[users@httpd] Suggestion/Question about HTTP & HTTPS configurations
Hello, I am a user of Apache in the sense that I install it, configure it and run it to host sites...I'm hoping this is the correct list to send this to. Anyway, I recently did my first "from scratch" Apache install, build and configuration in a cloud server (I had always used cPanel & WHM before). My suggestion is that Apache should "assume" that port 80 for HTTP and port 443 for HTTPS and that they both serve the same content. I'm not suggesting people shouldn't be able to customize it, but adding duplicate and redundant directives for each Virtual Host for HTTP and HTTPS seems unneeded. In short, I'm suggesting a "smart default" that in the absence of a specific Virtual Host configuration for HTTPS, just assumes that the HTTPS matches the HTTP config for that Virtual Host. Background: I got Apache (2.4.x) up and running on a Debian VM, configured all my Virtual Hosts, installed an SLL certificate and went to view the HTTPS version of a site. I was redirected to the 'default' page for the server (not the default page for the Virtual Host). I then realized I needed additional, identical rules for that Virtual Host for HTTPS on port 443...simply put, it seems like that extra level of configuration shouldn't be required...that it should work that way automagically unless specifically configured otherwise. If not, I'd love to know why that's a bad idea. Thanks! Adam Powell http://www.adaminfinitum.com
Re: [users@httpd] Getting PHP-FPM working
Hi Christian:
I have no requirement that I know of for a custom php.ini, just noticed it
in the strace just before the errror message was issued. I don't use the
.htaccess files on this server.
Yes, chroot is set to /
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
chroot = /
Someone on this list suggested that it should be set to /. The chdir
directive is not set.
John
===
On Friday 19 May 2017 04:17:37 Christian Hettler wrote:
> Hello John,
>
> ".user.ini" is for "user-defined php.ini (.htaccess) files". It's
> mentioned in /etc/php5/fpm/php.ini on my plattform. It doesn't matter
> if it's missing.
>
> Is php-fpm configured with chroot?
>
> regards,
>
> Christian
>
> On Thu, May 18, 2017 at 10:44:41AM -0400, John Iliffe wrote:
> > Hi Christian:
> >
> > Result: "No Input File Specified"
> >
> > First, thanks for spending the time to explain this to me. To some
> > extent you are saying what I had already thought but I figured I must
> > be missing something!
> >
> > The details:
> >
> > Your second example seems to match exactly what I want to do so I cut
> > and pasted from your memo to be sure of no typing errors.
> >
> > ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9015/httpd/iliffe/
> >
> > I note that there is no '/$1' ending on your directive, which differs
> > from the wiki example.
> >
> > So, I ran strace and here is what was actually requested (about 24000
> > lines skipped here):
> >
> > ---
> > lstat("/httpd/iliffe//i_phpinfo.php", {st_mode=S_IFREG|0644,
> > st_size=213, ...}) = 0
> > 2 10:06:25 lstat("/httpd/iliffe", {st_mode=S_IFDIR|0755,
> > st_size=4096, ...}) = 0
> > 2 10:06:25 lstat("/httpd", {st_mode=S_IFDIR|0755, st_size=141,
> > ...}) = 0
> > 2 10:06:25 lstat("/httpd/iliffe/.user.ini", 0x7b866e90) = -1
> > ENOENT (No such file or directory)
> >
> >
> > Notice that the initial lstat is correct, (ignoring the double '/',
> > but this doesn't seem to cause a problem) and the response is 0,
> > indicating that it got the file OK.
> >
> > So, why does it continue to stat the subdirectory and the root
> > directory? And what is the .user.ini that it needs?
> >
> > Just to be complete, here is the PHP log entry:
> >
> > [18-May-2017 10:06:25] WARNING: [pool www] child 2 said into
> > stderr: "ERROR: Unable to open primary script:
> > /httpd/iliffe//i_phpinfo.php (No such file or directory)"
> >
> > and the httpd log entry:
> >
> > [Thu May 18 10:06:25.958856 2017] [proxy_fcgi:error] [pid 29694:tid
> > 140326128224000] [client 206.248.138.118:49284] AH01071: Got error
> > 'Unable to open primary script: /httpd/iliffe//i_phpinfo.php (No such
> > file or directory)\n
> >
> > and, just to show it does exist:
> >
> > namei /httpd/iliffe/i_phpinfo.php
> > f: /httpd/iliffe/i_phpinfo.php
> >
> > d /
> > d httpd
> > d iliffe
> > - i_phpinfo.php
> >
> > this last done from user phpfpm which is the user/group that php-fpm
> > is running under.
> >
> > Seems that there is something I don't have but I have revisited the
> > documentation a number of times, especially the wiki, and there is
> > nothing that suggests I need any .ini files.
> >
> > Regards,
> >
> > John
> > =
> >
> > On Thursday 18 May 2017 04:36:19 Christian Hettler wrote:
> > > Hello John,
> > >
> > > http://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html
> > >
> > > If you want to serve http://your.virtual.srv/info to fpm-php
> > > you have to configure
> > >
> > > ProxyPassMatch ^/info$ fcgi://127.0.0.1:9015/httpd/iliffe/
> > >
> > > and put the file "info" into the directory "/httpd/iliffe/".
