Re: [users@httpd] Configuration question

2020-01-29 Thread Tom Browder 
On Wed, Jan 29, 2020 at 3:34 PM Tom Browder  wrote:
> On Wed, Jan 29, 2020 at 11:47 AM Tom Browder  wrote:
> > > >...
> > But I'm in the process of putting most of the config online. I'll put
> > my main macro first.

And for the whole conf directory see this:

  https://github.com/tbrowder/apache-httpd-tidbits/tree/master/conf

-Tom

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Virtual host macros and reverse proxy

2020-01-29 Thread Tom Browder 
On Wed, Jan 29, 2020 at 10:25 AM Gillis J. de Nijs
 wrote:
>  works at request time, so that might be useful for picking the port to 
> forward to, but in my opinion it's not that useful for creating a 
> configuration.  For example, it wouldn't allow you to choose the ports to 
> listen on.  I'm also not sure it would work correctly with ProxyPass and 
> ProxyPassReverse.  I'd probably just use mod_macro, or generate the 
> configuration offline.

I've modified the macro to use reverse proxies. Take a look at this:

  
https://github.com/tbrowder/apache-httpd-tidbits/blob/master/conf/vhost-proxy.macro.conf

-Tom

> On Wed, Jan 29, 2020 at 4:05 PM Tom Browder  wrote:
>>
>> On Wed, Jan 29, 2020 at 08:36 Gillis J. de Nijs  
>> wrote:
>> >
>> > There's mod_macro that might be useful.  I don't think it does 
>> > calculations, though, so you might need to do some things yourself.  Maybe 
>> > you could indeed generate the conf files yourself and use Include or 
>> > IncludeOptional.
>>
>> ...
>>
>> Thanks, Gillis. After I "pinged" this morning I checked the docs again
>> and I think I can use if/else directives inside the macro, something
>> like this pseudo code:
>>
>> 
>> $port = 16000
>> 
>> 
>> $port = 16100
>> 
>> 
>> $port = 16800
>>
>>
>> What do you think?
>>
>> -Tom
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Can't ./config APR from source

2020-01-29 Thread Robert Snakard 
Hey mailing list,

I've got a problem building APR from source. `./buildconf` works great, It
copies libtool helper files, creates apr_private.h, even uses Python to
generate build-outputs.mk. Then when I run `./configure --prefix=` I
get an error

configure: creating ./config.status

.in'ig.status: error: cannot find input file: `Makefile
$


Could I get some help here? I've confirmed there is no Makefile in the
directory. There is a Makefile.in. I'm developing on a macbook running
Mojave and I should have the latest xcode build tools installed. Any
thoughts are appreciated.


Thanks in advance,

   - RS

-- 
NOTICE OF CONFIDENTIALITY: At Rapid7, the privacy of our customers, 
partners, and employees is paramount. If you received this email in error, 
please notify the sender and delete it from your inbox right away. Learn 
how Rapid7 handles privacy at rapid7.com/privacy-policy 
. To opt-out of Rapid7 marketing 
emails, please click here 
 or email 
priv...@rapid7.com .

Re: [users@httpd] Configuration question

2020-01-29 Thread Tom Browder 
On Wed, Jan 29, 2020 at 11:47 AM Tom Browder  wrote:
> > >...
> But I'm in the process of putting most of the config online. I'll put
> my main macro first.

See the following for my main vhost macro:

  https://github.com/tbrowder/apache-httpd-tidbits/blob/master/MACROS.md

-Tom

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Configuration question

2020-01-29 Thread Tom Browder 
On Wed, Jan 29, 2020 at 9:20 AM o1bigtenor  wrote:
> On Wed, Jan 29, 2020 at 7:14 AM Tom Browder  wrote:
> >   https://www.ssllabs.com/ssltest/
> >
> > Check one of my sites and see for yourself:
> >
> >   https://freestatesofamerica.org
> >
> (Grin) Didn't find that there was anything I could 'do' there.

