Difference between revisions of "Apache"
From Alessandro's Wiki
(→Proxy) |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
Set a ServerName! | Set a ServerName! | ||
=== PHP options ''(in .htaccess file)'' === | === PHP options ''(in .htaccess file)'' === | ||
* php_valueexpose_php = On | |||
* php_valueerror_reporting = E_ALL|E_STRICT | |||
* php_valuehtml_errors = Off | |||
* php_valuedisplay_errors = On | |||
* php_valuedisplay_startup_errors = On | |||
* php_valuelog_errors = On | |||
* php_valuelog_errors_max_len = 19024 | |||
report_memleaks = On | * report_memleaks = On | ||
error_log = /home/users/web/bEXAMPLE/pow.USERNAME/php_error.log | * error_log = /home/users/web/bEXAMPLE/pow.USERNAME/php_error.log | ||
* php_valueregister_globals = Off | |||
* php_valueregister_long_arrays = Off | |||
* php_valueregister_argc_argv = Off | |||
* php_value memory_limit 1024M | |||
* php_value post_max_size "40M" | |||
* php_value upload_max_filesize "40M" | |||
* .htaccess:show errors | |||
php_flag display_startup_errors on | |||
php_flag display_errors on | |||
php_flag html_errors on | |||
php_flag log_errors on | |||
php_value error_log /home/path/public_html/domain/PHP_errors.log | |||
=== Bandwidth === | === Bandwidth === | ||
* http://bwmod.sourceforge.net/files/mod_bw-0.7.tgz | * http://bwmod.sourceforge.net/files/mod_bw-0.7.tgz | ||
Line 68: | Line 79: | ||
=== logs === | === logs === | ||
* modify the log amaunt and files: | |||
** '''log levels''': ''debug,info,notice,warn,error,crit,alert,emerg'' | |||
<pre> | <pre> | ||
LogLevel warn | LogLevel warn | ||
CustomLog /var/www/ | CustomLog /var/www/SERVER_NAME/logs/access.log combined | ||
ErrorLog /var/www/ | ErrorLog /var/www/SERVER_NAME/logs/error.log | ||
RewriteLog /var/www/SERVER_NAME/logs/rewrite.log | |||
</pre> | </pre> | ||
Line 165: | Line 178: | ||
RewriteRule ^(.+).jpg.1$ /$1.jpg/view | RewriteRule ^(.+).jpg.1$ /$1.jpg/view | ||
* Rewrite flags reference (taken from Apache website http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html) | |||
<source lang=apache> | |||
Flag and syntax Function | |||
B Escape non-alphanumeric characters before applying the transformation. details ... | |||
chain|C Rule is chained to the following rule. If the rule fails, the rule(s) chained to it will be skipped. details ... | |||
cookie|CO=NAME:VAL Sets a cookie in the client browser. Full syntax is: CO=NAME:VAL:domain[:lifetime[:path[:secure[:httponly]]]] details ... | |||
discardpath|DPI Causes the PATH_INFO portion of the rewritten URI to be discarded. details ... | |||
env|E=[!]VAR[:VAL] Causes an environment variable VAR to be set (to the value VAL if provided). The form !VAR causes the environment variable VAR to be unset.details ... | |||
forbidden|F Returns a 403 FORBIDDEN response to the client browser. details ... | |||
gone|G Returns a 410 GONE response to the client browser. details ... | |||
Handler|H=Content-handler Causes the resulting URI to be sent to the specified Content-handler for processing. details ... | |||
last|L Stop the rewriting process immediately and don t apply any more rules. Especially note caveats for per-directory and .htaccess context (see also the END flag). details ... | |||
next|N Re-run the rewriting process, starting again with the first rule, using the result of the ruleset so far as a starting point. details ... | |||
nocase|NC Makes the pattern comparison case-insensitive. details ... | |||
noescape|NE Prevent mod_rewrite from applying hexcode escaping of special characters in the result of the rewrite. details ... | |||
nosubreq|NS Causes a rule to be skipped if the current request is an internal sub-request. details ... | |||
