Re: [users@httpd] Best way to Install
I personally prefer to install it by compiling the source myself. It's not hard. and then I can control what modules/features are compiled into it. So you will understand what features you have enabled rather than just installing everything. I can also install it in a central location as the distro installs the files all over the place. Nothing wrong with that as thats how system packages are supposed to be installed, but doing it manually you can control where on disk it is installed and know everything is in that one directory. Creating and registering a linux service also isn't difficult and it's good to understand how those things work anyway. On Fri, May 5, 2023 at 8:14 PM Richard wrote: > > > > Date: Friday, May 05, 2023 19:53:21 -0400 > > From: John Iliffe > > > > Thanks for the prompt response David. This is on Rocky, a Red Hat > > derivative. > > > > I'll see if automatic updates are implemented. On my Fedora > > workstation they do happen automatically and I have been burned on > > occasion. > > None of my RH-derived systems (RHEL, Centos, Fedora) auto-update -- I > don't remember auto-updating as a default. > > If you want your system to otherwise auto-update you can exclude > specific packages from that in the yum.conf file. > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Thanks, Brian Wolfe https://www.linkedin.com/in/brian-wolfe-3136425a/
Re: [users@httpd] Best way to Install
> Date: Friday, May 05, 2023 19:53:21 -0400 > From: John Iliffe > > Thanks for the prompt response David. This is on Rocky, a Red Hat > derivative. > > I'll see if automatic updates are implemented. On my Fedora > workstation they do happen automatically and I have been burned on > occasion. None of my RH-derived systems (RHEL, Centos, Fedora) auto-update -- I don't remember auto-updating as a default. If you want your system to otherwise auto-update you can exclude specific packages from that in the yum.conf file. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Best way to Install
My experience with debian distributions is that they patch the version you’re running, but don’t upgrade the package until you upgrade your underlying OS distribution. Sent from my iPhone > On May 5, 2023, at 7:51 PM, kmhun...@gmail.com wrote: > > Or permanent in /etc/dnf/dnf.conf: > > exclude= > -Original Message- > From: David Jentes > Sent: Friday, May 5, 2023 7:47 PM > To: users@httpd.apache.org > Subject: Re: [users@httpd] Best way to Install > > If you use something Ubuntu or Debian based, no auto updates will happen. If > I remember correctly, some RPM distros might have autoupdates on servers, but > there should be a way to turn it off if you google it. > > Sent from my iPhone > >> On May 5, 2023, at 6:42 PM, John Iliffe wrote: >> >> I'm setting up a new server that will use Apache as a web application. >> >> What would be the best way to do it: Take the download that is >> available from the distro repository or download and compile Apache >> separately? My concern is that if I use the offered version then it >> will be automatically updated from time to time. That might cause the >> web site to crash if Apache makes any significant changes at any time >> such as ones that change the configuration commands. >> >> Any comments? >> >> Regards, >> >> John. >> == >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Best way to Install
Thanks for the prompt response David. This is on Rocky, a Red Hat derivative. I'll see if automatic updates are implemented. On my Fedora workstation they do happen automatically and I have been burned on occasion. John == On Fri, 2023-05-05 at 18:46 -0500, David Jentes wrote: > If you use something Ubuntu or Debian based, no auto updates will happen. If > I remember correctly, some RPM distros might have autoupdates on servers, but > there should be a way to turn it off if you google it. > > Sent from my iPhone > > > On May 5, 2023, at 6:42 PM, John Iliffe wrote: > > > > I'm setting up a new server that will use Apache as a web application. > > > > What would be the best way to do it: Take the download that is available > > from > > the distro repository or download and compile Apache separately? My > > concern is > > that if I use the offered version then it will be automatically updated from > > time to time. That might cause the web site to crash if Apache makes any > > significant changes at any time such as ones that change the configuration > > commands. > > > > Any comments? > > > > Regards, > > > > John. > > == > > > > - > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Best way to Install
