Re: [users@httpd] Install and Configure Apache on Windows Server

[Marat Khalili]

Hello Robert,

There seems some misunderstanding here. Apache does not generate certificates, 
nor there's "import" process - you just put files wherever you want and specify 
their location in configuration. Minimal Apache configuration of site with SSL 
is less than dozen lines, nothing difficult.

Generating necessary certificate files is indeed more involved, but it has 
nothing to do with Apache. Ask your CA for help, they should have clear 
instructions on what to do (or use different CA). Usually it means running some 
commands in OpenSSL. You can use any working installation of OpenSSL, not 
necessarily on your Windows PC with Apache.
-- 

С уважением,
Марат Халили (Российский Квантовый Центр)
+7 926 950 0804

On November 3, 2016 10:06:47 PM GMT+03:00, Robert Ramoutar 
 wrote:
>Hi Again,
>
>
>Thanks for the reply,
>
>
>I was able to download, install apache service and got IT WORKS when
>entering localhost:80 in my browser.
>
>
>I was reading the following page :
>
>
>Apache SSL/TLS Encryption
>http://httpd.apache.org/docs/2.4/ssl/
>
>But i'm still unable to configure.
>
>Can you say how to import certificates into apache and how to test the
>imported certificates to make sure they function.
>
>1. I have to generate a CSR request and key,
>2. Then after i get the files from the cert provider import it into
>apache
>
>Any ideas on how to complete the above two steps.
>
>Thanks again for your help,
>
>
>
>Regards,
>
>Robert Ramoutar.
>
>This email is intended for the intended recipient(s) and may contain
>confidential information.
>Reproduction, dissemination or distribution of this message is
>prohibited unless authorized by
>the sender. If you are not the intended recipient, please notify the
>sender immediately and you
>must not read, keep, use, disclose, copy or distribute this email
>without the sender's
> prior permission.
>
>
>
>
>From: Alexandru Duzsardi 
>Sent: Thursday, November 3, 2016 10:49 AM
>To: users@httpd.apache.org
>Subject: RE: [users@httpd] Install and Configure Apache on Windows
>Server
>
>
>Hi ,
>
>I think is a good starting point
>http://httpd.apache.org/docs/2.4/platform/windows.html
>
>Using Apache HTTP Server on Microsoft Windows - Apache
>...
>httpd.apache.org
>This document explains how to install, configure and run Apache 2.4
>under Microsoft Windows. If you have questions after reviewing the
>documentation (and any event ...
>
>
>
>It’s pretty straight forward , download the installer from one of those
>links http://httpd.apache.org/docs/2.4/platform/windows.html#down
>
>Install like any other software
>
>
>
>Install the windows serverice for apache
>http://httpd.apache.org/docs/2.4/platform/windows.html#winsvc , and set
>it to start automatically
>
>Anything else is pretty much the same on any platform
>http://httpd.apache.org/docs/2.4/ , just be careful with the PATH’s
>
>Apache HTTP Server Version 2.4
>Documentation
>httpd.apache.org
>Copyright 2016 The Apache Software Foundation. Licensed under the
>Apache License, Version 2.0. Modules | Directives | FAQ | Glossary |
>Sitemap
>
>
>
>
>
>
>
>
>
>
>
>From: Robert Ramoutar [mailto:robert_ramou...@hotmail.com]
>Sent: Thursday, November 3, 2016 4:42 PM
>To: users@httpd.apache.org
>Subject: [users@httpd] Install and Configure Apache on Windows Server
>
>
>
>
>
>Hello all,
>
>
>
>I have been tasked with Installing and Configuring Apache 2.4 on a
>windows server for the following purpose:
>
>
>
>1. Configure SSL through apache
>
>
>
>2. Apache Tomcat also installed on server to handle web request to a
>specific web application - MySQL db also on the same server.
>
>
>
>How does one go about installing and configuring SSL through apache 2.4
>on Windows Server 2012?
>
>
>
>I have read so many documents and so many questions on forums etc and
>is now more confused than before.
>
>Can someone please outline the steps require and if possible how to
>perform these steps for apache in Windows.
>
>
>
>Thanks.
>
>Regards,
>
>Robert Ramoutar.
>
>
>
>This email is intended for the intended recipient(s) and may contain
>confidential information.
>Reproduction, dissemination or distribution of this message is
>prohibited unless authorized by
>the sender. If you are not the intended recipient, please notify the
>sender immediately and you
>must not read, keep, use, disclose, copy or distribute this email
>without the sender's
> prior permission.
>
>
>
>
>
>
>
>From: users-h...@httpd.apache.org
>mailto:users-h...@httpd.apache.org>>
>Sent: Thursday, November 3, 2016 10:35 AM
>To: robert_ramou...@hotmail.com
>Subject: WELCOME to
>users@httpd.apache.org
>
>
>
>Hi! This is the ezmlm program. I'm managing the
>users@httpd.apache.org mailing list.
>
>PLEASE 

Re: [users@httpd] Re: Modules add by default

[Hemant Chaudhary]

I need to build on Nonstop Tandem, It stated on document that its Tandem
Support has been removed.

