm is trivial to set up, and allow you > to use a threaded mpm, such as event. > > On Tue, Oct 2, 2018 at 11:21 AM Jack M. Nilles wrote: > >> Sure enough, there seems to be no php module loaded: >> >> Loaded Modules: >> core_module (static) >> so_module (static) >> http_module (static) >> mpm_prefork_module (static) >> unixd_module (static) >> systemd_module (static) >> actions_module (shared) >> alias_module (shared) >> auth_basic_module (shared) >> authn_file_module (shared) >> authz_host_module (shared) >> authz_groupfile_module (shared) >> authz_user_module (shared) >> autoindex_module (shared) >> cgi_module (shared) >> dir_module (shared) >> env_module (shared) >> expires_module (shared) >> include_module (shared) >> log_config_module (shared) >> mime_module (shared) >> negotiation_module (shared) >> setenvif_module (shared) >> ssl_module (shared) >> userdir_module (shared) >> reqtimeout_module (shared) >> authn_core_module (shared) >> authz_core_module (shared) >> rewrite_module (shared) >> version_module (shared) >> >> How do I get it on board? >> >> >> -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Remove .php extension but still pass it to PHP-FPM
You can reach that via mod_rewrite [1] and a combination of rules for checking if the file exists before the proxy, depending on the proxy, itself can do the checking. [1] https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html On Tue, Oct 2, 2018 at 3:41 PM Rose, John B wrote: > We would like to strip select .php extensions within a web site but still > have them passed to PHP-FPM when they are clicked on. > > > Any help would be appreciated > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] 403 error upon upgrade
Are you sure you have mod_php installed and active? This would explain the failing DirIndex and all of this sudden change On Mon, 1 Oct 2018 at 17:36 Jack M. Nilles wrote: > /etc/apache2/conf.d/php5.conf is as follows: > > > >SetHandler application/x-httpd-php > > >SetHandler application/x-httpd-php-source > > DirectoryIndex index.php4 > DirectoryIndex index.php5 > DirectoryIndex index.php > > > Why this doesn't work is a mystery to me. Especially since it is included > as part of the vhosts.conf file. Should I put the '*Include > /etc/apache2/conf.d/*.conf*' directive earlier in the conf file? Does the > order make a difference? > > BTW, if I copy the current index.php file on site1 to index.html the > latter displays without the ssl decorations. However, the site still won't > display any php files. > > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Re: Updating to php 7.0 and having apache still work?
Then you ARE using the current mod_proxy_fcgi and not the old one, it's important to not confuse each when using / consulting docs, I suggest you reading this: https://wiki.apache.org/httpd/PHP-FPM If you are truly using mod_proxy_fcgi then it's only PHP-FPM fault, not httpd, you should not even touch httpd config for this change depending on how your socked/daemon is configured. I recommend you to double check what php-fpm is creating on start (what socket names / paths / ports) and double check / compare running 5.6 and 7.0. In fact, you can run both versions at the same time using different sockets / ports. On Mon, Oct 1, 2018 at 5:07 PM @lbutlr wrote: > On 01 Oct 2018, at 13:49, Filipe Cifali wrote: > > This seems to be a problem inside mod_fcgi and not httpd, proxies in > general don't care about what's the language behind it, as long as the > protocol is being respected. > > Yes, that was my understanding as well, but even when I recompiled > apache24 (which includes PROXY_FCGI) it still failed. > > > Are you sure you are not getting into trouble just because you are not > using mod_proxy_fcgi instead? > > I am using > > LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so > > > Anyway, I would recommend you to check what you are installing, maybe > the binaries changed names or they are being installed with a suffix like > php7-fpm, php7-bin, etc and the httpd config needs to be changed to reflect > that accordingly. > > Php-fpm doesn’t have any version identification in the file name, unlike > many php modules. > > -- > The very existence of flame-throwers proves that some time, somewhere, > someone said to themselves, You know, I want to set those people over > there on fire, but I'm just not close enough to get the job done. > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Re: Updating to php 7.0 and having apache still work?
