Re: [users@httpd] Best Form Redirect Http --> Https VirtualHost Apache.
On Wed, Apr 19, 2017 at 8:05 PM, Wilmer Arambula < tecnologiaterab...@gmail.com> wrote: > Ok, Perfect thanks a lot for your answer, is there any way to prevent it > from redirecting to the first *: 443 virtualhost, without having to > define a virtualhost > for each domain undefined. No, Where would you want it to go? Once you create your first *:443 vhost, all traffic on that port goes there. If you create more, you can direct it to the subsequent ones. -- Eric Covener cove...@gmail.com
Fwd: Re: [users@httpd] Reg: Custom error message at Apache 2.4.25
Hi, Any help to identify and correct what is the issue in my setting to re-write the 500 error by Apache Proxy 2.4.25 Regards, Vel -- Forwarded message -- From: "Velmurugan Dhakshnamoorthy"Date: Apr 18, 2017 16:03 Subject: Re: [users@httpd] Reg: Custom error message at Apache 2.4.25 To: Cc: Hi Luca, > Is it possible to pinpoint what is the wrong in my setting. I am still > unable to display the custom error message. > > *The actual message from weblogic 12c in browser* > > Error 500--Internal Server Error > From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1: > 10.5.1 500 Internal Server Error > The server encountered an unexpected condition which prevented it from > fulfilling the request. > > *Apache Proxy 2.4.25 setting in httpd.conf* > > *Configuration to forward request from Apache to Weblogic 12c* > > >SetHandler weblogic-handler >WebLogicHost hawley760 > WebLogicPort 8062 >Debug ON >WLLogFile /opt/app/bea/apache2.4/httpd-2.4.25/logs/RPS-8060.log > > > > *config related to error document in httpd.conf* > > DocumentRoot "/opt/app/bea/apache2.4/httpd-2.4.25/htdocs" > ProxyPreserveHost On > ProxyPass /error ! > ProxyErrorOverride On > Alias /error /opt/app/bea/apache2.4/httpd-2.4.25/htdocs > ErrorDocument 500 /error/500.html > > I tried to setup this in virtual host as well, but cannot re-write the > default 500 error message. I am also attaching my httpd.conf file. > > Appreciate if you can tell me what I am doing wrong, it would be much > appreciated. > > Regards, > Vel > > > > > > > Regards, > Velmurugan Dhakshnamoorthy (Vel) > Singapore. > > On Tue, Apr 18, 2017 at 6:56 AM, Velmurugan Dhakshnamoorthy < > dvel@gmail.com> wrote: > >> Thanks again for your valuable inputs, I am actually restricting number >> of HTTP sessions at weblogic layer, beyond the specified limit, weblogic >> throws 500 error message, which is not very useful to users, I want only >> the 500 error page to be re-written by Apache proxy with simple message >> (ex: server is busy, login after sometime), I want only 500 generic error >> message to re-write, I don't want to re-write any other content from >> back-end server. >> >> Regards, >> Vel >> >> On Apr 18, 2017 00:19, "Luca Toscano" wrote: >> >>> Hi! >>> >>> As Nick mentioned there are a couple of options: >>> >>> 1) https://httpd.apache.org/docs/2.4/mod/mod_substitute.html or >>> https://httpd.apache.org/docs/current/mod/mod_proxy_html.html in case >>> you want to replace some parts of the response coming from the backend with >>> your content. >>> >>> 2) Write your own content output filter to modify the backend response >>> as you wish before flushing it out to the client. I'd suggest to follow >>> https://httpd.apache.org/docs/2.4/mod/mod_lua.html#modifying_buckets if >>> you want to attempt this road since using Lua instead of C is generally >>> easier for people not used to write Apache code. >>> >>> My personal suggestion is to not use any of the above but to re-think >>> about why you want to force the proxy to do this work. A proxy should be as >>> lightweight as possible and ideally should mask backend failures with >>> pre-defined error pages. >>> >>> Hope that helps! >>> >>> Luca >>> >>> 2017-04-17 9:57 GMT+02:00 Velmurugan Dhakshnamoorthy >> >: >>> Hi Nick, yes exactly, I want the error message produced by back-end weblogic server to be re-written by Apache proxy and then display custom message to user. Regards, Vel On Apr 17, 2017 15:34, "Nick Kew" wrote: On Mon, 2017-04-17 at 09:04 +0800, Velmurugan Dhakshnamoorthy wrote: > > Thanks Luca, I tried setting proxyerroroverride and error > document in virtual host, however, the 500 error produced by > content server is displayed as it is via Apache proxy. Any > further help? Are you saying you want an error message coming from the backend but modified by the proxy? That would imply using a content filter (such as mod_proxy_html, mod_sed, or mod_substitute) to rewrite the response from the backend. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org >>> > httpd.conf Description: Binary data - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Best Form Redirect Http --> Https VirtualHost Apache.
