Tag: Apache

  • Nginx vs Apache

    I recently added nginx as front end for apache. Now nginx serve static content, PHP requests are peroxided to Apache.

    Nginx frontend, Apache backend

    [root@server12 ~]# ab -n 1000 -c 100 http://netfree.netfreehost.com/
    This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
    Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
    Copyright 2006 The Apache Software Foundation, http://www.apache.org/
    
    Benchmarking netfree.netfreehost.com (be patient)
    Completed 100 requests
    Completed 200 requests
    Completed 300 requests
    Completed 400 requests
    Completed 500 requests
    Completed 600 requests
    Completed 700 requests
    Completed 800 requests
    Completed 900 requests
    Finished 1000 requests
    
    
    Server Software:        nginx/1.1.0
    Server Hostname:        netfree.netfreehost.com
    Server Port:            80
    
    Document Path:          /
    Document Length:        16844 bytes
    
    Concurrency Level:      100
    Time taken for tests:   5.463353 seconds
    Complete requests:      1000
    Failed requests:        0
    Write errors:           0
    Total transferred:      17357000 bytes
    HTML transferred:       16844000 bytes
    Requests per second:    183.04 [#/sec] (mean)
    Time per request:       546.335 [ms] (mean)
    Time per request:       5.463 [ms] (mean, across all concurrent requests)
    Transfer rate:          3102.49 [Kbytes/sec] received
    
    Connection Times (ms)
                  min  mean[+/-sd] median   max
    Connect:        0    0   0.8      0       5
    Processing:    44  518  93.9    534     719
    Waiting:       44  517  94.0    533     718
    Total:         47  518  93.2    534     719
    
    Percentage of the requests served within a certain time (ms)
      50%    534
      66%    553
      75%    566
      80%    574
      90%    592
      95%    606
      98%    642
      99%    665
     100%    719 (longest request)
    [root@server12 ~]#
    

    Apache Only

    [root@server12 ~]# ab -n 1000 -c 100 http://netfree.netfreehost.com:81/
    This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
    Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
    Copyright 2006 The Apache Software Foundation, http://www.apache.org/
    
    Benchmarking netfree.netfreehost.com (be patient)
    Completed 100 requests
    Completed 200 requests
    Completed 300 requests
    Completed 400 requests
    Completed 500 requests
    Completed 600 requests
    Completed 700 requests
    Completed 800 requests
    Completed 900 requests
    Finished 1000 requests
    
    
    Server Software:        Apache/2.2.3
    Server Hostname:        netfree.netfreehost.com
    Server Port:            81
    
    Document Path:          /
    Document Length:        16844 bytes
    
    Concurrency Level:      100
    Time taken for tests:   7.102347 seconds
    Complete requests:      1000
    Failed requests:        1
       (Connect: 0, Length: 1, Exceptions: 0)
    Write errors:           0
    Total transferred:      17351384 bytes
    HTML transferred:       16827683 bytes
    Requests per second:    140.80 [#/sec] (mean)
    Time per request:       710.235 [ms] (mean)
    Time per request:       7.102 [ms] (mean, across all concurrent requests)
    Transfer rate:          2385.69 [Kbytes/sec] received
    
    Connection Times (ms)
                  min  mean[+/-sd] median   max
    Connect:        0    0   1.1      0       6
    Processing:    34  676 174.9    669    1261
    Waiting:       32  675 175.0    668    1260
    Total:         34  676 174.4    669    1261
    
    Percentage of the requests served within a certain time (ms)
      50%    669
      66%    696
      75%    732
      80%    754
      90%    893
      95%    974
      98%   1081
      99%   1128
     100%   1261 (longest request)
    [root@server12 ~]#
    

    See Apache, Nginx

  • Apache Limit access to a url

    I want to limit access to admin login url of a web application to specified IP address.

    The web site had admin login in following URL

    https://domain.com/login

    To limit IP address, i edited Apache VirtualHost configuration for this web site, added

    
        Order deny,allow
        Deny from all
        Allow from 103.35.199.82
        Allow from 51.38.246.115
    
    

    Restart apache

    systemctl restart httpd
    

    Or

    systemctl restart apache2
    

    Now only IP listed on the Allow from directive are allowed to access the /login URL.

    NOTE: this won’t work in .htaccess file. You need to add it in Apache VirtualHost.

  • Cpanel ReverseProxy Traffic to Docker Container

    Cpanel ReverseProxy Traffic to Docker Container

    On a cpanel server, i need to run a web application using docker container.

    Application running side docker container listening on port 8000 on localhost.

    For a web site to serve traffic from this docker container, we can use Apache mod_proxy, this is enabled by default on cpanel servers.

    https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

    You can verify it at

    WHM > EasyApache 4 > Currently Installed Packages > Customize > Apache Modules
    

    Apache mod_proxy

    For the site, you need to create reverse proxy, create a folder.

