Chris Arnold | 28 Jan 22:55 2015

Redirect http to https

Apache 2.4.10 on SLES 12. I am trying to redirect port 80 requests to 443 so that http://share.domain.tld results in https://share.domain.tld. Here is what i have tried in the vhost file:


RewriteEngine On
#Redirect share.domain.tld port 80 requests to SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^/share(.*) https://share.domain.tld/share/ [R=301,L]


I also tried:


RewriteEngine On
#Redirect share.domain.tld port 80 requests to SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://share.domain/share/ [R=301,L]

(This redirects every request to https://share.domain.tld/share


Any hints or pointers on making this work?

Santiago DIEZ | 28 Jan 21:26 2015
Picon

Configure remote php-fpm server with SetHandler

Hi there,


I have an httpd-2.4.10 server (ip 5.39.81.177:80) with htdocs files located in /var/www/.

I have a remote php-fpm server (ip 91.121.180.140:9000) with htdocs files mounted in /htdocs/5-39-81-177/.

The httpd server currently passes php execution to the remote php-fpm server with the following configuration :
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
ProxyPassMatch \.php$ fcgi://91.121.180.140:9000/htdocs/5-39-81-188/


It works fine.



Now that I'm done fooling around with ProxyPassMatch, I'd like to play around with SetHandler.

I tried the following configuration :
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
<FilesMatch \.php$>
    SetHandler "proxy:fcgi://91.121.180.140:9000/htdocs/5-39-81-188/"
</FilesMatch>


But I get a 404: Not Found.

I read in the logs the following :
mod_proxy_fcgi.c(786): [client 127.0.0.1:41289] AH01076: url: fcgi://91.121.180.140:9000/htdocs/5-39-81-188//var/www/info.php proxyname: (null) proxyport: 0

So the error makes sense because the file on the fpm server is /htdocs/5-39-81-188/info.php and not /htdocs/5-39-81-188/var/www/info.php.


My question: How can I tell the directive to skip the /var/www/ part when proxying the request?


Let's be clear on my purpose here. I'm strictly playing with SetHandler and yes my fpm server is on a different machine.
You might think "it's wrong practice"... I don't care.
You might want to say "stick to ProxyPassMatch if it works"... NO I want to play with SetHandler.
You might want to offer an alternative... Fine, do it. But I don't care, my toy IS SetHandler.

Thanks you all for your help.
-------------------------
Santiago DIEZ
-------------------------
 
-------------------------
Quark Systems & CAOBA
23 rue du Buisson Saint-Louis, 75010 Paris
-------------------------
David Benfell | 28 Jan 19:15 2015

apache apparently starts, crashes, logs absolutely nothing

Hi,

This is on FreeBSD:
FreeBSD home.parts-unknown.org 10.1-STABLE FreeBSD 10.1-STABLE #0 r277815: Tue Jan 27 16:02:25 PST
2015     root <at> home.parts-unknown.org:/usr/obj/usr/src/sys/GENERIC  amd64

[root <at> home ~]# httpd -V
Server version: Apache/2.4.10 (FreeBSD)
Server built:   Dec  3 2014 05:11:27
Server's Module Magic Number: 20120211:36
Server loaded:  APR 1.5.1, APR-UTIL 1.5.4
Compiled using: APR 1.5.1, APR-UTIL 1.5.4
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
 -D APR_USE_FLOCK_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/usr/local"
 -D SUEXEC_BIN="/usr/local/bin/suexec"
 -D DEFAULT_PIDLOG="/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="etc/apache24/mime.types"
 -D SERVER_CONFIG_FILE="etc/apache24/httpd.conf"

I think the problem is PHP related, because I've been messing with
that, but nothing is telling me anything.

It's crashing pretty quickly, but this is all I get:

[root <at> home /usr/home/benfell]# service apache24 start
Performing sanity check on apache24 configuration:
[Wed Jan 28 10:14:58.295980 2015] [so:warn] [pid 49946] AH01574:
module php5_module is already loaded, skipping
Syntax OK
Starting apache24.
[Wed Jan 28 10:14:58.370798 2015] [so:warn] [pid 49947] AH01574:
module php5_module is already loaded, skipping
[root <at> home /usr/home/benfell]# service apache24 status
apache24 is not running.
[root <at> home /usr/home/benfell]# 

Help?