Or permanent in /etc/dnf/dnf.conf: exclude= Sent: Friday, May 5, 2023 7:47 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Best way to Install If you use something Ubuntu or Debian based, no auto updates will happen. If I remember correctly, some RPM distros might have autoupdates on servers, but there should be a way to turn it off if you google it. Sent from my iPhone > On May 5, 2023, at 6:42 PM, John Iliffe wrote: > > I'm setting up a new server that will use Apache as a web application. > > What would be the best way to do it: Take the download that is > available from the distro repository or download and compile Apache > separately? My concern is that if I use the offered version then it > will be automatically updated from time to time. That might cause the > web site to crash if Apache makes any significant changes at any time > such as ones that change the configuration commands. > > Any comments? > > Regards, > > John. > == > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Best way to Install
Depends on your distro, for almalinux (and other redhat derivatives) its dnf --exclude= -Original Message- From: David Jentes Sent: Friday, May 5, 2023 7:47 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Best way to Install If you use something Ubuntu or Debian based, no auto updates will happen. If I remember correctly, some RPM distros might have autoupdates on servers, but there should be a way to turn it off if you google it. Sent from my iPhone > On May 5, 2023, at 6:42 PM, John Iliffe wrote: > > I'm setting up a new server that will use Apache as a web application. > > What would be the best way to do it: Take the download that is > available from the distro repository or download and compile Apache > separately? My concern is that if I use the offered version then it > will be automatically updated from time to time. That might cause the > web site to crash if Apache makes any significant changes at any time > such as ones that change the configuration commands. > > Any comments? > > Regards, > > John. > == > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Best way to Install
If you use something Ubuntu or Debian based, no auto updates will happen. If I remember correctly, some RPM distros might have autoupdates on servers, but there should be a way to turn it off if you google it. Sent from my iPhone > On May 5, 2023, at 6:42 PM, John Iliffe wrote: > > I'm setting up a new server that will use Apache as a web application. > > What would be the best way to do it: Take the download that is available from > the distro repository or download and compile Apache separately? My concern > is > that if I use the offered version then it will be automatically updated from > time to time. That might cause the web site to crash if Apache makes any > significant changes at any time such as ones that change the configuration > commands. > > Any comments? > > Regards, > > John. > == > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Best way to Install
I'm setting up a new server that will use Apache as a web application. What would be the best way to do it: Take the download that is available from the distro repository or download and compile Apache separately? My concern is that if I use the offered version then it will be automatically updated from time to time. That might cause the web site to crash if Apache makes any significant changes at any time such as ones that change the configuration commands. Any comments? Regards, John. == - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Strange behavior with directives ProxyRemote and NoProxy
Hello, On Fri, May 5, 2023 at 9:22 AM Carsten Klein wrote: > > Important(?) side note: through DNS the server can only resolve > local/intranet names and addresses. The DNS refuses to resolve > external/Internet names and addresses. Unless NoProxy contains only domain names (e.g. ".mycompany.local") which can be compared verbatim, there will be a DNS resolution for the requested host. And if that DNS resolution fails, NoProxy does not apply (i.e. ProxyRemote is used). > > According to the docs, configuring ProxyRemote and NoProxy should be > quite simple: > > # All requests go through the company's proxy > ProxyRemote "*" "http://10.5.10.20:8080; > > # Direct requests to all intranet hosts > NoProxy ".mycompany.local" "10.0.0.0/8" So here if the requested host does not end in ".mycompany.local", it will be resolved and compared to the network address. Your configuration depends on DNS, more exactly it depends on DNS to work at least for local/intranet hosts (failures on remote ones shouldn't be an issue but looks fragile and not optimal. It's broken if the DNS does not fail but returns a 10/8 address for whatever reason though). I would try to only set: NoProxy ".mycompany.local" to exclude DNS from the game and see what happens for requests to this domain at least. If it works for those and you still need to also match "10.0.0.0/8" for requests using local IP addresses directly or other/unknown/unlistable local domain names, you probably should have a look at how hosts are resolved on the local DNS when requests are misdirected. Regards; Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Strange behavior with directives ProxyRemote and NoProxy
Hi there,
most combinations of directives ProxyRemote and NoProxy seem not to work
correctly in my setup. As I couldn't find anything meaningful on the
Internet, I'm asking this list.