On Thu, Nov 3, 2016 at 6:42 PM, Eric Covener  wrote:

> On Thu, Nov 3, 2016 at 1:09 AM, Hemant Chaudhary
>  wrote:
> > Hi
> >
> > Please help me to know the default modules installed while porting
> > httpd-2.4.23.
>
> Why not run a build and look at the contents?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Question about configuring apache to use php via fpm

[Rose, John B]

You may also want to be aware of …

ProxyErrorOverride

In case you want to use Custom error pages from Apache when using php-fpm

From: Jason Brooks 
Reply-To: "users@httpd.apache.org" 
Date: Thursday, November 3, 2016 at 3:07 PM
To: "users@httpd.apache.org" 
Subject: Re: [users@httpd] Question about configuring apache to use php via fpm

This does help, thank you!

Jason Brooks

Systems Administrator

eROI

Performance is Art.




m:

505 nw couch #300

w:

eroi.com

t:

503.290.3105

f:

503.228.4249


fb:

fb.com/eROI






On Nov 3, 2016, at 11:30 AM, Luca Toscano 
mailto:toscano.l...@gmail.com>> wrote:

Hello Jason,




mod-proxy-fcgi is the only one actively supported and developed in the httpd 
project at the moment, it is definitely the best choice for the php-fpm use 
case (standalone daemon that does not need more than a proxy in front of it).

https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#examples contains 
also good references.

Hope that helps!

Luca

Re: [users@httpd] How does this configuration work?

[Jason Brooks]

Interesting…  I also notice that Apache has forked off a process called 
/usr/sbin/fcgi-pm.  But there is no such file… 

If I had to guess (educated, I hope), based on the fact that fastcgi.com 
doesn’t exist anymore, it appears mod_fastcgi is pretty much deprecated or end 
of life.  

does that seem reasonable?

Jason BrooksSystems Administrator
eROIPerformance is Art.
 
m:  505 nw couch #300   w:  eroi.com 
t:  503.290.3105f:  503.228.4249


fb: fb.com/eROI 








> On Nov 3, 2016, at 12:19 PM, Eric Covener  wrote:
> 
> ​Action+AddHandler tells Apache to send requests for *.php as a parameter to 
> another URL, /php7-fcgi​ 
> ​The Alias maps that to an imaginary place in the filesystem, because:
>   mod_fastcgi compares the ​mapped path to its list of 
> ​FastCgiExternalServers and sends the request to the app on the other end of 
> the socket

Re: [users@httpd] How does this configuration work?

[Eric Covener]

On Thu, Nov 3, 2016 at 3:06 PM, Jason Brooks  wrote:

> Hello,
>
> So, the need to make sense of this is not an issue: I will be using the
> mod_proxy_fcgi to use php-fpm.  I am just curious.
>
> While trying various configurations to get php-fpm to work, I found the
> following conundrum: the following configuration should NOT work but it
> does...
>
> Here is the apache configuration snippet derived from this site
>  
> dated
> last August.
> 
> Require all granted
>  
>  
> AddHandler php7-fcgi .php
> Action php7-fcgi /php7-fcgi virtual
> Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
>
> ​​
> FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket
> /var/run/php/php7.0-fpm.sock -pass-header Authorization
> 
>
> Here is the php-fpm www pool socket definition as configured
> out-of-the-box:
> listen = /run/php/php7.0-fpm.sock
>
> My test php script calls phpinfo() only.  It works.  It’s not clear how it
> works.
> Apache opens /var/run/php/php7.0-fpm.sock
> php-fpm opens /run/php/php7.0-fpm.sock
> removal of either file causes php not to work.
> When I point apache to the socket file php-fpm opens, it does not work.
>
> HOW?  How does apache manage to connect to php-fpm when the defined socket
> paths do not make sense?  As far as I know, the unix socket file is simply
> opened and read/written to: there’s no way to tell linux “connect both
> files to each other” from within a program...
>


​Action+AddHandler tells Apache to send requests for *.php as a parameter
to another URL, /php7-fcgi​

​The Alias maps that to an imaginary place in the filesystem, because:
  mod_fastcgi compares the ​mapped path to its list of
​
FastCgiExternalServers and sends the request to the app on the other end of
the socket

-- 
Eric Covener
cove...@gmail.com

Re: [users@httpd] How does this configuration work?

[Jason Brooks]

That was it!  Thanks!

Jason BrooksSystems Administrator
eROIPerformance is Art.
 
m:  505 nw couch #300   w:  eroi.com 
t:  503.290.3105f:  503.228.4249


fb: fb.com/eROI 








> On Nov 3, 2016, at 12:14 PM, Alexandru Duzsardi 
>  wrote:
> 
> Usually /var/run and /run are symlinks one of the other 
> so that makes /var/rum/php7.0-fpm.sock and /run/php7.0-fpm.sock the same unix 
> domain socket
>  

[users@httpd] Incoming request rate-limit

[Paul]

A couple of recent threads on "non-apache" mods, so ... recognizing that 
mode_evasive is also third party, is there any "pure-apache" way to 
rate-limit incoming requests by a specific IP.


mod_evasive has the capability of using e.g.:
# Allow up to 10 requests from the same IP per second:
DOSPageInterval 1
DOSPageCount 10

I have not yet found anything similar in the Apache2 docs, but hope that 
someone can point me in the right direction ;=) Or, conversely, has anyone 
got *production* experience with mod-evasive (seems to work on a test-box, 
but I cannot scale it...)


tnx -- paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] How does this configuration work?

