Marat Khalili | 1 Jul 12:51 2015
Picon

WebDAV reverse proxy SLOW

Dear all,

I'm configuring a reverse proxy with configuration provided below, for Apache 2.4 for Windows (I'm trying to bypass Windows authentication dialogs this way). It works, but file browsing is very slow: listing three files in a folder takes several seconds, dir /b/s comes line after line, and doesn't improve. In contrast, same WebDAV resource connected directly or via NetDrive utility is quite responsive. I suspect Apache does not reuse connections or similar problems, but can't find more parameters to tune. Please advise.


--

With Best Regards,
Marat Khalili


httpd.conf:

Define SRVROOT "/Apache24"
ServerRoot "${SRVROOT}"

Listen 127.0.0.1:80

LoadModule authz_core_module modules/mod_authz_core.so
LoadModule headers_module /Apache24/modules/mod_headers.so
LoadModule proxy_http_module /Apache24/modules/mod_proxy_http.so
LoadModule proxy_module /Apache24/modules/mod_proxy.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so

ServerAdmin it <at> rqc.ru
ServerName localhost

<Directory />
    AllowOverride none
    Require all denied
</Directory>

ErrorLog "logs/error.log"

LogLevel warn
  
SSLSessionCache        "shmcb:${SRVROOT}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost localhost:80>
    SSLProxyEngine On
    SSLProxyProtocol All -SSLv2 -SSLv3
    SSLProxyVerify require
    SSLProxyCACertificateFile /Apache24/conf/ssl/ca.crt
    SSLProxyCheckPeerCN on
    SSLProxyCheckPeerExpire on

    # this is required to ensure that HTTP headers sent to the
    # WebDAV server are "rewritten" from "http://..." to "https://..."
    RequestHeader edit Destination ^http: https: early
    RequestHeader set Authorization "Basic DEADBEEFDEADBEEFDEADBEEF"
 
    # the essential proxy part
    <Location />
        ProxyPass https://myserver.rqc.ru/ max=8 flushpackets=on keepalive=on connectiontimeout=300 timeout=300
        ProxyPassReverse /
        # some WebDAV clients (such as ordinary browsers) are unhappy with the
        # cookies sent out by the internal server, so we "rewrite" the host and
        # the used path to the correct, external representation
        ProxyPassReverseCookieDomain myserver.rqc.ru localhost
        ProxyPassReverseCookiePath /myserver.rqc.ru/ /
    </Location>

</VirtualHost>

pankit thapar | 30 Jun 23:57 2015
Picon

Client Cert Authentication behind an apache proxy without headers

Hi,

I wanted to know if there is a way to pass on the client cert as it is to a backend server through an apache proxy without using the SSL headers.

Scenario:
Client---https--->Proxy(:443)---https--->BackEnd(:PORT)

The above figure is what I want to set up.
So, basically I want apache proxy to act as a man in the middle and just forward the https request as it is.

Please let me know if someone has an idea on this.

Thanks,
Pankit
John Donnelly | 30 Jun 19:45 2015

Assistance in building 2.0.65 RPM on RH 5.7


Hello. 

 I am attempting to build an RPM from the httpd-2.0.65.tar.gz tarball on a
RH 5.7 system to deploy
 to existing systems running httpd 2.0.63 and I would like some
assistance. 

I have the base apr lib packages installed :

      rpm -qa | egrep "apr|apu"

        apr-1.2.7-11.el5_6.5
        apr-util-devel-1.2.7-11.el5_5.2
        apr-devel-1.2.7-11.el5_6.5
        apr-devel-1.2.7-11.el5_6.5
        apr-util-devel-1.2.7-11.el5_5.2
        apr-1.2.7-11.el5_6.5
        apr-util-1.2.7-11.el5_5.2
        apr-util-1.2.7-11.el5_5.2

 I had to make some subtle changes to the httpd.spec file to get it to
build 
 by replacing ³ap[u|r]-config² with ³ap[u|r]-1-config²  , and the remove
the ³Serial² option :

