Re: [users@httpd] Re: 2 web servers in load balancing
On 17/03/2015 07:59, Alfredo De Luca wrote: Hi all. Any clue on this? On 15/03/2015 9:30 PM, Alfredo De Luca alfredo.del...@gmail.com mailto:alfredo.del...@gmail.com wrote: Hi all. I ve never done this before so I am asking best practice/info/docs of how to have 2 apache web servers in load balancing. - Which httpd module do I have to load in the http conf? Nothing unless you are using apache load balancer modules as a front end ... (mod_proxy_balancer) - I was reading that I have to have a web load balancer on top of them? Is it necessary? Can they accept requests from a cisco /F5 load balancer? I haven't played with F5 load balancers - but use the rival product Brocade/SteelApp/StingRay/Zeus traffic managers - which I think the F5s do the same thing as (just not as user friendly) so they should be able to do the job (I know we looked into it when we bought the ZTMs) - What about persistent connection? ? HTTP is stateless - if you have poorly written backends which require requests to go the backend you should be able to use sticky sessions - but this is bad as you lose resilience (one of the main reason for load balancing backends!) - Also we''ll have a mySQL server? Any more info about this? Load balancing MySQL can be trickier - easier if mainly RO connections (you can round robin requests to a large number of clones - or usually slaves to a single master) but harder if read/write - you can look at mysql cluster or master-master MySQL (galera) Read write you can use master + multiple slaves - but need to tag a process/session/user as requiring access to master if a write happens for an unspecified length of time! Thanks in advance -- Alfredo --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
[users@httpd] Re: 2 web servers in load balancing
Hi all. Any clue on this? On 15/03/2015 9:30 PM, Alfredo De Luca alfredo.del...@gmail.com wrote: Hi all. I ve never done this before so I am asking best practice/info/docs of how to have 2 apache web servers in load balancing. - Which httpd module do I have to load in the http conf? - I was reading that I have to have a web load balancer on top of them? Is it necessary? Can they accept requests from a cisco /F5 load balancer? - What about persistent connection? - Also we''ll have a mySQL server? Any more info about this? Thanks in advance -- Alfredo
Re: [users@httpd] mod_security and ironbee questions
On Mon, 2015-03-16 at 18:06 +, Rose, John B wrote: 1. Can anyone suggest a good base set of rules to utilize within mod_security? Depends entirely on what you're looking to protect. Did you look at mod_security's core ruleset as a startingpoint? 2. While looking around for info on mod_security we came across some mentions of ironbee. Can someone give a comparison of the two? mod_security came first, and made Ivan's name. Having learned from the experience, he and Brian then moved on to create Ironbee, which is a much more general-purpose framework. I'm not sure how much active development mod_security gets since its original team moved on. The respective web sites will tell you more. 3. What would you recommend to use? mod_security? Ironbee? Something else? Mixture? Neither - until you're clear about what goal you're seeking to accomplish with a WAF. Disclosure: I work on Ironbee, but I don't represent or speak for it. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Location directive not working when using php-fpm (via mod_fastcgi)
Anyone has a solution for my problem? I would like have one Location directive for every request which isn't starting with /Public. Normally it can be Location ~ ^/(?!Public), but that one is not working because of using mod_fastcgi for php-fpm. It automatically rewrites the php requests to /php5-fcgi/Public. This has likely to do with Action directive in mod_fastcgi: AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /dev/shm/php5-fpm.sock -pass-header Authorization Please could someone give a good regular expression that would match both /Public and /php-fcgi/Public? Or give me advise to adjust the mod_fastcgi config that the it won't add /php5-fcgi in front of the location. -Original Message- From: Theo Belder Sent: donderdag 12 maart 2015 09:24 To: users@httpd.apache.org Subject: RE: [users@httpd] Location directive not working when using php-fpm (via mod_fastcgi) In the meanwhile I figured out that the mod_fastcgi is changing the variable which is being used for the Location directive. When mod_fastcgi is active, I have to make an extra location directive (/php5-fcgi/Public). For now I've split out the Location directives: Location / # request Client certificate /Location Location /Public # don't request a client certificate /Location Location /php5-fcgi/Public # don't request a client certificate /Location But isn't it possible to do it with one Location directive? I've tried Location ~ /(?!Public) (removing the ^), but that is not working. Please could someone give a good regular expression that would match /Public and /php-fcgi/Public? Or give me advise to adjust the mod_fastcgi config that the it won't add /php5-fcgi in front of the location. -Original Message- From: Theo Belder [mailto:t.bel...@trends.nl] Sent: dinsdag 10 maart 2015 17:10 To: users@httpd.apache.org Subject: [users@httpd] Location directive not working when using php-fpm (via mod_fastcgi) Hello, I am facing to an issue in my virtualhost config. It looks like mod_fastcgi causes the issue. I've configured a virtualhost which should be completely restricted with a SSL client certificate, except one location (/Public). Apache version: httpd-2.2.15-39.el6.centos.x86_64 PHP version: php56w-fpm-5.6.4-1.w6.x86_64 My configuration in my virtualhost: Location ~ ^/(?!Public) SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +StdEnvVars -ExportCertData /Location I've done a couple of tests using mod_fastcgi: Requesting https://myserver.mycompany.com/MyWorkspace, the server is requesting SSL client certicate - Works as designed. Requesting https://myserver.mycompany.com/Public/index.html, the server is not requesting SSL client certicate - Works as designed. Requesting https://myserver.mycompany.com/Public/index.php, the server is requesting SSL client certicate - Works NOT as designed. When I do the last test using mod_php, the server is not requesting for a SSL client certificate, which is correct. Is this normal behavior, or did I misconfigured something? My config for mod_fastcgi is as follows: LoadModule fastcgi_module modules/mod_fastcgi.so IfModule mod_fastcgi.c DirectoryIndex index.php index.html index.shtml index.cgi AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /dev/shm/php5-fpm.sock -pass-header Authorization # For monitoring status with e.g. Munin LocationMatch /(ping|status) SetHandler php5-fcgi-virt Action php5-fcgi-virt /php5-fcgi virtual /LocationMatch /IfModule Best regards, Theo Belder - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Location directive not working when using php-fpm (via mod_fastcgi)
On Tue, Mar 17, 2015 at 11:40 AM, Theo Belder t.bel...@trends.nl wrote: Please could someone give a good regular expression that would match /Public and /php-fcgi/Public? Maybe: (/php-fcgi)?/Public Regards, Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org