Re: [users@httpd] Apache Restarts and Session Errors (session_dbd:error, session:error)

2022-01-12 Thread Curtis Maurand 



> On Jan 12, 2022, at 6:59 AM, Calvin DeBoer  
> wrote:
> 
> 
> Hello all, I'm struggling with understanding something in the error.log and 
> could use some pointers on how to troubleshoot this. I've inherited a web app 
> that uses apache as the webserver and is also using user apache user auth. 
> 
> Occasionally, Apache will just restart itself and it seems to take a while 
> (Figure 0). I've ruled out usual suspects like memory, disk or processing 
> capacity (this Ubuntu instance is on an ec2 instance with some very good 
> specs, and the resource graphs have never even been close to high). Server 
> and version details are in Figure 2 below.
> 
> I'm trying to determine the root cause of this behavior. One culprit, based 
> on some Stack reading, was possibly a reload/restart of Apache anytime the 
> logs rotate. I've read that it's supposed to be a graceful restart, but 
> perhaps something is causing the reload in the logrotate file to be 
> ungraceful.
> 
> I started grokking the error logs more carefully and spotted some error 
> messages (Figure 1). I'm not sure what these mean, and their timestamps don't 
> necessarily perfectly correlate to the restart / bad user experience 
> (unresponsive web app). 
> 
> Does anyone here have any suggestions on where I can learn some more about 
> the errors in Figure 1, or perhaps on additional log or config files I could 
> be examining ?
> 
> Figure 0 - Restart ? (error.log)
> [Wed Jan 12 00:00:08.735348 2022] [mpm_event:notice] [pid 14569:tid 
> 139723494018368] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/1.1.1f configured -- 
> resuming normal operations
> 
> Figure 1 - Error Entry (error.log)
> [Wed Jan 12 09:28:57.459259 2022] [session:error] [pid 25478:tid 
> 139722760365824] (20014)Internal error (specific information not available): 
> [client 172.70.230.157:44264] AH01816: error while loading the session, 
> session not loaded: /socket.io/
> [Wed Jan 12 09:28:57.459224 2022] [session_dbd:error] [pid 25478:tid 
> 139722760365824] [client 172.70.230.157:44264] AH01854: query execution error 
> saving session 'd2866875-f3d3-475b-a523-aa34e2ee5351' in database using query 
> 'selectsession':
> 
> Figure 2 - Server/Apache Details (apache2 -v)
> Server version: Apache/2.4.52 (Ubuntu)
> Server built:   2021-12-28T20:18:12
> Ubuntu version: 18.04 LTS



looks like the trouble is in figure 1 a session dbd error indicates a database 
problem.

[Wed Jan 12 09:28:57.459224 2022] [session_dbd:error] [pid 25478:tid 
139722760365824] [client

[users@httpd] How to configure and use mod_markdown

2022-01-12 Thread Bo Berglund 
Ubuntu server 20.04.3 Apache2
I am trying to install support for rendering files with extension .md so they
are displayed like for example md files in GitHub.
I have a lot of md documents, which I need to view regularly and it would be so
much easier if Apache could do this.

So I have asked on Ubuntu User mail list and got directed to this module on
GitHub:
https://github.com/hamano/apache-mod-markdown

I have checked out on trunk and performed the steps in README.md to build and
deposit the module file here (I had to work around deficiencies in documentation
but finally got there):

/usr/lib/apache2/modules/mod_markdown.so

Now I would like to get some help in going forward, since the documentation for
this addon is not "for dummies" like myself...

Which apache config files do I need to edit to get this going?

I am OK to begin with to use the default Apache website as the test environment,
but I have no idea how to make that happen.

This is what is printed in the README.md file:

Configuration

in httpd.conf: <== should this be /etc/apache2/apache2.conf ???

LoadModule markdown_module /usr/lib/apache2/modules/mod_markdown.so   <== Were
in the file does this go???

   <== Is this in another file in sites-available?
AddHandler markdown .md

# If you want to use stylesheet.
# MarkdownCss style.css
# MarkdownHeader "Header"
# MarkdownFooter "Footer"


Or:

  <== Again which file does it go into? 000-default.conf??
AddHandler markdown .md
DirectoryIndex index.md


What else needs to be done to make it work?


-- 
Bo Berglund
Developer in Sweden


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?

2022-01-12 Thread Dino Ciuffetti 
My question:Would it have been possible to install the SSL certificates in the 
virtual machines?
YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS 
service behind apache httpd as a reverse proxy.
You eventally need to install same SSL certificates (but you don't have to 
necessarily) on both the reverse proxy and the internal service, enable 
SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass.

RE: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?

2022-01-12 Thread Marc 
You can just do that. I have also certs behind a reverse proxy. My whole 
'virtual/internal' applications in containers is running with my own CA 
certificates and on the reverse proxy I have some certs from known CA's
Specific for this setup is a proxy protocol, that informs the public ip 
addresses instead of local ones.

Best is it to ask on something like the haproxy community.