[jdonnellyd <at> eng-builds-fir httpd-2.0.65.org]$ cd httpd-2.0.65/
[jdonnellyd <at> eng-builds-fir httpd-2.0.65]$ diff httpd.spec
../../httpd-2.0.65/httpd.spec
21c21,28
< BuildPrereq: /usr/bin/apr-config, /usr/bin/apu-config
---
> ##
> #  vmem changed /usr/bin/apr-config  to /usr/bin/apr-1-config
> #               /usr/bin/apu-config  to /usr/bin/apu-1-config
> # jpd 7/1/15
> ##
> 
> #BuildPrereq: /usr/bin/apr-config, /usr/bin/apu-config
> BuildPrereq: /usr/bin/apr-1-config, /usr/bin/apu-1-config
63c70
< Serial: 1
---
> # Serial: 1
103a111,116
> ##
> #  vmem changed /usr/bin/apr-config  to /usr/bin/apr-1-config
> #               /usr/bin/apu-config  to /usr/bin/apu-1-config
> # jpd 7/1/15
> ##
> 
114,115c127,128
<  	--with-apr=/usr/bin/apr-config \
< 	--with-apr-util=/usr/bin/apu-config \
---
>  	--with-apr=/usr/bin/apr-1-config \
> 	--with-apr-util=/usr/bin/apu-1-config \

##

 Yet the package fails to build  ( start of long list of compile errors ) :

/usr/lib64/apr-1/build/libtool --silent --mode=compile gcc  -pthread  -O2
-g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/kerberos/include
-DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER
-I/usr/include/apr-1 -I.
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/server
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/prefork/server/mpm/prefor
k -I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/prefork/include
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/os/unix
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/server/mpm/prefork
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/modules/http
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/modules/filters
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/modules/proxy
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/include -I/net
/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/modules/generators
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65
/prefork/server -I/usr/include/openssl -I/usr/kerberos/include
-I/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65
/modules/dav/main -prefer-non-pic -static -c
/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/server/provider.c &
& touch provider.lo
/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/server/util_time.c: In
function 'cached_explode':
/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/server/util_time.c:122:
warning: implicit declaration of function 'APR_STATUS_IS_SUCCESS'
/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/server/util_filter.c: In
function 
'ap_save_brigade':/net/home/jdonnelly/rpmbuild/BUILD/httpd-2.0.65/server/ut
il_filter.c:531: warning: implicit declaration of funct
ion 'APR_RING_FOREACH' <at> 

 I am looking for recommendations for how to get this component built. I
was expecting it to work on RH 5.7, do I
 need to go back to a older platform  (Cent OS 4.x) ?

 Thank you, 
 JD

--

-- 

JDonnelly         | Software Sustaining Engineer
Violin Memory Systems | www.vmem.com

Hajo Locke | 30 Jun 09:07 2015
Picon
Picon

spdy/http/2 and mod_php

Hello,

iam planning to upgrade my apache2.2 to 2.4.,  i have 2 questions before 
where i need your help.

former SPDY Implementation conflicts with non-threadsafe Moduls like 
mod_php. To use SPDY it is necessary to use worker-mpm and php-cgi.
Now HTTP/2 is new standard and i would like to know if HTTP/2 
Implementation has same conflicts with non-threadsafe Moduls like 
mod_php. As far as i know HTTP/2 is based on SPDY.

I have some non-standard Modules compiled and packaged for Apache2.2. Is 
it possible to use these Moduls again on Apache2.4 or is it necessary to 
compile all new for new Apacheversion?

Thanks,
Hajo
RAY, DAVID | 29 Jun 22:12 2015

AIX OS Patch Breaks Apache/Tomcat

Hello.

 

I am running Apache 2.2.29 and Tomcat 7.0.59 with tomcat connector(mod_jk) version 1.2.40 on AIX version 7.1 server.  Started having problems this morning after AIX OS was patched to AIX 7.1 TL 03 SP 04  and openssh to 6.0.0.6108.  WebAdvisor runs fine immediately after apache is started or restarted.  However its response slowing down.  AIX server CPU steadily increases and approaches 100% after running for 5 or 10 minutes under heavy load..  Seeing http process accumulate.  Not seeing much traffic at all in Tomcat server status.  Recompiled apache, tomcat connector, and Tomcat native.  Still no luck.  Later determined there is a bug with openssh 6.0.0.6.108 and tried 6.0.0.6109.  Recompiled again.  Still no improvement.  Just booted from Clone backup taken before the AIX patch and everything  runs fine, no problems.  Anyone else have this experience with AIX patches/updates?  Not really much to see in error logs.  Tomcat is configured to run with java6 32 bit:

 

IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc-32 jvmap3260sr16-20141216_227499 (JIT enabled, AOT enabled)

J9VM - 20141216_227499

JIT  - r9_20140523_64469ifx3

GC   - GA24_Java6_SR16_20141216_1020_B227499)

JCL  - 20141216_01

 

 

Thank you.

