Re: [users@httpd] php-fpm and proxy , httpd 2.4.12
On 22 July 2015 at 20:49, Yehuda Katz yeh...@ymkatz.net wrote: Do you need this configuration to be portable to different systems with different modules available? No If not, remove all the IfModule directives and only include the configuration that you really want to use. All right... This will make sure that you understand what your server is doing and will make sure you get the correct errors about what is missing. You need to choose mod_php or fpm. Don't load both. I personally usually use mod_php. Is it that with mod_php, httpd runs php in process while fpm delegates to separate processes? If you are using FPM, You need to verify that the php-fpm socket is really there and that FPM configuration is correct for your environment. You can also enable mod_info to see what modules are actually loaded and what configuration is being skipped. - Y Thanks
Re: [users@httpd] php-fpm and proxy , httpd 2.4.12
Apologies for the missing info. It is https by the way. Please see below: On 21 July 2015 at 00:48, Yehuda Katz yeh...@ymkatz.net wrote: You haven't shown a need for any proxy configuration at all Yes. If I have a single box with low traffic, I don't need a proxy config at all, right? Is this related to 1. presence of php-fpm processes? If so, do I turn them off? 2. the IfModule mod_proxy.c ... ProxyRequests On .../IfModule setting. If so, do I comment it out? and you did not include nearly enough configuration, plus you didn't say what wiki package you are running. mediawiki 1.25.1 How about posting more of your config, including the vhost and actual fpm or mod_php config? Here is a flattened httpd.conf with all the other relevant conf files included: Listen 0.0.0.0:80 ServerName myserver:80 UseCanonicalName Off DocumentRoot /var/www/html Alias /wiki/skins /usr/share/mediawiki/skins Alias /wiki /var/www/wiki Files .user.ini Require all denied /Files AddType text/html .php DirectoryIndex index.php IfModule mod_php5.c FilesMatch \.php$ SetHandler application/x-httpd-php /FilesMatch php_value session.save_handler files php_value session.save_path/var/lib/php/session php_value soap.wsdl_cache_dir /var/lib/php/wsdlcache /IfModule IfModule !mod_php5.c FilesMatch \.php$ SetHandler proxy:unix:/run/php-fpm/www.sock|fgci://localhost /FilesMatch /IfModule Listen 0.0.0.0:443 https VirtualHost _default_:443 DocumentRoot /var/www/html ServerName publichostname:443 SSLEngine on SSLProtocol all -SSLv2 /VirtualHost VirtualHost _default_:443 DocumentRoot /var/www/html ServerName lanlocalhostname:443 SSLEngine on SSLProtocol all -SSLv2 /VirtualHost These modules are also loaded, after the ones above: LoadModule ssl_module modules/mod_ssl.so IfModule mpm_worker_module LoadModule cgid_module modules/mod_cgid.so /IfModule IfModule mpm_event_module LoadModule cgid_module modules/mod_cgid.so /IfModule IfModule mpm_prefork_module LoadModule cgi_module modules/mod_cgi.so /IfModule IfModule prefork.c LoadModule php5_module modules/libphp5.so /IfModule IfModule !prefork.c LoadModule php5_module modules/libphp5-zts.so /IfModule Please advise any other conf I could add. On Jul 20, 2015 1:25 PM, MM finjulh...@gmail.com wrote: I get this error when I try to access my wiki AH01144: No protocol handler was valid for the URL /wiki/index.php. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. 1. For some reason, my linux distribution somehow enabled php-fpm by default. My site has very little traffic, and I don't have performance requirements. 2. I have the following setting IfModule mod_proxy.c ProxyRequests On Proxy * Order deny,allow Deny from all Allow from IP /Proxy /IfModule Do I need this setting? 3.All these modules are loaded LoadModule proxy_module modules/mod_proxy.so LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_express_module modules/mod_proxy_express.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_scgi_module modules/mod_proxy_scgi.so and LoadModule xml2enc_module modules/mod_xml2enc.so LoadModule proxy_html_module modules/mod_proxy_html.so Are there any more modules to load?
