[EMAIL PROTECTED] Nginx proxy server
Hi,guys. I'd like to use nginx to instead apache proxy,I configured the apache like this below,but how can I configure nginx like apache. ProxyRequests On Proxy * Order deny,allow Deny from all /Proxy -- View this message in context: http://www.nabble.com/Nginx-proxy-server-tf3546185.html#a9899415 Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] How to protect awstats page
Hi, I have this awstats in: http://www.telbit.pt/awstats/awstats.pl?config=www.telbit.pt I want to protect it with a login and password. awstats.pl is located outside Apache's DocumentRoot in /usr/local/awstats/wwwroot/cgi-bin I put there a .htaccess file with the following contents: AuthUserFile /usr/local/awstats/wwwroot/cgi-bin/.htpasswd AuthName stats AuthType Basic require valid-user but it doesn't work, the page is unprotected. Also i've tried to put put the .htaccess file in /usr/local/awstats/ but no good either. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] strange behaviour of Readme postamble
Hi. I'm experiencing some strange behaviour with the Header/Readme pre/postamble directives on our Apache 2.2.X server. One of our users was complaining that he had placed two totally text README files in two separate directories on our server. When he visited the first directory in his web browser, he saw the directory contents followed by his README file. However, when he visited the second directory, the contents of the README file was not displayed. File/directory permission was not an issue. When I looked into the problem, I found that if a README (or HEADER) file contains html, it works great. However, if the file is plain text and does not include the word the that the file would not be displayed. For example, if I create a README file containing only the word the, the file is displayed when I visit the directory. However, if I remove any one letters from the, the file is not displayed. This seems really really weird, and I'm probably missing something very silly here. It looks like this is handled by the emit_tail function which should display anything text/*. The question is, how do I determine what the web server considers the content as? Anyone have any experience with this weird behaviour? Jas. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] SSL name based virtualhosts -- no, not the normal question!
Hi everyone,
I'm having issues with getting SSL and virtualhosts working with Apache.
Now, before you point me at the FAQ, it's not the obvious question. What I'm
trying to do is get multiple HTTPS hosts working on the same IP -- but using
a wildcard SSL certificate.
My config is doing using mod_perl configuration, and I've copied it below.
Essentially, the idea is that I have a directory tree that looks like
/srv/www/ip/domain-name/[content|secure_content]/subdomain/ . That
way, I can just make a new directory/subdomain/etc., reload the apache
config, and it's all done and listening for me. And, since you can only have
one SSL cert per IP, I just have /srv/www/ip/server.crt and server.key --
and that's the certificate used for that IP (so any HTTPS vhost created for
that IP will use that certificate). You may think that's a bit weird, but
there's a few circumstances that I want to use that - for example, wildcard
certificates I can have many vhosts per IP (within the same domain), and
also other times when I don't care if it cert mismatches, I just want an SSL
connection.
Anyway, the HTTP stuff is working great, and the config *appears* to check
out OK:
[ [EMAIL PROTECTED]:~ ] # apache2 -S
VirtualHost configuration:
1.2.3.4:80 is a NameVirtualHost
default server www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:5)
port 80 namevhost www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:5)
port 80 namevhost sallaway.org (mod_perl:121)
port 80 namevhost www.sallaway.org (mod_perl:177)
1.2.3.4:443is a NameVirtualHost
default server www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:8)
port 443 namevhost www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:8)
port 443 namevhost sallaway.org (mod_perl:1)
port 443 namevhost www.sallaway.org (mod_perl:78)
Syntax OK
and when I try to reload the config file, it warns about SSL conflicts,
which I can live with (error.log):
[warn] Init: SSL server IP/port conflict: bob.sallaway.org:443 (mod_perl:12)
vs. www.sallaway.org:443 (mod_perl:78)
[warn] Init: SSL server IP/port conflict: sallaway.org:443 (mod_perl:1) vs.
www.sallaway.org:443 (mod_perl:78)
[warn] Init: You should not use name-based virtual hosts in conjunction with
SSL!!
I was sort of hoping hmmm, they're just warnings, maybe it will be OK, but
it appears not -- when I load the page, it gives me a Connection
Interrupted or Action Cancelled (pick your browser) and I get this in the
error.log:
[error] [client 192.168.0.4] Invalid method in request \x80L\x01\x03
Does anyone have any ideas what I can do to fix it at all, or why it's
happening? Or, if nothing else, how I can diagnose it further? :-)
Thanks for your help.
