Redirect HTTP to HTTPS when using Reverse Proxy

When you are using Reverse Proxy like Nginx, Haproxy or Amazon ELB in front of web server and web server use HTTP to serve all traffic, you can use normal redirect code based HTTPS variable to do the redirect to HTTPS. You need to use X-Forwarded-Proto to do the redirect.

For Apache, add following code to .htaccess to Apache Virtual Host entry.

For Nginx, add following to server entry for the domain name

For IIS edit web.config, add following to section.

Apache run web site as user with mod_ruid2

mod ruid2 allow you to run web site as differnt user from the one web server is running. This is helpfull when you have multiple web sites on same Apache web server.

To install mod_ruid2 on Ubuntu/Debian server, run

Edit VirtualHost entry for the web site, add

Restart Apache

Now website will run as user specified in line

Example

See Apache

apache-http-webserver

Apache Increase FD limit

On CentOS 7 sevrer running apache, when try to install plugin in WordPress admin area, i get error

This is due to Apache File Descriptor Limits.

To see current Limits, use following PHP script

To see system wide limits, use following commands

Normally this will be high value. You need to increse limit for user running Apache. On CentOS 7, the username is “apache”. To increase limit for this user, edit

Add following lines

To verify, we need to login as user Apache, and verify limits, for this, lets enable SSH or bash terminal for user apache. By default no SSH login allowed for this user.

Now change to user, verify the limits

Exit back to root, disable shell for user apache with command.

We need to edit service file for Apache. Default service file look like following.

Find

Add below

Method 2

create file

Add

Reload service file with

Restart Apache

See Apache

Nginx vs Apache

I recently added nginx as front end for apache. Now nginx serve static content, PHP requests are peroxided to Apache.

Nginx frontend, Apache backend

Apache Only

See Apache, Nginx

Apache Limit access to a url

I want to limit access to admin login url of a web application to specified IP address.

The web site had admin login in following URL

https://domain.com/login

To limit IP address, i edited Apache VirtualHost configuration for this web site, added

Restart apache

Or

Now only IP listed on the Allow from directive are allowed to access the /login URL.

NOTE: this won’t work in .htaccess file. You need to add it in Apache VirtualHost.

Apache mod_proxy

Cpanel ReverseProxy Traffic to Docker Container

On a cpanel server, i need to run a web application using docker container.

Application running side docker container listening on port 8000 on localhost.

For a web site to serve traffic from this docker container, we can use Apache mod_proxy, this is enabled by default on cpanel servers.

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

You can verify it at

Apache mod_proxy

For the site, you need to create reverse proxy, create a folder.

NOTE: Replace CPANEL_USER and DOMAIN with your actual cpanel user name and domain name. You can find/verify this path by looking virtual host entry for your domain name in /etc/apache2/conf/httpd.conf file. By default this “Include” line will be commented. Once you put a file and rebuildhttpdconf, this line get uncommented.

Now create a file

Add following.

Now rebuild Apache config.

Now if you check Apache config file (/etc/apache2/conf/httpd.conf), you will see included in Apache virtual host entry.

Restart Apache

Now if you visit the site, you will see the web application running on http://localhost:8000/

See Reverse proxy, Cpanel Server, Apache

Apache Benchmark

ab is a tool for benchmarking web servers. It is designed to give you an impression of how your web server installation performs. This especially shows you how many requests per second your web server is capable of serving.

http://httpd.apache.org/docs/2.4/programs/ab.html

To benchmark a web site, use ab command provided by Apache.

This will start 15000 requests to the server specifified. 200 requests at a time.

Apache AH00144: couldn’t grab the accept mutex

On Ubuntu 18.04 server, apache crashed. On checking apache error log, found following

To fix the error, edit file

Find

Replace with

Restart Apache

See Apache

Limit Access Using htaccess

To limit access to a folder using .htaccess, create .htacess file with following content.

YOUR_IP_HERE = Replace it with your actual IP.

You can white list IP range by entering CIDR notation for the IP range.

Here is .htacess i use on one of my web sites admin folder.

If your server is behind a reverse proxy server, you may need to use

newrelic-apdex

Moving from Apache PHP 5 to Nginx PHP 7

Today i moved a high traffic WordPress web using from Apache + PHP 5 to Nginx + PHP 7.2.

Here is a graph provided by LiquidWeb (server provider).

With Apache, load was like 8.

[email protected]:/etc/php# uptime
12:35:01 up 14:33, 1 user, load average: 8.03, 6.66, 5.84
[email protected]:/etc/php#

After switching to Nginx + PHP-FPM, load come down to 2.

[email protected]:~# uptime
17:26:20 up 19:24, 1 user, load average: 1.13, 1.07, 1.21
[email protected]:~#

Here is sar result.

With Apache idle CPU was approx 72. With Nginx we have 90%+ idle CPU most of the time.

Here is NewRelic Web transactions graph. The break in data is due to PHP 7.2 have no newrelic module installed. So i just switched back to Apache for a while, reinstalled NewRelic for PHP 7.2, then turned Nginx back on.

NewRelic Apdex Score went from poor to fair.