Hi Lewis, This seems to be a problem inside mod_fcgi and not httpd, proxies in general don't care about what's the language behind it, as long as the protocol is being respected. Are you sure you are not getting into trouble just because you are not using mod_proxy_fcgi instead? Apache 2.4 docs on mod_fcgi point to www.fastcgi.com, which seems to be offline ( http://www.isitdownrightnow.com/fastcgi.com.html ) and if I recall properly, is a old module from php5.3? Anyway, I would recommend you to check what you are installing, maybe the binaries changed names or they are being installed with a suffix like php7-fpm, php7-bin, etc and the httpd config needs to be changed to reflect that accordingly. On Mon, Oct 1, 2018 at 4:18 PM @lbutlr wrote: > On 30 Sep 2018, at 12:11, Jonathon Koyle wrote: > > Simply to avoid assumptions, did you update php-fpm to 7 as well? > > php-fpm is built as part of the core php, it is not a separate package. > > # pkg info php56 > php56-5.6.38 > Name : php56 > Version: 5.6.38 > Installed on : Fri Sep 28 09:33:08 2018 MDT > Origin : lang/php56 > Architecture : FreeBSD:11:i386 > Prefix : /usr/local > Categories : devel lang www > Licenses : PHP301 > Maintainer : a...@freebsd.org > WWW: http://www.php.net/ > Comment: PHP Scripting Language > Options: > CGI: on > CLI: on > DEBUG : off > DTRACE : off > EMBED : on > FPM: on > IPV6 : on > LINKTHR: on > MAILHEAD : on > PHPDBG : off > ZTS: off > > > -- > The new Death raised his cowl. There was no face there. There was not > even a skull. Smoke curled formlessly between the robe and a golden > crown. Bill Door raised himself on his elbows. A CROWN? His voice > shook with rage. I NEVER WORE A CROWN! You never wanted to rule. > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy
Osman, I think you really need to understand the things you are using before trying to actually use them. You need to have an IP address to point the proxy, even if it's 127.0.0.1 on some random port like 3000. You don't really need to pay for a domain, there are "free" services that provide you with a DNS entry you can point to where you want BUT, and a BIG BUT, they have their own rules and you probably won't have full control of it, which can be quite bad for a service. As Frank already pointed, Proxies are agnostic for ENV variables, CGI or whatever is behind the proxy, they CAN inject some info but that's very specific and doesn't seems to be your case. The IP of the reverse proxy is where the httpd daemon is Listening on, you configure that and when it's running you can check what ports are open using tools like 'ss' or 'netstat' on Linux. If you want it to be always working, you need to have the service always online, be a VPS, a cloud computing node or your own computer (leaving him turned on always). These things are not REALLY attached to httpd itself but are more conceptual to *any* webserver, dns, proxy that you may use. I encorage you to first learn how they work (even in high level, doesn't need to go into details of the source code) before trying to use / set them up, otherwise you will hit some bugs by not understanding what you are actually doing. Also, whenever you want to share files with a mailinglist, I recommend you to post into a pastebin / gist or anywhere online, otherwise you are sending this to all the users in the mailing list, even if they are just text files. On Thu, Sep 20, 2018 at 3:59 PM Osman Zakir wrote: > If I'm using a reverse proxy, do I need the IP address of the reverse > proxy server? And if so, how do I get the IP address of the reverse proxy > server (if you don't want to tell, please point me to a resource I read > about it on)? I got a free subdomain name from subdomain.net. So do I > put Apache's IP address (if I can find it) in for IP used by the host name > in my hosts file? > -- > *From:* Eric Covener > *Sent:* Thursday, September 20, 2018 9:20 PM > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy > > On Thu, Sep 20, 2018 at 10:57 AM Osman Zakir > wrote: > > > > I haven't changed what I'm saying my problem is that much. I'm probably > having a hard time explaining it. > > > > The host name seems to be the main problem, though, aside from the > environment variables. I don't have a host name. I'd prefer it if I could > get a free subdomain and get my server to take it (without having to pay > any money if possible). > > The server doesn't "take" a hostname. If you have a domain, you need > to setup the DNS outside of the webserver to point to the right IP > address. Or, mock it up on your workstation with your local host file. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Crashes in CentOS 7