If that domain points to your servers external IP, it will be handled by the first *:443 virtualhost: Ok, Perfect thanks a lot for your answer, is there any way to prevent it from redirecting to the first *: 443 virtualhost, without having to define a virtualhost for each domain undefined. Regards, 2017-04-19 19:55 GMT-04:00 Eric Covener: > On Wed, Apr 19, 2017 at 7:39 PM, Wilmer Arambula > wrote: > > http://subdomain1.example.com --> Is not assigned to any virtualhost, > > Because it redirects too https://www.subdomain.example.com > > If that domain points to your servers external IP, it will be handled > by the first *:443 virtualhost. > If the domain points somewhere else, you don't have an HTTPD question. > > > > -- > Eric Covener > cove...@gmail.com > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- *Wilmer Arambula. * *Asoc. Cooperativa Tecnologia Terabyte 124, RL.Tlfs: +58 02512623601 - +58 4125110921.* *Representante para Venezuela.* *Digital Identification Solutions* *EDI**secure*® *Fingertec*®
Re: [users@httpd] Best Form Redirect Http --> Https VirtualHost Apache.
On Wed, Apr 19, 2017 at 7:39 PM, Wilmer Arambulawrote: > http://subdomain1.example.com --> Is not assigned to any virtualhost, > Because it redirects too https://www.subdomain.example.com If that domain points to your servers external IP, it will be handled by the first *:443 virtualhost. If the domain points somewhere else, you don't have an HTTPD question. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Best Form Redirect Http --> Https VirtualHost Apache.
# Valores generales del proyecto ServerAdmin administra...@example.com ServerName subdomain.example.com DocumentRoot /home/domain/public_html/subdomain Redirect "/" "https://www.subdomain.example.com; # Valores generales del proyecto ServerAdmin administra...@example.com ServerName subdomain.example.com DocumentRoot /home/domain/public_html/subdomain According to the official documentation of apache the best way to redirect http to htpps, it is with redirect in a simple way, following this example in virtualhost I have a problem, for example: http://subdomain.example.com --> https://www.subdomain.example.com --> Assigned to virtual host works perfect. http://subdomain1.example.com --> Is not assigned to any virtualhost, Because it redirects too https://www.subdomain.example.com Regards, -- *Wilmer Arambula. *
[users@httpd] Virtual hosts, include php.conf, DirectoryIndex failure
Hi - While I have a work-around for this issue, I thought I would post it here to see what, if any, feedback I might get. Perhaps I am doing something wrong? I run a rather complex server environment where I use both Apache HTTPD and Apache Tomcat servers in combination and host a number of virtual hosts (named and all using the same IP address) On one of my virtual hosts I recently installed WordPress and this required me to also add in PHP support, since WordPress uses mostly PHP scripts. Since this is only needed on one of my virtual hosts, I tried to configure just that virtual host to include the additional stuff needed to support PHP. My attempts to do so failed and the workaround was to include the PHP configuration stuff (php7.conf) at a global level that will affect all the virtual hosts that I am supporting. For now, that is OK and won't bother anything but I am wondering why my initial approach failed and if there is something that I am missing or don't understand. Basically, the symptoms, of what happened, was that the DirectoryIndex index.php setting fails when I just included the php7.conf file in the configuration file for the virtual host. But when I included the php7.file in the global http.conf or in the global default-server.conf files then it works! Error logs do not show anything other than the fact that an index file could not be found when referencing a directory that does indeed have an index.php file in it. I will show the pertinent config files (urls obscured) below in the configuration that fails, and I hope this is not overwhelming. First here is the version info for Apache just so we are all on the same page - httpd -V Server version: Apache/2.4.23 (Linux/SUSE) Server built: 2017-03-22 14:54:04.0 + Server's Module Magic Number: 20120211:61 Server loaded: APR 1.5.1, APR-UTIL 1.5.3 Compiled using: APR 1.5.1, APR-UTIL 1.5.3 Architecture: 64-bit Server MPM: prefork threaded: no forked: yes (variable process count) Server compiled with -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_PROC_PTHREAD_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/srv/www" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="/run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="/var/log/apache2/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf" Here is php7.conf that I am including - cat php7.conf SetHandler application/x-httpd-php SetHandler application/x-httpd-php-source DirectoryIndex index.php4 DirectoryIndex index.php5 DirectoryIndex index.php And this is my virtual host configuration (comments removed and URLs obscured)- cat myvirtualhost.conf ServerAdmin m...