Apache run web site as user with mod_ruid2

mod ruid2 allow you to run web site as differnt user from the one web server is running. This is helpfull when you have multiple web sites on same Apache web server.

To install mod_ruid2 on Ubuntu/Debian server, run

Edit VirtualHost entry for the web site, add

Restart Apache

Now website will run as user specified in line

Example

See Apache

apache-http-webserver

Apache Increase FD limit

On CentOS 7 sevrer running apache, when try to install plugin in WordPress admin area, i get error

This is due to Apache File Descriptor Limits.

To see current Limits, use following PHP script

To see system wide limits, use following commands

Normally this will be high value. You need to increse limit for user running Apache. On CentOS 7, the username is “apache”. To increase limit for this user, edit

Add following lines

To verify, we need to login as user Apache, and verify limits, for this, lets enable SSH or bash terminal for user apache. By default no SSH login allowed for this user.

Now change to user, verify the limits

Exit back to root, disable shell for user apache with command.

We need to edit service file for Apache. Default service file look like following.

Find

Add below

Method 2

create file

Add

Reload service file with

Restart Apache

See Apache

gunicorn behind Apache web server

gunicorn is a python application server used to run python applications in production. This is normally run behind web servers like nginx or apache.

To configre gunicorn behind apache, enable following apache modules.

Restart apache web server

For web site running pythin application, add a virtual host like following.

Apache Invalid command AuthGroupFile

On Plesk server, i get following error on error_log for a site

This is because authz_groupfile apache module was not loaded. To load this, run

To verify the module is loaded, run

Apache Limit access to a url

I want to limit access to admin login url of a web application to specified IP address.

The web site had admin login in following URL

https://domain.com/login

To limit IP address, i edited Apache VirtualHost configuration for this web site, added

Restart apache

Or

Now only IP listed on the Allow from directive are allowed to access the /login URL.

NOTE: this won’t work in .htaccess file. You need to add it in Apache VirtualHost.

wordpress

Ubuntu Apache Setup for WordPress

On a Fresh Ubuntu 18.04 server, run following commands to setup Apache, PHP and MySQL needed for WordPress installation.

You can go to each file and manually run the commands if you want to see what commands are executed.

At this stage, you have LAMP server setup and ready to go.

To get your domain work with Apache, first you need to point your domain to server IP. This can be done by editing DNS records with your domain registrar or DNS provider.

In commands below, replace

DOMAIN.COM = replace with your actual domain name
USERNAME = you can use any username you wnat, first 8 chars of domain name for example

Create SFTP User

Set a password for the user. This will be used to login to SFTP

You will be asked to enter password 2 times.

Configure Apache

First lets make Apache run as the user, this will make WordPress upgrade easier.

Create Apache VirtualHost entry

Add

To activate the web site, run

Create document root and set permission

Restart Apache

Create MySQL Database

Login to mysql, on ubuntu, as user root, run

Now you will be in MySQL command promt, run following 2 commands to create a Database and User.

Replace MYSQL_PASSWORD with your own MySQL password. DB_NAME with name of database you need. DB_USER with username for the db.

You will need these when installing WordPress.

Installing LetsEncrypt

First install letsEncrypt with

To get SSL for your domain, run

Replace [email protected] with your actual email address.

Installing WordPress

You can now SFTP/SSH into the server. Upload WordPress into html folder. Make sure you use the newly created USER to do this, if you do it as user root, you will get permission error. Visit the web site, you wil get WordPress install wizzard. Just fill the form to do the install. You will need to enter MySQL login details you created before.

Install WordPress using SSH

First login with SSH user you created with command

You will be asked to enter password. Enter password you created before.

Download wordpress

Extract wordpress files with

This will create a folder “wordpress” with the files.

To make the site live, we need to replace folder html with this new wordpress folder

Now you can go to the site, you will see wordpress install screen.

Apache mod_proxy

Cpanel ReverseProxy Traffic to Docker Container

On a cpanel server, i need to run a web application using docker container.

Application running side docker container listening on port 8000 on localhost.

For a web site to serve traffic from this docker container, we can use Apache mod_proxy, this is enabled by default on cpanel servers.

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

You can verify it at

Apache mod_proxy

For the site, you need to create reverse proxy, create a folder.

NOTE: Replace CPANEL_USER and DOMAIN with your actual cpanel user name and domain name. You can find/verify this path by looking virtual host entry for your domain name in /etc/apache2/conf/httpd.conf file. By default this “Include” line will be commented. Once you put a file and rebuildhttpdconf, this line get uncommented.

Now create a file

Add following.

Now rebuild Apache config.

Now if you check Apache config file (/etc/apache2/conf/httpd.conf), you will see included in Apache virtual host entry.

Restart Apache

Now if you visit the site, you will see the web application running on http://localhost:8000/

See Reverse proxy, Cpanel Server, Apache

Disable PHP on a folder

A web site had vlunerability, all allowed hacker to upload backdoor script to “uploads” folder used by the script.

As a quick fix, i disabled PHP execution from “uploads” folder. Doing this for any site is a good dea when if your site is not vlunerable at the moment.

Method 1

To disable PHP execution, create a file with name .htaccess

Add

Method 2

In .htacess, add

See htaccess

Apache Benchmark

ab is a tool for benchmarking web servers. It is designed to give you an impression of how your web server installation performs. This especially shows you how many requests per second your web server is capable of serving.

http://httpd.apache.org/docs/2.4/programs/ab.html

To benchmark a web site, use ab command provided by Apache.

This will start 15000 requests to the server specifified. 200 requests at a time.