[users@httpd] php-fpm and proxy , httpd 2.4.12
I get this error when I try to access my wiki AH01144: No protocol handler was valid for the URL /wiki/index.php. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. 1. For some reason, my linux distribution somehow enabled php-fpm by default. My site has very little traffic, and I don't have performance requirements. 2. I have the following setting IfModule mod_proxy.c ProxyRequests On Proxy * Order deny,allow Deny from all Allow from IP /Proxy /IfModule Do I need this setting? 3.All these modules are loaded LoadModule proxy_module modules/mod_proxy.so LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_express_module modules/mod_proxy_express.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_scgi_module modules/mod_proxy_scgi.so and LoadModule xml2enc_module modules/mod_xml2enc.so LoadModule proxy_html_module modules/mod_proxy_html.so Are there any more modules to load?
[users@httpd] 2 server certificates
Hello, My network connectivity looks like: setting 1 laptop - corpfirewall - ... - homefirewall - serverbox (httpd 2.4) in this setting, i have a public dns registered hostname autoupdated by my ISP. my homefirewall forwards all traffic https to serverbox. setting 2 samelaptop - sameserverbox (servername.lan - 192.168.1.x) I have generate 2 self-signed certificates, 1 with the 'public hostname' as the CN, and another one with the 'servername.lan' as the CN. I have both certificates in my laptop locally stored. Is it possible to have httpd use the correct certificate depending on where the request comes from? Regards, MM
[users] https and DHE-RSA-AES256-SHA
Hi, I run a personal https at home with no official certificate. The hostname I use is a dynamic dns hostname. Apache/2.4.9 OpenSSL/1.0.1e-fips PHP/5.5.12 SVN/1.8.8 mod_perl/2.0.9-dev Perl/v5.18.2 On ssl_request I see a couple of entries like this: TLSv1 DHE-RSA-AES256-SHA GET /vtigercrm/ HTTP/1.1 287 TLSv1 DHE-RSA-AES256-SHA GET /vtigercrm/vtigerservice.php HTTP/1.1 304 TLSv1 DHE-RSA-AES256-SHA GET /vtigercrm/graph.php?current_language=../../../../../../../..//etc/elastix.conf%00module=Accountsaction HTTP/1.1 296 TLSv1 DHE-RSA-AES256-SHA GET /vtigercrm/ HTTP/1.1 287 from undesired clients. Is there a way to limit the IPs of clients that http/https queries can come from?
Re: [users@httpd] Need help with reverse proxying and image loading
hello! Thanks for your response, but is this the same case for a reverse proxy? I am trying to build a reverse proxy not a forward one. Thanks though! any other responses are greatly welcome! SBC On Mon, Jan 27, 2014 at 12:57 PM, Mark Brodis mabro...@colorado4x4.netwrote: I am a n00b with Apache also but I'll take a stab at this. What you are wanting is actually 2 things. A fully functional (for at least one website) forward HTTP proxy and also a domain name change. In my opinion you will never get a functional webpage (at least not something as complex and interconnected as a CNN site) with static mappings. Static mappings such as mysite.com be translated to cnn.com could work...but as you pointed out what about the rest of the items on the CNN page. There will be images from Facebook, Twitter, 4space, Yahoo, Google..and everyone of those could have 50 different hosts the images could come from, the hostnames that you will pull content from will vary throughout the day and your region. So, for that to work you are going to need to use a real outbound forward HTTP proxy which your workstation/browser will know how to use (read up on forward proxies versus reverse proxies, same software can be used in very different ways). Now, using that method in theory you could still try to change domain names of the site, though I'm not exactly sure how you would do that and I don't think it would work right. Here's why...when a browser requests an item from a server it sends the hostname in the HTTP header. This seems redundant usually, as the CNN servers know they are CNN so why send cnn in the header. This is because the server can serve up different content based on the header value (look up virtual hosts, and this is not virtual machine stuff). So while some web-servers will serve up the same content whether you request it from the IP or a hostname, others will serve up something different. Also the issue of SSL certificates. The SSL cert has to match the site that the browser is going to by name. SSL certs cannot be tied to an IP address and if you try to forward a SSL cert through a domain-name-changed proxy service then the name the browser has for a site will not match the CN (common name) value in the SSL cert itself..and thus the browser will throw it's arms up, complain, warn, etc. For a normal forward HTTP proxy there is a way to set them up as a secure proxy which will handle the SSL certs correctly but that is because there is no domain-name changing happening in the process. So, I'm not sure if what you're trying to do will work for a site as complex as CNN. Could you do a domain-name-change on a buddy's site with very little interconnecting..sure..but it would still be a very statically defined setup. Good Luck... -Mark On Sun, Jan 26, 2014 at 8:08 PM, MM KP sbc...