Re: [users@httpd] How do I choose the best settings for the Apache Server?

2023-09-14 Thread Stormy 

On 2023-09-14 16:01, Jason Long wrote:

Hello,
Thanks again.
How about the other parameters? For example, how can I estimate the best 
value for "MaxRequestsPerChild", "ThreadsPerChild" and etc.?


What is wrong with the default values? Why do you want to "estimate"? 
Have you tried different values? If so, what was the upside/downside of 
your trials? Logs? Stats?


You say somewhere below that your server "uses WordPress, so it also has 
PHP and MySQL."  Fine, these are services (memory and CPU cycles) 
outside the scope of Apache/httpd which just "serves" what it is given 
to "serve."


As an example, I have just rewritten a quite big (474 Gb) WP website in 
html5 with minimal php and js. Result: client output identical, Apache 
throughput just over 90% lower. YMMV


Good luck,
Paul



On Thu, Sep 14, 2023 at 10:27 PM, Frank Gingras
 wrote:
Just comment out the LoadModule line for prefork, and uncomment the
line for event.

There is no "template"; you just need to tweak event to spawn more
workers if needed, but the default settings should be fine for small
volumes.

The prefork mpm should really be avoided at this point, as it spawns
a separate process for every single HTTP request.

On Thu, Sep 14, 2023 at 2:47 PM Jason Long
 wrote:

Hello,
Thanks again.
So, I must remove the "mpm_prefork_module" section. Am I right?

Can you show me an Apache configuration template for use with
Wordpress?

When I must use "mpm_prefork_module"?


On Thu, Sep 14, 2023 at 4:24 PM, Frank Gingras
mailto:thu...@apache.org>> wrote:
500MB of RAM for the httpd processes, yes. The rest of the
RAM will go towards php and MySQL.

Since wordpress is involved, you'll want to use the event
mpm (nor prefork, nor event), proxy_fcgi and php-fpm. See:

https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM




On Thu, Sep 14, 2023 at 6:21 AM Jason Long
mailto:hack3r...@yahoo.com>> wrote:

Hello,
Thank you so much for your reply.
Can you tell me more about "It should run well under
500MB even with thousands of workers."? Do you mean 500
MB memory?

My server uses WordPress, so it also has PHP and MySQL.
What parameters should I change?

What is the formula for calculating "mpm_prefork_module"
and "mpm_worker_module"
parameters?



On Wed, Sep 13, 2023 at 5:00 PM, Francois Gingras
mailto:francois.ging...@gmail.com>> wrote:
You'll want to make sure you're using the event mpm,
in any case. It should run well under 500MB even
with thousands of workers.

If php or another dynamic language is involved, then
the answer will depend on what you use. You should
also consider if other services use RAM, such as a
rdbms.


On Wed, Sep 13, 2023 at 8:52 AM Jason Long
 wrote:

Hello,
My server has 6 GB RAM and 4 virtual CPUs. I
want to know How can I change the following
settings for better performance?


Timeout 45
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15


     StartServers                 3
     MinSpareServers         3
     MaxSpareServers        3
     ServerLimit                   50
     MaxClients                    50
     MaxRequestsPerChild  1000



     StartServers              3
     MaxClients                50
     MinSpareThreads     3
     MaxSpareThreads    3
     ThreadsPerChild       25
     MaxRequestsPerChild  1000



I'm thankful if anyone can guide me to choose
the above settings according to my server
hardware specifications. If you know of other
settings, please share.


Thank you.


-
To unsubscribe, e-mail:
users-unsubscr...@httpd.apache.org

Re: [users@httpd] Can apache2 reverse proxy forward HTTP/2 server push?

2023-08-07 Thread Stormy 

On 2023-08-07 10:23, chenpi...@foxmail.com wrote:
Thanks for your reply! My origin server is a Nodejs http/2 server. I 
confirm that the push stream is valid because everything works well 
without Apache reverse proxy. My orgin server's log says that the 
client(here should be Apache as it works well without Apache) disabled 
the push stream. And Apache doesn't have a log about push stream.


Please, stop "top-posting":
A: Maybe because some people are too annoyed by top-posting.

Q: Why do I not get an answer to my question(s)?

A: Because it messes up the order in which people normally read text.

Q: Why is top-posting such a bad thing?

However...

A server /= client ; over-simplistically, a client is a browswer, 
Apache2 is not a browser.  If your Apache2 server (reverse proxy or not) 
is set up fairly normally, it will log any request that fails at 
/var/log/apache2/error.log (or your config.) If your Nodejs log really 
states "the client *disabled* the push stream", it's probably because it 
was expecting to talk to a client, not a server.


This is looking more and more like a nodejs problem (have you tried 
<https://github.com/nodejs/node/issues>) not apache2, but again, "What 
do the logs on *both* servers say about it?"  Go back, do a test all 
over again, look in *both* logs for identically (+/- a few ms) timed log 
entries and post them in full here.


Somebody on this list will surely have the time, knowledge, experience 
and patience to help you.


