apache2
package using apt-get, aptitude or synaptic.libapache2-mod-php5
is the first one to get, there are other php modules for extra functionality)I haven't tried a reverse proxy. Other comments suggest that would work.
If you don't need EV certs, try Lets Encrypt. I use this for all the domains I serve that don't require EV. The certs are recognized by all browsers. FREE.
The URL Rewriting Guide has some examples under "Time-Dependent Rewriting:"
RewriteEngine on RewriteCond %{TIME_HOUR}%{TIME_MIN} >0700 RewriteCond %{TIME_HOUR}%{TIME_MIN} <1900 RewriteRule ^foo.html$ foo.day.html RewriteRule ^foo.html$ foo.night.html
So I'm guessing you want something like this
RewriteEngine on RewriteCond %{TIME_MON} -eq 4 RewriteCond %{TIME_DAY} -eq 1 RewriteRule ^/$ april-fools.html
It is, but it only works with hostnames. For instance, if you wanted people to be able to get to your site by either typing "example.com" or "www.example.com", you would set one of those as the ServerName and the other as the ServerAlias.
You'll need to do some mod_rewrite magic to make a folder on one site point to a different virtual host. Perhaps something like this will work.
> and I feel Apache should have the ability to serve a different webpage depending on device/browser.
You could filter requests according to the user agent header but I can imagine this getting cumbersome. You could use RewriteCond
to match the user agent string and then rewrite the URL accordingly.
> Also does anyone know a program that will transpile your code for multiple browsers or is this not a thing??
For JS, yes. Babel takes your JavaScript and converts it into an older standard.
In general, if you try to make a website that looks good in multiple browsers and on most devices, check out bootstrap. it's free.
Apache does not have anything like a "try" directive, but you can use mod_rewrite to test if a requested path exists under an alternate directory then rewrite to it.
http://httpd.apache.org/docs/current/rewrite/remapping.html#multipledirs
Hello,
You Java app is on a machine that have an IP, you can use that, but I prefer using it's a FQDN...
You can configure your Apache to connect to Tomcat using AJP (not recommended anymore) or HTTP(s)..
I recommend you using HTTP(s) via mod_proxy.. Here is an example I shared in this subreddit today morning on how to do so.
The old school way that you may find on the net is using mod_jk, which uses AJP only, and will be hassle when you want to scale your standalone Tomcat to a cluster setup, mod_proxy offers a load balancing option that you can use to create an easy to setup cluster ;-)
You can use a combination of <code>Alias</code> and <code>Directory</code> to configure samplesite.com/blog so that it supersedes the original configuration in your flaskapp.conf -- all from within your flaskapp.conf.
how is this different from a standard caching implementation?
what you want is either disk cache or mem cache. i would recommend mem cache because disk cache does not have any storage management built in, so you risk running out of disk space if you don't manage it yourself.
http://httpd.apache.org/docs/2.2/caching.html
pay attention to the "What Can be Cached?" section -- you will need to be sure your content has an appropriate "Expires", "Etag", "Last-Modified", or "Cache-Control" header, or else apache will not cache it. (you can use mod_expires to set the Expires header based on the MIME-type if necessary.)
Well if you set up filters in Apache you could see what the GET request was going for. It should show you it was a curl (or wget or python lib) against a specific resource. Then you would have to investigate the filter logs to see what they say, or you could setup a reverse proxy in front of your web app and have it filter/control/log traffic to your website.
Are you looking for something like %T ?
~~https://httpd.apache.org/docs/1.3/mod/mod_log_config.html#formats~~
EDIT: that's for Version 1.3. The format is still the same, but here's an up-to-date doc: http://httpd.apache.org/docs/current/mod/mod_log_config.html
Look for "The time taken to serve the request, in seconds."
Are you using mod_auth_kerb? It's nearly impossible because the AuthType is KerberosV5, not Basic or Digest.
If you're using LDAP with Kerberos authentication then you can do it with Apache directives, as shown in the Apache documentation.