Can you disable Mod_security for a while? I had trouble before with httpd 2.4 and mod_security, one of the rules (DNS query) as breaking everything in about 30 seconds on start. If there's no crash after disabling mod_sec, re-enable and start by disabling all rules and enable one by one. On Thu, Jul 20, 2017 at 11:33 AM, Bruno Dorchain <bruno.dorch...@gmail.com> wrote: > We got the following crash when under load: > *** Error in `/usr/sbin/httpd': double free or corruption (!prev): > 0x7f19a010cf80 *** > === Backtrace: = > /lib64/libc.so.6(+0x7c503)[0x7f19ce15c503] > /lib64/libapr-1.so.0(apr_pool_destroy+0x1a7)[0x7f19ce8da2d7] > /lib64/libapr-1.so.0(apr_pool_destroy+0x55)[0x7f19ce8da185] > /etc/httpd/modules/mod_ssl.so(+0x164d0)[0x7f19c89844d0] > /etc/httpd/modules/mod_ssl.so(+0x1307a)[0x7f19c898107a] > /usr/sbin/httpd(ap_process_request_after_handler+0x5d)[0x7f19cfc3766d] > /usr/sbin/httpd(ap_process_request+0x14)[0x7f19cfc382e4] > /usr/sbin/httpd(+0x52c32)[0x7f19cfc34c32] > /usr/sbin/httpd(ap_run_process_connection+0x40)[0x7f19cfc2cc90] > /etc/httpd/modules/mod_mpm_event.so(+0x6bf5)[0x7f19cc9f1bf5] > /lib64/libpthread.so.0(+0x7dc5)[0x7f19ce6acdc5] > /lib64/libc.so.6(clone+0x6d)[0x7f19ce1d776d] > > May be linked to "ModSecurity: collection_retrieve_ex: Failed deleting > collection (name ..." appearing on a regular basis. > > Any hint to troubleshoot that? > > Thanks > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] ProxyPass ! directive
: AH00927: initializing worker proxy:reverse local >> [Fri Mar 10 16:41:21.511496 2017] [proxy:debug] [pid 18751] >> proxy_util.c(1936): AH00931: initialized single connection worker in child >> 18751 for (*) >> but it doesn't seem to show anything >> >> On 10/03/2017 17:37, Matthew Broadhead wrote: >> >>> i also added this in the virtual host >>> LogLevel info proxy:debug >>> but it makes no difference to the output in error_log >>> >>> On 10/03/2017 16:48, Eric Covener wrote: >>> >>>> On Fri, Mar 10, 2017 at 10:43 AM, Matthew Broadhead >>>> <matthew.broadh...@nbmlaw.co.uk> wrote: >>>> >>>>> yes it is definitely because of that line. i also just tried >>>>> >>>>> ProxyPass ajp://www.nbmlaw.co.uk:8010/ >>>>> >>>>> >>>>> ProxyPass ! >>>>> >>>>> and that has exactly the same effect >>>>> >>>> >>>> That syntax is known to not work. Once you proxy within <location, it >>>> cannot be undone with any ! >>>> >>>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Dates in httpd.conf?
Why are you trying to avoid logrotate this way instead of configuring
logrotate to do what you want?
This just seems a no-go way to do things imo.
On Tue, Mar 31, 2015 at 4:27 PM, Rainer Jung rainer.j...@kippdata.de
wrote:
Am 31.03.2015 um 19:49 schrieb Joe Jensen (ConAgra Foods):
Can anybody tell me a good way to include a date in the apache
configuration? For various reasons I’m trying to avoid |’s to logrotate
and want the date in a logfile’s name. I’m really hoping to put the
date into an apache variable I can use within the config.
A prior install involved running sed commands to update the config files
on apache startup (!!) which I’m trying to get rid of.
Define DATE ??
If you only need a date which is per startup, but does not change after
the web server start:
In you start script or in envvars define and export a shell variable, e.g.
NOW=`date +%Y%m%d_%H%M%S`
export NOW
and then in the config you can use ${NOW}
Note that this will not update the timestamp if you do a apachectl
restart or apachectl graceful, only by stop and then start.
What is your reason you don't want to use piped logging?
Regards,
Rainer
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
--
[ ]'s
Filipe Cifali Stangler
Re: [users@httpd] This is my httpd.conf file
$
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteRule ^/(.*) http://127.0.0.1:2095/$1 [P]
RewriteCond %{HTTP_HOST} !^sriswamisivanada.org$
RewriteCond %{HTTP_HOST} ^whm\.