proxy|P Force the substitution URL to be internally sent as a proxy request. details ... | |||
passthrough|PT Forces the resulting URI to be passed back to the URL mapping engine for processing of other URI-to-filename translators, such as Alias or Redirect. details ... | |||
qsappend|QSA Appends any query string from the original request URL to any query string created in the rewrite target.details ... | |||
redirect|R[=code] Forces an external redirect, optionally with the specified HTTP status code. details ... | |||
skip|S=num Tells the rewriting engine to skip the next num rules if the current rule matches. details ... | |||
type|T=MIME-type Force the MIME-type of the target file to be the specified type. details ... | |||
</source> | |||
=== Direcoty Indexes === | === Direcoty Indexes === | ||
Line 223: | Line 258: | ||
# we want name based virtual hosts | # we want name based virtual hosts | ||
NameVirtualHost *:443 | NameVirtualHost *:443 | ||
* sisable compression for security reason | |||
SSLCompression off | |||
* https://www.ssllabs.com | |||
<pre> | |||
<VirtualHost *:443> | |||
# Server setup, logging + ssl | |||
ServerName mybox | |||
ServerAlias mybox | |||
CustomLog /var/log/apache2/mybox.access.log combined | |||
ErrorLog /var/log/apache2/mybox.error.log | |||
SSLEngine on | |||
SSLCertificateFile /etc/apache2/ssl/apache.pem | |||
# Setup .htaccess for the root of the site | |||
<Location /> | |||
AuthType Basic | |||
AuthName "mybox" | |||
AuthUserFile /etc/apache2/passwords | |||
Require valid-user | |||
</Location> | |||
# Hudson setup - reverse proxy to hook up mybox/hudson to the localhost:8080/hudson | |||
SSLProxyEngine On | |||
SSLProxyMachineCertificateFile /etc/apache2/ssl/apache.pem | |||
ProxyPass /hudson https://localhost:8080/hudson | |||
ProxyPassReverse /hudson https://localhost:8080/hudson | |||
ProxyRequests Off | |||
<Proxy https://localhost:8080/hudson*> | |||
Order deny,allow | |||
Allow from all | |||
</Proxy> | |||
# SVN config | |||
<Location /svn> | |||
DAV svn | |||
SVNParentPath /var/svn/ | |||
SVNListParentPath On | |||
</Location> | |||
# Trac config | |||
Alias /trac/ /usr/share/pyshared/trac/htdocs | |||
<Directory "/usr/share/pyshared/trac/htdocs/"> | |||
Options Indexes MultiViews | |||
AllowOverride None | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
<Location /trac> | |||
SetHandler mod_python | |||
PythonHandler trac.web.modpython_frontend | |||
PythonInterpreter main_interpreter | |||
PythonOption TracEnvParentDir /var/trac/ | |||
PythonOption TracEnvIndexTemplate /var/trac/available_projects_template.html | |||
PythonOption TracUriRoot /trac | |||
</Location> | |||
</VirtualHost> | |||
</pre> | |||
==== Generating certificate ==== | ==== Generating certificate ==== | ||
Line 278: | Line 371: | ||
</VirtualHost> | </VirtualHost> | ||
</pre> | </pre> | ||
=== Cache === | |||
==== Cleaning the Cache ==== | |||
* debug | |||
htcacheclean -p /mnt/diskcache/ -v -t -D -l 60M -a | |||
* as a deamon | |||
htcacheclean -p /mnt/diskcache/ -t -d 5 -i -l 60M -a | |||
=== Proxy === | === Proxy === | ||
Line 301: | Line 405: | ||
ProxyVia On | ProxyVia On | ||
</pre> | </pre> | ||
==== Proxy Reverse With Caching ==== | |||
a2enmod proxy | |||
a2enmod proxy_http | |||
a2enmod proxy_html | |||
a2enmod xml2enc | |||
a2enmod deaders | |||
a2enmod headers | |||
a2enmod cache | |||
a2enmod cache_disk | |||
a2enmod headers | |||
a2enmod expires | |||
a2enmod rewrite | |||
a2enmod file_cache | |||
apachectl configtest | |||
== Linux distribution specifics == | == Linux distribution specifics == |
Latest revision as of 15:29, 9 December 2015
- Potente server web multipiattaforma
Configuration
Set a ServerName!
