UnixServerAdmin

Server Administration & Management

Protected: tomcat_httpsd.conf_virtual-hosting-Secure for Java + PHP

This content is password protected. To view it please enter your password below:

Advertisements

April 10, 2014 Posted by | Apache, Tomcat | , | Enter your password to view comments.

Protected: tomcat_httpd.conf_virtual-hosting for Java + PHP

This content is password protected. To view it please enter your password below:

March 30, 2014 Posted by | Apache, Tomcat | , | Enter your password to view comments.

Protected: worker.properties_virtual-hosting

This content is password protected. To view it please enter your password below:

March 20, 2014 Posted by | Apache, Tomcat | , | Enter your password to view comments.

How to Enable Secure SSL Protocol

A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages. Because sometimes Servers use SSLv2 protocol with low encryption ciphers. There are known flaws in the SSLv2 protocol.  These flaws have been fixed in SSLv3 (or TLSv1). SSLv2 should be disabled and MEDIUM or HIGH encryption ciphers must be used. SSLV3 should be used instead of SSLv2.

# vim /etc/httpd/conf.d/ssl.conf

Remove or Comment on Following Lines

Line No. 93 :-  SSLProtocol all -SSLv2
Line No. 98 :-  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Add Following Line

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNull:!ADH:!eNULL:!LOW:!EXP:!RC4+RSA:+HIGH:+MEDIUM

# /etc/init.d/httpd restart

# chkconfig httpd on

September 20, 2013 Posted by | Apache, Security | , , | Leave a comment

Service httpd status: httpd dead but subsys locked, but pid exists

I have an apache server acting as a reverse proxy for serveral websites, (which you should see that it is up and running). However, when I check the status of the apache service, I get this:

# service httpd status
httpd dead but subsys locked

================== Method-1 ==================

So I lookup the locked PIDs of apache and get:

# ipcs -s | grep apache
0x00000000 98306 apache 600 1
0x00000000 131075 apache 600 1
0x00000000 163844 apache 600 1

So I delete these resources:

# ipcs -s | grep apache | perl -e ‘while (<STDIN>) { @a=split(/\s+/);print `ipcrm sem $a[1]`}’
resource(s) deleted
resource(s) deleted
resource(s) deleted

and I delete the lock from the subsys folder:

# cd /var/lock/subsys
# rm httpd

and start apache:

# service httpd restart
Starting httpd: [ OK ]

================== Method-2 ==================

If the above is not fixing then try the following.

comment out the following module in your httpd.conf and restart apache

# vim /etc/httpd/conf/httpd.conf
LoadModule unique_id_module modules/mod_unique_id.so

# /etc/init.d/httpd restart

April 27, 2013 Posted by | Apache, Tips & Tricks | , | Leave a comment

How to rotate apache logs

/var/log/httpd/access_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 100K
}

/var/log/httpd/dummy-host.example.com-access_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 10M
}

/var/log/httpd/dummy-host.example.com-error_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 100K
}

/var/log/httpd/error_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 5K
}

/var/log/httpd/mod_jk.log.* {
compress
copytruncate
create 644 root root
rotate 30
size 5M
}

/var/log/httpd/ssl_access_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 10K
}

/var/log/httpd/ssl_error_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 10K
}

/var/log/httpd/ssl_request_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 10K
}

daily :- rotates the catalina.out daily
rotate 7 :- keeps at most 7 log files
compress :- compresses the rotated files
size 10M :- rotates if the size of logs are bigger than 10M
copytruncate :- Truncate the original log file in place after creating a copy, instead of moving the old log file and optionally creating a new one, It can be used when some program can not be told to close its logfile and thus might continue writing (appending) to the previous log file forever. Note that there is a very small time slice between copying the file and truncating it, so some logging data might be lost. When this option is used, the create option will have no effect, as the old log file stays in place.

April 22, 2013 Posted by | Apache, Tips & Tricks, Unix/Linux | , , , | Leave a comment

How to enable gzip (web Page) compression in Apache

First lets be sure your server supports compression, to do that it needs to have the mod_deflate module:

# cat httpd.conf | grep deflate

You should see this:

LoadModule deflate_module modules/mod_deflate.so

If it is commented, comment it out and add following lines :-

# vim /etc/httpd/conf/httpd.conf

#################################################
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE

# You can’t compress what is already compressed
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary

# Make proxies work as they should.
<IfModule mod_headers.c>
Header append Vary User-Agent
</IfModule>

</IfModule>

#BrowserMatch ^Mozilla/4 gzip-only-text/html
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
#################################################

March 28, 2013 Posted by | Apache | , | Leave a comment

How to running PHP 4 and PHP 5 on the same cPanel

Here is following process to install and run on the same server php 4 and 5. Users will be allowed to choose what version to use for their scripts.
Although I personally don’t recommend this as it has many performance implications it’s something that small webhosts use so that they don’t have to have different servers for different php versions.

