[users@httpd] Virtual/Proxy setup to internal webserver

[Bret Stern]

I have apache24 running on freebsd.

Can I configure virtual host to direct a request for forum.mydomain.com
to an internal webserver on my network

eg; DocumentRoot "forum.mydomain.com" 
or "xxx.xxx.xx.xxx"

I tried using Proxy mod but not sure how to setup.

Any hints welcome

Re: [users@httpd] Probably small problem with SSL config

[Marat Khalili]

>When I try to connect with HTTPS, I get the error:
>
>“Unable to retrieve https:///:
>
>SSL error”

Isn't everything working as designed, since it is unlikely that you have SSL 
certificate issued for ip address? Probably try to connect by domain name 
instead?
-- 

With Best Regards,
Marat Khalili

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Probably small problem with SSL config

[Yehuda Katz]

I would agree that you should start by turning on logging.
Do you get a slightly different error if you use a different browser?
Firefox usually gives more detail than Internet Explorer.

Better not to use  in configuration you write yourself unless
you need it for a specific reason. If you use it, then you won't know that
the reason your system doesn't work is that the module is not loaded. If
you don't include  and the module is not loaded, HTTPD will give
you an error when it starts up and you will know you need to fix it.
This is particularly bad when an access control directive is in 
because it often results in all content becoming accessible to anyone if a
module is missing.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Feb 5, 2018 8:02 PM, "mlrx"  wrote:

Hello,


Le 06/02/2018 à 01:02, Jeff Cauhape a écrit :

> I’m setting up an Apache server 2.4.25 in our DMZ for the first time,
>
> and having an issue with getting SSL configured correctly.
>
> I am using links text based browser to connect from a second machine
> […]
>
> 
>
Is the directive "LogLevel" used with "debug" or more ?
https://httpd.apache.org/docs/2.4/en/mod/core.html#loglevel

The virtualhost can be included in "IfModule ssl_module" :

  
  


Does it work without SSL ?



I’m loading modules ssl_module, authn_dbm_module among others.
>
> The ssl directory is  755, root/root and the crt and key files are
> daemon/root 644.
>
chown -Rfv apache_user:apache_group /srv/www/html/your_site/ (?)


 […]
>
>
> Ideas? Suggestions where to look?
>
httpd -S ?
Reload httpd daemon evry time you change somethings ?
Firewall ?


Thanks,
>
> Jeff Cauhape
>


Regards,
-- 
benoist

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Probably small problem with SSL config

[mlrx]

Hello,

Le 06/02/2018 à 01:02, Jeff Cauhape a écrit :

I’m setting up an Apache server 2.4.25 in our DMZ for the first time,

and having an issue with getting SSL configured correctly.

I am using links text based browser to connect from a second machine
[…]



Is the directive "LogLevel" used with "debug" or more ?
https://httpd.apache.org/docs/2.4/en/mod/core.html#loglevel

The virtualhost can be included in "IfModule ssl_module" :

  
  


Does it work without SSL ?



I’m loading modules ssl_module, authn_dbm_module among others.

The ssl directory is  755, root/root and the crt and key files are 
daemon/root 644.

chown -Rfv apache_user:apache_group /srv/www/html/your_site/ (?)



 […]

Ideas? Suggestions where to look?

httpd -S ?
Reload httpd daemon evry time you change somethings ?
Firewall ?



Thanks,

Jeff Cauhape



Regards,
--
benoist

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Probably small problem with SSL config

[Jeff Cauhape]

I'm setting up an Apache server 2.4.25 in our DMZ for the first time,
and having an issue with getting SSL configured correctly.

I am using links text based browser to connect from a second machine
to the first machine. The connection works with HTTP but not with HTTPS.

When I try to connect with HTTPS, I get the error:

"Unable to retrieve https:// address>/:

SSL error"

Unfortunately I'm not finding any useful log information to
help me figure out what I'm doing wrong.

Here's the relevant bits from the httpd.conf file:


SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache dbm:/apps/apache_2.4.25/ssl/ssl_cache


Listen 443

  ServerName   
  SSLEngineon
  SSLCertificateFile"/apps/apache_2.4.25/ssl/nvdetr.crt"
  SSLCertificateKeyFile "/apps/apache_2.4.25/ssl/nvdetr.key"


I'm loading modules ssl_module, authn_dbm_module among others.

The ssl directory is  755, root/root and the crt and key files are daemon/root 
644.

>From the error_log file:

[Mon Feb 05 15:42:00.247694 2018] [mpm_event:notice] [pid 5604:tid 
139772366497600] AH00489: Apache/2.4.25 (Unix) OpenSSL/1.0.1e-fips configured 
-- resuming normal operations
[Mon Feb 05 15:42:00.247945 2018] [core:notice] [pid 5604:tid 139772366497600] 
AH00094: Command line: '/apps/apache_2.4.25/bin/httpd'

There is no HTTPS reference in the access_log file.

The only references to http in /var/log/messages is referring to syslogd.

The /var/log/dmesg just has boot info.

nb - this is RHEL 7.4

Ideas? Suggestions where to look?

