PHP logging 2 Apache ErrorLog
Hi! Is there any way to order the PHP (mod_php) to log everything to ErrorLog defined by Apache in VirtualHost section? In php.ini I see only the possibility to specify the concrete global logfile or syslog, but a such setup doesn't fit to virtual host scenario... Thanks for your advice and excuse me, If i missed something trivial. With regards David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
..do I lose _anything_ going from apache-1.3.3x to apache-2.0.5x ?
Hi, ..seeing recent the exim vs postfix thread, and having both apache-1.3.3x and apache-2.0.5x available on a box, is obviously beyond overkill, it's pointless. ;-) So I'm choosing one. Figuring out "which one?" has asking myself a lot of questions. ..more importantly, do I lose _anything_ worthwhile such as performance, functionality or "memory foot print acreage", going from apache-1.3.3x to apache-2.0.5x ? I can see that writing code to do the same things in apache-2.0.5x, will be different from how is is done in apache-1.3.3x. What I don't see is how that bugs me. The one thing that leans me towards the newer of the 2, is I suspect it will survive 1.3 by as much as 1.3 survives what came before apache-0.9.x or whatever it was. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-cacher transition from apache to apache2
On Mon, Nov 08, 2004 at 08:34:11AM +0200, Alexandros Papadopoulos wrote: > [sent this to debian-user, got no suggestions - I hope this is not too > OT on this list] > > On a sarge system, I was using apt-cacher with apache. No problems > there. Once I replaced apache with apache2, apt-cacher works but no > longer accepts any configuration changes. I.e. > changing /etc/apt-cacher/apt-cacher.conf and then reloading/restarting > apache2 does not honor the changes. Hm. I haven't seen this; however, I *am* having problems with apt-cacher on a sarge system since I changed to apache2, too. Then again, I didn't do any apt-cacher configuration changes since I installed apache2... In my case, the problem is about incomplete Packages/Sources downloads. > I think it has something to do with the /etc/apt-cacher/apache.conf > snippet which I need to install somewhere, but I have no idea where. > > I checked what bug #250599 says about apache2, and my link does exist: > > helios:/etc/apache2/mods-enabled# ls -l cgi.load > lrwxrwxrwx 1 root root 36 Oct 21 14:52 cgi.load > -> /etc/apache2/mods-available/cgi.load > helios:/etc/apache2/mods-enabled# > > Could anyone suggest a fix? Well, no. Unfortunately. -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-cacher transition from apache to apache2
also sprach Alexandros Papadopoulos <[EMAIL PROTECTED]> [2004.11.08.0929 +0100]: > There's this already: > helios:/etc/apache2/conf.d# ls -l apt* > lrwxrwxrwx 1 root root 27 Nov 8 08:51 apt-cacher -> > /etc/apt-cacher/apache.conf > > Does that mean it's included? Yes. > So it seems the cgi is called, but then something (?) goes wrong... I can't help you further. I never got apt-cacher to work. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: apt-cacher transition from apache to apache2
On Monday 08 November 2004 08:47, martin f krafft wrote: > also sprach Alexandros Papadopoulos <[EMAIL PROTECTED]> [2004.11.08.0734 > +0100]: > > changing /etc/apt-cacher/apt-cacher.conf and then > > reloading/restarting apache2 does not honor the changes. > > Well, you should not need to restart apache2 since apt-cacher is > a CGI. Apparently, apache2 loads it permanently though, which is > news to me. > > Does it work at all? Apparently not. After apt-get removing apt-cacher and re-installing it (to force it to run its install scripts, in hopes that that would fix the problem), it's not working at all. > > I think it has something to do with the > > /etc/apt-cacher/apache.conf snippet which I need to install > > somewhere, but I have no idea where. > > Leave it right there and 'include' it from the vhost definition. There's this already: helios:/etc/apache2/conf.d# ls -l apt* lrwxrwxrwx 1 root root 27 Nov 8 08:51 apt-cacher -> /etc/apt-cacher/apache.conf Does that mean it's included? Since I'm just running an internal website on this, I've never invested the time/effort to (figure out how to) set up virtual hosts or include cgi scripts. This is what happens on the apt-cacher server when a request to apt-get update comes in from a client: 1612 ?Ss 0:00 /usr/sbin/apache2 -k start -DSSL 1613 ?S 0:00 \_ /usr/sbin/apache2 -k start -DSSL 1641 ?S 0:00 | \_ /usr/bin/perl /usr/share/apt-cacher/apt-cacher.pl 1642 ?S 0:00 | \_ /usr/bin/perl /usr/share/apt-cacher/apt-cacher.pl 1643 ?S 0:00 | \_ /usr/bin/perl /usr/share/apt-cacher/apt-cacher.pl 1644 ?S 0:00 | \_ /usr/bin/wget -s -nv -o /var/cache/apt-cacher/private/ftp.ntua.gr_[...] apt-cacher reports the following: Mon Nov 8 09:39:17 2004|192.168.1.68|debug: client ipint: 3232235844 Mon Nov 8 09:39:17 2004|192.168.1.68|debug: allowed_startip: 192.168.1.1 Mon Nov 8 09:39:17 2004|192.168.1.68|debug: allowed_endip: 192.168.1.254 Mon Nov 8 09:39:17 2004|192.168.1.68|debug: allowed_startipint: 3232235777 Mon Nov 8 09:39:17 2004|192.168.1.68|debug: allowed_endipint: 3232236030 Mon Nov 8 09:39:17 2004|192.168.1.68|debug: Client passed access control rules 192.168.1.68 Mon Nov 8 09:39:17 2004|192.168.1.68|debug: called with /ftp.ntua.gr/pub/linux/debian/dists/testing/main/binary-i386/Packages.gz Mon Nov 8 09:39:17 2004|192.168.1.68|debug: new long filename: ftp.ntua.gr_pub_linux_debian_dists_testing_main_binary-i386_Packages.gz Mon Nov 8 09:39:17 2004|192.168.1.68|debug: cached file: /var/cache/apt-cacher/ftp.ntua.gr_pub_linux_debian_dists_testing_main_binary-i386_Packages.gz Mon Nov 8 09:39:17 2004|192.168.1.68|debug: looking for /var/cache/apt-cacher/ftp.ntua.gr_pub_linux_debian_dists_testing_main_binary-i386_Packages.gz Mon Nov 8 09:39:17 2004|192.168.1.68|debug: filename complies: Packages.gz Mon Nov 8 09:39:17 2004|192.168.1.68|debug: file does not exist, creating it Mon Nov 8 09:39:17 2004|192.168.1.68|debug: MISS Mon Nov 8 09:39:17 2004|192.168.1.68|debug: file is not complete Mon Nov 8 09:39:17 2004|192.168.1.68|debug: fetcher: try to pick up http://ftp.ntua.gr/pub/linux/debian/dists/testing/main/binary-i386/Packages.gz Mon Nov 8 09:39:17 2004|192.168.1.68|debug: fork complete 0 Mon Nov 8 09:39:17 2004|192.168.1.68|debug: starting to return /var/cache/apt-cacher/ftp.ntua.gr_pub_linux_debian_dists_testing_main_binary-i386_Packages.gz Mon Nov 8 09:39:17 2004|192.168.1.68|debug: read 0 bytes Mon Nov 8 09:39:17 2004|192.168.1.68|debug: fork complete 1690 Mon Nov 8 09:39:17 2004|192.168.1.68|debug: parent about to wait, child pid is -1690- 1 Mon Nov 8 09:39:19 2004|192.168.1.68|debug: read 0 bytes Mon Nov 8 09:39:21 2004|192.168.1.68|debug: read 0 bytes Mon Nov 8 09:39:23 2004|192.168.1.68|debug: read 0 bytes Mon Nov 8 09:39:25 2004|192.168.1.68|debug: read 0 bytes [ad infinitum] So it seems the cgi is called, but then something (?) goes wrong... -A -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-cacher transition from apache to apache2
also sprach Alexandros Papadopoulos <[EMAIL PROTECTED]> [2004.11.08.0734 +0100]: > changing /etc/apt-cacher/apt-cacher.conf and then > reloading/restarting apache2 does not honor the changes. Well, you should not need to restart apache2 since apt-cacher is a CGI. Apparently, apache2 loads it permanently though, which is news to me. Does it work at all? > I think it has something to do with the > /etc/apt-cacher/apache.conf snippet which I need to install > somewhere, but I have no idea where. Leave it right there and 'include' it from the vhost definition. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
apt-cacher transition from apache to apache2
[sent this to debian-user, got no suggestions - I hope this is not too OT on this list] On a sarge system, I was using apt-cacher with apache. No problems there. Once I replaced apache with apache2, apt-cacher works but no longer accepts any configuration changes. I.e. changing /etc/apt-cacher/apt-cacher.conf and then reloading/restarting apache2 does not honor the changes. I think it has something to do with the /etc/apt-cacher/apache.conf snippet which I need to install somewhere, but I have no idea where. I checked what bug #250599 says about apache2, and my link does exist: helios:/etc/apache2/mods-enabled# ls -l cgi.load lrwxrwxrwx 1 root root 36 Oct 21 14:52 cgi.load -> /etc/apache2/mods-available/cgi.load helios:/etc/apache2/mods-enabled# Could anyone suggest a fix? Thanks -A -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Friday 05 November 2004 19:47, "Francesco P. Lovergine" <[EMAIL PROTECTED]> wrote: > On Fri, Nov 05, 2004 at 01:35:28AM +1100, Russell Coker wrote: > > My clftools package allows you to split and mangle the log files if you > > have Apache configured for a single log file... > > Uhm, not found in current sid archive Sorry, it's logtools. It's been so long since I've worked on it that I'd forgotten the name. It still works well though, I've got it processing all the web stats on the server that hosts my domain. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Fri, Nov 05, 2004 at 09:40:28AM +0100, Francesco P. Lovergine wrote: > On Fri, Nov 05, 2004 at 09:09:16AM +1100, Craig Sanders wrote: > > > For ErrorLog you can pipe to a suitable program which does the same. > > > > but this doesn't. unless apache has added this feature since i last looked > > into this (about six months ago) the "suitable program" has no way of > > separating the error logs for each virtual host, because it's just STDERR with > > no vhost prefix on each line. > > > > ErrorLog "| mytrickyprog www.mydomain.com" > > where mytrickyprog simply echos stdin on the right per-domain file or > the same log file with the right prefix for each line. Of course you > need a different directive for each vhost. which means one open file handle per virtual host per apache process. which is exactly what we were trying to avoid. there's no benefit in doing this...in fact, you're much worse off than just specifying the ErrorLog filename because you not only have num_vhost * num_apache_children file handles, you also have the same number of "mytrickyprog" instances running. each of which takes up memory and CPU time, and has at least 4 file handles open itself (stdin, stdout, stderr, and the error log file) the whole point of this thread was how to reduce the number of file handles open, per apache process and on the entire system. craig -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Fri, Nov 05, 2004 at 09:40:28AM +0100, Francesco P. Lovergine wrote: > On Fri, Nov 05, 2004 at 09:09:16AM +1100, Craig Sanders wrote: > > > For ErrorLog you can pipe to a suitable program which does the same. > > > > but this doesn't. unless apache has added this feature since i last looked > > into this (about six months ago) the "suitable program" has no way of > > separating the error logs for each virtual host, because it's just STDERR with > > no vhost prefix on each line. > > > > ErrorLog "| mytrickyprog www.mydomain.com" Then what's the use? The point was to avoid having ErrorLog directives per vhost, since that increases the number of open files. -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Fri, Nov 05, 2004 at 09:54:18AM +0100, Wouter Verhelst,,, wrote: > > > > ErrorLog "| mytrickyprog www.mydomain.com" > > Then what's the use? The point was to avoid having ErrorLog directives > per vhost, since that increases the number of open files. > I'm not an expert of apache internals, but I think it does not open a permanent pipe file for each directive, doesn't it? -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Fri, Nov 05, 2004 at 01:35:28AM +1100, Russell Coker wrote: > My clftools package allows you to split and mangle the log files if you have > Apache configured for a single log file... > Uhm, not found in current sid archive -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Fri, Nov 05, 2004 at 09:09:16AM +1100, Craig Sanders wrote: > > For ErrorLog you can pipe to a suitable program which does the same. > > but this doesn't. unless apache has added this feature since i last looked > into this (about six months ago) the "suitable program" has no way of > separating the error logs for each virtual host, because it's just STDERR with > no vhost prefix on each line. > ErrorLog "| mytrickyprog www.mydomain.com" where mytrickyprog simply echos stdin on the right per-domain file or the same log file with the right prefix for each line. Of course you need a different directive for each vhost. A silly implementation would use a perl/sh script to do the thing; a more efficient solution would use a nice tiny C program to do the same. Both are left as exercise to the reader :) -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On 04.11.2004 23:09, Craig Sanders wrote: For ErrorLog you can pipe to a suitable program which does the same. but this doesn't. unless apache has added this feature since i last looked into this (about six months ago) the "suitable program" has no way of separating the error logs for each virtual host, because it's just STDERR with no vhost prefix on each line. does somebody know if this thing was changed in apache 2 ? greets KoS -- Martin Kos +41-76-384-93-33 http://kos.liSay NO to HTML in mail ICQ# 13556143 Proudly running Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Thu, Nov 04, 2004 at 11:19:22AM +0100, Francesco P. Lovergine wrote: > I personally prefer a single CustomLog file with a suitable domain > prefix for every domain. That allows a nice grepping to extract > information and avoid resources wasting. yes, this works. > For ErrorLog you can pipe to a suitable program which does the same. but this doesn't. unless apache has added this feature since i last looked into this (about six months ago) the "suitable program" has no way of separating the error logs for each virtual host, because it's just STDERR with no vhost prefix on each line. craig -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Thursday 04 November 2004 09:11, Marek Podmaka <[EMAIL PROTECTED]> wrote: > I have apache 1.3 webserver hosting about 150 domains (more than 400 > virtual hosts). Now I have separate error log for each domain My clftools package allows you to split and mangle the log files if you have Apache configured for a single log file... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