1. Compiler check

# /scripts/checkccompiler
# rm -rvf /home/cpphpbuild
# mkdir /home/cpphpbuild
# cd /home/cpphpbuild

2. Download and extract php

# wget http://us2.php.net/downloads.php
# tar -xzf php-5.2.4.tar.gz
# cd php-5.2.4

3. Configure and build the php installation (credits go to elix for an excellent work)

# echo “#define HAVE_SENDMAIL 1? >> /home/cpphpbuild/php-5.2.4/main/php_config.h
# wget http://www.elix.us/tutorials/php5.gen.cpanel
# chmod 700 php5.gen.cpanel
# ./php5.gen.cpanel
# make
# make install

4. Moving the files and finishing the configuration

# cp -f /usr/local/php5/bin/php5 /usr/local/cpanel/cgi-sys/php5
# chown root:wheel /usr/local/cpanel/cgi-sys/php5
# cp -p /home/cpphpbuild/php-5.2.4/php.ini-recommended /usr/local/php5/lib/php.ini
# chown root.root /usr/local/php5/lib/php.ini
# chmod 644 /usr/local/php5/lib/php.ini
# echo “cgi.fix_pathinfo = 1 ; needed for CGI/FastCGI mode” >> /usr/local/php5/lib/php.ini

5. Now we have to add a few lines to the httpd.conf file

# vim /usr/local/apache/conf/httpd.conf

6. Add in the section – “index.php5″ before index.php4 and Add after “AddType application/x-httpd-php .phtml”

—————————————————————————
Action application/x-httpd-php5 “/cgi-sys/php5″
AddHandler application/x-httpd-php5 .php5
—————————————————————————

7. Test the installation

# service httpd configtest

8. If you get any errors please check that you done all the steps properly. If everything is ok you can now restart apache.

# service httpd restart

October 29, 2012 Posted by | Apache, PHP | , | Leave a comment

How to monitor specific process (ie apache) using Top Command

How to monitor specific process (ie apache) using Top Command

# top -p `pidof httpd | awk ‘{gsub(/[ ]/,”,”);print}’`

April 4, 2012 Posted by | Apache, Tips & Tricks, Unix/Linux | , , , , | Leave a comment

index.jsp for tomcat cluster with HA

<%@ page language=”java” %>
<HTML>
<HEAD>
<TITLE>Login using jsp</TITLE>
</HEAD>
<BODY>
<h1><font color=”red”>Index Page by Tomcat-2 Node-2</font></h1>
<h2><font color=”blue”>This is test page of Tomcat-2 of NODE-2</font></h2>
<table> align=”centre” border=”1″
<h2>></h2>
<tr>
<td>Session ID –> </td>
<td><%= session.getId() %></td>
</tr>
<tr>
<td>Created on –> </td>
<td><%= session.getCreationTime() %></td>
</tr>
</table>
</BODY>
</HTML>

March 23, 2012 Posted by | Apache, Cluster, Tomcat | , , | Leave a comment

Protected: worker.properties_cluster

This content is password protected. To view it please enter your password below:

March 19, 2012 Posted by | Apache, Cluster, Tomcat | , , | Enter your password to view comments.

Protected: tomcat_ssl.conf_cluster

This content is password protected. To view it please enter your password below:

March 17, 2012 Posted by | Apache, Cluster, Tomcat | , , | Enter your password to view comments.

Protected: tomcat_httpd.conf_cluster

This content is password protected. To view it please enter your password below:

March 15, 2012 Posted by | Apache, Cluster, Tomcat | , , | Enter your password to view comments.

Protected: How to install and configure LVS to allow Load Balancing between Clusters/Nodes

This content is password protected. To view it please enter your password below:

March 11, 2012 Posted by | Apache, Cluster, LVS | , , , , | Enter your password to view comments.

Protected: Hearbeat Configration File Options

This content is password protected. To view it please enter your password below:

March 9, 2012 Posted by | Apache, Cluster | , , | Enter your password to view comments.