Thanks,

Jeff Cauhape
IT Professional III
Department of Employment, Training and Rehabilitation
Phone 1-775-684-3804
Email: jpcauh...@nvdetr.org

[users@httpd] apxs tool for Windows x64

[Alona Rossen]

Hi All,

Is there apxs tool for Windows x64?
I could only find a very old version for Win32 at 
https://www.apachelounge.com/download/additional/ .

Thanks

[users@httpd] How to build httpd module on Windows

[Alona Rossen]

Hi All:

How can I build a module on Windows platform without apxs tool?
I downloaded and installed Apache httpd binaries for Windows. Httpd runs and is 
functional. I would like to build my own module on Windows.
When I try to start up httpd with my custom *.so module built on VS2015, I 
receive and error, as expected:

C:\Apache24\bin>httpd.exe
httpd.exe: Syntax error on line 181 of C:/Apache24/conf/httpd.conf: Can't 
locate API module structure `example_module' in file 
C:/Apache24/modules/mod_example_post.so: No error



Thanks

Re: [users@httpd] problems benchmarking php-fpm/proxy_fcgi with h2load

[Hajo Locke]

Hello Luca,

Am 05.02.2018 um 02:27 schrieb Luca Toscano:

Hi Hajo,

2018-02-01 3:58 GMT+01:00 Luca Toscano >:


Hi Hajo,

2018-01-31 2:37 GMT-08:00 Hajo Locke >:

Hello,


Am 22.01.2018 um 11:54 schrieb Hajo Locke:

Hello,

Am 19.01.2018 um 15:48 schrieb Luca Toscano:

Hi Hajo,

2018-01-19 13:23 GMT+01:00 Hajo Locke >:

Hello,

thanks Daniel and Stefan. This is a good point.
I did the test with a static file and this test was
successfully done within only a few seconds.

finished in 20.06s, 4984.80 req/s, 1.27GB/s
requests: 10 total, 10 started, 10 done,
10 succeeded, 0 failed, 0 errored, 0 timeout

so problem seems to be not h2load and basic apache. may
be i should look deeper into proxy_fcgi configuration.
php-fpm configuration is unchanged and was successfully
used with classical fastcgi-benchmark, so i think i have
to doublecheck the proxy.

now i did this change in proxy:

from
enablereuse=on
to
enablereuse=off

this change leads to a working h2load testrun:
finished in 51.74s, 1932.87 req/s, 216.05MB/s
requests: 10 total, 10 started, 10 done,
10 succeeded, 0 failed, 0 errored, 0 timeout

iam surprised by that. i expected a higher performance
when reusing backend connections rather then creating
new ones.
I did some further tests and changed some other
php-fpm/proxy values, but once "enablereuse=on" is set,
the problem returns.

Should i just run the proxy with enablereuse=off? Or do
you have an other suspicion?



Before giving up I'd check two things:

1) That the same results happen with a regular localhost
socket rather than a unix one.

I changed my setup to use tcp-sockets in php-fpm and
proxy-fcgi. Currently i see the same behaviour.

2) What changes on the php-fpm side. Are there more busy
workers when enablereuse is set to on? I am wondering how
php-fpm handles FCGI requests happening on the same socket,
as opposed to assuming that 1 connection == 1 FCGI request.

If "enablereuse=off" is set i see a lot of running
php-workerprocesses (120-130) and high load. Behaviour is
like expected.
When set "enablereuse=on" i can see a big change. number of
running php-workers is really low (~40). The test is running
some time and then it stucks.
I can see that php-fpm processes are still active and waiting
for connections, but proxy_fcgi is not using them nor it is
establishing new connections. loadavg is low and
benchmarktest is not able to finalize.

I did some further tests to solve this issue. I set ttl=1 for
this Proxy and achieved good performance and high number of
working childs. But this is paradoxical.
proxy_fcgi knows about inactive connection to kill it, but not
reenable this connection for working.
May be this is helpful to others.

May be a kind of communicationproblem and checking
health/busy status of php-processes.
Whole proxy configuration is  this:


    ProxySet enablereuse=off flushpackets=On timeout=3600
max=15000


   SetHandler "proxy:fcgi://php70fpm"




Thanks a lot for following up and reporting these interesting
results! Yann opened a thread[1] on dev@ to discuss the issue,
let's follow up in there so we don't keep two conversations open.

Luca

[1]:

https://lists.apache.org/thread.html/a9586dab96979bf45550c9714b36c49aa73526183998c5354ca9f1c8@%3Cdev.httpd.apache.org%3E





reporting in here what I think it is happening in your test 
environment when enablereuse is set to on. Recap of your settings:


/etc/apache2/conf.d/limits.conf
StartServers          10
MaxClients          500
MinSpareThreads      450
MaxSpareThreads      500
ThreadsPerChild      150
MaxRequestsPerChild   0
Serverlimit 500


    ProxySet enablereuse=on flushpackets=On timeout=3600 max=1500


   SetHandler "proxy:fcgi://php70fpm/"


request_terminate_timeout = 7200
listen = /dev/shm/php70fpm.sock
pm = ondemand
pm.max_children = 500
pm.max_requests = 2000

By default mod_proxy allows a connection pool of ThreadsPerChild 
connections to the backend for each httpd process, meanwhile in your 
case you