Thanks!
--

-- 
David Benfell <benfell <at> parts-unknown.org>
See https://parts-unknown.org/node/2 if you don't understand the
attachment.
Felix Berlakovich | 27 Jan 22:38 2015
Picon

Apache reverse proxy with Kerberos delegation

Hi!

My goal:

I would like to configure Apache as a reverse proxy for backend applications that use Kerberos
authentication. The goal is that users can always use the URL of the reverse proxy to access backend
applications while still using Kerberos authentication. From my understanding this requires the
reverse proxy to do Kerberos delegation to the backend applications: the client browser authenticates
with Kerberos against Apache and provides (a possibly constrained) version of its TGT. Apache in turn
should use the supplied TGT to acquire a service ticket in the name of the requesting user for the backend
application. At least this is what (I think) Microsoft ISA / Microsoft TMG / Microsoft IIS + ARR do to
achieve SSO despite the use of a reverse proxy. 

What I have done so far (that works):

Configured an Apache reverse proxy that works for unauthenticated / basic authenticated backend
applications Configured mod_kerb_auth Enabled Kerberos constrained delegation (s4u2proxy) in mod_kerb_auth

All this seems to work fine. From the logs I can see that mod_kerb_auth successfully performs Kerberos
delegation, i.e. in principal would be able to authenticate against third parties in the name of the
requesting user. However, Apache does not acquire a new service ticket for backend applications.
Instead it simply passes the authentication token used by the client to authenticate against the reverse
proxy (verified with a Wireshark trace).

My question: 

Is the desired behaviour even possible with mod_proxy or am I doomed to use IIS + ARR?

Sorry for the long questions, but many versions of this question in the net suffer from insufficient details.

Thanks in advance and best regards

Felix  
Rodrigo Cunha | 26 Jan 23:56 2015
Picon

Problem in Wikimedia Skin

Dears,
i have problem wich apache and php, specifically in my wikimedia(package) installation.
Well, in my server apache wich php5.4 > my wiki work, but your skyn[look and feel ] not work, i can loing, write but this skyn not work.
I remember this problema, in version php5.4< im solved adding entire  'suhosin.get.max_value_length = 1024' in php.ini
in file : /etc/php5/conf.d/suhosin.ini.But, in my current version php5.4.36-1 im not found this file.
well, i tried to install php5-suhosin,i think this package resolve this problema, before that configuration.But ,my current repository is not found new releses to this, and my php5-common conflict wich this package.
Well, somebody help me to this?

Following my vhost configure:

<VirtualHost *:80>
ServerAdmin rodrigo.root.rj <at> gmail.com
DocumentRoot /var/www/oduvaldocozzi/www.wiki_rat1.localhost/public_html
DirectoryIndex index.php index.html
ServerName   wiki.oduvaldocozzi.intranet
ServerAlias  www.wiki.oduvaldocozzi.intranet
</VirtualHost>

mediawiki-1.24.1.tar.gz
root <at> LAMP# php5 --version
PHP 5.4.36-1~dotdeb.0 (cli) (built: Dec 20 2014 00:04:47)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
root <at> LAMP:/var/www/oduvaldocozzi/www.wiki_rat1.localhost/public_html#

apachectl -version
Server version: Apache/2.2.16 (Debian)
Server built:   Jan 28 2014 21:49:11

Not error log in apache error.log




--
Atenciosamente,
Rodrigo da Silva Cunha

Doug Strick | 26 Jan 18:48 2015
Picon

Multiple domains in variable for "SetEnvIf Referer"

I have a rewrite where we'll be creating a cookie if you're being redirected from a few specific domains.  Is there a way I can use one variable to handle multiple domains or does the rewrite block need to be repeated based on the domain?  I'd like one block to be able to be directed to handle 3-4 specific domains.  Thanks

SetEnvIf Referer test.com OLD_REFERER=$1
RewriteCond %{HTTP_REFERER} test.com [NC]
RewriteRule ^ - [CO=LEGACY:%{ENV:OLD_REFERER}:.example.com:1440:/]
Owens, Stephen (ITD | 26 Jan 17:23 2015
Picon

Apache HTTPD support for a sftp proxy?