Protected: How to install and configure Failover “OR” High Availability (HA) Cluster with heartbeat in Apache

This content is password protected. To view it please enter your password below:

March 7, 2012 Posted by | Apache, Cluster | , , , | Enter your password to view comments.

How to configure Apache server to listen Multiple Ports

By default Apache server listens on TCP port 80 but I’d like an Apache Web Server to listen on port 80 and port 8080. The following article explains how do I configure Apache server to listen multiple ports under CentOS Linux Server.

To configure Apache server to listen multiple ports, you need to login as root and open configure file /etc/httpd/conf/httpd.conf and modify the Listen directive tells the server to accept incoming requests on the specified port.

# vi /etc/httpd/conf/httpd.conf

Find line that read as follows:

Listen 80

Force Apache server to listen on both port 80 and 8080:

Listen 80
Listen 8080

And find the VirtualHost portion for your website config and add *:8080 as shown below:

<VirtualHost *:80 *:8080>

</VirtualHost>

Save and close the file. Restart apache server:

# service httpd restart

February 26, 2012 Posted by | Apache | , | Leave a comment

How to block or allow ips using .htaccess

Suppose you have a site example.com and in the document root directory of example.com you have a directory “admin” in which you want to restrict the access to others. But you want to give access to clients from some ips.

You can do this by creating a .htaccess file under “admin” directory.

# vim .htaccess file can be like this.

===================
Order Deny,Allow
Deny from all
Allow from IP_address1
Allow from IP_address2
Allow from IP_address3
Allow from IP_address4
Allow from IP_address5
===================

example.com/admin/ will only be accessible to IP_address1-5

February 16, 2012 Posted by | Apache, htaccess | , , | Leave a comment

How to configure Webalizer

The Webalizer is a GPL application that generates web pages of analysis, from access and usage logs, i.e. it is web log analysis software. It is one of the most commonly used web server administration tools. It was initiated by Bradford L. Barrett in 1997. Statistics commonly reported by Webalizer include: hits; visits;  referrers; the visitors’ countries; and the amount of data downloaded. These statistics can be viewed graphically
and presented by different time frames, such as per day, hour, or month.

Hit

Each HTTP request submitted by the browser is counted as one hit. Note that HTTP requests may be submitted for non-existent content, in which case they still will be counted. For example, if one of the five image files referred by the example page mentioned above is missing,
the web server will still count six HTTP requests, but in this case, five will be marked as successful (one HTML file and four images) and one as a failed request (the missing image)

Here is steps to configure webalizer

1) Install the webalizer by yum

# yum install webalizer

2) vim /etc/httpd/conf.d/webalizer.conf

=====================================
Alias /usage /var/www/usage

#<Location /usage>
#       AllowOverride AuthConfig
#       Order allow,deny
#       Allow from all
#</Location>

<Directory “/var/www/usage”>
    AllowOverride AuthConfig
   Options Indexes FollowSymLinks Includes
    Order allow,deny
    Allow from all
</Directory>
=====================================

3. Create .htacess file

# vim /var/www/usage/.htaccess

=====================================
AuthUserFile /etc/httpd/htpasswd
AuthName “Please provide Login Credentials”
AuthType Basic
require valid-user
=====================================

4. Restart httpd services.

# /etc/init.d/httpd restart

February 14, 2012 Posted by | Apache, Tips & Tricks, Unix/Linux | , , , , , | 7 Comments

How to generate a CSR for SSL Certificate without using Password

Here is following steps to generating a Certificate Signing Request (CSR) Generation Instructions – Apache 2.x Web server. When you have completed generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.

1. Log in to your server’s terminal (SSH).

2. At the prompt, type the following command:

# openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Replace yourdomain with the domain name you’re securing. For example, if your domain name is example.com, you would type example.key and example.csr

Enter the requested information:

Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.

State or Province Name: Name of the state or province where your organization is located. Do not abbreviate.

City or Locality Name: Name of the city where your organization is registered/located. Do not abbreviate.

Organization Name: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.

Organization Unit Name: If applicable, enter the DBA (doing business as) name.

Common Name: The fully-qualified domain name, or URL, you’re securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.

If you do not want to enter a password for this SSL, you can leave the Passphrase field blank. However, please understand there might be additional risks. Open the CSR in a text editor and copy all of the text. Paste the full CSR into the SSL enrollment form in your account.

January 5, 2012 Posted by | Apache, Security, Tips & Tricks | , , , | Leave a comment