RewriteRule ^/(.*) http://127.0.0.1:2086/$1 [P]
RewriteCond %{HTTP_HOST} !^sriswamisivanada.org$
RewriteCond %{HTTP_HOST} ^webdisk\.
RewriteRule ^/(.*) http://127.0.0.1:2077/$1 [P]
UseCanonicalName Off
/VirtualHost
# CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
VirtualHost 204.62.12.140:443 127.0.0.1:443
ServerName mx1.sriswamisivananda.org
ServerAlias cpanel.* whm.* webmail.* webdisk.*
DocumentRoot /usr/local/apache/htdocs
ServerAdmin r...@sriswamisivanada.org
IfModule mod_suphp.c
suPHP_UserGroup nobody nobody
/IfModule
RewriteEngine On
IfModule mod_ssl.c
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem
/IfModule
RewriteCond %{HTTP_HOST} !^sriswamisivanada.org$
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://127.0.0.1:2083/$1 [P]
RewriteCond %{HTTP_HOST} !^sriswamisivanada.org$
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://127.0.0.1:2096/$1 [P]
RewriteCond %{HTTP_HOST} !^sriswamisivanada.org$
RewriteCond %{HTTP_HOST} ^whm\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://127.0.0.1:2087/$1 [P]
RewriteCond %{HTTP_HOST} !^sriswamisivanada.org$
RewriteCond %{HTTP_HOST} ^webdisk\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://127.0.0.1:2078/$1 [P]
UseCanonicalName Off
/VirtualHost
Include /usr/local/apache/conf/includes/post_virtualhost_global.conf
Include /usr/local/apache/conf/includes/post_virtualhost_2.conf
# DO NOT EDIT. AUTOMATICALLY GENERATED. IF YOU NEED TO MAKE A CHANGE PLEASE
USE THE INCLUDE FILES.
--
[ ]'s
Filipe Cifali Stangler
Re: [users@httpd] Re: YOU BROKE MY CODE!
Then why did you upgraded w/o testing? The docs say things changed and you should change the config files to use. You can still downgrade too. On Wed, May 21, 2014 at 5:44 AM, Andy Canfield andycanfi...@yandex.comwrote: I had a file 'apache.conf'' which ran fine under Apache 2.2. But on some machines we now find Apache 2.4 and it is not upward compatible. Note that MS-DOS 1.0 will still run on a brand new Intel chip: that's upward compatibility. Today I have two config files, apache2.2.conf and apache2.4.conf. I hope I can use a symbolic link on each server to point to one or the other. On 05/17/2014 08:59 PM, Christophe JAILLET wrote: Le 17/05/2014 05:37, Andy Canfield a écrit : You broke my code! If something got broken, then something has changed. I imagine that you have upgraded your version of apache. Your are running 2.2.22. Which version of apache was used previously? CJ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org . - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] YOU BROKE MY CODE!
Use at your own risk. You probably haven't loaded mod authn on your config, check that. On Sat, May 17, 2014 at 12:37 AM, Andy Canfield andycanfi...@yandex.comwrote: Last week, if you went to http://www.andycanfield.com, you would see my web site. Today, if you go there, you will see Internal Server Error. Apache broke it. We had four sites on that computer: [1] http://210.213.49.151/ took you to /var/www/index.html [2] http://www.andycanfield.com took you to my personal web site [3] http://210.213.49.151/fasemat took you to FASEMAT [4] http://210.213.49.151/opal took you to OPAL Number 1, 3, and 4 are still working, but number 2 gives Internal Server Error. Here is the entry in sites-enabled: -- NameVirtualHost *:80 VirtualHost *:80 ServerName www.andycanfield.com ServerAlias andycanfield.com *.andycanfield.com DocumentRoot /www/andycanfield/Site /VirtualHost Directory /www/andycanfield/Site AuthType None Require all granted Options FollowSymLinks /Directory -- That was essentially copied from your documentation (http://httpd.apache.org/docs/2.2/mod/core.html#virtualhost). It used to read VirtualHost www.andycanfield.com:80 but that is now not recommended. /var/log/apache2/error.log shows this: -- [Sat May 17 10:33:12 2014] [crit] [client 49.49.233.112] configuration error: couldn't check user. Check your authn provider!: / [Sat May 17 10:33:12 2014] [crit] [client 49.49.233.112] configuration error: couldn't check user. Check your authn provider!: /favicon.ico [Sat May 17 10:33:13 2014] [crit] [client 49.49.233.112] configuration error: couldn't check user. Check your authn provider!: /favicon.ico -- What is 'favicon.ico. I don't have one anywhere. And I explicitly told you that, for this directory, don't check the user; let everyone in. How do we get apache 2.2 to route a request to one of several virtual computers based on what name is used to access the server, and to let EVERYONE in to that virtual computer? You broke my code! -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Re: !!! Urgently need apache 2.4.3 source code Urgent due to heartbleed bug]
http://httpd.apache.org/download.cgi ? On Thu, Apr 10, 2014 at 12:42 PM, Sachin Goyal gosac...@gmail.com wrote: Where can I find apache 2.4.3 source code to download? I have apache 2.4.3 binaries running in production server but i don't that source code. Now I need to rebuild apache 2.4.3 with latest version of openssl 1.0.1 g so I am urgent need of apache2.4.3 source code. Can someone guide me ? Thanks Sachin -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Apache 2.4 - non adoption reasons??
