Tag: Apache

  • Nginx vs Apache

    I recently added nginx as front end for apache. Now nginx serve static content, PHP requests are peroxided to Apache.

    Nginx frontend, Apache backend

    [root@server12 ~]# ab -n 1000 -c 100 http://netfree.netfreehost.com/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking netfree.netfreehost.com (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Finished 1000 requests


Server Software:        nginx/1.1.0
Server Hostname:        netfree.netfreehost.com
Server Port:            80

Document Path:          /
Document Length:        16844 bytes

Concurrency Level:      100
Time taken for tests:   5.463353 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Total transferred:      17357000 bytes
HTML transferred:       16844000 bytes
Requests per second:    183.04 [#/sec] (mean)
Time per request:       546.335 [ms] (mean)
Time per request:       5.463 [ms] (mean, across all concurrent requests)
Transfer rate:          3102.49 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.8      0       5
Processing:    44  518  93.9    534     719
Waiting:       44  517  94.0    533     718
Total:         47  518  93.2    534     719

Percentage of the requests served within a certain time (ms)
  50%    534
  66%    553
  75%    566
  80%    574
  90%    592
  95%    606
  98%    642
  99%    665
 100%    719 (longest request)
[root@server12 ~]#

    Apache Only

    [root@server12 ~]# ab -n 1000 -c 100 http://netfree.netfreehost.com:81/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking netfree.netfreehost.com (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Finished 1000 requests


Server Software:        Apache/2.2.3
Server Hostname:        netfree.netfreehost.com
Server Port:            81

Document Path:          /
Document Length:        16844 bytes

Concurrency Level:      100
Time taken for tests:   7.102347 seconds
Complete requests:      1000
Failed requests:        1
   (Connect: 0, Length: 1, Exceptions: 0)
Write errors:           0
Total transferred:      17351384 bytes
HTML transferred:       16827683 bytes
Requests per second:    140.80 [#/sec] (mean)
Time per request:       710.235 [ms] (mean)
Time per request:       7.102 [ms] (mean, across all concurrent requests)
Transfer rate:          2385.69 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   1.1      0       6
Processing:    34  676 174.9    669    1261
Waiting:       32  675 175.0    668    1260
Total:         34  676 174.4    669    1261

Percentage of the requests served within a certain time (ms)
  50%    669
  66%    696
  75%    732
  80%    754
  90%    893
  95%    974
  98%   1081
  99%   1128
 100%   1261 (longest request)
[root@server12 ~]#

    See Apache, Nginx

  • Apache Limit access to a url

    I want to limit access to admin login url of a web application to specified IP address.

    The web site had admin login in following URL

    https://domain.com/login

    To limit IP address, i edited Apache VirtualHost configuration for this web site, added

    
    Order deny,allow
    Deny from all
    Allow from 103.35.199.82
    Allow from 51.38.246.115

    Restart apache

    systemctl restart httpd

    Or

    systemctl restart apache2

    Now only IP listed on the Allow from directive are allowed to access the /login URL.

    NOTE: this won’t work in .htaccess file. You need to add it in Apache VirtualHost.

  • Cpanel ReverseProxy Traffic to Docker Container

    Cpanel ReverseProxy Traffic to Docker Container

    On a cpanel server, i need to run a web application using docker container.

    Application running side docker container listening on port 8000 on localhost.

    For a web site to serve traffic from this docker container, we can use Apache mod_proxy, this is enabled by default on cpanel servers.

    https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

    You can verify it at

    WHM > EasyApache 4 > Currently Installed Packages > Customize > Apache Modules

    Apache mod_proxy

    For the site, you need to create reverse proxy, create a folder.

    NOTE: Replace CPANEL_USER and DOMAIN with your actual cpanel user name and domain name. You can find/verify this path by looking virtual host entry for your domain name in /etc/apache2/conf/httpd.conf file. By default this “Include” line will be commented. Once you put a file and rebuildhttpdconf, this line get uncommented.

    mkdir -p /etc/apache2/conf.d/userdata/std/2_4/CPANEL_USER/DOMAIN/

    Now create a file

    vi /etc/apache2/conf.d/userdata/std/2_4/CPANEL_USER/DOMAIN/docker.conf

    Add following.