Cheers,
Michael
Server version: Apache/2.2.3
Server built: Mar 27 2007 15:06:55
relevant apache config:
NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.4:443
VirtualHost 1.2.3.4:80
ServerName www.non.existant.host.com
/VirtualHost
VirtualHost 1.2.3.4:443
ServerName www.non.existant.host.com
/VirtualHost
Perl
my $www_path = /srv/www;
my @ip_array;
my $ip_number;
my @subdomain_array;
my $subdomain_name;
my $subdomain_address;
my $domain_name;
for $ip ($www_path/*) {
@ip_array = split /\//, $ip;
$ip_number = $ip_array[-1];
for $domain ($ip/*) {
for $http_subdomain ($domain/content/*) {
@subdomain_array = split /\//, $http_subdomain;
$subdomain_name = $subdomain_array[-1];
$subdomain_address = $subdomain_name . .;
$domain_name = $subdomain_array[-3];
$subdomain_address = if $subdomain_name eq _;
push @{ $VirtualHost{$ip_number:80} },
{
ServerName = ${subdomain_address}${domain_name},
DocumentRoot = ${domain}/content/${subdomain_name},
ServerSignature = On,
ErrorLog = $domain/logs/error.log,
CustomLog = [$domain/logs/access.log, virtual],
LogLevel = warn,
};
};
next if ! -e $ip/server.crt;
next if ! -e $ip/server.key;
for $https_subdomain ($domain/secure_content/*) {
@subdomain_array = split /\//, $https_subdomain;
$subdomain_name = $subdomain_array[-1];
$subdomain_address = $subdomain_name . .;
$domain_name = $subdomain_array[-3];
$subdomain_address = if $subdomain_name eq _;
push @{ $VirtualHost{$ip_number:443} },
{
ServerName = ${subdomain_address}${domain_name},
DocumentRoot = ${domain}/secure_content/${subdomain_name},
ServerSignature = On,
ErrorLog = $domain/logs/error.log,
CustomLog = [$domain/logs/access.log, virtual],
LogLevel = warn,
SSLEngine = on,
SSLCertificateFile = $ip/server.crt,
SSLCertificateKeyFile = $ip/server.key,
};
};
};
};
/Perl
Re: [EMAIL PROTECTED] ECDSA Certificate use in mod_ssl
On Apr 8, 2007, at 7:47 PM, Takurou Saitou wrote: $ ./openssl ciphers -v ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 -- -- A version of OpenSSL using is 0.9.8e. See, that's strange. Without a thorough look at the actual code, I don't know which call we make to get the list of CipherSuites from OpenSSL. However, I wouldn't be surprised if we (Apache) would not pick up a cipher that was not in the list. If this is the case, the fact that your cipher is not in the list is a bug in OpenSSL and should be brought to their attention. The following error occurred when I was going to use a certificate of ECDSA in mod_ssl of Apache2.2.4 for trial. What is the value of your SSLCipherSuite directive in your configuration file? I appoint 'ECDHE-ECDSA-AES256-SHA' in 'SSLCipherSuite' directive experimentally. The error that I showed by a previous email is given right after I execute 'httpd -k start'. Therefore I think that it is a previous problem with CipherSuite of ECDSA. Could you make sure that your Apache is linked against a library that supports the cipher, for instance on unix systems you could run ldd /path/to/your/apache/bin/httpd and look at the entries for libcrypto.so.(...) and libssl.so.(...), and make sure they resolve to the right OpenSSL installation if you have more than one on your machine. How did you generate this certificate? If you could paste me the command sequence you used to generate the key and certificate, I can do some experimentation and see if I can reproduce your issue. Also, are you able to print the certificate using openssl x509 -in yourcert.file -noout -text ? S. -- [EMAIL PROTECTED]http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] strange behaviour of Readme postamble
On 4/9/07, Jason Keltz [EMAIL PROTECTED] wrote: Hi. I'm experiencing some strange behaviour with the Header/Readme pre/postamble directives on our Apache 2.2.X server. One of our users was complaining that he had placed two totally text README files in two separate directories on our server. When he visited the first directory in his web browser, he saw the directory contents followed by his README file. However, when he visited the second directory, the contents of the README file was not displayed. File/directory permission was not an issue. When I looked into the problem, I found that if a README (or HEADER) file contains html, it works great. However, if the file is plain text and does not include the word the that the file would not be displayed. For example, if I create a README file containing only the word the, the file is displayed when I visit the directory. However, if I remove any one letters from the, the file is not displayed. This seems really really weird, and I'm probably missing something very silly here. It looks like this is handled by the emit_tail function which should display anything text/*. The question is, how do I determine what the web server considers the content as? Anyone have any experience with this weird behaviour? Sounds like mod_mime_magic might be getting in the way. To see what content-type apache is seeing, simply request the README file directly (ie http://yoursite.example.com/dir/README) and examine the Content-Type http response header. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] strange behaviour of Readme postamble
