Re: [users@httpd] Best Form Redirect Http --> Https VirtualHost Apache.

2017-04-19 Thread Eric Covener 
On Wed, Apr 19, 2017 at 8:05 PM, Wilmer Arambula <
tecnologiaterab...@gmail.com> wrote:

> Ok, Perfect thanks a lot for your answer, is there any way to prevent it
> from redirecting to the first *: 443 virtualhost, without having to
> define a virtualhost
> for each domain undefined.


​No, Where would you want it to go?​

Once you create your first *:443 vhost, all traffic on that port goes
there.​ If you create more, you can direct it to the subsequent ones.



-- 
Eric Covener
cove...@gmail.com

Fwd: Re: [users@httpd] Reg: Custom error message at Apache 2.4.25

2017-04-19 Thread Velmurugan Dhakshnamoorthy 
Hi,
Any help  to identify and correct  what is the issue in my setting to
re-write  the 500 error by Apache Proxy 2.4.25

Regards,
Vel
-- Forwarded message --
From: "Velmurugan Dhakshnamoorthy" 
Date: Apr 18, 2017 16:03
Subject: Re: [users@httpd] Reg: Custom error message at Apache 2.4.25
To: 
Cc:

Hi Luca,
> Is it possible to pinpoint what is the wrong in my setting. I am still
> unable to display the custom error message.
>
> *The actual message from weblogic 12c in browser*
>
> Error 500--Internal Server Error
> From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
> 10.5.1 500 Internal Server Error
> The server encountered an unexpected condition which prevented it from
> fulfilling the request.
>
> *Apache Proxy 2.4.25 setting in httpd.conf*
>
> *Configuration to forward request from Apache to Weblogic 12c*
> 
>
>SetHandler weblogic-handler
>WebLogicHost hawley760
>   WebLogicPort 8062
>Debug ON
>WLLogFile /opt/app/bea/apache2.4/httpd-2.4.25/logs/RPS-8060.log
>   
> 
>
> *config related to error document in httpd.conf*
>
> DocumentRoot "/opt/app/bea/apache2.4/httpd-2.4.25/htdocs"
> ProxyPreserveHost On
> ProxyPass /error !
> ProxyErrorOverride On
> Alias /error /opt/app/bea/apache2.4/httpd-2.4.25/htdocs
> ErrorDocument 500 /error/500.html
>
> I tried to setup this in virtual host as well, but cannot re-write the
> default 500 error message. I am also attaching my httpd.conf file.
>
> Appreciate if you can tell me what I am doing wrong, it would be much
> appreciated.
>
> Regards,
> Vel
>
>
>
>
>
>
> Regards,
> Velmurugan Dhakshnamoorthy (Vel)
> Singapore.
>
> On Tue, Apr 18, 2017 at 6:56 AM, Velmurugan Dhakshnamoorthy <
> dvel@gmail.com> wrote:
>
>> Thanks again for your valuable inputs,  I am actually restricting number
>> of HTTP sessions at weblogic layer,  beyond the specified limit,  weblogic
>> throws 500 error message,  which is not very useful to users,  I want only
>> the 500 error page to be re-written by Apache proxy with simple message
>> (ex: server is busy,  login after sometime), I want only 500 generic error
>> message to re-write,  I don't want to re-write any other content from
>> back-end server.
>>
>> Regards,
>> Vel
>>
>> On Apr 18, 2017 00:19, "Luca Toscano"  wrote:
>>
>>> Hi!
>>>
>>> As Nick mentioned there are a couple of options:
>>>
>>> 1) https://httpd.apache.org/docs/2.4/mod/mod_substitute.html or
>>> https://httpd.apache.org/docs/current/mod/mod_proxy_html.html in case
>>> you want to replace some parts of the response coming from the backend with
>>> your content.
>>>
>>> 2) Write your own content output filter to modify the backend response
>>> as you wish before flushing it out to the client. I'd suggest to follow
>>> https://httpd.apache.org/docs/2.4/mod/mod_lua.html#modifying_buckets if
>>> you want to attempt this road since using Lua instead of C is generally
>>> easier for people not used to write Apache code.
>>>
>>> My personal suggestion is to not use any of the above but to re-think
>>> about why you want to force the proxy to do this work. A proxy should be as
>>> lightweight as possible and ideally should mask backend failures with
>>> pre-defined error pages.
>>>
>>> Hope that helps!
>>>
>>> Luca
>>>
>>> 2017-04-17 9:57 GMT+02:00 Velmurugan Dhakshnamoorthy >> >:
>>>
 Hi Nick,
 yes exactly,  I want the error message produced by back-end weblogic
 server to be re-written by Apache proxy and then display custom message to
 user.