Hi,

 

Is there any way to configure the Apache HTTPD Server to act as a sftp reverse proxy, that is have external sftp clients connect to the Apache HTTP Server which proxies the SFTP requests to a backend SFTP Server?

 

The documentation for mod_proxy_ftp looks like that it only supports proxying an ftp server.

 

Thanks,

 

Stephen R. Owens

Senior Software Engineer

Massachusetts Office of Information Technology

Commonwealth of Massachusetts

One Ashburton Place, Room 1601

Boston, MA 02108

Tel:   617-626-4513

Email: Stephen.Owens <at> state.ma.us

 

Mika Jaenson | 26 Jan 13:23 2015
Picon

Using ":" in setting a cookie with mod_rewrite

Hi!

 

I have an issue with setting a URL value in a cookie using mod_rewrite. The value includes a “:” and I cannot find a way to escape that character. This is what I want to do:

 

   RewriteRule / - [co=AMV_LOGIN _COOKIE:https://%{SERVER_NAME}%{REQUEST_URI}:.af.se:] where the wanted cookie value is “https://%{SERVER_NAME}%{REQUEST_URI}”

 

Searching the archives I find the bug report 47241, which seems to discuss the exact same problem. The mail thread ends with a proposed patch, but I can’t find any info if this patch is included in a release or not.

 

Anyone have info on this, or another solution or workaround?

 

Mvh/BR Mika

Mika Jaenson

Ben David | 23 Jan 23:56 2015

Hi

Hi Apache Mailing List,

 

I am beginning to learn Apache for some personal projects and for some projects at work.  I wanted to write a brief note and say “hi”, also to thank you all for your support of a product that enables people to share information. 

 

I’m generally interested in learning more.  Frankly, I’m not entirely sure at this point to what degree I’ll be working with Apache beyond its function as a webserver, but I’m interested in it and what may be possible and in a general understanding of it.

 

I’m currently running Apache 2.4.6 on CentOS 7.0.1406.

 

Have a nice day!

Ben David

Rob Hasselbaum | 23 Jan 21:21 2015
Picon

<If> directive within a <Location> section

Hello. I'm trying to embed an <If> directive within a <Location>
section, but the settings within the <If> block are never applied.
Here's my configuration snippet:

<VirtualHost *>
  ...
  <Location />
    ...
    <If "true">
      AuthLDAPBindDN "${AUTH_LDAP_BIND_DN}"
    </If>
    ...
  </Location>
</VirtualHost>

The full config file is at http://apaste.info/sXu. If I run the server
at trace8, I see the following in the log:

Evaluation of expression from
/etc/apache2/sites-enabled/reg-proxy.conf:27 gave: 1

I interpret this to mean that the condition evaluated to true, but the
AuthLDAPBindDN setting is not applied. If I comment out the <If>
lines, it works fine.

Is this a bug? Any help appreciated. Thanks!
Rose, John B | 23 Jan 20:22 2015
Picon

Directives and testing results questions - HostNameLookups

We have been going thru the Performance Tuning doc for Apache and experimenting with the Directives one by one. We enable/disable or vary the value in Directives then submit some traffic
via "ab" from another computer and then look at RAM/CPU/Webpagespeed impact. This is a dev box noone else accesses, we have a locally installed webpagetest. The activity on it is fairly pristine at the moment.

The ab command is: ab –n 200000 –c 400

Doing this process for "HostNameLookups" we got this …

The hostnamelookups result is a bit interesting. As the document says, hostnamelookups will add latency to every request and the default setting is off. But, when I first comment it out instead of off, the cpu usage increases. Below is the result. Why would there be any difference between it being "off" or just commented out?



parameter

time

cpu

ram

webpagetest

on

1min

86%

19GB

3.610s first view

2.319s second view

comment out

1min

90.5%

18.7GB

3.589s first view

2.534s second view

off

1min

85%

19GB

4.740s first view

2.246s second view



We have been using "restart" for Apache after the config changes. Then we tried "stop" "start", although we did them quickly.  To get a good comparison of the Directives we are testing should stop and start Apache each time and waiting some suggested amount of time? Like maybe our TimeOut setting or longer? 

The values in the table are for the cumulative cpu and ram resources used by all httpd processes at that moment.

I guess we expected a wider variance in the values, and wondering if our testing process is the reason there isn't.

Thanks

Gmane