I think it's good, but most of my clients already had their share of pain from Apache 2.0.x to 2.2.x. On Thu, Apr 10, 2014 at 2:43 PM, Joey J j...@buymro.net wrote: Apache 2.4 has had a stable release out for over 2 years but is only used by 2.5% of active Apache sites. Why is the adoption so low?? The Apache foundation has been recommending upgrading to 2.4 for some time and looking at the improvements I see significant value in several. I don't see any reason why anybody wouldn't want to use it but the community seems to think it's bad. What am I missing?? Current market share: http://w3techs.com/technologies/details/ws-apache/2.4/all -Joey J - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Apache 2.4 - non adoption reasons??
Well, most of the mods were just easily hackable, the major pain is to tell the users to update .htaccess and more stuff, my new servers push users to 2.4.x, but old users have priority to keep using as it always was. On Thu, Apr 10, 2014 at 2:56 PM, Nick Tkach ntk...@gmail.com wrote: Among other things I'm sure many are using modules that just plain won't build/run for 2.4.x. For example, I know at a place I worked a few years ago they were using a module that an app server depended on which would not build for anything beyond Apache 2.2 (we tried, believe me). On Thu, Apr 10, 2014 at 12:48 PM, Filipe Cifali cifali.fil...@gmail.com wrote: I think it's good, but most of my clients already had their share of pain from Apache 2.0.x to 2.2.x. On Thu, Apr 10, 2014 at 2:43 PM, Joey J j...@buymro.net wrote: Apache 2.4 has had a stable release out for over 2 years but is only used by 2.5% of active Apache sites. Why is the adoption so low?? The Apache foundation has been recommending upgrading to 2.4 for some time and looking at the improvements I see significant value in several. I don't see any reason why anybody wouldn't want to use it but the community seems to think it's bad. What am I missing?? Current market share: http://w3techs.com/technologies/details/ws-apache/2.4/all -Joey J - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- [ ]'s Filipe Cifali Stangler - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- [ ]'s Filipe Cifali Stangler
Re: [users@httpd] Apache server returned a lots Continuation or non-HTTP traffic packages instead of full package
What happened? Timeout? Broken file? Dropped streaming? Em sexta-feira, 27 de julho de 2012, Rainer Jung escreveu: On 27.07.2012 08:11, shuoshi chen wrote: Hi, all I recently use apache server to provide mp3 stream for playing. The content type is specified as audio/mpeg, and everything is ok when I use a test server( Apache/2.2.22 (Unix)), it returned an HTTP/1.1 200 (audio/mpeg) package. But when I put my code to a VPS server, I can't get a full package as normal. The VPS server returned a lots Continuation or non-HTTP traffic packages. Is it because of some wrong configuration in httpd.conf? What is a VPS server? How is the production VPS server related to your test Apache server? I guess you need to give more details ... Regards, Rainer --**--**- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- []'s Filipe Cifali Stangler
Re: [users@httpd] Apache server returned a lots Continuation or non-HTTP traffic packages instead of full package
Vps=virtual private server... Em sexta-feira, 27 de julho de 2012, Rainer Jung escreveu: On 27.07.2012 08:11, shuoshi chen wrote: Hi, all I recently use apache server to provide mp3 stream for playing. The content type is specified as audio/mpeg, and everything is ok when I use a test server( Apache/2.2.22 (Unix)), it returned an HTTP/1.1 200 (audio/mpeg) package. But when I put my code to a VPS server, I can't get a full package as normal. The VPS server returned a lots Continuation or non-HTTP traffic packages. Is it because of some wrong configuration in httpd.conf? What is a VPS server? How is the production VPS server related to your test Apache server? I guess you need to give more details ... Regards, Rainer --**--**- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- []'s Filipe Cifali Stangler
Re: [users@httpd] How to serve https only? Is this correct?