Instead of setting ulimit in an init script, you can set it in the file /etc/security/limits.conf like this: www-data hardnofile 4096 www-data softnofile 8192 I'm not sure what hard and soft really mean, they're discribed as: # can have the two values: #- "soft" for enforcing the soft limits #- "hard" for enforcing hard limits but I don't know what kind of a difference they make. /proc/sys/fs/file-max is 26214 on that system, I'm not sure if it's influenced by the contents of limits.conf ... On another system it's even higher though I've not changed anything. Anybody knows what changes this value? Sönke Am Mittwoch, 3. November 2004 23:42 schrieb Craig Sanders: > On Wed, Nov 03, 2004 at 11:11:13PM +0100, Marek Podmaka wrote: > > I have apache 1.3 webserver hosting about 150 domains (more than 400 > > virtual hosts). Now I have separate error log for each domain > > (something.sk) and separate combined log for each virtual host (for > > example www.abcq.sk and new.abcq.sk). This has many positives for > > me: easy to find some data related to each virtual host and that I > > can make seaparate statistics for each virtual host. I use awstats. > > And now the bad side - the number of open files in each apache > > process is more than 500 just for these log files. It's no problem > > for now, but with more domains in future it will hit the 1024 per > > process limit of open files. > > > > And now the questions :) > > 1) Where does that 1024 open files limit come from? Is it somewhere > > configurable? > > edit /etc/init.d/apache and add a line like "ulimit -n 4096" > > "-n" is the maximum number of open file descriptors per process. use a > value that's about twice as much as you think you'll need. > > you also need to set /proc/sys/fs/file-max to some suitably high value > (again, calculate how many you think you'll need and double it). this can > be set in /etc/sysctl.conf > > > Or do you think it's totally bad idea to have such number of log > > files? > > until recently, i ran a web server with about 600 virtual hosts on it, each > with its own access.log and error.log files. > > with 200 max apache children, that worked out as up to about 240,000 (600 x > 200 x 2) file handles opened by apache processes for logging at any given > time. this was on a dual p3-866 with 512MB RAM. it worked. > > it bothered me a little that it wasn't really scalable and that eventually > i'd have to do something about logging. i had some ideas on what to do, > but was limited by the fact that i wanted to have separate error.log files > for each virtual host. overall, though, my attitude was "it aint broke, so > don't fix it". > > this wouldn't be a problem if apache could be configured to prefix each > error.log line with the virtual host's domain name..then you could have > a single pipe to an error logging script which wrote the error lines to the > right file, same as you can do for the access.log. > > but apache can't be configured to do that, and i never bothered looking at > the source to see how easy it would be to hack it in, so that means you > either have a shared error.log for all vhosts or you put up with having > lots of open file handles. i chose the latter, and occasionally increased > both "ulimit -n" and /proc/sys/fs/file-max as requiredi never did run > into any limit. > > > craig > > -- > craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- Sönke von Stamm System Administration [EMAIL PROTECTED] Tel.: +49 511 - 35 77 19 - 29 Fax.: +49 511 - 35 77 19 - 19 Imedia Gesellschaft für neue Medien mbH Limmerstr. 46 | 30451 Hannover
Re: apache & log files
On Wed, Nov 03, 2004 at 11:11:13PM +0100, Marek Podmaka wrote: > Hello, > > I have apache 1.3 webserver hosting about 150 domains (more than 400 > virtual hosts). Now I have separate error log for each domain > (something.sk) and separate combined log for each virtual host (for > example www.abcq.sk and new.abcq.sk). This has many positives for > me: easy to find some data related to each virtual host and that I > can make seaparate statistics for each virtual host. I use awstats. > And now the bad side - the number of open files in each apache > process is more than 500 just for these log files. It's no problem > for now, but with more domains in future it will hit the 1024 per > process limit of open files. > > 3) Or you maybe use some other solution to this problem? > I personally prefer a single CustomLog file with a suitable domain prefix for every domain. That allows a nice grepping to extract information and avoid resources wasting. For ErrorLog you can pipe to a suitable program which does the same. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
On Wed, Nov 03, 2004 at 11:11:13PM +0100, Marek Podmaka wrote: > I have apache 1.3 webserver hosting about 150 domains (more than 400 > virtual hosts). Now I have separate error log for each domain > (something.sk) and separate combined log for each virtual host (for > example www.abcq.sk and new.abcq.sk). This has many positives for > me: easy to find some data related to each virtual host and that I > can make seaparate statistics for each virtual host. I use awstats. > And now the bad side - the number of open files in each apache > process is more than 500 just for these log files. It's no problem > for now, but with more domains in future it will hit the 1024 per > process limit of open files. > > And now the questions :) > 1) Where does that 1024 open files limit come from? Is it somewhere > configurable? edit /etc/init.d/apache and add a line like "ulimit -n 4096" "-n" is the maximum number of open file descriptors per process. use a value that's about twice as much as you think you'll need. you also need to set /proc/sys/fs/file-max to some suitably high value (again, calculate how many you think you'll need and double it). this can be set in /etc/sysctl.conf > Or do you think it's totally bad idea to have such number of log > files? until recently, i ran a web server with about 600 virtual hosts on it, each with its own access.log and error.log files. with 200 max apache children, that worked out as up to about 240,000 (600 x 200 x 2) file handles opened by apache processes for logging at any given time. this was on a dual p3-866 with 512MB RAM. it worked. it bothered me a little that it wasn't really scalable and that eventually i'd have to do something about logging. i had some ideas on what to do, but was limited by the fact that i wanted to have separate error.log files for each virtual host. overall, though, my attitude was "it aint broke, so don't fix it". this wouldn't be a problem if apache could be configured to prefix each error.log line with the virtual host's domain name..then you could have a single pipe to an error logging script which wrote the error lines to the right file, same as you can do for the access.log. but apache can't be configured to do that, and i never bothered looking at the source to see how easy it would be to hack it in, so that means you either have a shared error.log for all vhosts or you put up with having lots of open file handles. i chose the latter, and occasionally increased both "ulimit -n" and /proc/sys/fs/file-max as requiredi never did run into any limit. craig -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache & log files
Marek Podmaka wrote: Hello, I have apache 1.3 webserver hosting about 150 domains (more than 400 virtual hosts). Now I have separate error log for each domain (something.sk) and separate combined log for each virtual host (for example www.abcq.sk and new.abcq.sk). This has many positives for me: easy to find some data related to each virtual host and that I can make seaparate statistics for each virtual host. I use awstats. And now the bad side - the number of open files in each apache process is more than 500 just for these log files. It's no problem for now, but with more domains in future it will hit the 1024 per process limit of open files. And now the questions :) 1) Where does that 1024 open files limit come from? Is it somewhere configurable? Or do you think it's totally bad idea to have such number of log files? 2) Is it possible to have separate statistics for each virtual host with awstats and only one log file? It would be nice if certain virtual hosts could have different configuration of awstats. Now I use my script which checks all virtual hosts in mysql (from where also the apache config is refreshed every 15 mins) and creates config file for awstats if none exists. Then it runs awstats for each config (one after another of course). 3) Or you maybe use some other solution to this problem? Check out Cronolog. Piping your logs to that would at least get them into another process! Apache 2 config would be: CustomLog "| /path/to/cronolog /path/to/logfile_%Y_%m.log" combined Would that help you? Dunno if it scales to the levels you need - just an idea. Regards, Upayavira -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
apache & log files
Hello, I have apache 1.3 webserver hosting about 150 domains (more than 400 virtual hosts). Now I have separate error log for each domain (something.sk) and separate combined log for each virtual host (for example www.abcq.sk and new.abcq.sk). This has many positives for me: easy to find some data related to each virtual host and that I can make seaparate statistics for each virtual host. I use awstats. And now the bad side - the number of open files in each apache process is more than 500 just for these log files. It's no problem for now, but with more domains in future it will hit the 1024 per process limit of open files. And now the questions :) 1) Where does that 1024 open files limit come from? Is it somewhere configurable? Or do you think it's totally bad idea to have such number of log files? 2) Is it possible to have separate statistics for each virtual host with awstats and only one log file? It would be nice if certain virtual hosts could have different configuration of awstats. Now I use my script which checks all virtual hosts in mysql (from where also the apache config is refreshed every 15 mins) and creates config file for awstats if none exists. Then it runs awstats for each config (one after another of course). 3) Or you maybe use some other solution to this problem? thanks -- bYE, Marki -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache 2.0 ISP setup..
Hi there, At the moment we are running apache 1.3.x on a debian woody box with PHP/MySQL enabled for selected sites and also a shared verisign cert (also for selected sites). At the moment we store the config in MySQL and then have a script that writes lots of config files to a conf/ dir (one for each host). About 250 of them. A couple of things i would value input on are: 1). Is there a way for apache to read its vhosts config directly from db? 2). Whats your general thoughts on apache 2.0 3). Is using PHP cgi for virtual hosts OK (For Security)? Are their any TFYP here? Thanks Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache dns reverse check
On Wednesday 06 October 2004 04:15, Daniele Becchi wrote: > Is it possible to use the Deny directive in to block IP > addresses that don't have a PTR record? It should be possible. Read http://httpd.apache.org/docs/env.html it states: Access to the server can be controlled based on the value of environment variables using the allow from env= and deny from env= directives. In combination with SetEnvIf, this allows for flexible control of access to the server based on characteristics of the client. For example, you can use these directives to deny access to a particular browser (User-Agent). I've not tried it but it certainly sounds possible. On the other hand, there's a reason that it's recommended to run apache without DNS resolution turned on, DNS can be _very_ slow! -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache dns reverse check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wieslaw wrote: | Hi | |> |> Is it possible to use the Deny directive in to block IP |> addresses that don't have a PTR record? | | Yes. You should put a IP address, or domain (A record) | | I tested on apache 1.3 and 2.0 | it works if i write Deny xxx.xxx.xxx.xxx but if want to block any IP that has no name (host xxx.xxx.xxx.xxx answers xxx.xxx.xxx.xxx does not exist) what should i write? Can you give me an example? -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBY7UtLbsXEJ28YZgRAtBMAJsGM/lHH0K7Db1nynEJqHed5RFsyQCaAjiB AljZlirn9ID9tYi7yNpCR3o= =+VjQ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
apache dns reverse check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is it possible to use the Deny directive in to block IP addresses that don't have a PTR record? Or there is any other way to do this? Dan -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBY6mKLbsXEJ28YZgRAtK/AKDVN7sNlBFhmDGO/QdeGcG7oqgR5gCfaMpR yKae/Ci2zVRYdqcKUaNmxSs= =CXeP -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache aliases / move from subdomains
Hi :) We have a site with a series of sub-domains by country, e.g. www.uk.domain.com, www.fr.domain.com etc. but we are moving away from this to a single 'www.domain.com' (for various reasons).. The problem is that now we want to have the site apply the same themes as it currently does, but based on whether the start of the address is e.g. www.domain.com/scotland www.domain.com/uk www.domain.com/gb www.domain.com/france www.domain.com/francais etc. I was thinking of using a huge list of Apache aliases to redirect all of these to something more generic and appropriate like www.domain.com/locale.php?country=42&language=2 But I was curious to know if there's a more 'elegant' way to do this, perhaps using mod_rewrite ? Cheers, Gavin.