PHP options (in .htaccess file)
- php_valueexpose_php = On
- php_valueerror_reporting = E_ALL|E_STRICT
- php_valuehtml_errors = Off
- php_valuedisplay_errors = On
- php_valuedisplay_startup_errors = On
- php_valuelog_errors = On
- php_valuelog_errors_max_len = 19024
- report_memleaks = On
- error_log = /home/users/web/bEXAMPLE/pow.USERNAME/php_error.log
- php_valueregister_globals = Off
- php_valueregister_long_arrays = Off
- php_valueregister_argc_argv = Off
- php_value memory_limit 1024M
- php_value post_max_size "40M"
- php_value upload_max_filesize "40M"
- .htaccess:show errors
php_flag display_startup_errors on php_flag display_errors on php_flag html_errors on php_flag log_errors on php_value error_log /home/path/public_html/domain/PHP_errors.log
Bandwidth
tar zxvf mod_bw-0.7.tgz cd mod_bw apxs2 -i -a -c mod_bw.c
Named virtual host template
- check before the upper configuration defining which type of virtual host you wanna use:
- this will go into /etc/apache2/vhosts.d/00_default_vhost.conf in Gentoo
Listen *:80 NameVirtualHost *:80
<VirtualHost *:80> ServerAdmin staff@server.com ServerName server.com DocumentRoot /var/www/server.com/public_html <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/server.com/public_html > Options FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost>
Virtual host redirect
* if you want to have the http://yoursite redirected to the www.yoursite, you can use this VH template:
<VirtualHost *:80> ServerName alessandrodelgallo.org ServerAlias blog.alessandrodelgallo.org Redirect permanent / http://www.alessandrodelgallo.org/ </VirtualHost>
- or if you don't want to (or you can't) change the Apache settings, use this html code"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <meta HTTP-EQUIV="REFRESH" content="0; url=http://webiste.to.redirect.to"> </html>
logs
- modify the log amaunt and files:
- log levels: debug,info,notice,warn,error,crit,alert,emerg
LogLevel warn CustomLog /var/www/SERVER_NAME/logs/access.log combined ErrorLog /var/www/SERVER_NAME/logs/error.log RewriteLog /var/www/SERVER_NAME/logs/rewrite.log
autentication
- standard "one-file-all-users" configuration
AuthType Basic AuthName "Private Area" AuthUserFile /etc/apache2/passwords Require valid-user
- protect only some files using regular expressions (with character ~)
<Location ~ "/html/(friends|messages).html" > AuthType Basic AuthName "My private files" AuthUserFile /usr/local/apache/passwd/passwords Require valid-user </Location>
- use group support (in my case for subversion):
AuthGroupFile /usr/local/apache/passwd/.htgroup AuthUserFile /usr/local/apache/passwd/svnusers <LimitExcept GET PROPFIND OPTIONS REPORT> Require group subversion </LimitExcept>
force far expire
ExpiresActive On ExpiresDefault "access plus 1 year"
gzip compression
# add gzip compression / alessandro # Insert filter SetOutputFilter DEFLATE # Netscape 4.x has some problems... BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 have some more problems BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE masquerades as Netscape, but it is fine BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # Don't compress images SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png)$ no-gzip dont-vary # Make sure proxies don't deliver the wrong content # Header append Vary User-Agent env=!dont-vary
Cgi
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory>
charset
AddDefaultCharset UTF-8
URL Rewrite
- RewriteEngine on
- RewriteRule ^old\.html$ new.html
- RewriteRule ^old\.html$ new.html [R]
- RewriteRule ^clip/([0-9][0-9])/$ /clip.php?id=$1
- RewriteRule ^css(/)?$ /stylesheets/ [R]
- RewriteCond %{HTTPS} !on
- RewriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R]
- the following were used to patch a Plone freezed website
RewriteEngine On #RewriteLogLevel 5
# search rewrites RewriteCond %{QUERY_STRING} ^SearchableText=([^&]+)$ [NC] RewriteRule .* http://www.google.com/search?q=site:www.the-third-eye.org\ %1 [L,QSA]
# contgent rewirtes RewriteRule ^concepts/ /concepts/view%3fset_language=en RewriteRule ^(.+).jpg/$ /$1.jpg/view RewriteRule ^(.+).png/$ /$1.png/view RewriteRule ^(.+).JPG/$ /$1/view RewriteRule ^(.+).jpg.1$ /$1.jpg/view
- Rewrite flags reference (taken from Apache website http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)
Flag and syntax Function
B Escape non-alphanumeric characters before applying the transformation. details ...