@mydomain.com ServerName www.myvirtualhost.org ServerAlias myvirtualhost.org DocumentRoot "/srv/tomcat/myvirtualhost_webapps/ROOT" ErrorLog "/var/log/apache2/myvirtualhost.org-error_log" TransferLog "/var/log/apache2/myvirtualhost.org-access_log" HostnameLookups Off UseCanonicalName Off ServerSignature On RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} # THIS INCLUDE STATEMENT AND/OR THE DIRECTIVES IN PHP7.CONF FAILS FOR SOME UNKNOWN REASON! Include /etc/apache2/conf.d/php7.conf Alias / /srv/tomcat/myvirtualhost_webapps/ROOT/ JkMount / tomcatWorker1 JkMount /* tomcatWorker1 JkUnMount /*.html tomcatWorker1 JkUnMount /*.php tomcatWorker1 JkUnMount /*.css tomcatWorker1 JkUnMount /*.js tomcatWorker1 JkUnMount /*.jpg tomcatWorker1 JkUnMount /*.png tomcatWorker1 JkUnMount /*.gif tomcatWorker1 ScriptAlias /cgi-bin/ "/srv/tomcat/myvirtualhost_webapps/ROOT/cgi-bin/" AllowOverride None Options +ExecCGI -Includes Require all granted Order allow,deny Allow from all UserDir public_html Include /etc/apache2/mod_userdir.conf Options +Indexes +FollowSymLinks AllowOverride None Require all granted Order allow,deny Allow from all php_admin_flag engine on php_admin_flag engine on as I said, if I move the "Include /etc/apache2/conf.d/php7.conf" statement to a global configuration
RE: [users@httpd] how to enable TLS v1.1 and TLS v1.2 alone in Apache 2.4.10 ?
Hi Eric/All, Can you please help me with the below. Regards, Krishna -Original Message- From: Chunduru, Krishnachaithanya [mailto:krishnachaithanya.chund...@broadridge.com] Sent: Monday, April 17, 2017 6:34 PM To: users@httpd.apache.org Subject: RE: [users@httpd] how to enable TLS v1.1 and TLS v1.2 alone in Apache 2.4.10 ? Hi Eric, We used the openssl version is 1.0.1.515 while installing the Apache 2.4.10. Regards, Krishna -Original Message- From: Eric Covener [mailto:cove...@gmail.com] Sent: Monday, April 17, 2017 6:18 PM To: users@httpd.apache.org Subject: Re: [users@httpd] how to enable TLS v1.1 and TLS v1.2 alone in Apache 2.4.10 ? On Mon, Apr 17, 2017 at 6:59 AM, Chunduru, Krishnachaithanyawrote: > Is TLS v1.1 and v1.2 not supported in Apache 2.4.10 running with > Openssl > 1.0.2.1000 ? your suggestions are highly appreciated as this is > pending in my account from long time. It probably depends what openssl build your httpd was built against, not just what's loaded at runtime. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_lua and subprocess_env
On Apr 10, 2017 12:10 PM, "Andrei Ivanov"wrote: On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov wrote: > On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov > wrote: > >> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov >> wrote: >> >>> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic >>> wrote: >>> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov wrote: > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov < andrei.iva...@gmail.com> > wrote: > > Argh! You've sent more emails but Gmail received them out of order so I > didn't see your initial email about the changed syntax. We seem to talk past each other :) Anyway, maybe past failures make more sense now... > > It works now! :-) > Wooohooo! Cool. > > Now... any chance of getting the patches included in the next release? :-D Possibly, we'll propose and ask for feedbacks on the dev@ mailing list first ;) >>> >>> Any way I can help with this? >>> I saw a discussion already started about 2.4.26... >>> >> >> Yann? :-D >> > > Ping :-/ > Yann, please come baaack! > > >> >> >>> >>> Btw, I also created a ticket for what I thought was the solution at that >>> time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456 >>> I guess that would still make sense to have in the future... >>> >>> > > Thank you very much, I owe you many beers! :-) I can drink that! let's see :) >>> >> >