 Regards,
 Vel


 On Apr 17, 2017 15:34, "Nick Kew"  wrote:

 On Mon, 2017-04-17 at 09:04 +0800, Velmurugan Dhakshnamoorthy wrote:

 >
 > Thanks Luca,  I tried setting proxyerroroverride and error
 > document  in virtual host, however,  the 500 error produced by
 > content server is displayed as it is via Apache proxy. Any
 > further help?

 Are you saying you want an error message coming from the backend
 but modified by the proxy?  That would imply using a content filter
 (such as mod_proxy_html, mod_sed, or mod_substitute) to rewrite
 the response from the backend.

 --
 Nick Kew



 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org



>>>
>


httpd.conf
Description: Binary data

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Best Form Redirect Http --> Https VirtualHost Apache.

2017-04-19 Thread Wilmer Arambula 
 If that domain points to your servers external IP, it will be handled by
the first *:443 virtualhost:

Ok, Perfect thanks a lot for your answer, is there any way to prevent it
from redirecting to the first *: 443 virtualhost, without having to define
a virtualhost
for each domain undefined.

Regards,

2017-04-19 19:55 GMT-04:00 Eric Covener :

> On Wed, Apr 19, 2017 at 7:39 PM, Wilmer Arambula
>  wrote:
> > http://subdomain1.example.com --> Is not assigned to any virtualhost,
> > Because it redirects too https://www.subdomain.example.com
>
> If that domain points to your servers external IP, it will be handled
> by the first *:443 virtualhost.
> If the domain points somewhere else, you don't have an HTTPD question.
>
>
>
> --
> Eric Covener
> cove...@gmail.com
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


-- 
*Wilmer Arambula. *

*Asoc. Cooperativa Tecnologia Terabyte 124, RL.Tlfs: +58 02512623601 - +58
4125110921.*

*Representante para Venezuela.*
*Digital Identification Solutions* *EDI**secure*® *Fingertec*®

Re: [users@httpd] Best Form Redirect Http --> Https VirtualHost Apache.

2017-04-19 Thread Eric Covener 
On Wed, Apr 19, 2017 at 7:39 PM, Wilmer Arambula
 wrote:
> http://subdomain1.example.com --> Is not assigned to any virtualhost,
> Because it redirects too https://www.subdomain.example.com

If that domain points to your servers external IP, it will be handled
by the first *:443 virtualhost.
If the domain points somewhere else, you don't have an HTTPD question.



-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Best Form Redirect Http --> Https VirtualHost Apache.

2017-04-19 Thread Wilmer Arambula 

# Valores generales del proyecto
ServerAdmin administra...@example.com
ServerName subdomain.example.com

DocumentRoot /home/domain/public_html/subdomain

Redirect "/" "https://www.subdomain.example.com;




# Valores generales del proyecto
ServerAdmin administra...@example.com
ServerName subdomain.example.com

DocumentRoot /home/domain/public_html/subdomain



According to the official documentation of apache the best way to redirect
http to htpps, it is with redirect in a simple way, following this example
in virtualhost I have a problem, for example:

http://subdomain.example.com   --> https://www.subdomain.example.com
--> Assigned
to virtual host works perfect.
http://subdomain1.example.com --> Is not assigned to any virtualhost, Because
it redirects too https://www.subdomain.example.com