You will want to look up how to configure virtual hosts.
here is your question in a different form on stackoverflow with a pretty good answer: http://stackoverflow.com/questions/2658173/setup-apache-virtualhost-windows
here are some vhost examples out of the apache manual: http://httpd.apache.org/docs/current/vhosts/examples.html
edit: I should also add that I am mainly a linux admin, but this should apply just the same.
I hope this helps.
You can try enabling mod_status: http://httpd.apache.org/docs/2.2/mod/mod_status.html
or look in the error logs and access logs and see what it's doing.
jmeter and apache ab are good tools to stress test your site. My guess is you have some bad code, or another service that is locked up, slow queries and could use some caching.
If you're running mysql db check out jet profiler it will help identify slow running queries.
It might have something to do with your directory structure. The HTML folder should be the last folder in the tree. i.e. var/www/site1/html and var/www/site2/html.
Ah looks like things have changed a bit since I last set up two sites on one server.
Here's a link for setting it up for centos: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7
Although this is written for centos 7, the basic format and structure should still apply. If you still need help I can try to help further after I get off work tonight.
Assuming you're on Linux or FreeBSD you could use something like CrowdSec. It works a bit like fail2ban but more intelligently in that you very precisely can define scenarios that are unacceptable and which are (if standard scenarios who protects against a long range of attacks out of the box). Those not accepted will be blocked, either via integration with your host firewall or via a custom script that will add the malevolent ips to an acl and block it via Apache itself.
CrowdSec is free, open source and crowdsourced ids/ips and more. I am head of community so let me know if you need any help or join our Discourse. If you are looking to learn more about CrowdSec you should check out my talk from ShellCon.
These lines go somewhere in your global apache configuration.
Listen 443 https MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf MDPrivateKeys RSA 4096 MDomain example.com www.example.com #Add more MDomain lines here, one for each virtual host #Each MDomain line results in a certificate with all domain names in it. #The first name is the primary name, all other names are additional names, #but they also must be reachable from the internet. MDRequireHttps temporary MDStapling on MDMustStaple on
Add these to each virtual host you just moved to port 443. The Name and alias must match one of your MDomain lines from earlier. The ServerAlias can be present multiple times for multiple aliases, or you can specify multiple domains on a single line (similar to the MDomain)
SSLEngine On ServerName example.com ServerAlias www.example.com
By default web servers host sites served over http.
To enable https, you need to get appropriate SSL certificates for the sites/domains being hosted and install them on ur web server.
If there is a firewall in front of ur web server, you need to open those ports too (443 default)
I've never bought one, but planning to using https://letsencrypt.org/
sounds like your application is coded with absolute URLs and not relative URLs. If it is the latter then you may not be able to proxy the application.
https://moz.com/blog/relative-vs-absolute-urls-whiteboard-friday
Don't create Apache rules for this.
It's much easier to have Apache itself open to everyone and then limit remote addresses to Apache via the firewall on the server. Cloudflare IP addresses can be found here.
Localhost access (127.0.0.0/8
and ::1/128
) will always bypass the firewall. To allow access from other machines in your local network, add your local network subnet to the firewall rule too.
Securing PHP my admin should be done by a different listener. Create a virtual host in your apache config that listens on a completely different port. Only allow access to that port from your local network.
Here's the Flask docs on using Apache + mod_wsgi: http://flask.pocoo.org/docs/0.11/deploying/mod_wsgi/. There's a few areas that might need more explanation, so just give it a read and let us know how you get on, if you have any problems, etc.
>You could filter requests according to the user agent header but I can imagine this getting cumbersome. You could use RewriteCond to match the user agent string and then rewrite the URL accordingly.
thank you for this I will look into it, but not thank you for this
>For JS, yes. Babel takes your JavaScript and converts it into an older standard.