chain|C Rule is chained to the following rule. If the rule fails, the rule(s) chained to it will be skipped. details ...
cookie|CO=NAME:VAL Sets a cookie in the client browser. Full syntax is: CO=NAME:VAL:domain[:lifetime[:path[:secure[:httponly]]]] details ...
discardpath|DPI Causes the PATH_INFO portion of the rewritten URI to be discarded. details ...
env|E=[!]VAR[:VAL] Causes an environment variable VAR to be set (to the value VAL if provided). The form !VAR causes the environment variable VAR to be unset.details ...
forbidden|F Returns a 403 FORBIDDEN response to the client browser. details ...
gone|G Returns a 410 GONE response to the client browser. details ...
Handler|H=Content-handler Causes the resulting URI to be sent to the specified Content-handler for processing. details ...
last|L Stop the rewriting process immediately and don t apply any more rules. Especially note caveats for per-directory and .htaccess context (see also the END flag). details ...
next|N Re-run the rewriting process, starting again with the first rule, using the result of the ruleset so far as a starting point. details ...
nocase|NC Makes the pattern comparison case-insensitive. details ...
noescape|NE Prevent mod_rewrite from applying hexcode escaping of special characters in the result of the rewrite. details ...
nosubreq|NS Causes a rule to be skipped if the current request is an internal sub-request. details ...
proxy|P Force the substitution URL to be internally sent as a proxy request. details ...
passthrough|PT Forces the resulting URI to be passed back to the URL mapping engine for processing of other URI-to-filename translators, such as Alias or Redirect. details ...
qsappend|QSA Appends any query string from the original request URL to any query string created in the rewrite target.details ...
redirect|R[=code] Forces an external redirect, optionally with the specified HTTP status code. details ...
skip|S=num Tells the rewriting engine to skip the next num rules if the current rule matches. details ...
type|T=MIME-type Force the MIME-type of the target file to be the specified type. details ...
Direcoty Indexes
Per ingrandire la colonna del nome del file:
IndexOptions NameWidth=*
Aggiungere un alias per esportare una directory non nella root www:
Alias /_bin "/ciao/_linux_bin/" <Directory "/ciao/_linux_bin/"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory>
IP filters
- Allow
Allow from 192.
- Deny
Deny from host.domain.com Deny from 192.168.0.44
- check behavior
Order deny,allow Deny from all
SVN (mod_dav_svn)
<Location /svn/repos> DAV svn SVNPath /var/svn/repos AuthType Basic AuthName "Subversion repository" AuthUserFile /var/svn/conf/svnusers Require valid-user </Location>
usermod -a -G svnusers apache
APACHE2_OPTS="${APACHE2_OPTS} -D SVN -D SVN_AUTHZ -D DAV -D DAV_FS"
htpasswd2 -c /usr/local/apache/passwd/svnusers user1 htpasswd2 /usr/local/apache/passwd/svnusers user2
SSL VirtualHost
- using Gentoo distribution.