[Alexandru Duzsardi]

Usually /var/run and /run are symlinks one of the other 

so that makes /var/rum/php7.0-fpm.sock and /run/php7.0-fpm.sock the same unix 
domain socket

 

From: Jason Brooks [mailto:jason.bro...@eroi.com] 
Sent: Thursday, November 3, 2016 9:07 PM
To: users@httpd.apache.org
Subject: [users@httpd] How does this configuration work?

 

Hello,

 

So, the need to make sense of this is not an issue: I will be using the 
mod_proxy_fcgi to use php-fpm.  I am just curious.

 

While trying various configurations to get php-fpm to work, I found the 
following conundrum: the following configuration should NOT work but it does...

 

Here is the apache configuration snippet derived from this site 
  
dated last August.

 

Require all granted 

  

  

AddHandler php7-fcgi .php 

Action php7-fcgi /php7-fcgi virtual 

Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi 

FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket 
/var/run/php/php7.0-fpm.sock -pass-header Authorization



 

Here is the php-fpm www pool socket definition as configured out-of-the-box:

listen = /run/php/php7.0-fpm.sock

 

My test php script calls phpinfo() only.  It works.  It’s not clear how it 
works.  

Apache opens /var/run/php/php7.0-fpm.sock

php-fpm opens /run/php/php7.0-fpm.sock

removal of either file causes php not to work.

When I point apache to the socket file php-fpm opens, it does not 
work.

 

HOW?  How does apache manage to connect to php-fpm when the defined socket 
paths do not make sense?  As far as I know, the unix socket file is simply 
opened and read/written to: there’s no way to tell linux “connect both files to 
each other” from within a program...

 

Thanks for your time!

 

 


Jason Brooks

Systems Administrator


eROI

Performance is Art.


 

 


m:

505 nw couch #300

w:

  eroi.com


t:

503.290.3105

f:

503.228.4249


fb:

  fb.com/eROI



 





 

Re: [users@httpd] Install and Configure Apache on Windows Server

[Robert Ramoutar]

Hi Again,


Thanks for the reply,


I was able to download, install apache service and got IT WORKS when entering 
localhost:80 in my browser.


I was reading the following page :


Apache SSL/TLS Encryption
http://httpd.apache.org/docs/2.4/ssl/

But i'm still unable to configure.

Can you say how to import certificates into apache and how to test the imported 
certificates to make sure they function.

1. I have to generate a CSR request and key,
2. Then after i get the files from the cert provider import it into apache

Any ideas on how to complete the above two steps.

Thanks again for your help,



Regards,

Robert Ramoutar.

This email is intended for the intended recipient(s) and may contain 
confidential information.
Reproduction, dissemination or distribution of this message is prohibited 
unless authorized by
 the sender. If you are not the intended recipient, please notify the sender 
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the 
sender's
 prior permission.




From: Alexandru Duzsardi 
Sent: Thursday, November 3, 2016 10:49 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Install and Configure Apache on Windows Server


Hi ,

I think is a good starting point 
http://httpd.apache.org/docs/2.4/platform/windows.html

Using Apache HTTP Server on Microsoft Windows - Apache 
...
httpd.apache.org
This document explains how to install, configure and run Apache 2.4 under 
Microsoft Windows. If you have questions after reviewing the documentation (and 
any event ...



It’s pretty straight forward , download the installer from one of those links 
http://httpd.apache.org/docs/2.4/platform/windows.html#down

Install like any other software



Install the windows serverice for apache 
http://httpd.apache.org/docs/2.4/platform/windows.html#winsvc , and set it to 
start automatically

Anything else is pretty much the same on any platform 
http://httpd.apache.org/docs/2.4/ , just be careful with the PATH’s

Apache HTTP Server Version 2.4 Documentation
httpd.apache.org
Copyright 2016 The Apache Software Foundation. Licensed under the Apache 
License, Version 2.0. Modules | Directives | FAQ | Glossary | Sitemap











From: Robert Ramoutar [mailto:robert_ramou...@hotmail.com]
Sent: Thursday, November 3, 2016 4:42 PM
To: users@httpd.apache.org
Subject: [users@httpd] Install and Configure Apache on Windows Server





Hello all,



I have been tasked with Installing and Configuring Apache 2.4 on a windows 
server for the following purpose:



1. Configure SSL through apache



2. Apache Tomcat also installed on server to handle web request to a specific 
web application - MySQL db also on the same server.



How does one go about installing and configuring SSL through apache 2.4 on 
Windows Server 2012?



I have read so many documents and so many questions on forums etc and is now 
more confused than before.

Can someone please outline the steps require and if possible how to perform 
these steps for apache in Windows.



Thanks.

Regards,

Robert Ramoutar.



This email is intended for the intended recipient(s) and may contain 
confidential information.
Reproduction, dissemination or distribution of this message is prohibited 
unless authorized by
 the sender. If you are not the intended recipient, please notify the sender 
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the 
sender's
 prior permission.







From: users-h...@httpd.apache.org 
mailto:users-h...@httpd.apache.org>>
Sent: Thursday, November 3, 2016 10:35 AM
To: robert_ramou...@hotmail.com
Subject: WELCOME to users@httpd.apache.org



Hi! This is the ezmlm program. I'm managing the
users@httpd.apache.org mailing list.

PLEASE READ!  This message contains information specific to
this mailing list, and is not your standard form-letter
subscription acknowledgement.

I have added the address

   robert_ramou...@hotmail.com

to the users mailing list.

Welcome to users@httpd.apache.org!