>
>In general, if you try to make a website that looks good in multiple browsers and on most devices, check out bootstrap. it's free.
converting the javascript to older standards may come in helpful but bootstrap works to abstract away scss which I could right specific for my my website make less requests or smaller files for the user of a webpage
I think my host provider removed it to make customizing it easier for us noobies. I just deleted it today to help me debug because I had a javascript page redirect on it too and it got annoying lol
Try this guide: http://www.rackspace.com/knowledge_center/article/centos-apache-virtual-hosts
It also talks about the DocumenRoot and how to define it in the httpd.conf file.
Good lord, AyrA_ch, your reply is a treasure trove of info. Going to bookmark this for future reference.
I have a GoAccess log analyzing / stats panel set up for this client, but I don't think they've ever used it. It's the only thing I can think of that they'd ever notice, and I find it highly unlikely they'll even see that.
It's a new business, and they're so wrapped up in running it that I'm a little shocked they even set up Cloudflare to begin with. They mostly just hired me to make their web presence and they get in touch when they need something added to the website.
I'm going to leave it as-is until any issues — but, as I mentioned, I'm bookmarking this for future reference.
Thank you thank you!
You should however probably name it so it's hidden (with a dot) at the front, and then filter all hidden files as 403 errors with something like this.
You could set up DNSMasq to use your /etc/hosts
file for DNS. Then you would configure your wireless router to use the IP of the DNSMasq server for DNS (use your ISP's DNS as second and tertiary servers so you can still resolve normal DNS). Then your iPad should be able to resolve whatever you put in your hosts file.
Edit: Instead of reconfiguring your router, on your iOS device go into Settings -> WiFi -> Your WiFi and change the DNS there. This way it'll only affect your iPad, and not everything else on your network.
A server needs an ip. You can't share ip addresses. You could have a server in front that offloads to other servers. Or you could use linux containers to host different websites on the same server in different server environments (the same concept as storing websites on different servers). Personally I use LXC to manage my containers.
I run the servers for several websites that my company owns. Personally I will go with the most basic Apache config I can that will do what I need. The actual virtualhost files on my systems are a bit different than what I listed above. But I think it's best to start with a basic working configuration and then add features from there. May want to check out the documentation here.
Maybe start with something like this and add exclusions when it breaks the other URL's you then decide you don't want to rewrite:
http://httpd.apache.org/docs/current/rewrite/remapping.html#fallback-resource
RewriteEngine ON RewriteCond %{REQUEST_URI} !=/page.php RewriteRule .* /page.php?URL=/$0
Thanks to another thread, I found out the solution:
​
http://httpd.apache.org/docs/2.4/sections.html#file-and-web
​
​
So I should reverse the Locations, and it works fine!
​
<Location /myapp>
Proxypass ajp://localhost:8009/myapp
Require all granted
</Location>
​
​
<Location /myapp/api>
Proxypass ajp://localhost:8009/myapp/api
Require local
Require 1.2.3.4
</Location>
Click on your version, then under User's Guide you will find helpful links. That's what I use!
I'm new at using Apache too but I don't have to do it for my job, I'm doing it for something to practice with while studying for my LPIC cert.
Do you have a "Listen :10080" directive in your Apache config? (http://httpd.apache.org/docs/current/bind.html#protocol)
If so, is Apache running? Can you see the port in a netstat?
Not sure why you're bothering doing this at all, though. Why not just switch to Nginx entirely or use Apache? What are you trying to gain through putting Nginx in front?
"ServerTokens" can not be used in .htaccess. It is a server-wide setting which applies to all websites Apache manages.
If you are working with Apache's server-config files, and not .htaccess, make sure you either restart Apache, or reload the Apache configuration after altering ServerTokens.
When this happened, I liked to use mod_rewrite's logging I haven't used it since they switched from having the functionality built into mod_rewrite over to the generic module logging, so I can't do any better than the link to the manual above.
Without knowing your mod_rewrite rules I really can't say, but if there is a $1 or %1 back-reference, try removing that.