@gmail.com wrote: Hello all I am new to apache the apache mailing list so PLEASE forgive me for my long message : I am trying to configure a nice reverse proxy using Apache. Basically this is what I want : i want to be able to browse to something like testproxy.myproxy.com and proxy to www.cnn.com. I want to be able to see images and i want javascript and css and all that good stuff loaded as well. I already created a DNS record for testproxy.myproxy.com and this is the configuration im using for the virtual host: VirtualHost [::]:80 ServerName testproxy.myproxy.com ProxyRequests off ProxyPass / http://www.cnn.com/ ProxyPassReverse / http://www.cnn.com/ /VirtualHost now when i restart the httpd service (By the way I am using RHEL 6.5), I can browse to testproxy.myproxy.com but allthat appears in the browser are text and links. No images are loaded nor any CSS/javascript. What am I missing in my virtualhost configuration thats preventing me from loading images? Ive noticed that some of the images on cnn.com are hosted on a different site such as : http://i2.cdn.turner.com/cnn/dam/assets/ Im guessing that since the images are hosted in the /cnn/dam/assets/ folder on i2.cdn.turner.com , and the virtualhost/reverse proxy is only set up to proxy pass to www.cnn.com , it is not loading images and scripts that are hosted on http://i2.cdn.turner.com/cnn/dam/assets/. I dont know if i am even close to being accurate with my assumptions. Apache is a very new thing to me. my question is how do I go about configuring my virtualhosts properly so that every image and script that is on www.cnn.com, will be URL rewritten as testproxy.myproxy.com/ blah blah blah as opposed to i2.cdn.turner.com/etcetcetcetc? for example one of the images on CNN's homepage is: http://i2.cdn.turner.com/cnn/dam/assets/140123154723-07-super-bowl-prep-bin-tease.jpg I want to be able to go to a browser, type in testproxy.myproxy.com in the address bar, proxy to www.cnn.com and when i right click on the image, i want the FQDN of the image to be something
[users@httpd] Need help with reverse proxying and image loading
Hello all I am new to apache the apache mailing list so PLEASE forgive me for my long message : I am trying to configure a nice reverse proxy using Apache. Basically this is what I want : i want to be able to browse to something like testproxy.myproxy.com and proxy to www.cnn.com. I want to be able to see images and i want javascript and css and all that good stuff loaded as well. I already created a DNS record for testproxy.myproxy.com and this is the configuration im using for the virtual host: VirtualHost [::]:80 ServerName testproxy.myproxy.com ProxyRequests off ProxyPass / http://www.cnn.com/ ProxyPassReverse / http://www.cnn.com/ /VirtualHost now when i restart the httpd service (By the way I am using RHEL 6.5), I can browse to testproxy.myproxy.com but allthat appears in the browser are text and links. No images are loaded nor any CSS/javascript. What am I missing in my virtualhost configuration thats preventing me from loading images? Ive noticed that some of the images on cnn.com are hosted on a different site such as : http://i2.cdn.turner.com/cnn/dam/assets/ Im guessing that since the images are hosted in the /cnn/dam/assets/ folder on i2.cdn.turner.com , and the virtualhost/reverse proxy is only set up to proxy pass to www.cnn.com , it is not loading images and scripts that are hosted on http://i2.cdn.turner.com/cnn/dam/assets/. I dont know if i am even close to being accurate with my assumptions. Apache is a very new thing to me. my question is how do I go about configuring my virtualhosts properly so that every image and script that is on www.cnn.com, will be URL rewritten as testproxy.myproxy.com/ blah blah blah as opposed to i2.cdn.turner.com/etcetcetcetc? for example one of the images on CNN's homepage is: http://i2.cdn.turner.com/cnn/dam/assets/140123154723-07-super-bowl-prep-bin-tease.jpg I want to be able to go to a browser, type in testproxy.myproxy.com in the address bar, proxy to www.cnn.com and when i right click on the image, i want the FQDN of the image to be something like http://testproxy.myproxy.com/images/super-bowl-prep-bin-tease.jpg. Basically i want all URLs to be rewritten as http://testproxy.myproxy.com/...etc etc etc. All help is GREATLY appreciated because well, i am totally lost here lol. Ive done research on using mod_proxy_html and what not, but im still confused as to how I go about doing this in my situation. Please assist me! Thanks!! SBC