Paul



Although maybe Apache never put this into production, thanks for your 
helpful guidance. I want to keep connected with the developers to catch 
the latest news about this http/2 feature, so could you  tell me how to 
contact them?


chenpi...@foxmail.com

*From:* Stormy <mailto:storm...@stormy.ca>
*Date:* 2023-08-07 21:39
*To:* users <mailto:users@httpd.apache.org>
*Subject:* Re: [users@httpd] Can apache2 reverse proxy forward
HTTP/2 server push?
On 2023-08-06 21:53, chenpi...@foxmail.com wrote:
 > Hi! I add h2c to my protocol configuration. It comes to
"Protocols h2
 > h2c http/1.1". Nevertheless, Apache still disabled my origin
server push
 > stream.
What is your "origin server"? Is the "push stream" validly formatted?
What do the logs on *both* servers say about it?
It seems that Apache never put this into production.
I'll leave that up to one of the developers -- this is the "user" list.
We stopped even considering it when Chrome announced quite openly that
they would not support it.
Paul
   PUSH
 > PROMISE STREAM is one of the most important characteristics of
http/2
 > defined in RFC. So, I wonder what is the reason behind. Maybe
there is
 > no std library to use? I would be quite grateful if you let me
know the
 > considerations
 >
 >
----
 > chenpi...@foxmail.com
 >
 > *From:* Stormy <mailto:storm...@stormy.ca>
 > *Date:* 2023-08-07 03:41
 > *To:* users <mailto:users@httpd.apache.org>
 > *Subject:* Re: [users@httpd] Can apache2 reverse proxy forward
 > HTTP/2 server push?
 > On 2023-08-06 05:36, chenpi...@foxmail.com wrote:
 >  > Hi! I'm using apache2 as a reverse proxy of my HTTP/2 origin
 > server. My origin server has some assets to push, however,
apache2
 > disabled the push stream (PUSH PROMISE STREAM) in the test. I
have
 > searched for reasons on RFC, it shows that "SETTINGS_ENABLE_PUSH
 > (0x2): This setting can be used to disable server push (Section
 > 8.2)". Therefore, I wonder how to set apache2 to enable the
origin
 > server push(not in a Link Header manner). Can apache2 handle PUSH
 > PROMISE FRAME or forward server push? It would help to give
me some
 > instructions, the core of my configuration of apache2 is below:
 >  > 
 >  > 
 >  > Protocols h2 http/1.1
 >  > ServerName www.xxx.com
 >  > SSLEngine on
 >  > SSLProxyEngine on
 >  > #SSLProxyVerify none
 >  > SSLProxyCheckPeerCN off
 >  > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
 >  > #SSLProxyCheckPeerName off
 >  > #SSLProxyCheckPeerExpire off
 >  > ProxyRequests Off
 >  > ProxyPass / h2://127.0.0.1:8443/
 >  > ProxyPassReverse /http://127.0.0.1:8443/ 
<http://127.0.0.1:8443/>

 >  > SSLCertificateFile /path/to/fullchai

Re: [users@httpd] Can apache2 reverse proxy forward HTTP/2 server push?

2023-08-07 Thread Stormy 

On 2023-08-06 21:53, chenpi...@foxmail.com wrote:
Hi! I add h2c to my protocol configuration. It comes to "Protocols h2 
h2c http/1.1". Nevertheless, Apache still disabled my origin server push 
stream. 


What is your "origin server"? Is the "push stream" validly formatted? 
What do the logs on *both* servers say about it?


It seems that Apache never put this into production.

I'll leave that up to one of the developers -- this is the "user" list. 
We stopped even considering it when Chrome announced quite openly that 
they would not support it.


Paul

 PUSH
PROMISE STREAM is one of the most important characteristics of http/2 
defined in RFC. So, I wonder what is the reason behind. Maybe there is 
no std library to use? I would be quite grateful if you let me know the 
considerations



chenpi...@foxmail.com

*From:* Stormy <mailto:storm...@stormy.ca>
*Date:* 2023-08-07 03:41
*To:* users <mailto:users@httpd.apache.org>
*Subject:* Re: [users@httpd] Can apache2 reverse proxy forward
HTTP/2 server push?
On 2023-08-06 05:36, chenpi...@foxmail.com wrote:
 > Hi! I'm using apache2 as a reverse proxy of my HTTP/2 origin
server. My origin server has some assets to push, however, apache2
disabled the push stream (PUSH PROMISE STREAM) in the test. I have
searched for reasons on RFC, it shows that "SETTINGS_ENABLE_PUSH
(0x2): This setting can be used to disable server push (Section
8.2)". Therefore, I wonder how to set apache2 to enable the origin
server push(not in a Link Header manner). Can apache2 handle PUSH
PROMISE FRAME or forward server push? It would help to give me some
instructions, the core of my configuration of apache2 is below:
 > 
 > 
 > Protocols h2 http/1.1
 > ServerName www.xxx.com
 > SSLEngine on
 > SSLProxyEngine on
 > #SSLProxyVerify none
 > SSLProxyCheckPeerCN off
 > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
 > #SSLProxyCheckPeerName off
 > #SSLProxyCheckPeerExpire off
 > ProxyRequests Off
 > ProxyPass / h2://127.0.0.1:8443/
 > ProxyPassReverse /http://127.0.0.1:8443/  <http://127.0.0.1:8443/>
 > SSLCertificateFile /path/to/fullchain.cer
 > SSLCertificateKeyFile /path/to/example.key
I could be wrong (we never put it into production), but I have a note
concerning the need for "protocol" h2c as well as h2, otherwise TCP is
not recognized.  We came to the conclusion (as did chrome who
dropped it
last year <https://chromestatus.com/feature/6302414934114304>) that
client cache and push were probably not compatible with latency, but
YMMV.
See:  Protocols h2 h2c http/1.1 at
<https://httpd.apache.org/docs/2.4/howto/http2.html>
Paul
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Can apache2 reverse proxy forward HTTP/2 server push?