On 04/09/07 12:56, Joshua Slive wrote: On 4/9/07, Jason Keltz [EMAIL PROTECTED] wrote: Hi. I'm experiencing some strange behaviour with the Header/Readme pre/postamble directives on our Apache 2.2.X server. One of our users was complaining that he had placed two totally text README files in two separate directories on our server. When he visited the first directory in his web browser, he saw the directory contents followed by his README file. However, when he visited the second directory, the contents of the README file was not displayed. File/directory permission was not an issue. When I looked into the problem, I found that if a README (or HEADER) file contains html, it works great. However, if the file is plain text and does not include the word the that the file would not be displayed. For example, if I create a README file containing only the word the, the file is displayed when I visit the directory. However, if I remove any one letters from the, the file is not displayed. This seems really really weird, and I'm probably missing something very silly here. It looks like this is handled by the emit_tail function which should display anything text/*. The question is, how do I determine what the web server considers the content as? Anyone have any experience with this weird behaviour? Sounds like mod_mime_magic might be getting in the way. To see what content-type apache is seeing, simply request the README file directly (ie http://yoursite.example.com/dir/README) and examine the Content-Type http response header. Hi. The web browser says that Content type is text/plain whether I have the in the file or not! Jason. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] How to protect awstats page
On Apr 9, 2007, at 4:38 AM, Mário Gamito wrote: awstats.pl is located outside Apache's DocumentRoot in /usr/local/awstats/wwwroot/cgi-bin I put there a .htaccess file with the following contents: AuthUserFile /usr/local/awstats/wwwroot/cgi-bin/.htpasswd AuthName stats AuthType Basic require valid-user but it doesn't work, the page is unprotected. You'll need to have AllowOverride set to (at least) AuthConfig for the directory. For instance, the default configuration file has a Directory / Options FollowSymLinks AllowOverride None /Directory Change that AllowOverride None to AllowOverride AuthConfig, and you're good. Alternatively, you can put the configuration language in a Directory block in your httpd.conf, which takes away the need for .htaccess altogether. S. -- [EMAIL PROTECTED]http://www.temme.net/sander/ Open Source Software Consultant PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF ApacheCon 2007 Europe, May 1-4 in Amsterdam http://www.eu.apachecon.com/ smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] strange behaviour of Readme postamble
On 04/09/07 13:19, Jason Keltz wrote: On 04/09/07 12:56, Joshua Slive wrote: On 4/9/07, Jason Keltz [EMAIL PROTECTED] wrote: Hi. I'm experiencing some strange behaviour with the Header/Readme pre/postamble directives on our Apache 2.2.X server. One of our users was complaining that he had placed two totally text README files in two separate directories on our server. When he visited the first directory in his web browser, he saw the directory contents followed by his README file. However, when he visited the second directory, the contents of the README file was not displayed. File/directory permission was not an issue. When I looked into the problem, I found that if a README (or HEADER) file contains html, it works great. However, if the file is plain text and does not include the word the that the file would not be displayed. For example, if I create a README file containing only the word the, the file is displayed when I visit the directory. However, if I remove any one letters from the, the file is not displayed. This seems really really weird, and I'm probably missing something very silly here. It looks like this is handled by the emit_tail function which should display anything text/*. The question is, how do I determine what the web server considers the content as? Anyone have any experience with this weird behaviour? Sounds like mod_mime_magic might be getting in the way. To see what content-type apache is seeing, simply request the README file directly (ie http://yoursite.example.com/dir/README) and examine the Content-Type http response header. Hi. The web browser says that Content type is text/plain whether I have the in the file or not! As it happens, mod_mime_magic code maps The and the to L_ENG. There's a table that says English text - text/plain. As a result, if you don't have the word the in the file, and the file is not html, there doesn't seem to be anything else that would distinguish this file as text/plain. There *is* a DefaultType directive which is by default set to text/plain, and this does indeed work since the web browser gets served the file as text/plain when called directly, but this looks like it is done after mod_mime_magic has returned a declined status and hence has not displayed the file. It seems like an underlying bug. Jason. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL name based virtualhosts -- no, not the normal question!