Please save this message so that you know the address you are
subscribed under, in case you later want to unsubscribe or change your
subscription address.

This mailing list is maintained by the Apache Software Foundation
as a forum in which users of the Apache HTTP server can ask each
other questions, pose problems, and discuss issues.  It is NOT,
repeat NOT, an official support medium of the Foundation.  Please
take a look at

http://httpd.apache.org/userslist.html

to see details about how this list is to be used.

Posting is only permitted by subscribed addresses as an anti-spam
measure.  The list 

Re: [users@httpd] Question about configuring apache to use php via fpm

[Jason Brooks]

This does help, thank you!

Jason BrooksSystems Administrator
eROIPerformance is Art.
 
m:  505 nw couch #300   w:  eroi.com 
t:  503.290.3105f:  503.228.4249


fb: fb.com/eROI 








> On Nov 3, 2016, at 11:30 AM, Luca Toscano  wrote:
> 
> Hello Jason,
> 
> 

> mod-proxy-fcgi is the only one actively supported and developed in the httpd 
> project at the moment, it is definitely the best choice for the php-fpm use 
> case (standalone daemon that does not need more than a proxy in front of it).
> 
> https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#examples 
>  contains 
> also good references.
> 
> Hope that helps!
> 
> Luca 

[users@httpd] How does this configuration work?

[Jason Brooks]

Hello,

So, the need to make sense of this is not an issue: I will be using the 
mod_proxy_fcgi to use php-fpm.  I am just curious.

While trying various configurations to get php-fpm to work, I found the 
following conundrum: the following configuration should NOT work but it does...

Here is the apache configuration snippet derived from this site 
 
dated last August.
 
Require all granted 
  
  
AddHandler php7-fcgi .php 
Action php7-fcgi /php7-fcgi virtual 
Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi 
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket 
/var/run/php/php7.0-fpm.sock -pass-header Authorization


Here is the php-fpm www pool socket definition as configured out-of-the-box:
listen = /run/php/php7.0-fpm.sock

My test php script calls phpinfo() only.  It works.  It’s not clear how it 
works.  
Apache opens /var/run/php/php7.0-fpm.sock
php-fpm opens /run/php/php7.0-fpm.sock
removal of either file causes php not to work.
When I point apache to the socket file php-fpm opens, it does not work.

HOW?  How does apache manage to connect to php-fpm when the defined socket 
paths do not make sense?  As far as I know, the unix socket file is simply 
opened and read/written to: there’s no way to tell linux “connect both files to 
each other” from within a program...

Thanks for your time!


Jason BrooksSystems Administrator
eROIPerformance is Art.
 
m:  505 nw couch #300   w:  eroi.com 
t:  503.290.3105f:  503.228.4249


fb: fb.com/eROI 

Re: [users@httpd] Question about configuring apache to use php via fpm

[Luca Toscano]

Hello Jason,

2016-11-03 19:05 GMT+01:00 Jason Brooks :

> Hello,
>
> There are several sites on configuring apache with php-fpm.  Many don’t
> work, some appear to be contradictory.
>
> Thus far, I found two configurations that work, but I am not sure which
> one is more correct.  By “more correct” I mean
>
> less convoluted
> less hidden issues
> less security problems
> better performing
> …
>
> This is on a ubuntu 16.04 LTS server, running apache 2.4.18, mpm-event,
> with php7.0-fpm installed.  I do NOT have mod_php installed.  For my test,
> I am just running the phpinfo() function call.
>
> Here are the configuration methods I have found to work:
> 
> 
> 1) using mod_alias, mod_fastcgi, and mod_actions:
> 
> Require all granted
>  
>  
> AddHandler php7-fcgi .php
> Action php7-fcgi /php7-fcgi virtual
> Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
> FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -host 127.0.0.1:9000
> -pass-header Authorization
> 
>
> This was found at https://www.howtoforge.com/tutorial/apache-with-php-fpm-
> on-ubuntu-16-04/ dated last August.
> it seems hacky: it needs a cgi-bin directory to be configured, but doesn’t
> actually put anything in a cgi-bin directory to execute...
>
> 
> 
> 2) using mod_proxy, and mod_proxy_fcgi
> ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://localhost:9000/var/www/html/$1"
> enablereuse=on
>
> This was found at https://wiki.apache.org/httpd/PHP-FPM dated last July.
> it seems more elegant, but I don’t know how speedy it might be.
>
>
mod-proxy-fcgi is the only one actively supported and developed in the
httpd project at the moment, it is definitely the best choice for the
php-fpm use case (standalone daemon that does not need more than a proxy in
front of it).

https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#examples contains
also good references.

Hope that helps!

Luca

[users@httpd] Question about configuring apache to use php via fpm

[Jason Brooks]

Hello,

There are several sites on configuring apache with php-fpm.  Many don’t work, 
some appear to be contradictory.  

Thus far, I found two configurations that work, but I am not sure which one is 
more correct.  By “more correct” I mean 

less convoluted
less hidden issues
less security problems
better performing
…

This is on a ubuntu 16.04 LTS server, running apache 2.4.18, mpm-event, with 
php7.0-fpm installed.  I do NOT have mod_php installed.  For my test, I am just 
running the phpinfo() function call.