Regards,

-- 

*Wilmer Arambula. *

[users@httpd] Virtual hosts, include php.conf, DirectoryIndex failure

2017-04-19 Thread Marc Chamberlin 
Hi -  While I have a work-around for this issue, I thought I would post 
it here to see what, if any, feedback I might get. Perhaps I am doing 
something wrong?  I run a rather complex server environment where I use 
both Apache HTTPD and Apache Tomcat servers in combination and host a 
number of virtual hosts (named and all using the same IP address) On one 
of my virtual hosts I recently installed WordPress and this required me 
to also add in PHP support, since WordPress uses mostly PHP scripts. 
Since this is only needed on one of my virtual hosts, I tried to 
configure just that virtual host to include the additional stuff needed 
to support PHP. My attempts to do so failed and the workaround was to 
include the PHP configuration stuff (php7.conf) at a global level that 
will affect all the virtual hosts that I am supporting. For now, that is 
OK and won't bother anything but I am wondering why my initial approach 
failed and if there is something that I am missing or don't understand.


Basically, the symptoms, of what happened, was that the DirectoryIndex 
index.php  setting fails when I just included the php7.conf file in the 
configuration file for the virtual host. But when I included the 
php7.file in the global http.conf or in the global default-server.conf 
files then it works! Error logs do not show anything other than the fact 
that an index file could not be found when referencing a directory that 
does indeed have an index.php file in it. I will show the pertinent 
config files (urls obscured) below in the configuration that fails, and 
I hope this is not overwhelming. First here is the version info for 
Apache just so we are all on the same page -


httpd -V
Server version: Apache/2.4.23 (Linux/SUSE)
Server built:   2017-03-22 14:54:04.0 +
Server's Module Magic Number: 20120211:61
Server loaded:  APR 1.5.1, APR-UTIL 1.5.3
Compiled using: APR 1.5.1, APR-UTIL 1.5.3
Architecture:   64-bit
Server MPM: prefork
  threaded: no
forked: yes (variable process count)
Server compiled with
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/srv/www"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"



Here is php7.conf that I am including -

cat php7.conf

   
   SetHandler application/x-httpd-php
   
   
   SetHandler application/x-httpd-php-source
   
DirectoryIndex index.php4
DirectoryIndex index.php5
DirectoryIndex index.php




And this is my virtual host configuration  (comments removed and URLs 
obscured)-


cat myvirtualhost.conf

ServerAdmin m...@mydomain.com
ServerName www.myvirtualhost.org
ServerAlias myvirtualhost.org
DocumentRoot "/srv/tomcat/myvirtualhost_webapps/ROOT"
ErrorLog "/var/log/apache2/myvirtualhost.org-error_log"
TransferLog "/var/log/apache2/myvirtualhost.org-access_log"
HostnameLookups Off
UseCanonicalName Off
ServerSignature On

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


   # THIS INCLUDE STATEMENT AND/OR THE DIRECTIVES IN PHP7.CONF FAILS 
FOR SOME UNKNOWN REASON!

  Include /etc/apache2/conf.d/php7.conf

Alias /  /srv/tomcat/myvirtualhost_webapps/ROOT/

 JkMount / tomcatWorker1
 JkMount /* tomcatWorker1
 JkUnMount /*.html tomcatWorker1
 JkUnMount /*.php tomcatWorker1
 JkUnMount /*.css tomcatWorker1
 JkUnMount /*.js tomcatWorker1
 JkUnMount /*.jpg  tomcatWorker1
 JkUnMount /*.png  tomcatWorker1
 JkUnMount /*.gif  tomcatWorker1

ScriptAlias /cgi-bin/ "/srv/tomcat/myvirtualhost_webapps/ROOT/cgi-bin/"

AllowOverride None
Options +ExecCGI -Includes

Require all granted


Order allow,deny
Allow from all



UserDir public_html
Include /etc/apache2/mod_userdir.conf



 Options +Indexes +FollowSymLinks
AllowOverride None

Require all granted


Order allow,deny
Allow from all

   
php_admin_flag engine on


php_admin_flag engine on




as I said, if I move the "Include /etc/apache2/conf.d/php7.conf" 
statement to a global configuration

RE: [users@httpd] how to enable TLS v1.1 and TLS v1.2 alone in Apache 2.4.10 ?