    NOTE: Replace CPANEL_USER and DOMAIN with your actual cpanel user name and domain name. You can find/verify this path by looking virtual host entry for your domain name in /etc/apache2/conf/httpd.conf file. By default this “Include” line will be commented. Once you put a file and rebuildhttpdconf, this line get uncommented.

    mkdir -p /etc/apache2/conf.d/userdata/std/2_4/CPANEL_USER/DOMAIN/
    

    Now create a file

    vi /etc/apache2/conf.d/userdata/std/2_4/CPANEL_USER/DOMAIN/docker.conf
    

    Add following.

    ProxyPass "/"  "http://localhost:8000/"
    ProxyPassReverse "/"  "http://localhost:8000/"
    

    Now rebuild Apache config.

    /scripts/rebuildhttpdconf
    

    Now if you check Apache config file (/etc/apache2/conf/httpd.conf), you will see included in Apache virtual host entry.

    Restart Apache

    service httpd restart
    

    Now if you visit the site, you will see the web application running on http://localhost:8000/

    See Reverse proxy, Cpanel Server, Apache

  • Apache Benchmark

    ab is a tool for benchmarking web servers. It is designed to give you an impression of how your web server installation performs. This especially shows you how many requests per second your web server is capable of serving.

    http://httpd.apache.org/docs/2.4/programs/ab.html

    To benchmark a web site, use ab command provided by Apache.

    ab -c 200 -n 15000 http://site-to-benchmark-here.com/

    This will start 15000 requests to the server specified. 200 requests at a time.

  • Apache AH00144: couldn’t grab the accept mutex

    On Ubuntu 18.04 server, apache crashed. On checking apache error log, found following

    [Mon Aug 13 23:19:24.625927 2018] [mpm_prefork:emerg] [pid 2378] (43)Identifier removed: AH00144: couldn't grab the accept mutex
    [Mon Aug 13 23:19:24.626990 2018] [mpm_prefork:emerg] [pid 1227] (43)Identifier removed: AH00144: couldn't grab the accept mutex
    [Mon Aug 13 23:19:24.628515 2018] [mpm_prefork:emerg] [pid 1211] (43)Identifier removed: AH00144: couldn't grab the accept mutex
    [Mon Aug 13 23:19:24.628693 2018] [mpm_prefork:emerg] [pid 1309] (43)Identifier removed: AH00144: couldn't grab the accept mutex
    [Mon Aug 13 23:19:24.629122 2018] [mpm_prefork:emerg] [pid 2387] (43)Identifier removed: AH00144: couldn't grab the accept mutex
    [Mon Aug 13 23:19:24.629319 2018] [mpm_prefork:emerg] [pid 1603] (43)Identifier removed: AH00144: couldn't grab the accept mutex
    [Mon Aug 13 23:19:24.629483 2018] [mpm_prefork:emerg] [pid 1637] (43)Identifier removed: AH00144: couldn't grab the accept mutex
    [Mon Aug 13 23:19:24.629659 2018] [mpm_prefork:emerg] [pid 1566] (43)Identifier removed: AH00144: couldn't grab the accept mutex
    [Mon Aug 13 23:19:25.366503 2018] [core:alert] [pid 990] AH00050: Child 1211 returned a Fatal error... Apache is exiting!
    [Mon Aug 13 23:19:25.366568 2018] [:emerg] [pid 990] AH02818: MPM run failed, exiting
    

    To fix the error, edit file

    vi /etc/apache2/apache2.conf
    

    Find

    #Mutex file:${APACHE_LOCK_DIR} default
    

    Replace with

    Mutex posixsem
    

    Restart Apache

    service apache2 restart
    

    See Apache

  • Limit Access Using htaccess

    To limit access to a folder using .htaccess, create .htacess file with following content.

    order deny,allow
    deny from all
    allow from YOUR_IP_HERE
    

    YOUR_IP_HERE = Replace it with your actual IP.

    You can white list IP range by entering CIDR notation for the IP range.

    Here is .htacess i use on one of my web sites admin folder.

    order deny,allow
    deny from all
    allow from 137.97.0.0/16
    allow from 116.68.64.0/18

    If your server is behind a reverse proxy server, you may need to use

    Order Deny,Allow
    deny from all
    SetEnvIf X-Forwarded-For "103.35.199.82" OkAccess
    SetEnvIf X-Forwarded-For "92.184.105.169" OkAccess
    Allow from env=OkAccess

    Back to htaccess

  • Moving from Apache PHP 5 to Nginx PHP 7

    Moving from Apache PHP 5 to Nginx PHP 7

    Today i moved a high traffic WordPress web using from Apache + PHP 5 to Nginx + PHP 7.2.

    Here is a graph provided by LiquidWeb (server provider).