    ProxyPass "/"  "http://localhost:8000/"
ProxyPassReverse "/"  "http://localhost:8000/"

    Now rebuild Apache config.

    /scripts/rebuildhttpdconf

    Now if you check Apache config file (/etc/apache2/conf/httpd.conf), you will see included in Apache virtual host entry.

    Restart Apache

    service httpd restart

    Now if you visit the site, you will see the web application running on http://localhost:8000/

    See Reverse proxy, Cpanel Server, Apache

  • Apache Benchmark

    ab is a tool for benchmarking web servers. It is designed to give you an impression of how your web server installation performs. This especially shows you how many requests per second your web server is capable of serving.

    http://httpd.apache.org/docs/2.4/programs/ab.html

    To benchmark a web site, use ab command provided by Apache.

    ab -c 200 -n 15000 http://site-to-benchmark-here.com/

    This will start 15000 requests to the server specifified. 200 requests at a time.

  • Apache AH00144: couldn’t grab the accept mutex

    On Ubuntu 18.04 server, apache crashed. On checking apache error log, found following

    [Mon Aug 13 23:19:24.625927 2018] [mpm_prefork:emerg] [pid 2378] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Mon Aug 13 23:19:24.626990 2018] [mpm_prefork:emerg] [pid 1227] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Mon Aug 13 23:19:24.628515 2018] [mpm_prefork:emerg] [pid 1211] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Mon Aug 13 23:19:24.628693 2018] [mpm_prefork:emerg] [pid 1309] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Mon Aug 13 23:19:24.629122 2018] [mpm_prefork:emerg] [pid 2387] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Mon Aug 13 23:19:24.629319 2018] [mpm_prefork:emerg] [pid 1603] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Mon Aug 13 23:19:24.629483 2018] [mpm_prefork:emerg] [pid 1637] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Mon Aug 13 23:19:24.629659 2018] [mpm_prefork:emerg] [pid 1566] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Mon Aug 13 23:19:25.366503 2018] [core:alert] [pid 990] AH00050: Child 1211 returned a Fatal error... Apache is exiting!
[Mon Aug 13 23:19:25.366568 2018] [:emerg] [pid 990] AH02818: MPM run failed, exiting

    To fix the error, edit file

    vi /etc/apache2/apache2.conf

    Find

    #Mutex file:${APACHE_LOCK_DIR} default

    Replace with

    Mutex posixsem

    Restart Apache

    service apache2 restart

    See Apache

  • Limit Access Using htaccess

    To limit access to a folder using .htaccess, create .htacess file with following content.

    order deny,allow
deny from all
allow from YOUR_IP_HERE

    YOUR_IP_HERE = Replace it with your actual IP.

    You can white list IP range by entering CIDR notation for the IP range.

    Here is .htacess i use on one of my web sites admin folder.

    order deny,allow
deny from all
allow from 137.97.0.0/16
allow from 116.68.64.0/18

    If your server is behind a reverse proxy server, you may need to use

    Order Deny,Allow
deny from all
SetEnvIf X-Forwarded-For "103.35.199.82" OkAccess
SetEnvIf X-Forwarded-For "92.184.105.169" OkAccess
Allow from env=OkAccess
  • Moving from Apache PHP 5 to Nginx PHP 7

    Moving from Apache PHP 5 to Nginx PHP 7

    Today i moved a high traffic WordPress web using from Apache + PHP 5 to Nginx + PHP 7.2.

    Here is a graph provided by LiquidWeb (server provider).

    With Apache, load was like 8.

    root@host:/etc/php# uptime
    12:35:01 up 14:33, 1 user, load average: 8.03, 6.66, 5.84
    root@host:/etc/php#

    After switching to Nginx + PHP-FPM, load come down to 2.

    root@host:~# uptime
    17:26:20 up 19:24, 1 user, load average: 1.13, 1.07, 1.21
    root@host:~#

    Here is sar result.

    With Apache idle CPU was approx 72. With Nginx we have 90%+ idle CPU most of the time.