Here are the configuration methods I have found to work:

1) using mod_alias, mod_fastcgi, and mod_actions:
 
Require all granted 
  
  
AddHandler php7-fcgi .php 
Action php7-fcgi /php7-fcgi virtual 
Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi 
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -host 
127.0.0.1:9000 -pass-header Authorization 


This was found at 
https://www.howtoforge.com/tutorial/apache-with-php-fpm-on-ubuntu-16-04/ 
 
dated last August.
it seems hacky: it needs a cgi-bin directory to be configured, but 
doesn’t actually put anything in a cgi-bin directory to execute...


2) using mod_proxy, and mod_proxy_fcgi
ProxyPassMatch ^/(.*\.php(/.*)?)$ 
"fcgi://localhost:9000/var/www/html/$1" enablereuse=on

This was found at https://wiki.apache.org/httpd/PHP-FPM 
 dated last July.
it seems more elegant, but I don’t know how speedy it might be.

Thank you for your time!

—jason



Jason BrooksSystems Administrator
eROIPerformance is Art.
 
m:  505 nw couch #300   w:  eroi.com 
t:  503.290.3105f:  503.228.4249


fb: fb.com/eROI 

RE: [users@httpd] Install and Configure Apache on Windows Server

[Alexandru Duzsardi]

Hi ,

I think is a good starting point
http://httpd.apache.org/docs/2.4/platform/windows.html

It's pretty straight forward , download the installer from one of those
links http://httpd.apache.org/docs/2.4/platform/windows.html#down

Install like any other software 

 

Install the windows serverice for apache
http://httpd.apache.org/docs/2.4/platform/windows.html#winsvc , and set it
to start automatically 

Anything else is pretty much the same on any platform
http://httpd.apache.org/docs/2.4/ , just be careful with the PATH's

 

 

 

 

From: Robert Ramoutar [mailto:robert_ramou...@hotmail.com] 
Sent: Thursday, November 3, 2016 4:42 PM
To: users@httpd.apache.org
Subject: [users@httpd] Install and Configure Apache on Windows Server

 

 

Hello all, 

 

I have been tasked with Installing and Configuring Apache 2.4 on a windows
server for the following purpose: 

 

1. Configure SSL through apache 

 

2. Apache Tomcat also installed on server to handle web request to a
specific web application - MySQL db also on the same server. 

 

How does one go about installing and configuring SSL through apache 2.4 on
Windows Server 2012?

 

I have read so many documents and so many questions on forums etc and is now
more confused than before. 

Can someone please outline the steps require and if possible how to perform
these steps for apache in Windows. 

 

Thanks.  


Regards,

Robert Ramoutar. 

 


This email is intended for the intended recipient(s) and may contain
confidential information. 
Reproduction, dissemination or distribution of this message is prohibited
unless authorized by
 the sender. If you are not the intended recipient, please notify the sender
immediately and you 
must not read, keep, use, disclose, copy or distribute this email without
the sender's
 prior permission. 

 


 

  _  

From: users-h...@httpd.apache.org 
mailto:users-h...@httpd.apache.org> >
Sent: Thursday, November 3, 2016 10:35 AM
To: robert_ramou...@hotmail.com  
Subject: WELCOME to users@httpd.apache.org   

 

Hi! This is the ezmlm program. I'm managing the
users@httpd.apache.org   mailing list.

PLEASE READ!  This message contains information specific to
this mailing list, and is not your standard form-letter
subscription acknowledgement.

I have added the address

   robert_ramou...@hotmail.com  

to the users mailing list.

Welcome to users@httpd.apache.org  !

Please save this message so that you know the address you are
subscribed under, in case you later want to unsubscribe or change your
subscription address.

This mailing list is maintained by the Apache Software Foundation
as a forum in which users of the Apache HTTP server can ask each
other questions, pose problems, and discuss issues.  It is NOT,
repeat NOT, an official support medium of the Foundation.  Please
take a look at

http://httpd.apache.org/userslist.html

to see details about how this list is to be used.

Posting is only permitted by subscribed addresses as an anti-spam
measure.  The list is moderated by volunteers from the Apache Software
Foundation; moderation will mostly be notable by its absence.
However, blatant abuse of the forum's purpose or the sensibilities
of the subscribers will not be tolerated.  Any actions taken
by the moderators is final, solely at their discretion, and not
subject to formal appeal.

So.. be excellent to each other, and party on!

--- Administrative commands for the users list ---

I can handle administrative requests automatically. Please
do not send them to the list address! Instead, send
your message to the correct command address:

To subscribe to the list, send a message to:
   

To remove your address from the list, send a message to:
   mailto:users-unsubscr...@httpd.apache.org> >

Send mail to the following for info and FAQ for this list:
   mailto:users-i...@httpd.apache.org> >
   mailto:users-...@httpd.apache.org> >

Similar addresses exist for the digest list:
   mailto:users-digest-subscr...@httpd.apache.org> >
   mailto:users-digest-unsubscr...@httpd.apache.org> >

To get messages 123 through 145 (a maximum of 100 per request), mail:
   mailto:users-get.123_...@httpd.apache.org> >

To get an index with subject and author for messages 123-456 , mail:
   mailto:users-index.123_...@httpd.apache.org> >

They are always returned as sets of 100, max 2000 per request,
so you'll actually get 100-499.

To receive all messages with the same subject as message 12345,
send a short message to:
   mailto:users-thread.12...@httpd.apache.org> >

The messages should contain one line or word of text to avoid being
treated as sp@m, but I will ignore their content.
Only the ADDRESS you send to is important.