apache proxy behind dynamic IP (using dyndns.org)
Hello all, Because my previously Message is not showing up in the list, here again: I am connected to the Internet via an ADSL 1024/256 kBit and have four physical Virtual-Servers in my Network. I have setup the host <http://tamy-dogan.homelinux.net/> at <http://www.dyndns.org/> Wildcards for my "host" is activated. So all *.tamay-dogan.homelinux.net are accepted. (it works) The four Virtual-Servers are: ( '/etc/hosts' ) / | 127.0.0.1localhost | 192.168.1.10 doc.tamay-dogan.homelinux.net doc | 192.168.1.10 www.tamay-dogan.homelinux.net www | 192.168.1.10home.tamay-dogan.homelinux.net home | 192.168.1.10 music.tamay-dogan.homelinux.net music | 192.168.1.10 dos.tamay-dogan.homelinux.net dos | 192.168.1.10hardware.tamay-dogan.homelinux.net hardware | 192.168.1.10 onlinestore.tamay-dogan.homelinux.net onlinestore | | 192.168.1.14 www.debian.tamay-dogan.homelinux.net www.debian | 192.168.1.14 xmms.debian.tamay-dogan.homelinux.net xmms.debian | 192.168.1.14devel.debian.tamay-dogan.homelinux.net devel.debian | 192.168.1.14lists.debian.tamay-dogan.homelinux.net lists.debian | 192.168.1.14slink.debian.tamay-dogan.homelinux.net slink.debian | 192.168.1.14 potato.debian.tamay-dogan.homelinux.net potato.debian | 192.168.1.14woody.debian.tamay-dogan.homelinux.net woody.debian | 192.168.1.14sarge.debian.tamay-dogan.homelinux.net sarge.debian | 192.168.1.14 etch.debian.tamay-dogan.homelinux.net etch.debian | 192.168.1.14 sid.debian.tamay-dogan.homelinux.net sid.debian | | 192.168.1.60 www.cybercenter.tamay-dogan.homelinux.net www.cybercenter | 192.168.1.60 marocco.cybercenter.tamay-dogan.homelinux.net marocco.cybercenter | 192.168.1.60 turkia.cybercenter.tamay-dogan.homelinux.net turkia.cybercenter | 192.168.1.60iran.cybercenter.tamay-dogan.homelinux.net iran.cybercenter | 192.168.1.60 afghanistan.cybercenter.tamay-dogan.homelinux.net afghanistan.cybercenter | | 192.168.1.69 michelle.home.private.tamay-dogan.homelinux.net michelle.home.private | 192.168.1.69 tamay.home.private.tamay-dogan.homelinux.net tamay.home.private | 192.168.1.69 fayah.home.private.tamay-dogan.homelinux.net fayah.home.private | \__ and I have setup my bind9 and all is working fine in the local network. (I have imported this hosts into bind) Now I like to install on computer apache-rproxy... My ADSL-Router forward the Incoming HTTP-Traffic to port I have setup the httpd.conf following: ( '/etc/apache/httpd.conf' ) ___ / | ## | ## apache-rproxy.conf -- Apache configuration for Reverse Proxy Usage | ## | | # server type | ServerType standalone | Port | MinSpareServers 5 | StartServers 5 | MaxSpareServers 5 | MaxClients 5 | MaxRequestsPerChild 25 | | # server operation parameters | KeepAliveon | MaxKeepAliveRequests 100 | KeepAliveTimeout 15 | Timeout 300 | IdentityCheckoff | HostnameLookups off | | # paths to runtime files | PidFile /var/run/rproxy.pid | LockFile /var/lock/rproxy.lock | ErrorLog /var/log/apache/errors-rproxy.log | CustomLog/var/log/apache/access-rproxy.log "%{%v/%T}t %h -> %{SERVER}e URL: %U" | | # unused paths | ServerRoot /tmp | DocumentRoot /tmp | CacheRoot/tmp | RewriteLog /dev/null | TransferLog /dev/null | TypesConfig /dev/null | AccessConfig /dev/null | ResourceConfig /dev/null | | # Please keep this LoadModule: line here, it is needed for installation. | LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so | LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so | LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so | | # speed up and secure processing | | Options -FollowSymLinks -SymLinksIfOwnerMatch | AllowOverride None | | | # the status page for monitoring the reverse proxy | | SetHandler server-status | | | # enable the URL rewriting engine | RewriteEngineon | RewriteLogLevel 0 | | # define a rewriting map with value-lists where | # mod_re
Re: Apache 1.3 mass virtual hosting recipe
On September 22, 2004 07:44 am, Johann Botha wrote: > > > > php_admin_flag engine off > > > > hmm.. thats where I stopped investigating this option, > I dont want to be editing config files. Neither do I but in my case I anticipate 95% of the hosts being identical, if I have to setup a few sites with specific configs I can live with it. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
Re: Apache 1.3 mass virtual hosting recipe
On September 22, 2004 10:10 am, Raúl Alexis Betancort Santana wrote: > I wonder how running a script inside a mod_rewrite rule is better that > defining a new NameVirtualHost directive, moreover taking into account that It's better (IMO) because I do not have to configure apache. My admin interface is greatly simplified because apache configuration does not need to be done. I create a user who has a homedir in the appropriate location (or at least who has access to the appropriate created location) and setup is complete. > that rewriting rule will run the script EVERY TIME a request reach the > server, I hope you don't have high volume traffict to that server or you > will go into troubles. The script runs continually, it is not started for every incoming request. Apache has a filehandle for the script's stdin and stdout, the overhead of running the script will be very minimal and the script will not introduce much delay. Checking for a few directories is no different than many apache servers that check for .htaccess files all the way up to the root of the filesystem, it does so very quickly. When server traffic gets too high I will simply add servers but I see no reason why this setup can't host hundreds of typical low-volume sites, I may be proved wrong of course ;-) I would not use this for a very high traffic site, I wouldn't host a very high traffic site on a shared server period. > I better follow this way ... > > httpd.conf (apache 1.3.X, apache 2.X doit automaticatly) > ... > Include /etc/apache/domains.d > ... > > then simple create the .conf file from a template for example, and > drop it inside /etc/apached/domains.d a simple /etc/init.d/apache reload > and thats all, no need to check on every request to were should I get the > files. On previous servers I have used the template approach. I don't like to creating hundreds of nearly identical configs, to me identical means redundant. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
Re: Apache 1.3 mass virtual hosting recipe
El Miércoles 22 Septiembre 2004 12:12, Fraser Campbell escribió: > On September 22, 2004 03:04 am, Johann Botha wrote: > > running a script from mod_rewrite was not reliable, sometimes it just did > > not work... restart apache and it worked again. maybe it was just the > > version I used. > > Hmm, I don't like the sounds of that. Hopefully it was just the version > you used. Or a problem with the script talking to LDAP, since my script > (at least for now) is self-contained I hope I don't run into issues. If my > solution proves problematic I will report back. > > > 2) I wanted to enable / disable things like PHPengine for the virtual > > host based on LDAP settings. > > You could do it in the script, if file extension is .php then rewrite the > request to a "cannot execute" message. Alternatively (what I had planned > to do) is just disable the engine in directories where I don't want it > (that would be using config files), something like this is supposed to > work: > > > php_admin_flag engine off > I wonder how running a script inside a mod_rewrite rule is better that defining a new NameVirtualHost directive, moreover taking into account that that rewriting rule will run the script EVERY TIME a request reach the server, I hope you don't have high volume traffict to that server or you will go into troubles. I better follow this way ... httpd.conf (apache 1.3.X, apache 2.X doit automaticatly) ... Include /etc/apache/domains.d ... then simple create the .conf file from a template for example, and drop it inside /etc/apached/domains.d a simple /etc/init.d/apache reload and thats all, no need to check on every request to were should I get the files.
Peoblem with reverse-proxy (apache) Config behind DynIP
Hello, after asking at <[EMAIL PROTECTED]> and <[EMAIL PROTECTED]> without a suitable answer, I ask you, whats wrong with my reverse-proxy config. Problem: I am connected to the Internet via an ADSL 1024/256 kBit and have four physical Virtual-Servers in my Network. I have setup the host <http://tamay-dogan.homelinux.net/> at <http://www.dyndns.org/> Wildcards for my "host" is activated. My ADSL Router (Netgear DM602FR) forward all HTTP traffic to IP 192.168.1.2 (my local DNS server / apache reverse-proxy) and port where my reverse-proxy is hearing. The four Virtual-Servers are: ( '/etc/hosts' ) / | 127.0.0.1localhost | 192.168.1.10 doc.tamay-dogan.homelinux.net doc | 192.168.1.10 www.tamay-dogan.homelinux.net www | 192.168.1.10home.tamay-dogan.homelinux.net home | 192.168.1.10 music.tamay-dogan.homelinux.net music | 192.168.1.10 dos.tamay-dogan.homelinux.net dos | 192.168.1.10hardware.tamay-dogan.homelinux.net hardware | 192.168.1.10 onlinestore.tamay-dogan.homelinux.net onlinestore | | 192.168.1.14 www.debian.tamay-dogan.homelinux.net www.debian | 192.168.1.14 xmms.debian.tamay-dogan.homelinux.net xmms.debian | 192.168.1.14devel.debian.tamay-dogan.homelinux.net devel.debian | 192.168.1.14lists.debian.tamay-dogan.homelinux.net lists.debian | 192.168.1.14slink.debian.tamay-dogan.homelinux.net slink.debian | 192.168.1.14 potato.debian.tamay-dogan.homelinux.net potato.debian | 192.168.1.14woody.debian.tamay-dogan.homelinux.net woody.debian | 192.168.1.14sarge.debian.tamay-dogan.homelinux.net sarge.debian | 192.168.1.14 etch.debian.tamay-dogan.homelinux.net etch.debian | 192.168.1.14 sid.debian.tamay-dogan.homelinux.net sid.debian | | 192.168.1.60 www.cybercenter.tamay-dogan.homelinux.net www.cybercenter | 192.168.1.60 marocco.cybercenter.tamay-dogan.homelinux.net marocco.cybercenter | 192.168.1.60 turkia.cybercenter.tamay-dogan.homelinux.net turkia.cybercenter | 192.168.1.60iran.cybercenter.tamay-dogan.homelinux.net iran.cybercenter | 192.168.1.60 afghanistan.cybercenter.tamay-dogan.homelinux.net afghanistan.cybercenter | | 192.168.1.69 michelle.home.private.tamay-dogan.homelinux.net michelle.home.private | 192.168.1.69 tamay.home.private.tamay-dogan.homelinux.net tamay.home.private | 192.168.1.69 fayah.home.private.tamay-dogan.homelinux.net fayah.home.private | \__ and I have imported the /etc/hosts into "bind9" and all is working fine in the local network. Now I like to install on computer apache-rproxy... I have setup the httpd.conf following: ( '/etc/apache/httpd.conf' ) ___ / | ## | ## apache-rproxy.conf -- Apache configuration for Reverse Proxy Usage | ## | | # server type | ServerType standalone | Port | MinSpareServers 5 | StartServers 5 | MaxSpareServers 5 | MaxClients 5 | MaxRequestsPerChild 25 | | # server operation parameters | KeepAliveon | MaxKeepAliveRequests 100 | KeepAliveTimeout 15 | Timeout 300 | IdentityCheckoff | HostnameLookups off | | # paths to runtime files | PidFile /var/run/rproxy.pid | LockFile /var/lock/rproxy.lock | ErrorLog /var/log/apache/errors-rproxy.log | CustomLog/var/log/apache/access-rproxy.log "%{%v/%T}t %h -> %{SERVER}e URL: %U" | | # unused paths | ServerRoot /tmp | DocumentRoot /tmp | CacheRoot/tmp | RewriteLog /dev/null | TransferLog /dev/null | TypesConfig /dev/null | AccessConfig /dev/null | ResourceConfig /dev/null | | # Please keep this LoadModule: line here, it is needed for installation. | LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so | LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so | LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so | | # speed up and secure processing | | Options -FollowSymLinks -SymLinksIfOwnerMatch | AllowOverride None | | | # the status page for monitoring the reverse proxy | | SetHandler server-status | | | # enable
Re: Apache 1.3 mass virtual hosting recipe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Fraser >@2004.09.22_13:12:19_GMT+0200 > > 2) I wanted to enable / disable things like PHPengine for the virtual > > ? ?host based on LDAP settings. > > You could do it in the script, if file extension is .php then rewrite the > request to a "cannot execute" message. Alternatively (what I had planned to > do) is just disable the engine in directories where I don't want it (that > would be using config files), something like this is supposed to work: > > > php_admin_flag engine off > hmm.. thats where I stopped investigating this option, I dont want to be editing config files. this looks interesting.. http://andreasbrenk.com/opensource/modcfgldap/ anybody using it? - -- "We are all worms. But I do believe I am a glowworm." -- Winston Churchill frogfoot networks +27.21.689.3867 blue.frogfoot.net www.frogfoot.com ..frogs are ferocious carnivores by nature -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Debian :: The Universal Operating System iD8DBQFBUWWkSlwwQibN9dQRAvAxAJ9df8TsyCElFOtG1wGyTq3bde7vGwCcCoHP 1hOBUUYhAJrX/cgzb/XJbmM= =l0LV -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache 1.3 mass virtual hosting recipe
On September 22, 2004 03:04 am, Johann Botha wrote: > running a script from mod_rewrite was not reliable, sometimes it just did > not work... restart apache and it worked again. maybe it was just the > version I used. Hmm, I don't like the sounds of that. Hopefully it was just the version you used. Or a problem with the script talking to LDAP, since my script (at least for now) is self-contained I hope I don't run into issues. If my solution proves problematic I will report back. > 2) I wanted to enable / disable things like PHPengine for the virtual > host based on LDAP settings. You could do it in the script, if file extension is .php then rewrite the request to a "cannot execute" message. Alternatively (what I had planned to do) is just disable the engine in directories where I don't want it (that would be using config files), something like this is supposed to work: php_admin_flag engine off -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
Re: Apache 1.3 mass virtual hosting recipe
Hi Fraser >@2004.09.22_03:13:17_GMT+0200 > I finally got around to trying out mod_rewrite and it looks like things will > work exactly as I'd hoped. > Obviously under this scheme all hostnames get treated the same, you would have > to override the defaults in some cases (SSL sites for example) but that can > be done by adding normal rules in or containers. I remember having a similar config when I last tried this, but.. running a script from mod_rewrite was not reliable, sometimes it just did not work... restart apache and it worked again. maybe it was just the version I used. my big problem was.. 1) I wanted the script to read the path from LDAP which I did have working. 2) I wanted to enable / disable things like PHPengine for the virtual host based on LDAP settings. How do I do 2 ? -- "We are all worms. But I do believe I am a glowworm." -- Winston Churchill frogfoot networks +27.21.689.3867 blue.frogfoot.net www.frogfoot.com ..frogs are ferocious carnivores by nature signature.asc Description: Digital signature
Re: Apache 1.3 mass virtual hosting recipe