David

 

K R | 29 Jun 17:53 2015
Picon

how to trace a proxypass directive

Hi,

I am trying to use a proxypass and proxypass directive  but it seems to be not working . 

How can I trace it . appreciate any pointers

Thanks in advance
Kart
Joe Cajun | 29 Jun 11:04 2015
Picon

DOC

Hello,

I trust this e-mail finds you well. 

I have been trying to send you some docs but haven't been able to attach them on here. I uploaded them via Tripod docs so you can view them. Check the sample below on the secure web site.


Thanks

--
Joseph M Kajane
P O Box AAD 580 Poso House
Gaborone
James Moe | 28 Jun 22:02 2015

mod_rewrite is ignored or disabled

Hello,
  httpd v2.4.10
  linux v3.16.7-21-desktop x86_64

  I am consolidating a discussion started in message "ReDirect
question". The issue there is that mod_rewrite is simply ignored.
Below are the contents of .htaccess and vhost.
  In both .htaccess and vhost the Rewrite* directive are simply
ignored as though they are commented out. (If I make a syntax error,
"Internal Server Error" occurs. Otherwise, nothing.) On our public
site which is running httpd v2.2, both rewrites perform as expected.
  Kurtis Rader and Eric Covener have patiently made a number of
suggestions to diagnose the problem. No joy, yet.

  What I am doing: We are moving our business suite to a new service
and we are using their shopping cart. The rewrites will point existing
category and specific product URLs to corresponding locations at the
new site based on the query string.

----[ .htaccess ]----
#
Options +ExecCGI +FollowSymLinks
#  Specific redirects first, then fallback
#
RewriteEngine on
RewriteCond %{QUERY_STRING} =app=ecom&ns=catshow&ref=books
RewriteRule ^
https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
[R=301]
#
RewriteEngine off
#
# The fallback. Will be changed to point to ya250.... later.
Redirect /catalog/ https://sma-v3.sma.com/clickcart/
#
----[ end ]----

----[ vhost ]----
# 20100606: Local copy of the sohnen-moe.com Version 3 site
#
<VirtualHost *:80>
    ServerAdmin jimoe <at> sohnen-moe.com

    ServerName sma-v3.sma.com
    DocumentRoot "/data01/t-drv/websites/sma-v3"
    ErrorDocument 404 /404.php
    ErrorDocument 410 /410.php
    ErrorDocument 401 /401.php

    ErrorLog  "/data01/t-drv/websites/.logs/sma-v3-error_log"
    CustomLog "/data01/t-drv/websites/.logs/sma-v3-access_log" common

 <Directory "/data01/t-drv/websites/sma-v3">
    AllowOverride FileInfo Authconfig Options
    Options Indexes FollowSymLinks MultiViews

    AddHandler application/x-httpd-php .php
    MultiviewsMatch Handlers

    Order allow,deny
    Allow from all

    AllowOverride All
#
# Always use a secure connection (at SMA site, this is in .htaccess)
    RewriteEngine On
    RewriteCond %{SERVER_PORT} =80
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
 </Directory>
 <Files *>
   Forcetype application/x-http-php
 </Files>
 <Files *\.*>
   Forcetype none
 </Files>

</VirtualHost>

##
## SSL Virtual Host Context
##
<IfDefine SSL>
#
#   Some MIME-types for downloading Certificates and CRLs
#
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl    .crl

<IfModule mod_ssl.c>
<VirtualHost *:443>

#  General setup for the virtual host
  DocumentRoot "/data01/t-drv/websites/sma-v3"
  ServerName sma-v3.sma.com
  ServerAdmin jimoe <at> sohnen-moe.com
  ErrorLog  "/data01/t-drv/websites/.logs/sma-v3s-error_log"
  CustomLog "/data01/t-drv/websites/.logs/sma-v3s-access_log" common
  TransferLog "/data01/t-drv/websites/.logs/access_log"

  ErrorDocument 404 /404.php
  ErrorDocument 410 /410.php
  ErrorDocument 401 /401.php

 <Directory "/data01/t-drv/websites/sma-v3">
    AllowOverride Authconfig
    AllowOverride All
    Options -ExecCGI
 </Directory>

 SSLEngine on

 SSLCertificateFile "/data01/t-drv/websites/.conf/ssl/sma-v3-site.crt"
 SSLCertificateKeyFile
"/data01/t-drv/websites/.conf/ssl/sma-v3-site.key.pem"

 SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
 SSLProtocol ALL -SSLv2

 SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

</VirtualHost>
</ifmodule>
</ifdefine>

----[ end ]----

--

-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936

Andrea Croci | 28 Jun 16:10 2015
Picon
Picon

502 Proxy Error when redirecting URL

Hello Group,

I googled for this fairly long, and I did find a lot of help indeed, but I still can't get it.