Re: [users@httpd] Help: Apache Crashing Everyday
Hi Luca, Thanks for the details. 1. our server's ulimit values are: ]$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 63714 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 1024 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited Please let me know whether the values are sufficient to allow at least 500 concurrent connections. 2. Yes I checked mod_jk log when hang happens, and getting below errors continuously. [Wed Apr 19 02:00:38 2017]loadbalancer www.cmsp1.com 24.843284 [Wed Apr 19 02:00:38 2017][16313:3878614784] [info] ajp_process_callback::jk_ajp_common.c (1788): Writing to client aborted or client network problems [Wed Apr 19 02:00:38 2017][16313:3878614784] [info] ajp_service::jk_ajp_common.c (2447): (qu_prod_live_svr1) sending request to tomcat failed (unrecoverable), because of client write error (attempt=1) [Wed Apr 19 02:00:38 2017][16313:3878614784] [info] service::jk_lb_worker.c (1384): service failed, worker qu_prod_live_svr1 is in local error state [Wed Apr 19 02:00:38 2017][16313:3878614784] [info] service::jk_lb_worker.c (1403): unrecoverable error 200, request failed. Client failed in the middle of request, we can't recover to another instance. [Wed Apr 19 02:00:38 2017]loadbalancer www.cmsp1.com 19.170901 [Wed Apr 19 02:00:38 2017][16313:3878614784] [info] jk_handler::mod_jk.c (2608): Aborting connection for worker=loadbalancer [Wed Apr 19 02:00:39 2017][16261:3878614784] [warn] map_uri_to_worker_ext::jk_uri_worker_map.c (962): Uri * is invalid. Uri must start with / [Wed Apr 19 02:00:40 2017][16308:3878614784] [warn] map_uri_to_worker_ext::jk_uri_worker_map.c (962): Uri * is invalid. Uri must start with / 3. We will upgrade to 2.4.25, could you please share optimal configuration for mpm-event to allow more concurrent users, please. Thanks Jay On Tue, Apr 18, 2017 at 10:03 AM, Luca Toscanowrote: > Hi, > > Some suggestions: > > 1) check your RHEL ulimits applied to httpd, the error message "Resource > temporarily unavailable: setuid: unable to change to uid" could be related > to maximum number of processes (allowed by the OS) reached. This should > allow you to spawn more httpd processes. > > 2) Have you checked when the "hang" happens? If you have long lived > connections and your httpd server reloads (for example for log rotation) > then it might hang a bit while waiting for the remaining connections to > drain. > > 3) If possible I'd consider to upgrade httpd to >= 2.4.25 and use > mpm-event (rather than prefork). > > Hope that helps! > > Luca > > > 2017-04-16 13:18 GMT+02:00 Jayaram Ponnusamy > : > >> Dear All, >> >> We were runnig our site in PHP based CMS tool earlier, and normally >> 20-30K users will access our sites daily. But in new system with Tomcat, we >> are facing performance and availability issue frequently, when i access the >> tomcat url directly the page is loading within 3seconds, but if we access >> webServer URL then its taking more than 9seconds. >> >> Also, Each day I am seeing more and more of these in my error_logs, and >> when the Total Children value is reached 999 the Apache is not responding >> and Server reboot only help to bring the site back. Every day atleast 4-5 >> times we are facing this issue (we are using mod_jk to connect with tomcat). >> >> Kindly please help on this. >> >> Usually I am seeing this on my error_log: >> [Sat Apr 15 20:49:33 2017] [info] server seems busy, (you may need to >> increase StartServers, or Min/MaxSpareServers), spawning 8 children, there >> are 4 idle, and 31 total children >> [Sat Apr 15 20:51:14 2017] [info] server seems busy, (you may need to >> increase StartServers, or Min/MaxSpareServers), spawning 8 children, there >> are 0 idle, and 20 total children >> [Sat Apr 15 20:51:15 2017] [info] server seems busy, (you may need to >> increase StartServers, or Min/MaxSpareServers), spawning 16 children, there >> are 0 idle, and 28 total children >> [Sat Apr 15 20:51:16 2017] [info] server seems busy, (you may need to >> increase StartServers, or Min/MaxSpareServers), spawning 32 children, there >> are 0 idle, and 44 total children >> We are using two Apache Nodes and Connected with Two Tomcat (at >> Application Level Clustering). >> Apache Servers: >> 4 Core 64-bit, Rhel System running on 16GB RAM (Both Servers) >> Server version: Apache/2.2.21 (Unix) >> >> *httpd.conf* >> KeepAlive On >> Timeout 300 >> MaxKeepAliveRequests