> > >
> > > Another example:
> > > To serve
> > >
> > > http://your.virtual.srv/myapp/info.php
> > >
> > > configure
> > >
> > > ProxyPassMatch "^/myapp/.*\.php(/.*)?$"
> > >
> > > fcgi://127.0.0.1:9015/httpd/iliffe/ and put info.php into
> > >
> > > /httpd/iliffe/myapp/
> > >
> > > One more example:
> > >
> > > If you have
> > >
> > > /httpd/iliffe/i_phpinfo.php
> > >
> > > an the config is
> > >
> > > ProxyPassMatch "^/.*\.php(/.*)?$"
> > >
> > > fcgi://127.0.0.1:9015/httpd/iliffe/ you can request
> > >
> > > http://your.virtual.srv/i_phpinfo.php
> > >
> > > The match of the url must be equal to the filesystem beyond
> > > DocumentRoot. DocumentRoot must be specified in
> > > "fcgi://127.0.0.1:..."
> > >
> > > If you want to serve http://your.virtual.srv/info from
> > > /httpd/iliffe/i_phpinfo.php you have to rewrite "info" first (not
> > >
> > > tested):
> > > RewriteRule ^/info$ /i_phpinfo.php [P]
> > > ProxyPassMatch "^/.*\.php(/.*)?$"
> > >
> > > fcgi://127.0.0.1:9015/httpd/iliffe/
> > >
> > > Hop
Re: [users@httpd] Getting PHP-FPM working
Hello John,
".user.ini" is for "user-defined php.ini (.htaccess) files". It's mentioned
in /etc/php5/fpm/php.ini on my plattform. It doesn't matter if it's missing.
Is php-fpm configured with chroot?
regards,
Christian
On Thu, May 18, 2017 at 10:44:41AM -0400, John Iliffe wrote:
> Hi Christian:
>
> Result: "No Input File Specified"
>
> First, thanks for spending the time to explain this to me. To some extent
> you are saying what I had already thought but I figured I must be missing
> something!
>
> The details:
>
> Your second example seems to match exactly what I want to do so I cut and
> pasted from your memo to be sure of no typing errors.
>
> ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9015/httpd/iliffe/
>
> I note that there is no '/$1' ending on your directive, which differs from
> the wiki example.
>
> So, I ran strace and here is what was actually requested (about 24000 lines
> skipped here):
>
> ---
> lstat("/httpd/iliffe//i_phpinfo.php", {st_mode=S_IFREG|0644, st_size=213,
> ...}) = 0
> 2 10:06:25 lstat("/httpd/iliffe", {st_mode=S_IFDIR|0755, st_size=4096,
> ...}) = 0
> 2 10:06:25 lstat("/httpd", {st_mode=S_IFDIR|0755, st_size=141, ...}) =
> 0
> 2 10:06:25 lstat("/httpd/iliffe/.user.ini", 0x7b866e90) = -1 ENOENT
> (No such file or directory)
>
>
> Notice that the initial lstat is correct, (ignoring the double '/', but
> this doesn't seem to cause a problem) and the response is 0, indicating
> that it got the file OK.
>
> So, why does it continue to stat the subdirectory and the root directory?
> And what is the .user.ini that it needs?
>
> Just to be complete, here is the PHP log entry:
>
> [18-May-2017 10:06:25] WARNING: [pool www] child 2 said into stderr:
> "ERROR: Unable to open primary script: /httpd/iliffe//i_phpinfo.php (No such
> file or directory)"
>
> and the httpd log entry:
>
> [Thu May 18 10:06:25.958856 2017] [proxy_fcgi:error] [pid 29694:tid
> 140326128224000] [client 206.248.138.118:49284] AH01071: Got error 'Unable
> to open primary script: /httpd/iliffe//i_phpinfo.php (No such file or
> directory)\n
>
> and, just to show it does exist:
>
> namei /httpd/iliffe/i_phpinfo.php
> f: /httpd/iliffe/i_phpinfo.php
> d /
> d httpd
> d iliffe
> - i_phpinfo.php
>
> this last done from user phpfpm which is the user/group that php-fpm is
> running under.
>
> Seems that there is something I don't have but I have revisited the
> documentation a number of times, especially the wiki, and there is nothing
> that suggests I need any .ini files.
>
> Regards,
>
> John
> =
> On Thursday 18 May 2017 04:36:19 Christian Hettler wrote:
> > Hello John,
> >
> > http://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html
> >
> > If you want to serve http://your.virtual.srv/info to fpm-php
> > you have to configure
> >
> > ProxyPassMatch ^/info$ fcgi://127.0.0.1:9015/httpd/iliffe/
> >
> > and put the file "info" into the directory "/httpd/iliffe/".
> >
> > Another example:
> > To serve
> > http://your.virtual.srv/myapp/info.php
> > configure
> > ProxyPassMatch "^/myapp/.*\.php(/.*)?$"
> > fcgi://127.0.0.1:9015/httpd/iliffe/ and put info.php into
> > /httpd/iliffe/myapp/
> >
> > One more example:
> >
> > If you have
> > /httpd/iliffe/i_phpinfo.php
> > an the config is
> > ProxyPassMatch "^/.*\.php(/.*)?$"
> > fcgi://127.0.0.1:9015/httpd/iliffe/ you can request
> > http://your.virtual.srv/i_phpinfo.php
> >
> > The match of the url must be equal to the filesystem beyond
> > DocumentRoot. DocumentRoot must be specified in "fcgi://127.0.0.1:..."
> >
> > If you want to serve http://your.virtual.srv/info from
> > /httpd/iliffe/i_phpinfo.php you have to rewrite "info" first (not
> > tested):
> >
> > RewriteRule ^/info$ /i_phpinfo.php [P]
> > ProxyPassMatch "^/.*\.php(/.*)?$"
> > fcgi://127.0.0.1:9015/httpd/iliffe/
> >
> > Hope this helps.
> >
> > regards,
> >
> > Christian
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