    Here is NewRelic Web transactions graph. The break in data is due to PHP 7.2 have no newrelic module installed. So i just switched back to Apache for a while, reinstalled NewRelic for PHP 7.2, then turned Nginx back on.

    NewRelic Apdex Score went from poor to fair.

  • Run .html files as PHP in Apache

    On Ubuntu, to execute .htm files as PHP, create file

    vi /etc/apache2/conf-enabled/php-html.conf

    Add following content

    
    SetHandler application/x-httpd-php

    This is similar code from your PHP configuration. In this case, it is from /etc/apache2/mods-available/php5.6.conf

    If you want it only for a specific website, edit VirtualHost entry for the website and add

    
        SetHandler application/x-httpd-php

    Example

    
    ServerName serverok.in
    ServerAlias www.serverok.in
    DocumentRoot /home/www/serverok.in/html
    CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
    
        Options All
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all
    
    
            SetHandler application/x-httpd-php

    Now restart apache

    service apache2 restart

    Apache | PHP

  • Apache SSL

    Here is a non-SSL Apache virtual host.

    <VirtualHost *:80>
    ServerName serverok.in
    ServerAdmin [email protected]
    DocumentRoot /home/serverok.in/html
    CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
    <Directory "/home/serverok.in/html">
        Options All
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

    To convert it to SSL VirtualHost, first change the port to 443

    Find

    <VirtualHost *:80>

    Replace with

    <VirtualHost *:443>

    Add the above Directory entry

    SSLEngine on
SSLCertificateFile /etc/ssl/DOMAIN.crt
SSLCertificateKeyFile /etc/ssl/DOMAIN.key

    The resulting VirtualHost will look like

    <VirtualHost *:443>
    ServerName serverok.in
    ServerAdmin [email protected]
    DocumentRoot /home/serverok.in/html
    CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCertificateFile /etc/ssl/serverok.in.crt
    SSLCertificateKeyFile /etc/ssl/serverok.in.key
    <Directory "/home/serverok.in/html">
        Options All
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

    For added security, you can use the following config

    SSLEngine on
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:!TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:!TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:!DSS

    Enable mod_ssl

    If you get the following error

    Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

    You need to enable mod_ssl, to do this, run

    On Debian/Apache, run

    sudo a2enmod ssl

    Restart Apache

    sudo service apache2 restart

    Force SSL

    You can add the following code to Apache virtualhost for the website

    Redirect 301 / https://domain.ltd/

    ssl

    apache

  • Apache Invalid command Header

    On a new Debian server with Apache, web site give 500 internal server error.

    On checking error log, i found

    [Thu Jan 04 06:44:42.483932 2018] [core:alert] [pid 27583] [client 112.133.248.19:63020] /home/user/public_html/.htaccess: Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration

    The error is due to Apache headers module not installed on the server.

    To fix, run

    a2enmod headers

    Restart Apache

    systemctl restart apache2

    Apache

  • htaccess

    Redirect

    Access Control

    Redirect domain to SSL (HTTPS)

    RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

    Or

    RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    Redirect a Page to another

    RedirectMatch 301 ^/old-page\.php$ /new-page.php

    You can also use

    Redirect 301 /old-page.php https://domain.com/new-page.php

  • Apache Permission Denied

    On a newly installed Apache server, when I visit the website, I get permission denied error. On Apache error log (/var/log/httpd/error_log), i found

    # tail -f /var/log/httpd/error_log
[Sat Mar 29 16:29:22 2014] [error] [client 59.98.136.37] (13)Permission denied: access to /index.html denied
[Sat Mar 29 16:29:25 2014] [error] [client 59.98.136.37] (13)Permission denied: access to /index.html denied
[Sat Mar 29 16:29:31 2014] [error] [client 59.98.136.37] (13)Permission denied: access to /index.html denied
[Sat Mar 29 16:29:34 2014] [error] [client 59.98.136.37] (13)Permission denied: access to /index.html denied

    I tried changing the folder permission to 755, but it did not fix it. The problem was caused by SELinux.

    Solution

    I disabled SELinux.

    setenforce 0

    To make it permanent, edit file /etc/selinux/config, set

    SELINUX=disabled

    See Apache