Nope, it's a purely static site. The point was my setup provides A+
security using https, which you can confirm by putting its name into
the testing window at SSL Labs..

But I'm in the process of putting most of the config online. I'll put
my main macro first.

-Tom

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Virtual host macros and reverse proxy

2020-01-29 Thread Gillis J. de Nijs 
  works at request
time, so that might be useful for picking the port to forward to, but in my
opinion it's not that useful for creating a configuration.  For example, it
wouldn't allow you to choose the ports to listen on.  I'm also not sure it
would work correctly with ProxyPass
 and
ProxyPassReverse
.
I'd probably just use mod_macro, or generate the configuration offline.

On Wed, Jan 29, 2020 at 4:05 PM Tom Browder  wrote:

> On Wed, Jan 29, 2020 at 08:36 Gillis J. de Nijs 
> wrote:
> >
> > There's mod_macro that might be useful.  I don't think it does
> calculations, though, so you might need to do some things yourself.  Maybe
> you could indeed generate the conf files yourself and use Include or
> IncludeOptional.
>
> ...
>
> Thanks, Gillis. After I "pinged" this morning I checked the docs again
> and I think I can use if/else directives inside the macro, something
> like this pseudo code:
>
> 
> $port = 16000
> 
> 
> $port = 16100
> 
> 
> $port = 16800
>
>
> What do you think?
>
> -Tom
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Configuration question

2020-01-29 Thread o1bigtenor 
On Wed, Jan 29, 2020 at 7:14 AM Tom Browder  wrote:
>
> On Tue, Jan 28, 2020 at 13:07 o1bigtenor  wrote:
> > On Tue, Jan 28, 2020 at 9:49 AM Eric Covener  wrote:
> > > > How can I have different document roots for various applications on the
> > > > same server?
> > > virtual hosts.
> >
> > Thanking you for your assistance. To those others that had also responded
> > - - - thank you - - - - I hope that this set of exchanges might be useful to
> > someone else - - - - at least someday.
> ...
>
> I feel your pain. I have a working website with multiple virtual hosts
> and will be happy to share my setup (sanitized a bit) in a public
> place if you're interested. The examples in the Apache docs don't show
> the full power of using macros for secure and working https-only
> websites.
>
> My virtual websites all get A+ grades at the SSL Labs site here:
>
>   https://www.ssllabs.com/ssltest/
>
> Check one of my sites and see for yourself:
>
>   https://freestatesofamerica.org
>
(Grin) Didn't find that there was anything I could 'do' there.

I would be quite interested in seeing such 'config' files.
Am finding that vi (or vim or however you call it) has this quite
neat way of removing all x and replacing with y.

Thanking you for your willingness to share!

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Virtual host macros and reverse proxy

2020-01-29 Thread Tom Browder 
On Wed, Jan 29, 2020 at 08:36 Gillis J. de Nijs  wrote:
>
> There's mod_macro that might be useful.  I don't think it does calculations, 
> though, so you might need to do some things yourself.  Maybe you could indeed 
> generate the conf files yourself and use Include or IncludeOptional.

...

Thanks, Gillis. After I "pinged" this morning I checked the docs again
and I think I can use if/else directives inside the macro, something
like this pseudo code:


$port = 16000


$port = 16100


$port = 16800
   

What do you think?

-Tom

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Virtual host macros and reverse proxy

2020-01-29 Thread Gillis J. de Nijs 
There's mod_macro 
that might be useful.  I don't think it does calculations, though, so you
might need to do some things yourself.  Maybe you could indeed generate the
conf files yourself and use Include
 or IncludeOptional
.

I'd like to note that generating port numbers based on domains might work,
at first, but if you delete a domain from the list, the numbers will
shift.  So, a=>16010, b=>16020, c=>16030, etc, becomes a=>16010, c=>16020,
for example.

For doing the actual reverse proxying, you should probably read this
 and/or this
.