Hi, I finally got around to trying out mod_rewrite and it looks like things will work exactly as I'd hoped. I'm posting this recipe since I was unable to find a documented example of how to do it and I figured lots of people might be interested in doing it. It does need some more testing but at this point I see no reason why it will not work. The basic concept is to create a directory and have apache serve it automatically under the correct domain name (zero config apache). Let's say I want to have wehave.net and www.wehave.net hosted on my server. I could create a VirtualHost with "ServerName wehave.net" and "ServerAlias www.wehave.net" or I could do this: RewriteEngine on RewriteLog /tmp/junk RewriteLogLevel 9 RewriteMap vhosts-map prg:/usr/local/sbin/vhost-redirector.pl RewriteRule ^/(.*)$ ${vhosts-map:%{HTTP_HOST}}$1 My perl script looks like this: #!/usr/bin/perl -wT use strict; $| = 1; while (<>) { # FIXME, do we need to do syntax checking on hostname? chomp; my @path = split(/\./, $_); while ( ! -d '/var/www/' . join('/', reverse(@path)) . '/web/' and @path){ shift @path; } if (@path) { print '/var/www/' . join('/', reverse(@path)) . "/web/\n"; } else { print "/var/www/web/\n"; } } The end result is that once dns points something at your server simply creating the appropriate directory heirarchy is enough to host a given website (and aliases). Given the previous example (hosting wehave.net), I would create the directory /var/www/net/wehave/web and http://wehave.net/whatever would translate to the filesystem as /var/www/net/wehave/web/whatever ... requests for http://www.wehave.net/whatever would translate to the same file unless I wanted to serve something different for that in which case I would just need to create /var/www/net/wehave/www/web/whatever If I want www.wehave.ca to be the same as wehave.net then I just link ... ln -s /var/www/net/wehave /var/www/ca/wehave Any site pointed to your server which doesn't have an appropriate config would end up directed to the filesystem directory /var/www/web ... there could be a default page there stating "Site not configured". One thing I haven't shown in my example is that you would have to either not rewrite shared paths (such as /icons/, /squirrelmail/, etc.) or you would have to hardcode those paths into the perl script. The perl code starts when apache starts and stays resident so the extra overhead is minimal (I am guessing) i.e. you are not firing up a perl process for every single request. Obviously under this scheme all hostnames get treated the same, you would have to override the defaults in some cases (SSL sites for example) but that can be done by adding normal rules in or containers. On September 5, 2004 09:06 pm, Fraser Campbell wrote: > Hi, > > I'm setting up a new server and would like to use mod_vhost_alias, or other > mass virtual hosting method, if possible. mod_vhost_alias is very simple > to setup and works as advertised: > > LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so > UseCanonicalName Off > VirtualDocumentRoot /var/www/%0/web > > Unfortunately, it is as simple as it is simple to setup ;-) My question is > in regards to ServerAlias. "Normal" clients host their website at > http://www.abcd.com/ but they (and I) also like it when http://abcd.com/ > works as well. Is there any way (besides filesystem link) to make > vhost_alias find the right DocumentRoot? > > Ideally I'd like a directory structure like this: > > /var/www/com/abcd/web/ > /var/www/com/abcd/subdomain/web/ > > When serving http://www.abcd.com/ apache wouldn't > find /var/www/com/abcd/www/web/ so it would fallback > to /var/www/com/abcd/web/, if that were missing it would fallback > to /var/www/com/web/ and then to /var/www/web/ > > Perhaps something like the above is possible using mod_rewrite??? I'll > keep plugging away for a while but if anyone knows the answer I'm all for > shortcuts. > > Second question. Supposing that the above can work somehow I'd like to use > one common logfile for all virtualhosts, with the virtualhost's name > prepended to each log line. This is easy of course. The catch of course > is that I'd like to have consistent names for hosts, i.e. I don't want to > be splitting off logfiles for www.abcd.com and abcd.com when those are > actually the same site. > > Basically, I'd like apache logging to be smart enough to realize that it is > actually serving abcd.com although the hostname in the request was > www.abcd.com. > > -- > Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ > Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache 1.3 mod_vhost_alias, ServerAlias and logging
Hi, I'm setting up a new server and would like to use mod_vhost_alias, or other mass virtual hosting method, if possible. mod_vhost_alias is very simple to setup and works as advertised: LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so UseCanonicalName Off VirtualDocumentRoot /var/www/%0/web Unfortunately, it is as simple as it is simple to setup ;-) My question is in regards to ServerAlias. "Normal" clients host their website at http://www.abcd.com/ but they (and I) also like it when http://abcd.com/ works as well. Is there any way (besides filesystem link) to make vhost_alias find the right DocumentRoot? Ideally I'd like a directory structure like this: /var/www/com/abcd/web/ /var/www/com/abcd/subdomain/web/ When serving http://www.abcd.com/ apache wouldn't find /var/www/com/abcd/www/web/ so it would fallback to /var/www/com/abcd/web/, if that were missing it would fallback to /var/www/com/web/ and then to /var/www/web/ Perhaps something like the above is possible using mod_rewrite??? I'll keep plugging away for a while but if anyone knows the answer I'm all for shortcuts. Second question. Supposing that the above can work somehow I'd like to use one common logfile for all virtualhosts, with the virtualhost's name prepended to each log line. This is easy of course. The catch of course is that I'd like to have consistent names for hosts, i.e. I don't want to be splitting off logfiles for www.abcd.com and abcd.com when those are actually the same site. Basically, I'd like apache logging to be smart enough to realize that it is actually serving abcd.com although the hostname in the request was www.abcd.com. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: per user dav with apache mod_dav
On Fri, 03 Sep 2004 13:12:55 -0500, Jose A. Guzman <[EMAIL PROTECTED]> wrote: > > Is there a way to set up mod_dav with decent access controls? > > I want to have each user on the server acces his own files only, so > their files fall under fs quota and have the right permissions etc. > > I have 10k users on LDAP, and could export them to mysql. > > Wouldn't mind to use apache2 on sarge. > > Any hints? > > José > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > Hi, There's a mod_ldap for apache i think, both for authentication (mod_auth_ldap => http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html and for mass virtual hosts (mod_vhs => http://www.oav.net/projects/mod_vhs/). This one supports virtual hosts generation from MySQL, LDAP. Hope it helps. -- Hervé Rousseau
per user dav with apache mod_dav
Is there a way to set up mod_dav with decent access controls? I want to have each user on the server acces his own files only, so their files fall under fs quota and have the right permissions etc. I have 10k users on LDAP, and could export them to mysql. Wouldn't mind to use apache2 on sarge. Any hints? José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
More than 1024 Apache / MySQL processes?
Hello On one host I have, at peak times, roughly 1000 simultanous Apache processes which serve MySQL intensive scripts that produce about the same number of MySQL instances. As 1000 connections are no longer sufficient, our customer demands a stronger server but I'm unsure if it's possible at all to have say 1500-2000 connections. Limitations I am aware of are: * [compiletime] /usr/include/bits/local_lim.h PTHREAD_THREADS_MAX (default 1024 in woody, 16484 since sarge) affectets at least MySQL * [compiletime] Apache HARD_SERVER_LIMIT (default 256) * [compiletime] MySQL suggests to lower the Thread Stack size * [runtime] ulimit "max user processes", "open files" * [runtime] /proc/sys/fs/file-max * [configuration] max_clients in Apache * [configuration] open_files_limix, max_connections, max_user_connections in MySQL Is there anything else? Has anybody ever tried it? My test machines sadly have not enough RAM to try it. bye, -christian- P.S.: And yes, better alternatives like clusters etc are already under consideration, too, but not so easy to implement :-) -- Christian Hammers WESTEND GmbH | Internet-Business-Provider Technik CISCO Systems Partner - Authorized Reseller Lütticher Straße 10 Tel 0241/701333-11 [EMAIL PROTECTED]D-52064 Aachen Fax 0241/911879 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + ISP + Apache
On Mon, 2004-08-30 at 10:12, Paul Johnson wrote: [...] > > - What should I manage using packages and what should I manage > > using source code? > > If it has a package, use the packages unless you absolutely must > compile something from source that conflicts with how Debian compiled > it, then make your own Debian package so dpkg stays aware of what's > going on. If you are going to do something strange like track upstream CVS or use something that doesn't have a deb, don't bother building a deb, instead install it in /usr/local (make install --prefix=/var/local). Put config files in /etc, and if necissary, use /var/local/ to store data, though /home/ is acceptable. Other directories are owned by dpkg, so don't stuff with them. IMHO if there isn't a deb, it probably isn't worth using, unless you wrote it yourself :-). The debian archive is a good indicator of what people are using and is supported. The biggest problem is it includes too much, so the fact that there isn't a deb tells you more than the fact that there is. -- Donovan Baarda <[EMAIL PROTECTED]> http://minkirri.apana.org.au/~abo/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + ISP + Apache
<#secure method=pgp mode=sign> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Francisco Javier Fabra Caro <[EMAIL PROTECTED]> writes: > I've installed recently Debian Sarge in a machine for ISP purposes. > Now, my question is: > - What should I manage using packages and what should I manage > using source code? If it has a package, use the packages unless you absolutely must compile something from source that conflicts with how Debian compiled it, then make your own Debian package so dpkg stays aware of what's going on. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBMnEOUzgNqloQMwcRApNPAKCAoWP7KRVqCRFSyPo+RdAz7ft5wwCgm+Ej 9uM2PPCMZlVYyIhHSvR2B58= =KNCE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian + ISP + Apache
Hi all, I've installed recently Debian Sarge in a machine for ISP purposes. Now, my question is: - What should I manage using packages and what should I manage using source code? Concretely, I have installed the mail service using packages, but now I have to install the FTP service using proftpd + mysql and the httpd using Apache. Do you know any how-to or guidelines to install a VERY-SECURE http service? I mean, making that users can't access to the filesystem using a php script, for example.. Thanx in advance. Cheers! fabRiX -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache umask
On Wed, Aug 18, 2004 at 08:21:26PM +0200, Patrick Donker wrote: > Jacob S. wrote: > > >By default, when a file is uploaded via a php script or anything else > >through apache, it has permissions of 644. I would like this to be 640. > > > >I know php has a umask and a chmod function that could help with this, > >but this only fixes it for scripts that use php. Isn't there a way to > >change the default umask for the www-data user? > > > >Any tips for where to look or what to change would be greatly > >appreciated. > > > If I'm not mistaking you could set the sticky bit to the directory > Apache is uploading in. That way all files will always get the mode you > set. chmod 1640 This doesn't appear to work. I just tested it with the example you show, uploaded a file and it still had permissions of 644. Thanks, Jacob -- GnuPG Key: 1024D/16377135 Random .signature #0: Never trust an operating system you don't have sources for. http://www.linux.org signature.asc Description: Digital signature
Re: Apache umask
Jacob S. wrote: By default, when a file is uploaded via a php script or anything else through apache, it has permissions of 644. I would like this to be 640. I know php has a umask and a chmod function that could help with this, but this only fixes it for scripts that use php. Isn't there a way to change the default umask for the www-data user? Any tips for where to look or what to change would be greatly appreciated. TIA, Jacob If I'm not mistaking you could set the sticky bit to the directory Apache is uploading in. That way all files will always get the mode you set. chmod 1640 -Patrick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache umask
By default, when a file is uploaded via a php script or anything else through apache, it has permissions of 644. I would like this to be 640. I know php has a umask and a chmod function that could help with this, but this only fixes it for scripts that use php. Isn't there a way to change the default umask for the www-data user? Any tips for where to look or what to change would be greatly appreciated. TIA, Jacob -- GnuPG Key: 1024D/16377135 Random .signature #54: If Bill Gates had a nickel for every time Windows crashed... Oh wait, he does. pgpo7A8nH7bp4.pgp Description: PGP signature
Re: IIS worms and apache
Robert Waldner wrote: On Tue, 10 Aug 2004 20:50:13 +1000, Russell Coker writes: Maybe the thing to do would be to write a server that establishes the HTTP protocol and then sets the TCP window size to zero (to tar-pit connections). Such a server program could listen on every IP address that's not used for a real web server and tie up resources on the zombie machines without wasting space in log files. Why limit yourself to HTTP? http://packages.debian.org/testing/net/labrea .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. a "sticky" honeypot and IDS LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time. -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. If you are not using connection tracking in netfilter, you could use the TARPIT target as in: iptables -A INPUT -p tcp -m tcp --dport 80 -j TARPIT You could combine it with match by string if you want to be more selective about the kind of http traffic to tarpit (not effective against an attack designed to bypass an IDS, but more than enough for a worm). The TARPIT target in netfilter is not recommended in combination with conntrack, since you will be wasting resources in your box... The TARPIT target is standard in the iptables package of an unstable Debian (at least from Version: 1.2.11-2). More information in: http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT http://www.spinics.net/lists/netfilter/msg17583.html signature.asc Description: OpenPGP digital signature
Re: IIS worms and apache
On Tue, 10 Aug 2004 20:50:13 +1000, Russell Coker writes: >Maybe the thing to do would be to write a server that establishes the HTTP >protocol and then sets the TCP window size to zero (to tar-pit connections). >Such a server program could listen on every IP address that's not used for a >real web server and tie up resources on the zombie machines without wasting >space in log files. Why limit yourself to HTTP? http://packages.debian.org/testing/net/labrea .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. a "sticky" honeypot and IDS LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time. -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpALl6m2kTkA.pgp Description: PGP signature
Re: IIS worms and apache
On Tue, 10 Aug 2004 19:38, Michelle Konzack <[EMAIL PROTECTED]> wrote: > Am 2004-08-08 15:32:51, schrieb Russell Coker: > > On Sat, 7 Aug 2004 14:56, "Shannon R." <[EMAIL PROTECTED]> wrote: > > > Is there a debian package wherein the app recognizes > > > IIS worm attacks? Then blocks these IPs in real time? > > > > Why bother? They can't do any harm, and the bandwidth that they take is > > usually a small portion of the total bandwidth. Why not just ignore > > them, it's the easiest thing to do. > > Allready tried webalyzer on a 10 MByte IIS-Worm infected LOG File... > > Forget it !!! What was the problem? When I was analysing 500M web logs with Webalizer I didn't have any serious performance problems. I was analysing the logs three ways, for customers of the ISP, for outside users, and for both combined. The machine doing the log analysis had a 400MHz SPARC CPU (not a fast CPU at all), and only 1G of RAM (which was a problem as Webalizer could use a lot of RAM at times). Sometimes a single run would deal with 1G or 2G of log files from the web server. It would take a couple of hours to process but it still wasn't a big deal. > On some days I had on my Virtual WebServer @HOME (ADSL 128/1024) > more then 50 MByte Logfiles with ISS-Worm and hash=xxx entries. Maybe the thing to do would be to write a server that establishes the HTTP protocol and then sets the TCP window size to zero (to tar-pit connections). Such a server program could listen on every IP address that's not used for a real web server and tie up resources on the zombie machines without wasting space in log files. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IIS worms and apache
