On 03 Oct 2018, at 12:07, Filipe Cifali <[email protected]> wrote:
> you can check what virtualhost is being served via apache2ctl like this: $
> apache2ctl -S
> $ apache2ctl -h provides this info:
> -S : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG
Yes that is all fine, and the site was loading perfectly for almost three and a
half hours.
port 443 namevhost www.XXX.com
(/usr/local/etc/apache24/users/XXX.conf:1)
alias XXX.com
port 80 namevhost www.XXX.com
(/usr/local/etc/apache24/users/XXX,conf:26)
alias XXX.com
I do not have an apache2ctl, just apachectl (apache 2.4 FreeBSD 11.2-REALEASE
compiled from ports)
> After checking that the right vhost is being served, start removing proxy
> logic and just make the txt work again, then slowly start adding the proxy
> config to make the php work again.
There is exactly one line in the site configuration that, when commented, makes
the site work again. Though, possibly only for a little while. I’ll have to
check more in 3-4 hours. There is no other proxy logic at all.
> If you can, post the full vhost here regarding the domain that misbehaves.
Sure, but other than the host name, it is identical to all the other sites.
<VirtualHost *:443>
ServerName www.XXX
ServerAlias XXX
DocumentRoot /www/XXX/
#ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/www/XXX/$1
<Directory "/www/XXX/">
Options +Indexes +FollowSymLinks +MultiViews -SymLinksIfOwnerMatch
AllowOverride all
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /usr/local/etc/dehydrated/certs/XXX/cert.pem
SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/XXX/privkey.pem
SSLCertificateChainFile /usr/local/etc/dehydrated/certs/XXX/chain.pem
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
# 15638400 seconds is 181 dayds
# 63072000 seconds is 730 days
Header always set Strict-Transport-Security "max-age=15638400;
includeSubdomains;"
Header always set X-Frame-Options DENY
ErrorLog /home/user1/logs/XXX.error_log
CustomLog /home/user1/logs/XXX.access_log combined
</VirtualHost>
> The important part is: Having a zeroed robots.txt doesn't break httpd.
Yeah, it didn’t seem likely, but then again it seemed to work for q bit…
And, just for kicks:
# apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
authn_file_module (shared)
mpm_prefork_module (shared)
authn_dbm_module (shared)
authn_core_module (shared)
authz_host_module (shared)
authz_groupfile_module (shared)
authz_user_module (shared)
authz_dbm_module (shared)
authz_core_module (shared)
access_compat_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
socache_shmcb_module (shared)
socache_dbm_module (shared)
reqtimeout_module (shared)
include_module (shared)
filter_module (shared)
mime_module (shared)
log_config_module (shared)
env_module (shared)
headers_module (shared)
setenvif_module (shared)
version_module (shared)
proxy_module (shared)
proxy_fcgi_module (shared)
ssl_module (shared)
unixd_module (shared)
dav_module (shared)
status_module (shared)
autoindex_module (shared)
cgi_module (shared)
dav_fs_module (shared)
vhost_alias_module (shared)
dir_module (shared)
userdir_module (shared)
alias_module (shared)
rewrite_module (shared)
# cat /www/XXX/.htaccess
Options +Includes +FollowSymLinks +MultiViews
--
One tequila, two tequila, three tequila, floor.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