You can start a subscription for an alternate address,
for example "john@host.domain 

[users@httpd] Install and Configure Apache on Windows Server

[Robert Ramoutar]

Hello all,


I have been tasked with Installing and Configuring Apache 2.4 on a windows 
server for the following purpose:


1. Configure SSL through apache


2. Apache Tomcat also installed on server to handle web request to a specific 
web application - MySQL db also on the same server.


How does one go about installing and configuring SSL through apache 2.4 on 
Windows Server 2012?


I have read so many documents and so many questions on forums etc and is now 
more confused than before.

Can someone please outline the steps require and if possible how to perform 
these steps for apache in Windows.


Thanks.

Regards,

Robert Ramoutar.

This email is intended for the intended recipient(s) and may contain 
confidential information.
Reproduction, dissemination or distribution of this message is prohibited 
unless authorized by
 the sender. If you are not the intended recipient, please notify the sender 
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the 
sender's
 prior permission.




From: users-h...@httpd.apache.org 
Sent: Thursday, November 3, 2016 10:35 AM
To: robert_ramou...@hotmail.com
Subject: WELCOME to users@httpd.apache.org

Hi! This is the ezmlm program. I'm managing the
users@httpd.apache.org mailing list.

PLEASE READ!  This message contains information specific to
this mailing list, and is not your standard form-letter
subscription acknowledgement.

I have added the address

   robert_ramou...@hotmail.com

to the users mailing list.

Welcome to users@httpd.apache.org!

Please save this message so that you know the address you are
subscribed under, in case you later want to unsubscribe or change your
subscription address.

This mailing list is maintained by the Apache Software Foundation
as a forum in which users of the Apache HTTP server can ask each
other questions, pose problems, and discuss issues.  It is NOT,
repeat NOT, an official support medium of the Foundation.  Please
take a look at

http://httpd.apache.org/userslist.html

to see details about how this list is to be used.

Posting is only permitted by subscribed addresses as an anti-spam
measure.  The list is moderated by volunteers from the Apache Software
Foundation; moderation will mostly be notable by its absence.
However, blatant abuse of the forum's purpose or the sensibilities
of the subscribers will not be tolerated.  Any actions taken
by the moderators is final, solely at their discretion, and not
subject to formal appeal.

So.. be excellent to each other, and party on!

--- Administrative commands for the users list ---

I can handle administrative requests automatically. Please
do not send them to the list address! Instead, send
your message to the correct command address:

To subscribe to the list, send a message to:
   

To remove your address from the list, send a message to:
   

Send mail to the following for info and FAQ for this list:
   
   

Similar addresses exist for the digest list:
   
   

To get messages 123 through 145 (a maximum of 100 per request), mail:
   

To get an index with subject and author for messages 123-456 , mail:
   

They are always returned as sets of 100, max 2000 per request,
so you'll actually get 100-499.

To receive all messages with the same subject as message 12345,
send a short message to:
   

The messages should contain one line or word of text to avoid being
treated as sp@m, but I will ignore their content.
Only the ADDRESS you send to is important.

You can start a subscription for an alternate address,
for example "john@host.domain", just add a hyphen and your
address (with '=' instead of '@') after the command word:


To stop subscription for this address, mail:


In both cases, I'll send a confirmation message to that address. When
you receive it, simply reply to it to complete your subscription.

If despite following these instructions, you do not get the
desired results, please contact my owner at
users-ow...@httpd.apache.org. Please be patient, my owner is a
lot slower than I am ;-)

--- Enclosed is a copy of the request I received.

Return-Path: 
Received: (qmail 22078 invoked by uid 99); 3 Nov 2016 14:35:43 -
Received: from pnap-us-west-generic-nat.apache.org (HELO 
spamd4-us-west.apache.org) (209.188.14.142)
by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Nov 2016 14:35:43 +
Received: from localhost (localhost [127.0.0.1])
by spamd4-us-west.apache.org (ASF Mail Server at 
spamd4-us-west.apache.org) with ESMTP id 93C13C12BA
for 
;
 Thu,  3 Nov 2016 14:35:42 + (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level:
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=6.31
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001,
RP_MATCHES_RCVD=-2.999, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
 

Re: [users@httpd] failing t/modules/filter.t

[Petr Gajdos]

On Wed, Oct 26, 2016 at 09:58:57AM +0200, Yann Ylavic wrote:
> On Tue, Oct 25, 2016 at 9:48 PM, Petr Gajdos  wrote:
> >
> > So if I understand correctly, content of mime.types is hardcoded.
> > Is there another chance than patching either TestConfig.pm or
> > extra.conf.in to contain application/xml .xml definition?
> 
> Don't you have a piece of conf that applies to your test and where you can 
> set:
>AddType application/xml .xml

Thank you, I guess problem resolved. 

I run testsuite on buildroot in two modes, with some sort of minimal
configuration file (given by -httpd_conf) and also manually for
debugging without -httpd_conf option at all, which seem to consult
/etc/apache2/httpd.conf to create t/conf/httpd.conf. Neither of them 
worked (for different reason from what I did not know until now) which
lead to confusion on my side.

If I get all correctly, in the first case the hardcoded mime.types I
have already mentioned is used. There is no xml assignment so no
wonder. In second case the testsuite detected /etc/apache2/mime.types
inclusion in /etc/apache2/httpd.conf and that file was included in
t/conf/httpd.conf.