>

Re: [users@httpd] Configuration question

2020-01-29 Thread Tom Browder 
On Tue, Jan 28, 2020 at 13:07 o1bigtenor  wrote:
> On Tue, Jan 28, 2020 at 9:49 AM Eric Covener  wrote:
> > > How can I have different document roots for various applications on the
> > > same server?
> > virtual hosts.
>
> Thanking you for your assistance. To those others that had also responded
> - - - thank you - - - - I hope that this set of exchanges might be useful to
> someone else - - - - at least someday.
...

I feel your pain. I have a working website with multiple virtual hosts
and will be happy to share my setup (sanitized a bit) in a public
place if you're interested. The examples in the Apache docs don't show
the full power of using macros for secure and working https-only
websites.

My virtual websites all get A+ grades at the SSL Labs site here:

  https://www.ssllabs.com/ssltest/

Check one of my sites and see for yourself:

  https://freestatesofamerica.org

HTH

-Tom

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] ExecCGI ignored within nfs share

2020-01-29 Thread Michele Mase' 
I'm trying to execute some gci scripts under a certain directory stored
under an nfs share without any success; the same configuration is working
outside nfs share (i.e. under local filesystem).
What am I missing?
Regards
Michele Masè

Local Working: curl https://www.example.com/cgi2/

Alias /cgi2/ /var/www/html.default/cgi2/

AddHandler cgi-script .cgi .pl .sh
DirectoryIndex index.cgi index.html
Options +ExecCGI



NFS Not Working:
Alias /cgi2/ /shared/www_root/cgi2/

AddHandler cgi-script .cgi .pl .sh
DirectoryIndex index.cgi index.html
Options +ExecCGI


Error_Log:
AH01262: Options ExecCGI is off in this directory:
/shared/www_root/cgi2/index.cgi

index.cgi script

#!/usr/bin/perl

print "Content-type: text/html\n\n";
print "\n\n";
print "\n";
print "CGI Test Page";
print "\n\n";
print "\n\n";

apache2.4.x ubuntu18.04 libapache2-mod-apparmor not installed

aa-status --verbose
apparmor module is loaded.
8 profiles are loaded.
8 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/man
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/tcpdump
   man_filter
   man_groff
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

/proc/mounts
10.10.10.10:/vol/shared /shared nfs
rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10
0 0

su - www-data -s /bin/bash -c "/bin/cat /shared/www_root/cgi2/index.cgi"
#working
-- 
Michele Masè

[users@httpd] Can one use both certificate and password access to the same resource?

2020-01-29 Thread Tom Browder 
I have a working website with part of it restricted to users with private
TLS certificates installed. I would like to add the option for some users
to access the same area with the form-based user name and password scheme.

Can that be done?

Thanks.

-Tom

[users@httpd] Re: Virtual host macros and reverse proxy

2020-01-29 Thread Tom Browder 
On Fri, Jan 24, 2020 at 12:06 Tom Browder  wrote:

> I have multiple virtual hosts for which I would like to use a reverse
> proxy to a dynamic application running constantly on my server.
>
...

Ping

Re: [users@httpd] Intermittent SSL failure on Tomcat port

2020-01-29 Thread apache-httpd-users 

Hi Madhan,

I suppose you would have better chances with that on the Tomcat users 
list, however your Tomcat and Java versions are quite old (even if 
Tomcat in this version is still actively supported by the project, Java 
7 is totally outdated in regards to TLS support). Are you using 
tc-native (TLS with OpenSSL) or pure Java TLS? Are any Middleboxes (that 
perform TLS inspection) in place? I would rather invest time to update 
to more recent stack (that will lead to acceptable security, IIRC Java 7 
does not support TLS1.2)...



Tomcat version details:-

Server version: Apache Tomcat/7.0.91
Server built:   Sep 13 2018 19:52:12 UTC
Server number:  7.0.91.0
OS Name:Linux
OS Version: 2.6.32-431.20.3.el6.x86_64
Architecture:   i386
JVM Version:1.7.0_201-mockbuild_2018_10_22_02_29-b00
JVM Vendor: Oracle Corporation


Best regards,
Thomas

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org