> My question:
> 
> Would it have been possible to install the SSL certificates in the virtual
> machines?
> 
> 
> As far as I know, no, because then the reverse proxy can be seen as a 'man
> in the middle attack'.
> 
> This is why I configured the SSL certificates on the host, and as far as I
> know this is also how it should be (after reading some articles about it
> on the internet).
> 
> 
> I do however also found the Apache directive SSLProxyEngine
>  . Is
> it possible with this directive the install/configure the SSL certificates
> inside the virtual machines?
> 
> 
> I'm curious :-)!
>

[users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?

2022-01-12 Thread Jeroen Verhoeckx 
Hello Apache specialist :-),

Last couple of months [I set up a server with two virtual 
machines](https://jeroenverhoeckx.com/build-your-own-personal-cloud.html). To 
reach those virtual machines I set up a reverse proxy and I configured the SSL 
certificates on the host.

My question:
Would it have been possible to install the SSL certificates in the virtual 
machines?

As far as I know, no, because then the reverse proxy can be seen as a 'man in 
the middle attack'.
This is why I configured the SSL certificates on the host, and as far as I know 
this is also how it should be (after reading some articles about it on the 
internet).

I do however also found the Apache directive 
[SSLProxyEngine](https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#SSLProxyEngine).
 Is it possible with this directive the install/configure the SSL certificates 
inside the virtual machines?

I'm curious :-)!

Yours sincerely,

Jeroen Verhoeckx


Support the independent web, use 
[Firefox](https://www.mozilla.org/en-US/firefox/new/)

Re: [users@httpd] Calling htdbm from another server

2022-01-12 Thread William Edwards 

Simon Harrison schreef op 2022-01-11 20:14:

Good evening. Does anyone know a standard / recommended way of calling
htdbm between servers? To be clearer:

1. A user is deleted on server 1
2. Access needs to be revoked on server 2 for that user

I'd like to be able to run

# htdbm -x /usr/local/apache2/var/users.db someuser

and

# htdbm -bt /usr/local/apache2/var/users.db someone pword

in a simple way if possible.

Maybe someone has a cgi script I could use / adapt?


I think RPC would be one of the neatest ways to solve this. But it's not 
exactly the lowest effort option.




Thanks,

Simon


--
With kind regards,

William Edwards


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Apache Restarts and Session Errors (session_dbd:error, session:error)

2022-01-12 Thread Calvin DeBoer 
Hello all, I'm struggling with understanding something in the *error.log*
and could use some pointers on how to troubleshoot this. I've inherited a
web app that uses apache as the webserver and is also using user apache
user auth.

Occasionally, Apache will just restart itself and it seems to take a while
(Figure 0). I've ruled out usual suspects like memory, disk or processing
capacity (this Ubuntu instance is on an ec2 instance with some very good
specs, and the resource graphs have never even been close to high). Server
and version details are in Figure 2 below.

I'm trying to determine the root cause of this behavior. One culprit, based
on some Stack reading
,
was possibly a reload/restart of Apache anytime the logs rotate. I've read
that it's supposed to be a graceful restart, but perhaps something is
causing the reload in the logrotate file to be ungraceful.

I started grokking the error logs more carefully and spotted some error
messages (Figure 1). I'm not sure what these mean, and their
timestamps don't necessarily perfectly correlate to the restart / bad user
experience (unresponsive web app).

Does anyone here have any suggestions on where I can learn some more about
the errors in Figure 1, or perhaps on additional log or config files I
could be examining ?

*Figure 0 - Restart ? (error.log)*
[Wed Jan 12 00:00:08.735348 2022] [mpm_event:notice] [pid 14569:tid
139723494018368] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/1.1.1f configured
-- resuming normal operations

*Figure 1 - Error Entry (**error.log)*
[Wed Jan 12 09:28:57.459259 2022] [session:error] [pid 25478:tid
139722760365824] (20014)Internal error (specific information not
available): [client 172.70.230.157:44264] AH01816: error while loading the
session, session not loaded: /socket.io/
[Wed Jan 12 09:28:57.459224 2022] [session_dbd:error] [pid 25478:tid
139722760365824] [client 172.70.230.157:44264] AH01854: query execution
error saving session 'd2866875-f3d3-475b-a523-aa34e2ee5351' in database
using query 'selectsession':

*Figure 2 - Server/Apache Details (apache2 -v)*
Server version: Apache/2.4.52 (Ubuntu)
Server built:   2021-12-28T20:18:12
Ubuntu version: 18.04 LTS

Re: [users@httpd] Calling htdbm from another server

2022-01-12 Thread Simon Harrison 
On Wed, 12 Jan 2022 10:27:35 +0100
"Gillis J. de Nijs"  wrote:

> I'd probably consider using SQL/LDAP or a shared filesystem for this.
> Would that work?  Alternatively, you could rsync between the servers,
> depending on how fast you want the updates to happen.

I've been looking into this some more and I think the easiest way if
can execute htdbm without requiring a password over ssh.

Thanks for the tip though, I'll bear it in mind.

Simon

-- 
Web: https://simonh.uk
Email: m...@simonh.uk


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Calling htdbm from another server

2022-01-12 Thread Gillis J. de Nijs 
I'd probably consider using SQL/LDAP or a shared filesystem for this.
Would that work?  Alternatively, you could rsync between the servers,
depending on how fast you want the updates to happen.