- enable ssl use flag for apache package
- edit default virtual host for a listening interface and port:
"Listen [::]:443" or "Listen 0.0.0.0:443" or Listen 192.168.82.82:443
- we want name based virtual hosts
NameVirtualHost *:443
- sisable compression for security reason
SSLCompression off
<VirtualHost *:443> # Server setup, logging + ssl ServerName mybox ServerAlias mybox CustomLog /var/log/apache2/mybox.access.log combined ErrorLog /var/log/apache2/mybox.error.log SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem # Setup .htaccess for the root of the site <Location /> AuthType Basic AuthName "mybox" AuthUserFile /etc/apache2/passwords Require valid-user </Location> # Hudson setup - reverse proxy to hook up mybox/hudson to the localhost:8080/hudson SSLProxyEngine On SSLProxyMachineCertificateFile /etc/apache2/ssl/apache.pem ProxyPass /hudson https://localhost:8080/hudson ProxyPassReverse /hudson https://localhost:8080/hudson ProxyRequests Off <Proxy https://localhost:8080/hudson*> Order deny,allow Allow from all </Proxy> # SVN config <Location /svn> DAV svn SVNParentPath /var/svn/ SVNListParentPath On </Location> # Trac config Alias /trac/ /usr/share/pyshared/trac/htdocs <Directory "/usr/share/pyshared/trac/htdocs/"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <Location /trac> SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonInterpreter main_interpreter PythonOption TracEnvParentDir /var/trac/ PythonOption TracEnvIndexTemplate /var/trac/available_projects_template.html PythonOption TracUriRoot /trac </Location> </VirtualHost>
Generating certificate
- replace the "server" name with your domain name of your website.
SRVname=server cd /etc/ssl/apache2 openssl genrsa 2048 > $SRVname.key openssl req -new -x509 -nodes -sha1 -days 365 -key $SRVname.key > $SRVname.crt
- Repeat the last step as many virtual hosts you have to serve under an ssl connection, remember to change the SRVname variable in the code:
Virtual host configuration
- example of a basic ssl virtual host:
<VirtualHost *:80> ServerName mysslvirtualhost.example.com ServerAlias mysslvirtualhost Redirect permanent / https://mysslvirtualhost.example.com/ </VirtualHost> <VirtualHost *:443> DirectoryIndex index.php # SSL SSLEngine on SSLCertificateFile /etc/ssl/apache2/server.crt SSLCertificateKeyFile /etc/ssl/apache2/server.key ServerName mysslvirtualhost.example.com ServerAlias mysslvirtualhost SSLOptions StrictRequire SSLProtocol all -SSLv2 # DocumentRoot "/var/www/mysslvirtualhost/htdocs" <Directory "/var/www/mysslvirtualhost/htdocs"> SSLRequireSSL AllowOverride All Order Deny,Allow Allow from All </Directory> CustomLog /var/log/apache2/mysslvirtualhost.log combined ErrorLog /var/log/apache2/mysslvirtualhost_error.log LogLevel warn </VirtualHost>
Cache
Cleaning the Cache
- debug
htcacheclean -p /mnt/diskcache/ -v -t -D -l 60M -a
- as a deamon
htcacheclean -p /mnt/diskcache/ -t -d 5 -i -l 60M -a
Proxy
- directives to have into httpd.conf or a virtual host configuration file
- permissions
<Proxy *> Order deny,allow Deny from all Allow from all </Proxy>
Reverse Proxy
ProxyPass /foo http://foo.example.com/bar ProxyPassReverse /foo http://foo.example.com/bar
Forward Proxy
ProxyRequests On ProxyVia On
Proxy Reverse With Caching
a2enmod proxy a2enmod proxy_http a2enmod proxy_html a2enmod xml2enc a2enmod deaders a2enmod headers a2enmod cache a2enmod cache_disk a2enmod headers a2enmod expires a2enmod rewrite a2enmod file_cache
apachectl configtest
Linux distribution specifics
Gentoo
- vado diretto alla versione 2:
- file di configurazione;
/etc/apache2/httpd.conf
- Directory del web default:
/var/www/localhost/htdocs
- Installarlo:
emerge -pvtD apache
controllare le USE flags che ci servono e poi
emerge apache
Fedora
- file di configurazione;
/etc/httpd/conf/httpd.conf
- Directori del web default:
/var/www/html/
- Installarlo
yum install httpd