But, /etc/apache2/mime.types contains:
application/xml  xml xsl
[..]
text/xml xml

According to my testing, the latter map shadowed the first one. When I
switched the order, the test worked.

Because of the hope, that the package I am just creating will be
installable and user will certainly use own mime.types, I would like
not to have a test depend on the order there. So I think that could
help me:
https://build.opensuse.org/package/view_file/Apache:Test/apache-test/apache-test-application-xml-type.patch

Petr


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Modules add by default

[Eric Covener]

On Thu, Nov 3, 2016 at 1:09 AM, Hemant Chaudhary
 wrote:
> Hi
>
> Please help me to know the default modules installed while porting
> httpd-2.4.23.

Why not run a build and look at the contents?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4 support removed for Tandem

[Jim Jagielski]

Official support for Apache httpd for a number of "old" platforms
has been removed, but it is likely that it builds and runs
anyway, depending on how Posix-like the platform is.

> On Nov 3, 2016, at 1:28 AM, Hemant Chaudhary  
> wrote:
> 
> Hi
> 
> I am planning to build Apache 2.4.23 on Nonstop, but I get in Apache document 
> that platform support for apache on Tandem has been removed. 
> What is the reason for removal of Tandem support ? Can still I build apache 
> on Tandem or Nonstop.
> 
> Regards
> Hemant


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Whitelisting in mod_evasive

[Matthew Jones]

On 02/11/2016, 08:42, "Luca Toscano" 
mailto:toscano.l...@gmail.com>> wrote:

as side note mod_evasive is a third party module not included in the httpd 
official release, so we can try to help but it would be better to follow up 
with the module's author (even though if I remember correctly the project is 
not active at the moment).

OK, many thanks for helping nonetheless

Does the module correctly whitelist the other IPs? Can you try something like:

DOSWhitelist 10.*.*.*
DOSWhitelist 172.22.*.*
...
...

OK, so far that seems to be working: not seeing IPs in either of the above 
ranges being blacklisted. Many thanks!

—
Matt Jones

University of Huddersfield inspiring tomorrow's professionals.
[http://marketing.hud.ac.uk/_HOSTED/EmailSig2014/EmailSigFooter.jpg]

This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.

[users@httpd] Fwd: Question

[Abdullah AbuHijleh]

Kind reminder
-- Forwarded message --
From: "Abdullah AbuHijleh" 
Date: Nov 2, 2016 00:46
Subject: Question
To: 
Cc:

We need to configure Apache HTTP Server Version 2.4 to work with Kerberos
SSO ?

Please help

RE: [users@httpd] apache 2.2 - mod_authnz_ldap with SSL/TLS in chrootdir

[Alexandru Duzsardi]

I think this might be a bug , i’ve also tested , even copied almost all the 
system files in the chrootdir but dint’ change anything.

TLS or SSL doesn’t work  but LDAP unencrypted does.

 

 

 

[Thu Nov 03 12:10:11.362994 2016] [core:trace3] [pid 3652] request.c(119): 
[client 10.0.1.110:58424] auth phase 'check user' gave status 401: /

[Thu Nov 03 12:10:11.363030 2016] [http:trace3] [pid 3652] 
http_filters.c(1006): [client 10.0.1.110:58424] Response sent with status 401, 
headers:

[Thu Nov 03 12:10:11.363035 2016] [http:trace5] [pid 3652] 
http_filters.c(1013): [client 10.0.1.110:58424]   Date: Thu, 03 Nov 2016 
10:10:11 GMT

[Thu Nov 03 12:10:11.363038 2016] [http:trace5] [pid 3652] 
http_filters.c(1016): [client 10.0.1.110:58424]   Server: Apache/2.4.18 (Ubuntu)

[Thu Nov 03 12:10:11.363042 2016] [http:trace4] [pid 3652] http_filters.c(835): 
[client 10.0.1.110:58424]   WWW-Authenticate: Basic realm=\\"Restricted Zone\\"

[Thu Nov 03 12:10:11.363046 2016] [http:trace4] [pid 3652] http_filters.c(835): 
[client 10.0.1.110:58424]   Content-Length: 456

[Thu Nov 03 12:10:11.363049 2016] [http:trace4] [pid 3652] http_filters.c(835): 
[client 10.0.1.110:58424]   Keep-Alive: timeout=5, max=100

[Thu Nov 03 12:10:11.363052 2016] [http:trace4] [pid 3652] http_filters.c(835): 
[client 10.0.1.110:58424]   Connection: Keep-Alive

[Thu Nov 03 12:10:11.363055 2016] [http:trace4] [pid 3652] http_filters.c(835): 
[client 10.0.1.110:58424]   Content-Type: text/html; charset=iso-8859-1

[Thu Nov 03 12:10:11.363150 2016] [core:trace6] [pid 3652] core_filters.c(525): 
[client 10.0.1.110:58424] core_output_filter: flushing because of FLUSH bucket

[Thu Nov 03 12:10:16.368440 2016] [core:trace6] [pid 3652] core_filters.c(525): 
[client 10.0.1.110:58424] core_output_filter: flushing because of FLUSH bucket

[Thu Nov 03 12:10:18.329231 2016] [core:trace5] [pid 3649] protocol.c(616): 
[client 10.0.1.110:58427] Request received from client: GET / HTTP/1.1

[Thu Nov 03 12:10:18.329305 2016] [http:trace4] [pid 3649] http_request.c(394): 
[client 10.0.1.110:58427] Headers received from client:

[Thu Nov 03 12:10:18.329309 2016] [http:trace4] [pid 3649] http_request.c(398): 
[client 10.0.1.110:58427]   Host: 10.0.6.57

[Thu Nov 03 12:10:18.329311 2016] [http:trace4] [pid 3649] http_request.c(398): 
[client 10.0.1.110:58427]   Connection: keep-alive

[Thu Nov 03 12:10:18.329313 2016] [http:trace4] [pid 3649] http_request.c(398): 
[client 10.0.1.110:58427]   Authorization: Basic dsfldjsflALALDSLDxdsfksdf

[Thu Nov 03 12:10:18.329315 2016] [http:trace4] [pid 3649] http_request.c(398): 
[client 10.0.1.110:58427]   Upgrade-Insecure-Requests: 1

[Thu Nov 03 12:10:18.329316 2016] [http:trace4] [pid 3649] http_request.c(398): 
[client 10.0.1.110:58427]   User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36

[Thu Nov 03 12:10:18.329319 2016] [http:trace4] [pid 3649] http_request.c(398): 
[client 10.0.1.110:58427]   Accept: 
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

[Thu Nov 03 12:10:18.329321 2016] [http:trace4] [pid 3649] http_request.c(398): 
[client 10.0.1.110:58427]   Accept-Encoding: gzip, deflate, sdch

[Thu Nov 03 12:10:18.329322 2016] [http:trace4] [pid 3649] http_request.c(398): 
[client 10.0.1.110:58427]   Accept-Language: en-US,en;q=0.8,ro;q=0.6

[Thu Nov 03 12:10:18.329379 2016] [authz_core:debug] [pid 3649] 
mod_authz_core.c(809): [client 10.0.1.110:58427] AH01626: authorization result 
of Require ldap-filter 
&(sAMAccountType=805306368)(memberof=CN=Users,DC=office,DC=lan): denied (no 
authenticated user yet)

[Thu Nov 03 12:10:18.329383 2016] [authz_core:debug] [pid 3649] 
mod_authz_core.c(809): [client 10.0.1.110:58427] AH01626: authorization result 
of : denied (no authenticated user yet)

[Thu Nov 03 12:10:18.329411 2016] [authnz_ldap:debug] [pid 3649] 
mod_authnz_ldap.c(516): [client 10.0.1.110:58427] AH01691: auth_ldap 
authenticate: using URL ldap://10.0.1.250/DC=office,DC=lan?sAMAccountName?sub

[Thu Nov 03 12:10:18.329418 2016] [authnz_ldap:trace1] [pid 3649] 
mod_authnz_ldap.c(537): [client 10.0.1.110:58427] auth_ldap authenticate: final 
authn filter is (&(objectclass=*)(sAMAccountName=username))

[Thu Nov 03 12:10:18.329780 2016] [ldap:trace5] [pid 3649] util_ldap.c(329): 
[client 10.0.1.110:58427] LDC 7fd88124b0a0 init

[Thu Nov 03 12:10:18.330912 2016] [ldap:trace5] [pid 3649] util_ldap.c(186): 
[client 10.0.1.110:58427] LDC 7fd88124b0a0 unbind

[Thu Nov 03 12:10:18.331003 2016] [authnz_ldap:info] [pid 3649] [client 
10.0.1.110:58427] AH01695: auth_ldap authenticate: user username authentication 
failed; URI / [LDAP: ldap_start_tls_s() failed][Connect error]

[Thu Nov 03 12:10:18.331011 2016] [core:trace3] [pid 3649] request.c(119): 
[client 10.0.1.110:58427] auth phase 'check user' gave status 500: /

[Thu Nov 03 12:10:18.331043 2016] [http:trace3] [pid 3649] 
http_filters.c(1006): [client 10.0.1.110:58427

Re: [users@httpd] apache 2.2 - mod_authnz_ldap with SSL/TLS in chrootdir

[Luca Toscano]

Hi Andy,

2016-11-02 16:24 GMT+01:00 Speagle, Andy :

> Hi Folks,
>
>
>
> I’m having some issues getting SSL or TLS working with mod_authnz_ldap in
> my chroot’ed Apache 2.2 server on RHEL 6.8 … it works without SSL just
> fine.  I’m using the built-in “ChrootDir” directive with Apache.  I seem to
> have all of the libraries, binaries and things in the chroot jail that
> Apache uses… but, I can’t seem to get it to work… and I kinda need to know
> how best to troubleshoot this to figure out where the problem lies.
>
>
>
> Inside and outside the chroot jail I can use ldapsearch with SSL just
> fine… so, I know the system can connect… I’m just getting tripped up on why
> Apache can’t connect.  I get this very generic error in the logs:
>
>
>
> [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>
>
>
> I have the global loglevel set to debug… but, this really isn’t giving me
> much insight into the mod_authnz_ldap internals.  Can that be turned up?
>
>
>
> Any help would be appreciated.
>
>
>

(just to have more info) have you followed
https://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#usingssl setting
all the required directives?

What I'd try:
1) Same config without the ChrootDir to see if anything changes.
2) A recent 2.4 version and Loglevel set to trace8.
3) GDB might help (https://httpd.apache.org/dev/debugging.html#gdb) but it
requires digging into the source code.

If you want more people to help you could also send us the whole httpd
configuration plus what you see in the error logs (not only the line
reported above).

Hope that helps!

Luca