Am 2004-08-08 15:32:51, schrieb Russell Coker: > On Sat, 7 Aug 2004 14:56, "Shannon R." <[EMAIL PROTECTED]> wrote: > > Is there a debian package wherein the app recognizes > > IIS worm attacks? Then blocks these IPs in real time? > > Why bother? They can't do any harm, and the bandwidth that they take is > usually a small portion of the total bandwidth. Why not just ignore them, > it's the easiest thing to do. Allready tried webalyzer on a 10 MByte IIS-Worm infected LOG File... Forget it !!! I have redirected/aliased all requests to www.microsoft.com :-) This keeps my LogFiles clean... On some days I had on my Virtual WebServer @HOME (ADSL 128/1024) more then 50 MByte Logfiles with ISS-Worm and hash=xxx entries. Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: IIS worms and apache
On Sun, 2004-08-08 at 23:43, Craig Sanders wrote: > the notice you send them should tell them exactly what is going on, exactly > what they have to do, and the consequences of what will happen (i.e. their site > will be unreachable) if they don't. You could also host the site on multiple ip addresses until they do switch the DNS over. Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IIS worms and apache
On Sun, Aug 08, 2004 at 03:32:51PM +1000, Russell Coker wrote: > On Sat, 7 Aug 2004 14:56, "Shannon R." <[EMAIL PROTECTED]> wrote: > > Is there a debian package wherein the app recognizes IIS worm attacks? Then > > blocks these IPs in real time? > > Why bother? They can't do any harm, and the bandwidth that they take is > usually a small portion of the total bandwidth. Why not just ignore them, > it's the easiest thing to do. one reason to do it is if you have several hundred IP-based virtual hosts on one server. the load (including logging) from virus probes against all your IP addresses at once is significant. of course, it's better to just convert as many as you can to name-based virtual hosts (i.e. all of them except https sites). this can take some time to co-ordinate if you don't host the DNS as well as the web site. do all of the sites where you host the DNS and sent notices to the domain owners where the DNS is hosted elsewhere - don't ask them, TELL them that the IP will be being changed in, say, one month's time, remind them again a few days before the scheduled date, and then make the change whether they have responded or not. the notice you send them should tell them exactly what is going on, exactly what they have to do, and the consequences of what will happen (i.e. their site will be unreachable) if they don't. craig -- craig sanders <[EMAIL PROTECTED]> The next time you vote, remember that "Regime change begins at home" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IIS worms and apache
"Shannon R." <[EMAIL PROTECTED]> writes: > Is there a debian package wherein the app recognizes > IIS worm attacks? awstats > Then blocks these IPs in real time? Not sure about that. Not sure why it's worth the bother, since it's not like Apache is vulnerable. pgp4S4qgWXjoW.pgp Description: PGP signature
Re: IIS worms and apache
On Sat, 7 Aug 2004 14:56, "Shannon R." <[EMAIL PROTECTED]> wrote: > Is there a debian package wherein the app recognizes > IIS worm attacks? Then blocks these IPs in real time? Why bother? They can't do any harm, and the bandwidth that they take is usually a small portion of the total bandwidth. Why not just ignore them, it's the easiest thing to do. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IIS worms and apache
Shannon R. wrote: Is there a debian package wherein the app recognizes IIS worm attacks? Then blocks these IPs in real time? Would also be nice if it'll unblock those IPs after a certain amount of time. Thanks! Shannon Try Early Bird, does a great job http://www.treachery.net/~jdyson/earlybird/index.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
IIS worms and apache
Is there a debian package wherein the app recognizes IIS worm attacks? Then blocks these IPs in real time? Would also be nice if it'll unblock those IPs after a certain amount of time. Thanks! Shannon __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Woody+Testing Apache Segmentation Fault
Jacob S. wrote: Has anybody seen this before? I have not experienced this problem before, but I have seen several threads here on Debian-user that resolved it by uninstalling the php4-imap package. Alternatively, you should be able to simply disable php4-imap in your php.ini file to see if it is the problem. HTH, Jacob I've seen this problem as well; I don't remember what module it was, but try commenting out all modules from the php.ini and enabling them one by one if it's not the php-imap module. Maarten
Re: Woody+Testing Apache Segmentation Fault
On Thu, 5 Aug 2004 15:41:50 +0200 Ian Forbes <[EMAIL PROTECTED]> wrote: > Hi > > I have a problem with my webserver. It was originally setup with > Potato (or earlier version) of Debian a few years back. > > Currently it has been fully upgraded to Woody, plus selected > packages have been upgraded to "Testing". These include > php(4.3.4-4) and all its dependencies including apache(1.3.31-2). > and libapache-mod-perl(1.29.0.2-9). These are the latest "testing" > release versions. > > Recently I did an "apt-get upgrade" and it downloaded and installed > the above version of apache. Afterwards it would not start, it > failed without showing an error on either the screen or the log > files. Running "apache -F" I got a segmentation fault. > > After a bit of playing, I discovered if I comment out either the > php4 or mod-perl in the new modules.conf (imported from httpd.conf) > the server starts normally. With both modules loaded the server get > a segmentation fault. > > I am wondering if there is a version conflict between the modules, > or if there is a restriction on permissions or resources, inherited > from the earlier version, which prevents the apache server from > starting? > > Has anybody seen this before? I have not experienced this problem before, but I have seen several threads here on Debian-user that resolved it by uninstalling the php4-imap package. Alternatively, you should be able to simply disable php4-imap in your php.ini file to see if it is the problem. HTH, Jacob -- GnuPG Key: 1024D/16377135 Random .signature #7: Microsoft is not the answer. Microsoft is the question. Linux is the answer. pgpgdNYWthVS7.pgp Description: PGP signature
Woody+Testing Apache Segmentation Fault
Hi I have a problem with my webserver. It was originally setup with Potato (or earlier version) of Debian a few years back. Currently it has been fully upgraded to Woody, plus selected packages have been upgraded to "Testing". These include php(4.3.4-4) and all its dependencies including apache(1.3.31-2). and libapache-mod-perl(1.29.0.2-9). These are the latest "testing" release versions. Recently I did an "apt-get upgrade" and it downloaded and installed the above version of apache. Afterwards it would not start, it failed without showing an error on either the screen or the log files. Running "apache -F" I got a segmentation fault. After a bit of playing, I discovered if I comment out either the php4 or mod-perl in the new modules.conf (imported from httpd.conf) the server starts normally. With both modules loaded the server get a segmentation fault. I am wondering if there is a version conflict between the modules, or if there is a restriction on permissions or resources, inherited from the earlier version, which prevents the apache server from starting? Has anybody seen this before? Thanks Ian -- Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa
Re: Apache banner
If you want to change (or remove) the apache banner, have a gander (before you compile it, etc) at: apache_1.3.29/src/include/httpd.h & grep for '1.3.29' HTH. > you can turn if off with mod_rewrite so it does not show product type at > all. > I couldn't get it to work, but you could do it > > Fraser Campbell said: >>> the ServerSignature directive to switch it off. >> ServerSignature On >> ServerTokens Prod > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- James Ridle Reciprocal Media & Technology Consortium 406.449.2804
Re: Apache banner
If you want to change (or remove) the apache banner, have a gander (before you compile it, etc) at: apache_1.3.29/src/include/httpd.h & grep for '1.3.29' HTH. > you can turn if off with mod_rewrite so it does not show product type at > all. > I couldn't get it to work, but you could do it > > Fraser Campbell said: >>> the ServerSignature directive to switch it off. >> ServerSignature On >> ServerTokens Prod > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- James Ridle Reciprocal Media & Technology Consortium 406.449.2804 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache banner
you can turn if off with mod_rewrite so it does not show product type at all. I couldn't get it to work, but you could do it Fraser Campbell said: >> the ServerSignature directive to switch it off. > ServerSignature On > ServerTokens Prod
Re: Apache banner
you can turn if off with mod_rewrite so it does not show product type at all. I couldn't get it to work, but you could do it Fraser Campbell said: >> the ServerSignature directive to switch it off. > ServerSignature On > ServerTokens Prod -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache banner
On Tuesday 06 April 2004 10:39, Robert Page wrote: > I think to actually change it you need to edit the source but you can use > the ServerSignature directive to switch it off. I use these directives: ServerSignature On ServerTokens Prod This way people know I'm running apache (which I don't mind) but they don't see the version or all of the different modules that I am running. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux
RE: Apache banner
I think to actually change it you need to edit the source but you can use the ServerSignature directive to switch it off. -Original Message- From: Craig Schneider [mailto:[EMAIL PROTECTED] Sent: 06 April 2004 15:03 To: debian-security@lists.debian.org; debian-isp@lists.debian.org Subject: Apache banner Hi Guys Is there any way of changing the banner in Apache like you can for proftpd lets say? Without having to tamper with the Apache source ?> Thinking of a runtime option for the config file ? Thanks Craig
Apache banner
Hi Guys Is there any way of changing the banner in Apache like you can for proftpd lets say? Without having to tamper with the Apache source ?> Thinking of a runtime option for the config file ? Thanks Craig
Re: Apache banner
On Tuesday 06 April 2004 10:39, Robert Page wrote: > I think to actually change it you need to edit the source but you can use > the ServerSignature directive to switch it off. I use these directives: ServerSignature On ServerTokens Prod This way people know I'm running apache (which I don't mind) but they don't see the version or all of the different modules that I am running. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Apache banner
I think to actually change it you need to edit the source but you can use the ServerSignature directive to switch it off. -Original Message- From: Craig Schneider [mailto:[EMAIL PROTECTED] Sent: 06 April 2004 15:03 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Apache banner Hi Guys Is there any way of changing the banner in Apache like you can for proftpd lets say? Without having to tamper with the Apache source ?> Thinking of a runtime option for the config file ? Thanks Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache banner
Hi Guys Is there any way of changing the banner in Apache like you can for proftpd lets say? Without having to tamper with the Apache source ?> Thinking of a runtime option for the config file ? Thanks Craig
RE: Apache 1.3.26 + Frontpage Extensions + dpkg-buildpackage
After searching though as much docs as I could get my hands on a colleague suggested I just use webdav instead. THEN after reading up on that the client decides they do not want it anymore. Wasn't a waste though cos now I sort of know how to set it up. If anyone's stuck with installing Frontpage Extensions on a debian box with apache I suggest u first try out WebDAV (www.webdav.org). Thanks For those who helped/replied to my post :) Dave -Original Message- From: mimo [mailto:[EMAIL PROTECTED] Sent: 16 March 2004 03:23 To: David Ross Cc: debian-isp@lists.debian.org Subject: Re: Apache 1.3.26 + Frontpage Extensions + dpkg-buildpackage I have managed to set this up using mod-mirfak (libapache-mod-frontpage-mirfak). I think I had to hack it a bit - let me know if it doesnt work immediately. mimo David Ross wrote: >Hi All > >I am trying to install FrontPage Extensions support with Apache 1.3.26 >on a Debian Woody box. I got the patch from >ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z and gunzipped it. From >there on I followed the following instructions: > >apt-get source apache >cd apache-1.3.26/upstream/tarballs >tar xvzf apache_1.3.26.tar.gz >cd apache_1.3.26 >patch -p1 fp-patch-apache_1.3.22 cd >apache-1.3.26 dpkg-buildpackage -rfakeroot -b cd .. >dpkg -i apache-common >dpkg -i apache > >When it came to patching the apache source I had to do patch -p1 < >/usr/src/apache/fp-patch-apache_1.3.22 because I had errors trying to >patch it with the above method. After taking care of a few dependency >problems I tried to run the dpkg-buildpackage command but I got the >following error message: > >duys:/usr/src/apache/apache-1.3.26# dpkg-buildpackage -rfakeroot -b >dpkg-buildpackage: source package is apache >dpkg-buildpackage: source version is 1.3.26-0woody3 >dpkg-buildpackage: source maintainer is Martin Schulze ><[EMAIL PROTECTED]> >dpkg-buildpackage: host architecture is i386 fakeroot debian/rules >clean dh_testdir dh_testroot rm -rf build-stamp install-stamp >configure-stamp rm -f debian/apaci debian/buildinfo.Debian rm -f >debian/{*.gif,*.jpg,*.gz,local-apxs,apxs} o debian/o rm -rf >debian/debian debian/docs debian/apache-dev.docs debian/apache-doc.docs >debian/apache-common.examples debian/examples contrib/*/*o chmod +x >debian/{*post*,*preinst*,*prerm*,modchk} >chmod +x debian/{ubersed,apacheconfig,sys-build.mk,scripts/*.*} >/usr/bin/make -f debian/sys-build.mk source.clean >make[1]: Entering directory `/usr/src/apache/apache-1.3.26' >make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' >rm -rf debian.diff debian/stampdir >dh_clean > debian/rules build >/usr/bin/make -f debian/sys-build.mk source.make >make[1]: Entering directory `/usr/src/apache/apache-1.3.26' >Extracting upstream tarball >upstream/tarballs/apache-contrib-1.0.8-nomodcvs.tar.gz successful. >Extracting upstream tarball upstream/tarballs/apache_1.3.26.tar.gz >successful. >Extracting upstream tarball >upstream/tarballs/apache_1.3.26/ABOUT_APACHEtar: This does not look >like a tar archive >tar: Skipping to next header >tar: Error exit delayed from previous errors failed! >make[1]: *** [debian/stampdir/source.unpack] Error 1 >make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' >make: *** [debian/stampdir/source.make] Error 2 > >Has anyone seen anything like this before? Is there something I need to >do before I try build the package? The instructions I have been >following can be found at >http://archives.neohapsis.com/archives/linux/debian/2002-q4/0488.html > >Any help at all will be greatly appreciated! Thanks. > >Dave > > > -- Please note that this account is being filtered using anti UCE systems. If you send email to this account make sure that it could not be mistaken as UCE. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Apache 1.3.26 + Frontpage Extensions + dpkg-buildpackage
