- cat /home/u12345/logs/www.example.com | awk ‘{ print $NF, $6, $7, $9, $12, $4 }’ | sort -n | tail -n 25
- apache/arrow: Apache Arrow is a cross-language development platform for in-memory data. It specifies a standardized language-independent columnar memory format for flat and hierarchical data, organized for efficient analytic operations on modern hardware. It also provides computational libraries and zero-copy streaming messaging and interprocess communication. Languages currently supported include C, C++, Java, JavaScript, Python, and Ruby.
- im-hanzou/apachrot: Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker
If you are using Apache 2.4 and above, you might get the following error message. This might specifically start happening after you’ve upgraded from an older version of apache.
AH01630: client denied by server configuration: /home/myapp/server/
- How to Fix Apache AH01630 Client Denied by Server Configuration Error
- Remove any “Order deny,allow”, “Order allow,deny”, and related lines
- Replace “Deny from all” to “Require all denied”
- Replace “Allow from all” to “Require all granted”
- If you are allowing any specific hostname, change them accordingly. For example, replace “Allow from 192.168.1.2” to “Require host 192.168.1.2”
MPM-ITK + php-cgi = Simple setup for running scripts as the owner, ok performance, can’t use APC. Low memory usage.MPM-ITK + mod_php = Very simple setup, good performance and ability to use APC. Little more memory used.MPM-ITK + mod_fcgid = Couldn’t get it working.MPM-prefork + suEXEC + php-cgi = More complicated setup, performance similar to MPM-ITK + php-cgi.MPM-prefork + suEXEC + mod_php = more complicated setup, good performance.MPM-prefork + suEXEC + mod_fcgid=more complicated setup, excellent performance.MPM-worker + suEXEC + php-cgi=More complicated setup, better performance than MPM-ITK + php-cgi.MPM-worker + suEXEC + mod_php=Not recommended because php is apparently not thread safe.MPM-worker + suEXEC + mod_fcgid=More complicated setup, best performance.
Let’s encrypt is a lovely solution for the big problem of expensive certificates. It allows you to get free certificates by running their clients. To prove that you are the owner of the domain they just use a challenge which is placed on your webserver.
So what do you need? Right, a webserver as reverse proxy. I’ll use apache in this tutorial. What else? Yes, the “Let’s encrypt”-client and at least any service which need a SSL certificate.
The most annoying part of let’s encrypt is that their certificates have a really short lifetime. Currently 90 days in future may less. So you need to renew it periodically. How to do that is another article.
So let’s start. First you download the “Lets encrypt”-client from Github
I’ll install it to /opt/letsencrypt
. You can use any other location too. You may use the package management of your system.
cd /opt
git clone https://github.com/letsencrypt/letsencrypt.git letsencrypt
Next step you had to edit the virtual host configuration of your application to allow the lets encrypt challenge.
Let’s say this is the virtual host configuration before you want to use a Let’s encrypt certificate:
<VirtualHost *:80>
ServerName shivering-isles.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
#...
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName shivering-isles.com
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://127.0.0.1:12345/
ProxyPassReverse / http://127.0.0.1:12345
SSLCertificateFile /path/to/certificate/ourold.crt
SSLCertificateKeyFile /path/to/key/ourold.key
#...
</VirtualHost>
</IfModule>
You add the following two lines:
DocumentRoot /var/www/
ProxyPass /.wellknown !
DocumentRoot will be the place where lets encrypt will store the challenge stuff. The new ProxyPass statement will allow you to enter the DocumentRoot just for the challenge and still have everything else passed to your application.
Now your configuration should looks like this:
<VirtualHost *:80>
ServerName shivering-isles.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
#...
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName shivering-isles.com
DocumentRoot /var/www/
ProxyPreserveHost On
ProxyRequests off
ProxyPass /.wellknown !
ProxyPass / http://127.0.0.1:12345/
ProxyPassReverse / http://127.0.0.1:12345
SSLCertificateFile /path/to/certificate/ourold.crt
SSLCertificateKeyFile /path/to/key/ourold.key
#...
</VirtualHost>
</IfModule>
Please notice the position of the ProxyPass statement is important because those statements are processed from top to down and first match wins.
Reload your apache configuration and change to /opt/letsencrypt
.
You run ./letsencrypt-auto
and let’s encrypt will work as expected.
EDIT 16.05.2016: Had to add the <IfModule mod_ssl.c>
-tag else the official Let’s encrypt client doesn’t detect the vhost.