2017-04-19 Thread Chunduru, Krishnachaithanya 
Hi Eric/All,

Can you please help me with the below. 

Regards,
Krishna

-Original Message-
From: Chunduru, Krishnachaithanya 
[mailto:krishnachaithanya.chund...@broadridge.com] 
Sent: Monday, April 17, 2017 6:34 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] how to enable TLS v1.1 and TLS v1.2 alone in Apache 
2.4.10 ?

Hi Eric,

We used the openssl version is 1.0.1.515 while installing the Apache 2.4.10.

Regards,
Krishna

-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Monday, April 17, 2017 6:18 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] how to enable TLS v1.1 and TLS v1.2 alone in Apache 
2.4.10 ?

On Mon, Apr 17, 2017 at 6:59 AM, Chunduru, Krishnachaithanya 
 wrote:
> Is TLS v1.1 and v1.2 not supported in Apache 2.4.10 running with 
> Openssl
> 1.0.2.1000 ? your suggestions are highly appreciated as this is 
> pending in my account from long time.

It probably depends what openssl  build your httpd was built against, not just 
what's loaded at runtime.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

2017-04-19 Thread Andrei Ivanov 
On Apr 10, 2017 12:10 PM, "Andrei Ivanov"  wrote:

On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov 
wrote:

> On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov 
> wrote:
>
>> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic 
>>> wrote:
>>>
 On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov 
 wrote:
 > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov <
 andrei.iva...@gmail.com>
 > wrote:
 >
 > Argh! You've sent more emails but Gmail received them out of order so
 I
 > didn't see your initial email about the changed syntax.

 We seem to talk past each other :)
 Anyway, maybe past failures make more sense now...

 >
 > It works now! :-)
 > Wooohooo!

 Cool.

 >
 > Now... any chance of getting the patches included in the next
 release? :-D

 Possibly, we'll propose and ask for feedbacks on the dev@ mailing list
 first ;)

>>>
>>> Any way I can help with this?
>>> I saw a discussion already started about 2.4.26...
>>>
>>
>> Yann? :-D
>>
>
> Ping :-/
>

Yann, please come baaack!






>
>
>>
>>
>>>
>>> Btw, I also created a ticket for what I thought was the solution at that
>>> time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456
>>> I guess that would still make sense to have in the future...
>>>
>>>

 >
 > Thank you very much, I owe you many beers! :-)

 I can drink that! let's see :)

>>>
>>
>

Re: [users@httpd] Help: Apache Crashing Everyday

2017-04-19 Thread Jayaram Ponnusamy 
Hi Luca,

Thanks for the details.
1. our server's ulimit values are:
]$ ulimit -a
core file size  (blocks, -c) 0
data seg size   (kbytes, -d) unlimited
scheduling priority (-e) 0
file size   (blocks, -f) unlimited
pending signals (-i) 63714
max locked memory   (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files  (-n) 1024
pipe size(512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority  (-r) 0
stack size  (kbytes, -s) 10240
cpu time   (seconds, -t) unlimited
max user processes  (-u) 1024
virtual memory  (kbytes, -v) unlimited
file locks  (-x) unlimited

Please let me know whether the values are sufficient to allow at least 500
concurrent connections.