My setup is as follows: (quite complex but typical)
Ubuntu Server 22.04 LTS
Apache httpd 2.4.52 (not the latest but didn't find a bug/fix in recent
change logs)
Apache httpd is (among other things) also used as a proxy for requests
to the Internet (to make some external sites appear being served from
our application's host to work around some XSS/CORS issues). This is
done with some simple RewriteRules, e.g.
RewriteRule "/proxy/external/foo/0815/" "https://foo.com/svc/0815/; [P]
The server is running in intranet 10.0.0.0. All requests to the Internet
have to go through the company's proxy server 10.5.10.20:8080.
Additionally, the httpd must also proxy a local/intranet service that is
running on host 10.5.20.100. Requests to this host MUST NOT go though
the company's proxy, which ONLY serves external/Internet sites.
Important(?) side note: through DNS the server can only resolve
local/intranet names and addresses. The DNS refuses to resolve
external/Internet names and addresses.
According to the docs, configuring ProxyRemote and NoProxy should be
quite simple:
# All requests go through the company's proxy
ProxyRemote "*" "http://10.5.10.20:8080;
# Direct requests to all intranet hosts
NoProxy ".mycompany.local" "10.0.0.0/8"
This configuration works for both Apache Tomcat as well as for e.g. curl
and wget (though http(s)_proxy and no_proxy environment variables).
However, this does not work with Apache httpd. It either doesn't use the
remote proxy at all or sends all requests to the remote proxy.
It seems like NoProxy doesn't work exactly as described in the docs.
If I add the local domain ".mycompany.local" and/or the whole local
subnet "10.0.0.0/8" to NoProxy, the remote proxy is actually never used.
Logs show that in this case Apache httpd tries to directly connect to
the external URL and gives up after a certain time and responds with a
503 Service Unavailable status.
Why is the remote proxy not used here? Is it, because the remote proxy
is located in the same domain and subnet 10.0.0.0/8?
The remote proxy isn't used when I set NoProxy to just "10.5.0.0/16".
One (weird) explanation is that the remote proxy is in the 10.5.0.0
subnet as well. However, typically, the decision of when to use the
remote proxy should not depend the remote proxy's address (but only of
the requested address).
When leaving NoProxy empty, the remote proxy is used and proxying
external services works properly.
There's still the intranet service on host 10.5.20.100 to be reverse
proxied as well. I must at least exclude requests to this host from
being sent to the remote proxy. Setting
NoProxy "10.5.20.0/24" (or "10.5.20", "10.5.20.0")
seems being ignored by httpd, so all requests, including those to
10.5.20.100, are still sent to the remote proxy.
Setting NoProxy to the IP address of the internal service
("10.5.20.100") or to it's hostname ("myintlservice.mycompany.local") is
also ignored. All requests still get forwarded to the remote proxy.
Even with LogLevel proxy:trace5 there are no lines logged that say
anything about the decision of using the configured remote proxy or not.
So, I was left to try and error (for several days).
The documentation is quite clear about NoProxy. However, from my point
of view the NoProxy feature seems not to work properly at all.
I'm I missing something? Since my C/C++ skills are just below
intermediate (and httpd source code is quite "compact"), I'm not able to
help myself by reading the sources or even to spot any bugs there (if any).
My current workaround is to use ProxyRemoteMatch with an expression that
does NOT match any intranet sites:
ProxyRemoteMatch "^https?://(?!(.*\.)?mycompany\.local\b)"
"http://10.5.20.1:8080;
This regular expression is quite "expensive" since it uses a negative
lookahead so, this solution is sub-optimal.
Carsten
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