After searching though as much docs as I could get my hands on a colleague suggested I just use webdav instead. THEN after reading up on that the client decides they do not want it anymore. Wasn't a waste though cos now I sort of know how to set it up. If anyone's stuck with installing Frontpage Extensions on a debian box with apache I suggest u first try out WebDAV (www.webdav.org). Thanks For those who helped/replied to my post :) Dave -Original Message- From: mimo [mailto:[EMAIL PROTECTED] Sent: 16 March 2004 03:23 To: David Ross Cc: [EMAIL PROTECTED] Subject: Re: Apache 1.3.26 + Frontpage Extensions + dpkg-buildpackage I have managed to set this up using mod-mirfak (libapache-mod-frontpage-mirfak). I think I had to hack it a bit - let me know if it doesnt work immediately. mimo David Ross wrote: >Hi All > >I am trying to install FrontPage Extensions support with Apache 1.3.26 >on a Debian Woody box. I got the patch from >ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z and gunzipped it. From >there on I followed the following instructions: > >apt-get source apache >cd apache-1.3.26/upstream/tarballs >tar xvzf apache_1.3.26.tar.gz >cd apache_1.3.26 >patch -p1 fp-patch-apache_1.3.22 cd >apache-1.3.26 dpkg-buildpackage -rfakeroot -b cd .. >dpkg -i apache-common >dpkg -i apache > >When it came to patching the apache source I had to do patch -p1 < >/usr/src/apache/fp-patch-apache_1.3.22 because I had errors trying to >patch it with the above method. After taking care of a few dependency >problems I tried to run the dpkg-buildpackage command but I got the >following error message: > >duys:/usr/src/apache/apache-1.3.26# dpkg-buildpackage -rfakeroot -b >dpkg-buildpackage: source package is apache >dpkg-buildpackage: source version is 1.3.26-0woody3 >dpkg-buildpackage: source maintainer is Martin Schulze ><[EMAIL PROTECTED]> >dpkg-buildpackage: host architecture is i386 fakeroot debian/rules >clean dh_testdir dh_testroot rm -rf build-stamp install-stamp >configure-stamp rm -f debian/apaci debian/buildinfo.Debian rm -f >debian/{*.gif,*.jpg,*.gz,local-apxs,apxs} o debian/o rm -rf >debian/debian debian/docs debian/apache-dev.docs debian/apache-doc.docs >debian/apache-common.examples debian/examples contrib/*/*o chmod +x >debian/{*post*,*preinst*,*prerm*,modchk} >chmod +x debian/{ubersed,apacheconfig,sys-build.mk,scripts/*.*} >/usr/bin/make -f debian/sys-build.mk source.clean >make[1]: Entering directory `/usr/src/apache/apache-1.3.26' >make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' >rm -rf debian.diff debian/stampdir >dh_clean > debian/rules build >/usr/bin/make -f debian/sys-build.mk source.make >make[1]: Entering directory `/usr/src/apache/apache-1.3.26' >Extracting upstream tarball >upstream/tarballs/apache-contrib-1.0.8-nomodcvs.tar.gz successful. >Extracting upstream tarball upstream/tarballs/apache_1.3.26.tar.gz >successful. >Extracting upstream tarball >upstream/tarballs/apache_1.3.26/ABOUT_APACHEtar: This does not look >like a tar archive >tar: Skipping to next header >tar: Error exit delayed from previous errors failed! >make[1]: *** [debian/stampdir/source.unpack] Error 1 >make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' >make: *** [debian/stampdir/source.make] Error 2 > >Has anyone seen anything like this before? Is there something I need to >do before I try build the package? The instructions I have been >following can be found at >http://archives.neohapsis.com/archives/linux/debian/2002-q4/0488.html > >Any help at all will be greatly appreciated! Thanks. > >Dave > > > -- Please note that this account is being filtered using anti UCE systems. If you send email to this account make sure that it could not be mistaken as UCE. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache 1.3.26 + Frontpage Extensions + dpkg-buildpackage
I have managed to set this up using mod-mirfak (libapache-mod-frontpage-mirfak). I think I had to hack it a bit - let me know if it doesnt work immediately. mimo David Ross wrote: Hi All I am trying to install FrontPage Extensions support with Apache 1.3.26 on a Debian Woody box. I got the patch from ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z and gunzipped it. From there on I followed the following instructions: apt-get source apache cd apache-1.3.26/upstream/tarballs tar xvzf apache_1.3.26.tar.gz cd apache_1.3.26 patch -p1 fp-patch-apache_1.3.22 cd apache-1.3.26 dpkg-buildpackage -rfakeroot -b cd .. dpkg -i apache-common dpkg -i apache When it came to patching the apache source I had to do patch -p1 < /usr/src/apache/fp-patch-apache_1.3.22 because I had errors trying to patch it with the above method. After taking care of a few dependency problems I tried to run the dpkg-buildpackage command but I got the following error message: duys:/usr/src/apache/apache-1.3.26# dpkg-buildpackage -rfakeroot -b dpkg-buildpackage: source package is apache dpkg-buildpackage: source version is 1.3.26-0woody3 dpkg-buildpackage: source maintainer is Martin Schulze <[EMAIL PROTECTED]> dpkg-buildpackage: host architecture is i386 fakeroot debian/rules clean dh_testdir dh_testroot rm -rf build-stamp install-stamp configure-stamp rm -f debian/apaci debian/buildinfo.Debian rm -f debian/{*.gif,*.jpg,*.gz,local-apxs,apxs} o debian/o rm -rf debian/debian debian/docs debian/apache-dev.docs debian/apache-doc.docs debian/apache-common.examples debian/examples contrib/*/*o chmod +x debian/{*post*,*preinst*,*prerm*,modchk} chmod +x debian/{ubersed,apacheconfig,sys-build.mk,scripts/*.*} /usr/bin/make -f debian/sys-build.mk source.clean make[1]: Entering directory `/usr/src/apache/apache-1.3.26' make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' rm -rf debian.diff debian/stampdir dh_clean debian/rules build /usr/bin/make -f debian/sys-build.mk source.make make[1]: Entering directory `/usr/src/apache/apache-1.3.26' Extracting upstream tarball upstream/tarballs/apache-contrib-1.0.8-nomodcvs.tar.gz successful. Extracting upstream tarball upstream/tarballs/apache_1.3.26.tar.gz successful. Extracting upstream tarball upstream/tarballs/apache_1.3.26/ABOUT_APACHEtar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors failed! make[1]: *** [debian/stampdir/source.unpack] Error 1 make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' make: *** [debian/stampdir/source.make] Error 2 Has anyone seen anything like this before? Is there something I need to do before I try build the package? The instructions I have been following can be found at http://archives.neohapsis.com/archives/linux/debian/2002-q4/0488.html Any help at all will be greatly appreciated! Thanks. Dave -- Please note that this account is being filtered using anti UCE systems. If you send email to this account make sure that it could not be mistaken as UCE.
Re: Apache 1.3.26 + Frontpage Extensions + dpkg-buildpackage
I have managed to set this up using mod-mirfak (libapache-mod-frontpage-mirfak). I think I had to hack it a bit - let me know if it doesnt work immediately. mimo David Ross wrote: Hi All I am trying to install FrontPage Extensions support with Apache 1.3.26 on a Debian Woody box. I got the patch from ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z and gunzipped it. From there on I followed the following instructions: apt-get source apache cd apache-1.3.26/upstream/tarballs tar xvzf apache_1.3.26.tar.gz cd apache_1.3.26 patch -p1 fp-patch-apache_1.3.22 cd apache-1.3.26 dpkg-buildpackage -rfakeroot -b cd .. dpkg -i apache-common dpkg -i apache When it came to patching the apache source I had to do patch -p1 < /usr/src/apache/fp-patch-apache_1.3.22 because I had errors trying to patch it with the above method. After taking care of a few dependency problems I tried to run the dpkg-buildpackage command but I got the following error message: duys:/usr/src/apache/apache-1.3.26# dpkg-buildpackage -rfakeroot -b dpkg-buildpackage: source package is apache dpkg-buildpackage: source version is 1.3.26-0woody3 dpkg-buildpackage: source maintainer is Martin Schulze <[EMAIL PROTECTED]> dpkg-buildpackage: host architecture is i386 fakeroot debian/rules clean dh_testdir dh_testroot rm -rf build-stamp install-stamp configure-stamp rm -f debian/apaci debian/buildinfo.Debian rm -f debian/{*.gif,*.jpg,*.gz,local-apxs,apxs} o debian/o rm -rf debian/debian debian/docs debian/apache-dev.docs debian/apache-doc.docs debian/apache-common.examples debian/examples contrib/*/*o chmod +x debian/{*post*,*preinst*,*prerm*,modchk} chmod +x debian/{ubersed,apacheconfig,sys-build.mk,scripts/*.*} /usr/bin/make -f debian/sys-build.mk source.clean make[1]: Entering directory `/usr/src/apache/apache-1.3.26' make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' rm -rf debian.diff debian/stampdir dh_clean debian/rules build /usr/bin/make -f debian/sys-build.mk source.make make[1]: Entering directory `/usr/src/apache/apache-1.3.26' Extracting upstream tarball upstream/tarballs/apache-contrib-1.0.8-nomodcvs.tar.gz successful. Extracting upstream tarball upstream/tarballs/apache_1.3.26.tar.gz successful. Extracting upstream tarball upstream/tarballs/apache_1.3.26/ABOUT_APACHEtar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors failed! make[1]: *** [debian/stampdir/source.unpack] Error 1 make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' make: *** [debian/stampdir/source.make] Error 2 Has anyone seen anything like this before? Is there something I need to do before I try build the package? The instructions I have been following can be found at http://archives.neohapsis.com/archives/linux/debian/2002-q4/0488.html Any help at all will be greatly appreciated! Thanks. Dave -- Please note that this account is being filtered using anti UCE systems. If you send email to this account make sure that it could not be mistaken as UCE. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache 1.3.26 + Frontpage Extensions + dpkg-buildpackage
Hi All I am trying to install FrontPage Extensions support with Apache 1.3.26 on a Debian Woody box. I got the patch from ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z and gunzipped it. From there on I followed the following instructions: apt-get source apache cd apache-1.3.26/upstream/tarballs tar xvzf apache_1.3.26.tar.gz cd apache_1.3.26 patch -p1 fp-patch-apache_1.3.22 cd apache-1.3.26 dpkg-buildpackage -rfakeroot -b cd .. dpkg -i apache-common dpkg -i apache When it came to patching the apache source I had to do patch -p1 < /usr/src/apache/fp-patch-apache_1.3.22 because I had errors trying to patch it with the above method. After taking care of a few dependency problems I tried to run the dpkg-buildpackage command but I got the following error message: duys:/usr/src/apache/apache-1.3.26# dpkg-buildpackage -rfakeroot -b dpkg-buildpackage: source package is apache dpkg-buildpackage: source version is 1.3.26-0woody3 dpkg-buildpackage: source maintainer is Martin Schulze <[EMAIL PROTECTED]> dpkg-buildpackage: host architecture is i386 fakeroot debian/rules clean dh_testdir dh_testroot rm -rf build-stamp install-stamp configure-stamp rm -f debian/apaci debian/buildinfo.Debian rm -f debian/{*.gif,*.jpg,*.gz,local-apxs,apxs} o debian/o rm -rf debian/debian debian/docs debian/apache-dev.docs debian/apache-doc.docs debian/apache-common.examples debian/examples contrib/*/*o chmod +x debian/{*post*,*preinst*,*prerm*,modchk} chmod +x debian/{ubersed,apacheconfig,sys-build.mk,scripts/*.*} /usr/bin/make -f debian/sys-build.mk source.clean make[1]: Entering directory `/usr/src/apache/apache-1.3.26' make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' rm -rf debian.diff debian/stampdir dh_clean debian/rules build /usr/bin/make -f debian/sys-build.mk source.make make[1]: Entering directory `/usr/src/apache/apache-1.3.26' Extracting upstream tarball upstream/tarballs/apache-contrib-1.0.8-nomodcvs.tar.gz successful. Extracting upstream tarball upstream/tarballs/apache_1.3.26.tar.gz successful. Extracting upstream tarball upstream/tarballs/apache_1.3.26/ABOUT_APACHEtar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors failed! make[1]: *** [debian/stampdir/source.unpack] Error 1 make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' make: *** [debian/stampdir/source.make] Error 2 Has anyone seen anything like this before? Is there something I need to do before I try build the package? The instructions I have been following can be found at http://archives.neohapsis.com/archives/linux/debian/2002-q4/0488.html Any help at all will be greatly appreciated! Thanks. Dave
Apache 1.3.26 + Frontpage Extensions + dpkg-buildpackage
Hi All I am trying to install FrontPage Extensions support with Apache 1.3.26 on a Debian Woody box. I got the patch from ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z and gunzipped it. From there on I followed the following instructions: apt-get source apache cd apache-1.3.26/upstream/tarballs tar xvzf apache_1.3.26.tar.gz cd apache_1.3.26 patch -p1 fp-patch-apache_1.3.22 cd apache-1.3.26 dpkg-buildpackage -rfakeroot -b cd .. dpkg -i apache-common dpkg -i apache When it came to patching the apache source I had to do patch -p1 < /usr/src/apache/fp-patch-apache_1.3.22 because I had errors trying to patch it with the above method. After taking care of a few dependency problems I tried to run the dpkg-buildpackage command but I got the following error message: duys:/usr/src/apache/apache-1.3.26# dpkg-buildpackage -rfakeroot -b dpkg-buildpackage: source package is apache dpkg-buildpackage: source version is 1.3.26-0woody3 dpkg-buildpackage: source maintainer is Martin Schulze <[EMAIL PROTECTED]> dpkg-buildpackage: host architecture is i386 fakeroot debian/rules clean dh_testdir dh_testroot rm -rf build-stamp install-stamp configure-stamp rm -f debian/apaci debian/buildinfo.Debian rm -f debian/{*.gif,*.jpg,*.gz,local-apxs,apxs} o debian/o rm -rf debian/debian debian/docs debian/apache-dev.docs debian/apache-doc.docs debian/apache-common.examples debian/examples contrib/*/*o chmod +x debian/{*post*,*preinst*,*prerm*,modchk} chmod +x debian/{ubersed,apacheconfig,sys-build.mk,scripts/*.*} /usr/bin/make -f debian/sys-build.mk source.clean make[1]: Entering directory `/usr/src/apache/apache-1.3.26' make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' rm -rf debian.diff debian/stampdir dh_clean debian/rules build /usr/bin/make -f debian/sys-build.mk source.make make[1]: Entering directory `/usr/src/apache/apache-1.3.26' Extracting upstream tarball upstream/tarballs/apache-contrib-1.0.8-nomodcvs.tar.gz successful. Extracting upstream tarball upstream/tarballs/apache_1.3.26.tar.gz successful. Extracting upstream tarball upstream/tarballs/apache_1.3.26/ABOUT_APACHEtar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors failed! make[1]: *** [debian/stampdir/source.unpack] Error 1 make[1]: Leaving directory `/usr/src/apache/apache-1.3.26' make: *** [debian/stampdir/source.make] Error 2 Has anyone seen anything like this before? Is there something I need to do before I try build the package? The instructions I have been following can be found at http://archives.neohapsis.com/archives/linux/debian/2002-q4/0488.html Any help at all will be greatly appreciated! Thanks. Dave
Apache Solution
Hi!:) I am Brazilian, my English not good, sorry.. I have a doubt. I need to limit definitive memory and processor for script in CGI, specifically in COBOL. How to make this in the Apache? Thanks. Marcelo Barbosa :)
Apache Solution
Hi!:) I am Brazilian, my English not good, sorry.. I have a doubt. I need to limit definitive memory and processor for script in CGI, specifically in COBOL. How to make this in the Apache? Thanks. Marcelo Barbosa :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
How to calculate the memory req's of N apache instances?