If you want no traffic, don't listen. Block on firewall w/ tcp-reject and don't use Apache to listen to http. A more friendly way is to redirect VIA firewall all --dport 80 to --dport 443. 2012/7/12 Tom Browder tom.brow...@gmail.com On Thu, Jul 12, 2012 at 9:08 AM, Mark Montague m...@catseye.org wrote: On July 12, 2012 8:02 , Tom Browder tom.brow...@gmail.com wrote: On Thu, Jul 12, 2012 at 6:37 AM, Nick Kewn...@webthing.com wrote: On 12 Jul 2012, at 12:02, Tom Browder wrote: I want to have NO http traffic on my site. Is this the correct way to... ... Nick's answer is the correct and literal answer. The single solution for HTTPS only that you are looking for is: - Delete any Listen directive for port 80 and also - Delete any VirtualHost stanza for port 80 (for example, your VirtualHost *:80 stanza. ... The configuration you posted in your original message will accept HTTP traffic and redirect all of it to the HTTPS virtual host. This is the standard and user friendly solution that most sites which want to secure all of their pages implement, but note that the initial redirects all occur over HTTP and so you are still accepting some small amount of HTTP traffic. The reasons you want to have no HTTP traffic on your site are important to consider in order to choose the best overall solution: If port 80 is blocked at your firewall, or if you are concerned about people taking advantage of some theoretical (and unlikely) security hole in Apache HTTP Server that is exploitable over HTTP but not over HTTPS, then you'd want the solution Nick presented. Thanks for the reply, Mark. I like the friendly approach, but I made the statement. I want to have NO http traffic on my site, because I saw in a post from a Mozilla Persona site a reference to another link that there is a possibility of a man-in-the-middle attack using it. Best regards, -Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- []'s Filipe Cifali Stangler
Re: [users@httpd] Software Load Balancers | mod_proxy_balancer and Varnish
You have to use mod_proxy_balancer + Varnish? HA + Ldirectord + Memcached + Apache can do everything you want there and a little more. The HA solution have several possible setups that, combined with DNS Failover can make your setup almost perfect. 2012/6/21 Anurag Kapur anuragka...@gmail.com Hi, Apologies in advance for a fairly high level question which may not be the norm of this users group. I am trying to understand options and eventually choose a software load balancer for a project I am working on. I am specifically interested in the capabilities of two options - Apache HTTPD mod_proxy_balancer and Varnish ( https://www.varnish-cache.org/trac/wiki/LoadBalancing) from the following perspectives: 1. Feature set supported like - session stickyness, failover from one node to another in the load balancer farm etc 2. Performance/throughput 3. Stability of the solution 4. Ease of use or time required to setup for typical http(s) load balancing use cases I did try googling for information for a couple of hours but was not successful in finding a good comparison. So I am looking at your experience to get some pointers. Any help would be highly appreciated. Kind Regards Anurag -- []'s Filipe Cifali Stangler
Re: [users@httpd] apache2 -S -- More info ?
How is your setup? A normal small VPS won't be degrated with a grep only. OS / Hardware / Command 2012/6/5 Roland Roland r_o_l_a_...@hotmail.com Dear all, I have access to a server that serves more than 100 Virtual host. sometimes i'm in need to find the specific conf file for let's say a site that's x.y.domain.net if i grep -ri x.y.domain.net ./ # it's going to take forever and degrade the server performance as there's lots of small size under that dir. So is there an apache command that shows the sites being served as well as their aliases? I know it's a newbie question so bear with me.. Thanks, --Roland --**--**- To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.orgusers-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- []'s Filipe Cifali Stangler