Michael wrote: I was sort of hoping hmmm, they're just warnings, maybe it will be OK, but it appears not -- when I load the page, it gives me a Connection Interrupted or Action Cancelled (pick your browser) and I get this in the error.log: [error] [client 192.168.0.4] Invalid method in request \x80L\x01\x03 That's an SSL/TLS HELO packet, being parsed as raw text. Does anyone have any ideas what I can do to fix it at all, or why it's happening? Or, if nothing else, how I can diagnose it further? :-) Your first named virtual host will be used for the duration of the connection handshake (because there is no named host yet during the connection). Make sure your first named (default) host has the certs and SSL On. Move those bogus entries to the bottom, see if that solves things. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] What controls which directories httpd can serve from?
I'm running CentOS with Apache httpd V2.0.52-28 and php V4.3.9-3.22.3. This may possibly be a PHP question, but I can't be sure. If I've got the wrong forum, I apologize in advance. On my web server, the document root is configured as /var/www/html. I don't have any problem serving documents from there. There are also a number of subdirectories like admin, panel, recordings, etc. These subdirectories contain some php scripts and other files. I am testing some php sample applications. I created a subdirectory called samples and moved the php files into ./samples to keep the document root tidy. Once I did, the sample application stopped working because httpd prohibits access. The application is /var/www/html/samples/directory.php When I run the app, here's what I see in /var/log/httpd/error_log: [error] [client 192.168.168.41] (13)Permission denied: access to /samples/directory.php denied. If I move the file back to /var/www/html, it runs just fine. I originally thought that it might have something to do with permissions, but I've pretty much proven that's not the issue. I also made sure that the file and it's subdirectory were owned by the user running httpd and it made no difference. I also thought that it might have something to do with httpd.conf. Grep'ing httpd.conf doesn't show any entries for the other PHP applications that work correctlty in ./admin, ./panel, etc. So I don't think that it either. Is there something that limits what directories httpd will serve or where PHP applications can reside? Thanks! Ken - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] What controls which directories httpd can serve from?
On 4/9/07, Ken Morley [EMAIL PROTECTED] wrote: When I run the app, here's what I see in /var/log/httpd/error_log: [error] [client 192.168.168.41] (13)Permission denied: access to /samples/directory.php denied. If I move the file back to /var/www/html, it runs just fine. I originally thought that it might have something to do with permissions, but I've pretty much proven that's not the issue. I also made sure that the file and it's subdirectory were owned by the user running httpd and it made no difference. This error log message occurs only when apache does not have the unix permissions necessary to access the file in the filesystem. Check the permissions of the samples directory to make sure it is searchable (chmod +x). Also check to see if you are using anything fancy like symlinks or SELinux. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] strange behaviour of Readme postamble
On 4/9/07, Jason Keltz [EMAIL PROTECTED] wrote: As it happens, mod_mime_magic code maps The and the to L_ENG. There's a table that says English text - text/plain. As a result, if you don't have the word the in the file, and the file is not html, there doesn't seem to be anything else that would distinguish this file as text/plain. There *is* a DefaultType directive which is by default set to text/plain, and this does indeed work since the web browser gets served the file as text/plain when called directly, but this looks like it is done after mod_mime_magic has returned a declined status and hence has not displayed the file. It seems like an underlying bug. The easiest thing to do is simply rename README to README.txt. Otherwise, you can use Files README ForceType text/plain /Files Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] SSL name based virtualhosts -- no, not the normal question!
Your first named virtual host will be used for the duration of the connection handshake (because there is no named host yet during the connection). Make sure your first named (default) host has the certs and SSL On. Move those bogus entries to the bottom, see if that solves things. Oh, of course! *smacks head* Yep, that seems to have fixed it. That was so obvious, yet it eluded me. Thanks! :-) Cheers, Michael - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