Hello What is the best way to estimate the memory requirements of say 1200 Apache Instances on a server when they currently look like this and I do not expect great variability due to PHP doing mallocs or similar? AFAIK those numbers are roughly the memory that the parent process uses (which is why they are mostly identical) and in addition the amount each thread has allocated for its own. Can I simply subtract the parent memory in each line and sum up the results to have the real used memory? (currently I would guess from the "free" output and the number of threads running that each takes about 1M). root 7703 0.0 0.1 7508 2912 ?SFeb29 0:00 httpd httpd29431 0.0 0.2 8072 4768 ?S16:00 0:01 \_ httpd httpd29432 0.0 0.2 8696 5460 ?S16:00 0:01 \_ httpd httpd29433 0.0 0.2 8124 4784 ?S16:00 0:02 \_ httpd ... bye, -christian-
How to calculate the memory req's of N apache instances?
Hello What is the best way to estimate the memory requirements of say 1200 Apache Instances on a server when they currently look like this and I do not expect great variability due to PHP doing mallocs or similar? AFAIK those numbers are roughly the memory that the parent process uses (which is why they are mostly identical) and in addition the amount each thread has allocated for its own. Can I simply subtract the parent memory in each line and sum up the results to have the real used memory? (currently I would guess from the "free" output and the number of threads running that each takes about 1M). root 7703 0.0 0.1 7508 2912 ?SFeb29 0:00 httpd httpd29431 0.0 0.2 8072 4768 ?S16:00 0:01 \_ httpd httpd29432 0.0 0.2 8696 5460 ?S16:00 0:01 \_ httpd httpd29433 0.0 0.2 8124 4784 ?S16:00 0:02 \_ httpd ... bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
On Sat, 2004-02-28 at 17:42, Russell Coker wrote: > On Sun, 29 Feb 2004 02:14, Timo Veith <[EMAIL PROTECTED]> wrote: > > today I noticed that 2 apache procs are using all cpu. ps shows them like > > One thing I have done in the past to deal with such problems is to put > "ulimit -t 600" in the start script for apache. Then when apache processes > got into infinite loops they would only do so for a maximum of 10 mins. On a > two-processor machine that worked fairly well as the problem didn't occur > enough to have both processors running looping apache's. > > When I saw the problem it was a webmail system running IMP. Something related > to PHP 4.x was causing the problem. I never bothered tracking that down as I > had too many other problems to deal with. We dumped PHP/Perl webmail apps for this reason. Much happier and our dual CPU boxes are purring like happy kittens again. We also off loaded anti-spam & anti-virus protection save for a single instance of clamd. So all this means apache is a happy camper as well. Dee -- W.D.McKinney <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
On Sun, 29 Feb 2004 02:14, Timo Veith <[EMAIL PROTECTED]> wrote: > today I noticed that 2 apache procs are using all cpu. ps shows them like One thing I have done in the past to deal with such problems is to put "ulimit -t 600" in the start script for apache. Then when apache processes got into infinite loops they would only do so for a maximum of 10 mins. On a two-processor machine that worked fairly well as the problem didn't occur enough to have both processors running looping apache's. When I saw the problem it was a webmail system running IMP. Something related to PHP 4.x was causing the problem. I never bothered tracking that down as I had too many other problems to deal with. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
At 04:47 PM 2/28/2004, Timo Veith wrote: I will investigate this a little more, but I don't think I will compile my own apache binary for this issue. Anyway I will tell the user to stop his chat thing. Timo, there are chats out there which may behave less, uh, poorly than this particular one. There's perl-chat, an old one that I adapted myself once. Also you might suggest they look on sourceforge.net which in my experience has good software available all open source. Marty Landman Face 2 Interface Inc. 845-679-9387 FormATable DB: http://face2interface.com/Products/FormATable.shtml Make a Website: http://face2interface.com/Home/Demo.shtml Free Formmailer: http://face2interface.com/Products/Formal.shtml -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
Thank you for your help Jeff. I will investigate this a little more, but I don't think I will compile my own apache binary for this issue. Anyway I will tell the user to stop his chat thing. Again, thanks a lot. Kind regards, Timo Am Samstag, 28. Februar 2004 20:56 schrieb Jeff S Wheeler: > It's a shame the debug symbols aren't available. If this happens on a > routine basis, I would definately suggest rebuilding apache and all its > modules with debugging symbols left in. > > Barring that, though, what your apache processes are doing is trying to > read that file, /home/jebu0001/homepage/jens/chat/php_chat_log, over > and over again, most likely in a `tail -f` nature, but no new data is > appearing. Without question, if you were to fire up strace again, and > append a few bytes to that file, they would show up in your strace > output as bytes being read. > > Unfortunately apache does not have any .php files or similar still > open, so it may be difficult to identify exactly what script the > culprit is. In any case, I would contact that user and tell them that > PHP script is causing you grief, and have them stop running it. > > PHP is the single biggest cause of shared server problems at my > company. I wish the PHP CGI stuff worked right, as if it did, we would > opt to use that instead of the Apache PHP module. It may be slower, > but at least that would limit what users can fuck up with third-party > PHP scripts. :( > > I hope this helps! > > -- > Jeff S Wheeler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
Regarding that mail filtering message, that seems to have come from some third party who reads the list. I guess it is not mailing list aware. On Sat, 2004-02-28 at 15:14, Marty Landman wrote: > Jeff, do you think that the apps are trying to flock the file? I'm curious > what the app level issue is and how it could be done properly -- being more > of a developer than sysadmin. No, If apache were trying to flock the file, the strace output would indicate that by showing an flock(2) system call in progress. > How do you find the stability of Apache mod_perl? We do not let our customers use mod_perl on shared servers, as there are way too many things they could fuck up. In all my experiences, mod_perl is quite stable when administered by competiant folks and when running relatively sane code. I certainly choose mod_perl over PHP for any web application development that I do. -- Jeff S Wheeler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
On Sat, Feb 28, 2004 at 02:56:12PM -0500, Jeff S Wheeler wrote: > > PHP is the single biggest cause of shared server problems at my company. > I wish the PHP CGI stuff worked right, as if it did, we would opt to use > that instead of the Apache PHP module. It may be slower, but at least > that would limit what users can fuck up with third-party PHP scripts. :( You may want to give fastcgi a try. We found it usable (light years better than the aged CGI) although it might be difficult to set up in non-trivial environments. Be prepared for a php-build, which is also a lot of fun.. bit, adam -- Am I a cleric? | 1024D/37B8D989 Or maybe a sinner? | 954B 998A E5F5 BA2A 3622 Unbeliever?| 82DD 54C2 843D 37B8 D989 Renegade? | http://sks.dnsalias.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
At 02:56 PM 2/28/2004, Jeff S Wheeler wrote: Barring that, though, what your apache processes are doing is trying to read that file, /home/jebu0001/homepage/jens/chat/php_chat_log, over and over again, most likely in a `tail -f` nature, but no new data is appearing. Jeff, do you think that the apps are trying to flock the file? I'm curious what the app level issue is and how it could be done properly -- being more of a developer than sysadmin. PHP is the single biggest cause of shared server problems at my company. I wish the PHP CGI stuff worked right, as if it did, we would opt to use that instead of the Apache PHP module. It may be slower, but at least that would limit what users can fuck up with third-party PHP scripts. :( How do you find the stability of Apache mod_perl? Marty Landman Face 2 Interface Inc. 845-679-9387 FormATable DB: http://face2interface.com/Products/FormATable.shtml Make a Website: http://face2interface.com/Home/Demo.shtml Free Formmailer: http://face2interface.com/Products/Formal.shtml -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
On Sat, 2004-02-28 at 13:48, Timo Veith wrote: > apache 24290 root8r REG 8,17 13115 25739308 > /home/jebu0001/homepage/jens/chat/php_chat_log > I tried gdb, but there are no debug symbols, > that's the default with most debian packages I assume. It's a shame the debug symbols aren't available. If this happens on a routine basis, I would definately suggest rebuilding apache and all its modules with debugging symbols left in. Barring that, though, what your apache processes are doing is trying to read that file, /home/jebu0001/homepage/jens/chat/php_chat_log, over and over again, most likely in a `tail -f` nature, but no new data is appearing. Without question, if you were to fire up strace again, and append a few bytes to that file, they would show up in your strace output as bytes being read. Unfortunately apache does not have any .php files or similar still open, so it may be difficult to identify exactly what script the culprit is. In any case, I would contact that user and tell them that PHP script is causing you grief, and have them stop running it. PHP is the single biggest cause of shared server problems at my company. I wish the PHP CGI stuff worked right, as if it did, we would opt to use that instead of the Apache PHP module. It may be slower, but at least that would limit what users can fuck up with third-party PHP scripts. :( I hope this helps! -- Jeff S Wheeler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache uses 100 % cpu
Hi, here are my results. I put off line breaks because of the long lines. Hope thats ok. Am Samstag, 28. Februar 2004 17:37 schrieb Jeff S Wheeler: > ... and issue `lsof -p > `, then take note of the FD column in the output. That indicates > which file descriptor is being examined, and of course the information > in the remaining columns to the right are details about that > descriptor. COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME apache 24290 root cwdDIR 8,17 4096 25739266 /home/jebu0001/homepage/jens/chat apache 24290 root rtdDIR8,1 1024 2 / apache 24290 root txtREG8,325421665173 /usr/sbin/apache apache 24290 root memREG8,1 9021024492 /lib/ld-2.2.5.so apache 24290 root memREG8,3 5660 290433 /usr/lib/apache/1.3/mod_dir.so apache 24290 root memREG8,113008824505 /lib/libm-2.2.5.so apache 24290 root memREG8,1 1913624502 /lib/libcrypt-2.2.5.so apache 24290 root memREG8,1 4982824503 /lib/libdb1-2.2.5.so apache 24290 root memREG8,126281224534 /lib/libdb2.so.2.7.7 apache 24290 root memREG8,3131388 352739 /usr/lib/libexpat.so.1.0.0 apache 24290 root memREG8,1 800824504 /lib/libdl-2.2.5.so apache 24290 root memREG8,1 115378424501 /lib/libc-2.2.5.so apache 24290 root memREG8,3 12780 289385 /usr/lib/apache/1.3/mod_log_config.so apache 24290 root memREG8,3 11044 289543 /usr/lib/apache/1.3/mod_mime.so apache 24290 root memREG8,3 21164 289600 /usr/lib/apache/1.3/mod_negotiation.so apache 24290 root memREG8,3 15132 289757 /usr/lib/apache/1.3/mod_status.so apache 24290 root memREG8,3 26748 290432 /usr/lib/apache/1.3/mod_autoindex.so apache 24290 root memREG8,3 11140 290434 /usr/lib/apache/1.3/mod_cgi.so apache 24290 root memREG8,3 6080 290439 /usr/lib/apache/1.3/mod_userdir.so apache 24290 root memREG8,3 7956 290440 /usr/lib/apache/1.3/mod_alias.so apache 24290 root memREG8,3 8 290441 /usr/lib/apache/1.3/mod_rewrite.so apache 24290 root memREG8,3 7048 290443 /usr/lib/apache/1.3/mod_access.so apache 24290 root memREG8,3 8912 290442 /usr/lib/apache/1.3/mod_auth.so apache 24290 root memREG8,3 7032 290449 /usr/lib/apache/1.3/mod_expires.so apache 24290 root memREG8,3 5724 290452 /usr/lib/apache/1.3/mod_unique_id.so apache 24290 root memREG8,3 7256 290453 /usr/lib/apache/1.3/mod_setenvif.so apache 24290 root memREG8,3203224 291062 /usr/lib/apache/1.3/mod_perl.so apache 24290 root memREG8,3798628 352738 /usr/lib/libperl.so.5.6.1 apache 24290 root memREG8,3153988 289602 /usr/lib/apache/1.3/mod_ssl.so apache 24290 root memREG8,3177508 353393 /usr/lib/libssl.so.0.9.6 apache 24290 root memREG8,3744068 352825 /usr/lib/libcrypto.so.0.9.6 apache 24290 root memREG8,3 1271492 289474 /usr/lib/apache/1.3/libphp4.so apache 24290 root memREG8,1 2942024538 /lib/libpam.so.0.72 apache 24290 root memREG8,1 5648024513 /lib/libresolv-2.2.5.so apache 24290 root memREG8,3 14836 352858 /usr/lib/libmm.so.11.0.23 apache 24290 root memREG8,3 34380 352819 /usr/lib/libpcre.so.3.03 apache 24290 root memREG8,3 60392 353484 /usr/lib/libbz2.so.1.0.2 apache 24290 root memREG8,3 55432 355082 /usr/lib/libz.so.1.1.4 apache 24290 root memREG8,1 6947224506 /lib/libnsl-2.2.5.so apache 24290 root memREG8,1 4015224507 /lib/libnss_compat-2.2.5.so apache 24290 root memREG8,1 3266824509 /lib/libnss_files-2.2.5.so apache 24290 root memREG8,1 6710886420429 /tmp/session_mm_apache0.mem apache 24290 root memREG8,1 6710886420429 /tmp/session_mm_apache0.mem apache 24290 root memREG8,3 35716 241490 /usr/lib/php4/20010901/mysql.so apache 24290 root memREG8,3217348 353631 /usr/lib/libmysqlclient.so.10.0.0 apache 24290 root memREG8,3 72708 241489 /usr/lib/php4/20010901/gd.so apache 24290 root memREG8,3183204 353396 /usr/lib/libgd.so.1.8.4 apache 24290 root memREG8,3226236 353639 /usr/lib/libt1.so.1.3.1 apache 24290 root memREG8,3251480 353632 /usr/lib/libfreetype.so.6.3.0 apache 24290 root memREG8,3888580 322575 /usr/X11R6/lib/libX11.so.6.2 apache 24290 root memREG8,3 52852 322583 /usr/X11R6/lib/libXpm.so.4.11 apache 24290 root memREG8,3175132 355091 /usr/lib/libpng.so.2.1.0.12 apache 24290 root memREG8,3120076 353634 /usr/lib/libjpeg.so.62.0.0 apache 24290 r
Re: apache uses 100 % cpu
On Sat, 2004-02-28 at 10:14, Timo Veith wrote: > This is the output of strace: > > read(8, "", 4096) = 0 > read(8, "", 4096) = 0 > read(8, "", 4096) = 0 > read(8, "", 4096) = 0 > looping forever as it seems. First of all, let me compliment you on the good level of detail you've provided in your request for trouble-shooting aid. If these processes are still running, I'd really like to see what is on descriptor 8 of the process that generated the above strace output. To find that out, make sure you have the "lsof" package installed, and issue `lsof -p `, then take note of the FD column in the output. That indicates which file descriptor is being examined, and of course the information in the remaining columns to the right are details about that descriptor. I can't imagine why apache itself would be caught in the scenario you are experiencing, but perhaps a CGI/PHP script or buggy module is the culprit. If that is the case, simple knowledge of what apache is trying to read may be helpful. If you have gdb available (from the gdb package) and your apache binary is not stripped of debugging symbols, you can also issue `gdb -p `, which will attach the debugger to that running process. I'm not sure what the output will look like as it's issuing garbage reads constantly, but you want to issue the gdb command `backtrace`, and send that output to the mailing list. Just issue `q` after you've got that to detach. What version of Apache are you running, and with what modules? -- Jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