2. Yes I checked mod_jk log when hang happens, and getting below errors
continuously.

[Wed Apr 19 02:00:38 2017]loadbalancer www.cmsp1.com 24.843284
[Wed Apr 19 02:00:38 2017][16313:3878614784] [info]
ajp_process_callback::jk_ajp_common.c (1788): Writing to client aborted or
client network problems
[Wed Apr 19 02:00:38 2017][16313:3878614784] [info]
ajp_service::jk_ajp_common.c (2447): (qu_prod_live_svr1) sending request to
tomcat failed (unrecoverable), because of client write error (attempt=1)
[Wed Apr 19 02:00:38 2017][16313:3878614784] [info] service::jk_lb_worker.c
(1384): service failed, worker qu_prod_live_svr1 is in local error state
[Wed Apr 19 02:00:38 2017][16313:3878614784] [info] service::jk_lb_worker.c
(1403): unrecoverable error 200, request failed. Client failed in the
middle of request, we can't recover to another instance.
[Wed Apr 19 02:00:38 2017]loadbalancer www.cmsp1.com 19.170901
[Wed Apr 19 02:00:38 2017][16313:3878614784] [info] jk_handler::mod_jk.c
(2608): Aborting connection for worker=loadbalancer
[Wed Apr 19 02:00:39 2017][16261:3878614784] [warn]
map_uri_to_worker_ext::jk_uri_worker_map.c (962): Uri * is invalid. Uri
must start with /
[Wed Apr 19 02:00:40 2017][16308:3878614784] [warn]
map_uri_to_worker_ext::jk_uri_worker_map.c (962): Uri * is invalid. Uri
must start with /

3. We will upgrade to 2.4.25, could you please share optimal configuration
for mpm-event to allow more concurrent users, please.

Thanks
Jay


On Tue, Apr 18, 2017 at 10:03 AM, Luca Toscano 
wrote:

> Hi,
>
> Some suggestions:
>
> 1) check your RHEL ulimits applied to httpd, the error message "Resource
> temporarily unavailable: setuid: unable to change to uid" could be related
> to maximum number of processes (allowed by the OS) reached. This should
> allow you to spawn more httpd processes.
>
> 2) Have you checked when the "hang" happens? If you have long lived
> connections and your httpd server reloads (for example for log rotation)
> then it might hang a bit while waiting for the remaining connections to
> drain.
>
> 3) If possible I'd consider to upgrade httpd to >= 2.4.25 and use
> mpm-event (rather than prefork).
>
> Hope that helps!
>
> Luca
>
>
> 2017-04-16 13:18 GMT+02:00 Jayaram Ponnusamy 
> :
>
>> Dear All,
>>
>> We were runnig our site in PHP based CMS tool earlier, and normally
>> 20-30K users will access our sites daily. But in new system with Tomcat, we
>> are facing performance and availability issue frequently, when i access the
>> tomcat url directly the page is loading within 3seconds, but if we access
>> webServer URL then its taking more than 9seconds.
>>
>> Also, Each day I am seeing more and more of these in my error_logs, and
>> when the Total Children value is reached 999 the Apache is not responding
>> and Server reboot only help to bring the site back. Every day atleast 4-5
>> times we are facing this issue (we are using mod_jk to connect with tomcat).
>>
>> Kindly please help on this.
>>
>> Usually I am seeing this on my error_log:
>> [Sat Apr 15 20:49:33 2017] [info] server seems busy, (you may need to
>> increase StartServers, or Min/MaxSpareServers), spawning 8 children, there
>> are 4 idle, and 31 total children
>> [Sat Apr 15 20:51:14 2017] [info] server seems busy, (you may need to
>> increase StartServers, or Min/MaxSpareServers), spawning 8 children, there
>> are 0 idle, and 20 total children
>> [Sat Apr 15 20:51:15 2017] [info] server seems busy, (you may need to
>> increase StartServers, or Min/MaxSpareServers), spawning 16 children, there
>> are 0 idle, and 28 total children
>> [Sat Apr 15 20:51:16 2017] [info] server seems busy, (you may need to
>> increase StartServers, or Min/MaxSpareServers), spawning 32 children, there
>> are 0 idle, and 44 total children
>> We are using two Apache Nodes and Connected with Two Tomcat (at
>> Application Level Clustering).
>> Apache Servers:
>> 4 Core 64-bit, Rhel System running on 16GB RAM (Both Servers)
>> Server version: Apache/2.2.21 (Unix)
>>
>> *httpd.conf*
>> KeepAlive On
>> Timeout 300
>> MaxKeepAliveRequests