I'm on a Ubuntu 14.04.2 LTS machine with Apache 2.4 and Red5 for Openmeetings to work.

What I'm trying to achieve is: I have mydomain.eu in a host service, where my website runs (this also with Ubuntu 14.04, by the way). Since I can't install Openmeetings on that server, because I have no root access to it, I thought I would install it in my server, reachable under myname.ddns.net. Openmeetings is now installed under directory "presentations-en" on port 5080 and works fine both local and from the net.

However, because I wouldn't like people to see myname.ddns.net as an address in their URL-bar in the browser, I tried redirecting "mydomain.eu/presentations-en" with an .htaccess file to "http://myname.ddns.net:5080/presentations-en" with this directive

RewriteRule ^(.*) http://myname.ddns.net:5080$1 [P] # I tried also with a / between 5080 and $1

This gives me a 502 Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /presentations-en/.

Reason: Error reading from remote server

I enabled mod_proxy, mod_proxy_http and mod_proxy_html in the myname.ddns.net server and wrote this in the "apache2.conf" file:

ProxyPass /presentations-en http://localhost:5080/presentations-en
ProxyPassReverse /presentations-en http://localhost:5080/presentations-en

I tried with a lot of other configurations of directory structure and substituting "localhost" with "myname.ddns.net" to no avail. I tried a lot of other directives that I found in forums and mailing lists, but none of them worked. On some occasions I even get a different error by not changing absolutely anything. Once with this same configuration I got the URL changed to

http://myname.ddns.net:5080/presentations-en/presentations-en # (it rewrote "presentations-en" twice for whatever reason)

and obviously the error 404 Resource not found.

I looked at the log files for apache2 and access, but didn't find anything helpful there. I'll be more than glad to attach whatever log file can be helpful to you.

Thank you very much,

Regards, Andrea.

James Moe | 27 Jun 20:42 2015

Re: ReDirect question

On 06/25/2015 10:16 PM, James Moe wrote:
> apache v2.4.10 linux v3.16.7-21-desktop x86_64
> 
  Here is the current state of my non-working rewrite:

- I added "LogLevel info rewrite:trace6" to the VirtualHost section
- The rewrite rule in <.htaccess>
RewriteEngine on
RewriteCond %{QUERY_STRING} =app=ecom&ns=catshow&ref=books
RewriteRule ^
https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
[R=301,L,E=error-notes:qstring-matched]

- An excerpt from the error log:
[...] referer:
https://sma-v3.sma.com/clickcart/?app=ecom&ns=catshow&ref=books

  There is nothing in the error log that contains the string "rewrite".
  If I read the docs correctly about LogLevel, the above rewrite is
being totally ignored since nothing the error log contains the string
"rewrite".
  Any suggestions?

--

-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936

Anthony Rutledge | 27 Jun 16:53 2015

Help. DSOs not being built from source? Apache 2.4.12 & CentOS 7 (x86_64)

DSOs not being built from source? Apache 2.4.12 & CentOS 7 (x86_64)

This is a good question for those who are experts at installing Apache 2.4.12 from source.

First, no errors are being generated. My "configure, make, make install" sequence successfully creates a /usr/local/apache2/ directory.
Second, I have read the manual, poured over ./configure -h, searched the web, and no where does there seem to be anyone experiencing the same problem as me.
No matter what  "configure --foo-bar" sequence/combination I use, the shared modules are never built, or I cannot find them. I expect them to be under /usr/local/modules/, but all I get are *.a and *.la files. Alright, gurus, what am I missing?

Again, no matter what configure sequence/combination I try, *.so (DSO) files are never built, or I cannot find them.
apachectl -l does list mod_so as being compiled in statically. 


Can someone explain why no DSO's are being built, or how to build at least one? Very strange.

Gmane