apache uses 100 % cpu
Hi list, today I noticed that 2 apache procs are using all cpu. ps shows them like this: www-data 24290 97.4 0.3 142832 7420 ? RFeb27 1651:39 /usr/sbin/apache www-data 24916 97.8 0.2 141408 5700 ? RFeb27 1651:11 /usr/sbin/apache I could just restart apache or kill those procs, but I'd rather would like to know why this happened. So I used strace to see what they are doing. I am not familiar with interpreting the output of strace, so I can only asume that those two apache procs hang. This is the output of strace: read(8, "", 4096) = 0 read(8, "", 4096) = 0 read(8, "", 4096) = 0 read(8, "", 4096) = 0 looping forever as it seems. Maybe some knows what this means and how else I can find out why these apache procs use all cpu ? (You can just reply to the list, I am subscribed with another email address) -- TIA and kind regards Timo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AW: Apache: adding massive amount of users for .htaccess from text file
On Friday 20 February 2004 16.24, Erik Dörnbach wrote: ... Hi, Could you please avoid starting a new thread every time you reply to a message? Thanks -- vbi -- It is easier to write an incorrect program than understand a correct one. pgp0.pgp Description: signature
AW: Apache: adding massive amount of users for .htaccess from text file
wow! > > > #!/usr/bin/perl > > > > > > while (<>) { > > >($username, $password)=split /:/, $_, 2; > > chomp($password); > > > >system("/usr/bin/htpasswd", "-b", "/path/to/htaccess", > > > $username, $password); > > > } Nice one, this did it - thank you all for contributions! Have a nice weekend people... Erik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache: adding massive amount of users for .htaccess from text file
On Fri, Feb 20, 2004 at 04:05:15PM +0100, Erik D?rnbach wrote: > Hi again, > > > untested, quick and dirty > > > > #!/usr/bin/perl > > > > while (<>) { > >($username, $password)=split /:/, $_, 2; chomp($password); > >system("/usr/bin/htpasswd", "-b", "/path/to/htaccess", > > $username, $password); > > } > Mmmh, I'm not sure why, it looks right, but now I noticed, it doesn't > work. The output looks okay, if I change the password of one user > manually in the same htaccess (user:crytpass) it works again for that > user. Maybe something wrong gets parsed after the split part (which I > don't understand myself) into the password? There's a trailing newline on the end of the "password" variable, that makes your hash correspond to something different than what you expect. Steve -- Edinburgh System Administrator & Debian Developer Looking for an interesting Job - http://www.steve.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache: adding massive amount of users for .htaccess from text file
On Fri, Feb 20, 2004 at 04:05:15PM +0100, Erik D?rnbach wrote: > Hi again, > > > untested, quick and dirty > > > > #!/usr/bin/perl > > > > while (<>) { chomp; > >($username, $password)=split /:/, $_, 2; > >system("/usr/bin/htpasswd", "-b", "/path/to/htaccess", > > $username, $password); > > } > > Mmmh, I'm not sure why, it looks right, but now I noticed, it doesn't > work. The output looks okay, if I change the password of one user > manually in the same htaccess (user:crytpass) it works again for that > user. Maybe something wrong gets parsed after the split part (which I > don't understand myself) into the password? Maybe it doesn't like the EOL characters. Try the "chomp;" above. > Help appreciated, please safe me from typing hundreds of users' > credentials! ;) :) -- Michael Wood <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache: adding massive amount of users for .htaccess from text file
Hi again, > untested, quick and dirty > > #!/usr/bin/perl > > while (<>) { >($username, $password)=split /:/, $_, 2; >system("/usr/bin/htpasswd", "-b", "/path/to/htaccess", > $username, $password); > } Mmmh, I'm not sure why, it looks right, but now I noticed, it doesn't work. The output looks okay, if I change the password of one user manually in the same htaccess (user:crytpass) it works again for that user. Maybe something wrong gets parsed after the split part (which I don't understand myself) into the password? Help appreciated, please safe me from typing hundreds of users' credentials! ;) With best regards, Erik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache: adding massive amount of users for .htaccess from text file
On Fri Feb 20, 2004 at 12:0533PM +0100, Erik Dörnbach wrote: > Hello list, > > just a quickie, I need to add a massive load of users for apache > authentication, I have the usernames and associated passwords in > a plain text file, one line per user like: > > : > : > ... > > Database auth would be an overshot, these users will likely never > change. > > Is there an easy way to automate password encryption for use with > apache, thinking about maybe someone has a ready-to-use shell > script or perl snippet. untested, quick and dirty #!/usr/bin/perl while (<>) { ($username, $password)=split /:/, $_, 2; system("/usr/bin/htpasswd", "-b", "/path/to/htaccess", $username, $password); } It expects the list of usernames and passwords to be sperated by : and to be piped to stdin. Problems might occur, when a username contains : (in the password, there shouldn't be a problem) -- Michael Bergbauer <[EMAIL PROTECTED]> use your idle CPU cycles - See http://www.distributed.net for details. Visit our mud Geas at geas.franken.de Port -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
AW: Apache: adding massive amount of users for .htaccess from text file
Hello Michael, > untested, quick and dirty Works as advertised, you saved my day! :) OTOH I should someday learn to hack these quickies myself... Alaaf, Erik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache: adding massive amount of users for .htaccess from text file
Hello list, just a quickie, I need to add a massive load of users for apache authentication, I have the usernames and associated passwords in a plain text file, one line per user like: : : ... Database auth would be an overshot, these users will likely never change. Is there an easy way to automate password encryption for use with apache, thinking about maybe someone has a ready-to-use shell script or perl snippet. Thanks a lot. Regards, Erik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache/MySQL question
On Mon, 2004-01-19 at 17:27, Jeremy Zawodny wrote: > On Mon, Jan 19, 2004 at 03:05:34PM +0100, Jan Kokoska wrote: > > On Mon, 2004-01-19 at 12:30, Francis Tyers wrote: > > > hmm, you might want to look into mysql replication, i just googled and > > > got: > > > > > > http://www.mysql.com/doc/en/Replication.html > > > http://jeremy.zawodny.com/mysql/managing-mysql-replication.html > > > > > if you are on a lower budget, perhaps look at rsync ... > > > > > > http://samba.anu.edu.au/rsync/ > > > > We have this setup running here on a production server with 500+ web > > hosts, fs replicated using rsync (homebrown replication scripts in > > python, can be done in bash or just anything) and MySQL replication as > > described in the documentation (also managed through scripts). > > > > We check the replication using Netsaint and both systems are an exact > > copy, at worst of 5 minutes ago. We stopped at the point of implementing > > some sort of STONITH, so no ip/service takeover yet.. considered how > > MySQL replication is crippled and unreliable (IMHO), this should not be > > done automagically anyway (or you have to provide really extensive > > workarounds and integrity checking). > > Where does the "crippled and unreliable" opinion come from? I'm not > sure if you're talking about replication itself or the failover > options. > Both. Some commands aren't written to binary logs as of mysql 3.23 (Debian stable), one example that has bogged me for some time is altering user privileges directly and relying on replication of "FLUSH PRIVILEGES" to slaves - it won't happen. This might be fixed in 4.x version or in 5.x version, nevertheless it's not in the stable distro in Debian. In docs I can read there are more cases like this, significant number of commands doesn't get replicated. Some of it is definitely fixed in 4.x, but not all. That concerned the replication itself, now for failover. Supposed the master fails and slave becomes new master.. new data get written, but what happens when master comes back? It would be all ok if I just accept the situation and have the old master fall back into slave mode, but if I was to reverse the situation on-the-fly, during constant db updates, I'm inevitably going to fail. We have tested this extensively here, written python scripts to manage the replication but some of the time it is not even clear what state are the mysql daemons in ;/ Locking tables? No problem, but I want the updates which cannot happen during the lock to be moved to the other server (new master) too and first applied there, as otherwise some other update could meanwhile bump in. I have read your webpage, I think I used mysqlsnapshot, I definitely do use mytop, I have even seen your slides on replication ;) but I have no idea how do you run dual-master or replication ring setups... this master-slave switch on-the-fly is IMHO a special case of dual-master (at some point you may have updating sessions open to both servers simultaneously). So if you could provide more insight on how to do things like these *reliably* (the replication setup I'm talking about concerns about 500 client databases running on dual Xeon machines) it would be most welcome. If you promise it *will* be in your upcoming book (High Performance MySQL) we would even buy it here (when will it be available?), no problem, but to opensource db engine I somehow expected free documentation. Yes, someone would have to write it, no, I didn't ;/ -- Jan Kokoska
Re: Apache/MySQL question
On Mon, Jan 19, 2004 at 03:05:34PM +0100, Jan Kokoska wrote: > On Mon, 2004-01-19 at 12:30, Francis Tyers wrote: > > hmm, you might want to look into mysql replication, i just googled and > > got: > > > > http://www.mysql.com/doc/en/Replication.html > > http://jeremy.zawodny.com/mysql/managing-mysql-replication.html > > > if you are on a lower budget, perhaps look at rsync ... > > > > http://samba.anu.edu.au/rsync/ > > We have this setup running here on a production server with 500+ web > hosts, fs replicated using rsync (homebrown replication scripts in > python, can be done in bash or just anything) and MySQL replication as > described in the documentation (also managed through scripts). > > We check the replication using Netsaint and both systems are an exact > copy, at worst of 5 minutes ago. We stopped at the point of implementing > some sort of STONITH, so no ip/service takeover yet.. considered how > MySQL replication is crippled and unreliable (IMHO), this should not be > done automagically anyway (or you have to provide really extensive > workarounds and integrity checking). Where does the "crippled and unreliable" opinion come from? I'm not sure if you're talking about replication itself or the failover options. Jeremy -- Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! <[EMAIL PROTECTED]> | http://jeremy.zawodny.com/
Re: Apache/MySQL question
On Mon, 2004-01-19 at 17:27, Jeremy Zawodny wrote: > On Mon, Jan 19, 2004 at 03:05:34PM +0100, Jan Kokoska wrote: > > On Mon, 2004-01-19 at 12:30, Francis Tyers wrote: > > > hmm, you might want to look into mysql replication, i just googled and > > > got: > > > > > > http://www.mysql.com/doc/en/Replication.html > > > http://jeremy.zawodny.com/mysql/managing-mysql-replication.html > > > > > if you are on a lower budget, perhaps look at rsync ... > > > > > > http://samba.anu.edu.au/rsync/ > > > > We have this setup running here on a production server with 500+ web > > hosts, fs replicated using rsync (homebrown replication scripts in > > python, can be done in bash or just anything) and MySQL replication as > > described in the documentation (also managed through scripts). > > > > We check the replication using Netsaint and both systems are an exact > > copy, at worst of 5 minutes ago. We stopped at the point of implementing > > some sort of STONITH, so no ip/service takeover yet.. considered how > > MySQL replication is crippled and unreliable (IMHO), this should not be > > done automagically anyway (or you have to provide really extensive > > workarounds and integrity checking). > > Where does the "crippled and unreliable" opinion come from? I'm not > sure if you're talking about replication itself or the failover > options. > Both. Some commands aren't written to binary logs as of mysql 3.23 (Debian stable), one example that has bogged me for some time is altering user privileges directly and relying on replication of "FLUSH PRIVILEGES" to slaves - it won't happen. This might be fixed in 4.x version or in 5.x version, nevertheless it's not in the stable distro in Debian. In docs I can read there are more cases like this, significant number of commands doesn't get replicated. Some of it is definitely fixed in 4.x, but not all. That concerned the replication itself, now for failover. Supposed the master fails and slave becomes new master.. new data get written, but what happens when master comes back? It would be all ok if I just accept the situation and have the old master fall back into slave mode, but if I was to reverse the situation on-the-fly, during constant db updates, I'm inevitably going to fail. We have tested this extensively here, written python scripts to manage the replication but some of the time it is not even clear what state are the mysql daemons in ;/ Locking tables? No problem, but I want the updates which cannot happen during the lock to be moved to the other server (new master) too and first applied there, as otherwise some other update could meanwhile bump in. I have read your webpage, I think I used mysqlsnapshot, I definitely do use mytop, I have even seen your slides on replication ;) but I have no idea how do you run dual-master or replication ring setups... this master-slave switch on-the-fly is IMHO a special case of dual-master (at some point you may have updating sessions open to both servers simultaneously). So if you could provide more insight on how to do things like these *reliably* (the replication setup I'm talking about concerns about 500 client databases running on dual Xeon machines) it would be most welcome. If you promise it *will* be in your upcoming book (High Performance MySQL) we would even buy it here (when will it be available?), no problem, but to opensource db engine I somehow expected free documentation. Yes, someone would have to write it, no, I didn't ;/ -- Jan Kokoska -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]