See http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond and http://httpd.apache.org/docs/2.4/rewrite/remapping.html#rewrite-query
1) Yes, these are written in that form unless it's a back-reference (ie: $0, $1, $2, ...). "These are variables of the form %{NAME_OF_VARIABLE}", from documentation:
http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond
2) Yes. You can use multiple variables. Examples can be found here:
http://www.askapache.com/htaccess/mod_rewrite-variables-cheatsheet.html
3) Although true, the F flag sends a forbidden response (403) for the resource requested. The L flag (for "last") stops processing further rules. When using the F flag, the L is implied.
As for diving into mod_rewrite, welcome to exploring its black magic.
If the server is already running you can setup a virtual host that will define all that. If they want something more specific than a vhost you'll need more requirements. If it's very simplistic you might be able to get away with running nginx or node.js on another port … just depends.
Directory Listing TLDR; Options +Index
Uh, I guess something like this should do the trick (untested);
RewriteCond %{HTTP_HOST} ^example RewriteRule .* http://www.domain.com/index2.html [L]
edit: Eh, something like that
see 'server-variables' documented here which will help; http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
Alternatively (also untested); you can use index.php
<?php $host = $_SERVER['HTTP_HOST']; if ($host == "example") { header("Location: /index2.htm"); exit(); } ?>
Okey, so I ended up using the mod_authz_hosts as described here: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html. I made a new config file in /etc/apache2 and Included it in the main config file (apache2.conf). It consisted of a <Directory> tag specifying the one directory. It now works. Thanks for replying :)
Great to hear that you have focus on security. Kudos, my friend! :-)
To be completely honest I am not that big an f2b expert. Part of that is that I am involved in a free, open source project called CrowdSec that has evolved to be a more modern and advanced version of f2b (and using crowdsourced threat intelligence). I know by default that it would be able to parse apache logs and block a number of attacks by default; sqli, xss etc. So obviously I would recommend doing that if you want to protect your vps. CrowdSec would protect ssh against brute-force attacks by default as well. It has a number of other funky features (not counting the crowd-srouced part that in itself is lightyears ahead of f2b). If you're interested you can see a talk I did at ShellCon a few weeks ago here. Let me know what you think - also I'll be happy to answer any questions and help you out as much as I can.
~~Don't know about your actual question but~~ i thought i may as well mention that https://letsencrypt.org is what i mainly see used to generate certificates. I think the main advantage over what you have is the autorenewel. ~~Wouldn't be surprised if their scripts have an apache auto setup too~~
edit: Here's the link for this auto-setup with certbot on ubuntu https://certbot.eff.org/lets-encrypt/ubuntufocal-apache
The official certbot site is helpful. I've found that with simple sites it works well and generally just inserts the arguments well (ie. listen 443, sslengine on, a 301 redirect to the https site) but with more complex configs it somehow borks them. https://certbot.eff.org/lets-encrypt/debianjessie-apache
To grab just the cert, I believe it's something like certbot-auto certonly --apache -D mydomain.com
Confirm before running. I would also highly recommend after you get it working on http, just doing a cp httpd.conf httpd.conf.bak
just in case.
it sounds like your browser is caching the document. you can confirm this by pressing ctrl+f5 to refresh or using a different browser to confirm that the most recent data loads. if that's the case, there are many ways to disable caching. one way to do this is with the apache "header add" directive. you can check this article to see what header values to consider adding to your response:
I found that the problem persists without SSL. The server logs show the size if the file is a direct download. But doesn't when the download is started from a PHP script. This might be harder than it seems because of how the server is put together: Web Browser -> Nginx -> Apache -> PHP-FPM
https://serverpilot.io/docs/how-serverpilot-configures-your-lamp-stack/
If you don't want to script something in PHP, you can use web dav. Apache has a module for this: https://devdocs.io/apache_http_server/mod/mod_dav
Once configured, you can connect this by various means and move files around in your file explorer.