    With Apache, load was like 8.

    root@host:/etc/php# uptime
    12:35:01 up 14:33, 1 user, load average: 8.03, 6.66, 5.84
    root@host:/etc/php#

    After switching to Nginx + PHP-FPM, load come down to 2.

    root@host:~# uptime
    17:26:20 up 19:24, 1 user, load average: 1.13, 1.07, 1.21
    root@host:~#

    Here is sar result.

    With Apache idle CPU was approx 72. With Nginx we have 90%+ idle CPU most of the time.

    Here is NewRelic Web transactions graph. The break in data is due to PHP 7.2 have no newrelic module installed. So i just switched back to Apache for a while, reinstalled NewRelic for PHP 7.2, then turned Nginx back on.

    NewRelic Apdex Score went from poor to fair.

  • Run .html files as PHP in Apache

    On Ubuntu, to execute .htm files as PHP, create file

    vi /etc/apache2/conf-enabled/php-html.conf
    

    Add following content

    
        SetHandler application/x-httpd-php
    
    

    This is similar code from your PHP configuration. In this case, it is from /etc/apache2/mods-available/php5.6.conf

    If you want it only for a specific website, edit VirtualHost entry for the website and add

    
            SetHandler application/x-httpd-php
    
    

    Example

    
        ServerName serverok.in
        ServerAlias www.serverok.in
        DocumentRoot /home/www/serverok.in/html
        CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
        
            Options All
            AllowOverride All
            Require all granted
            Order allow,deny
            allow from all
        
        
                SetHandler application/x-httpd-php
        
    
    

    Now restart apache

    service apache2 restart
    

    Apache | PHP

  • Apache SSL

    Here is a non-SSL Apache virtual host.

    <VirtualHost *:80>
        ServerName serverok.in
        ServerAdmin [email protected]
        DocumentRoot /home/serverok.in/html
        CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
        <Directory "/home/serverok.in/html">
            Options All
            AllowOverride All
            Require all granted
            Order allow,deny
            allow from all
        </Directory>
    </VirtualHost>

    To convert it to SSL VirtualHost, first change the port to 443

    Find

    <VirtualHost *:80>

    Replace with

    <VirtualHost *:443>

    Add the above Directory entry

    SSLEngine on
    SSLCertificateFile /etc/ssl/DOMAIN.crt
    SSLCertificateKeyFile /etc/ssl/DOMAIN.key

    The resulting VirtualHost will look like

    <VirtualHost *:443>
        ServerName serverok.in
        ServerAdmin [email protected]
        DocumentRoot /home/serverok.in/html
        CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
        SSLCertificateFile /etc/ssl/serverok.in.crt
        SSLCertificateKeyFile /etc/ssl/serverok.in.key
        <Directory "/home/serverok.in/html">
            Options All
            AllowOverride All
            Require all granted
            Order allow,deny
            allow from all
        </Directory>
    </VirtualHost>

    For added security, you can use the following config

    SSLEngine on
    SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:!TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:!TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:!DSS

    Enable mod_ssl

    If you get the following error

    Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

    You need to enable mod_ssl, to do this, run

    On Debian/Apache, run

    sudo a2enmod ssl

    Restart Apache

    sudo service apache2 restart

    Force SSL

    You can add the following code to Apache virtualhost for the website

    Redirect 301 / https://domain.ltd/

    ssl

    apache

  • Apache Invalid command Header

    On a new Debian server with Apache, web site give 500 internal server error.

    On checking error log, i found

    [Thu Jan 04 06:44:42.483932 2018] [core:alert] [pid 27583] [client 112.133.248.19:63020] /home/user/public_html/.htaccess: Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration

    The error is due to Apache headers module not installed on the server.

    To fix, run

    a2enmod headers
    

    Restart Apache

    systemctl restart apache2
    

    Apache

  • htaccess

    Redirect

    Access Control

    Redirect domain to SSL (HTTPS)

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
    

    Or

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    

    Redirect a Page to another

    RedirectMatch 301 ^/old-page\.php$ /new-page.php
    

    You can also use

    Redirect 301 /old-page.php https://domain.com/new-page.php
    
  • Apache Permission Denied

    On a newly installed Apache server, when I visit the website, I get permission denied error. On Apache error log (/var/log/httpd/error_log), i found

    # tail -f /var/log/httpd/error_log
    [Sat Mar 29 16:29:22 2014] [error] [client 59.98.136.37] (13)Permission denied: access to /index.html denied
    [Sat Mar 29 16:29:25 2014] [error] [client 59.98.136.37] (13)Permission denied: access to /index.html denied
    [Sat Mar 29 16:29:31 2014] [error] [client 59.98.136.37] (13)Permission denied: access to /index.html denied
    [Sat Mar 29 16:29:34 2014] [error] [client 59.98.136.37] (13)Permission denied: access to /index.html denied
    

    I tried changing the folder permission to 755, but it did not fix it. The problem was caused by SELinux.

    Solution

    I disabled SELinux.

    setenforce 0
    

    To make it permanent, edit file /etc/selinux/config, set

    SELINUX=disabled
    

    See Apache