2023-08-06 Thread Stormy 

On 2023-08-06 05:36, chenpi...@foxmail.com wrote:

Hi! I'm using apache2 as a reverse proxy of my HTTP/2 origin server. My origin server has 
some assets to push, however, apache2 disabled the push stream (PUSH PROMISE STREAM) in 
the test. I have searched for reasons on RFC, it shows that "SETTINGS_ENABLE_PUSH 
(0x2): This setting can be used to disable server push (Section 8.2)". Therefore, I 
wonder how to set apache2 to enable the origin server push(not in a Link Header manner). 
Can apache2 handle PUSH PROMISE FRAME or forward server push? It would help to give me 
some instructions, the core of my configuration of apache2 is below:


Protocols h2 http/1.1
ServerName www.xxx.com
SSLEngine on
SSLProxyEngine on
#SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
ProxyRequests Off
ProxyPass / h2://127.0.0.1:8443/
ProxyPassReverse /http://127.0.0.1:8443/  
SSLCertificateFile /path/to/fullchain.cer
SSLCertificateKeyFile /path/to/example.key


I could be wrong (we never put it into production), but I have a note 
concerning the need for "protocol" h2c as well as h2, otherwise TCP is 
not recognized.  We came to the conclusion (as did chrome who dropped it 
last year ) that 
client cache and push were probably not compatible with latency, but YMMV.


See:  Protocols h2 h2c http/1.1 at 



Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Installing Apache httpd 2.4.57 on Red Hat Enterprise Linux release 8.7 (Ootpa).

2023-07-19 Thread Stormy 

On 2023-07-19 12:23, Kaushal Shriyan wrote:

Hi,

I am running Red Hat Enterprise Linux release 8.7 (Ootpa). I am following
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/setting-apache-http-server_deploying-different-types-of-servers
 


I have installed epel repo but i was unable to install apache httpd 
2.4.57 version.

Please guide me. Thanks in advance.


[Disclaimer: I only have one server running RHEL8]  The RHEL page you 
cite is clear about Apache versions supported, and is at 2.4.37. not 
2.4.57 that you say you are trying to install (and I can assure you that 
2.4.37 installs without problems.) Secondly, EPEL is a Fedora 
responsibility, not RH who are clear: "EPEL is *not* an official part of 
the RHEL subscription or an official offering..." so I'm not sure what 
you were trying to achieve.


HOWEVER, to try and be helpful, what and how *exactly* did you try for 
apache2, and what *exactly* do the error logs say?


Paul

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4 and php

2022-07-07 Thread Stormy-SDLU 

On 2022-07-06 21:34, Frank Gingras wrote:

Paul,

httpd does not call php includes, period. This is processed by php alone.


Frank, thanks, perhaps my poor choice of words. I had this in mind:

paul@sandbox:/etc/apache2/mods-enabled$ cat php7.4.load
# Conflicts: php5
# Depends: mpm_prefork
LoadModule php7_module /usr/lib/apache2/modules/libphp7.4.so

and see this as the "start" of processing the included text files:

paul@sandbox:/www/testsolr$ cat index.html

Test Solr

//

So, apologies for "call", but do you or others have a suggestion as to 
why this works on one box, and not on a mirror image?


Many thanks -- Paul



On Wed, 6 Jul 2022 at 18:31, Paul  wrote:


On 2022-07-06 08:27, Frank Gingras wrote:

First off, I would suggest not using prefork and mod_php, unless traffic

is

minimal and performance is not a concern. Nowadays, the scalable solution
is to use php-fpm, and use a threaded mpm like event.


Many thanks. Point well taken, on my "to do" list for a long time. My
only excuse: the production server is very stable, rarely even
approaches 10^6 hits a day, and whispers along quite nicely on 32 (64t)
cores - uptime currently at 326 days.  What I need to do is to use the
sandbox (subject of this thread) to delve into Apache Solr.  I am just
astounded that a mirror copy is failing abjectly.


Secondly, for your issue, you will need to look into the php logs as php

is

generating the response.


There is absolutely nothing in the php logs -- I get the impression that
the Apache back end is just not calling the php includes. The site
itself was rsynced from production, everything else looks "forensically"
identical.  Maybe I'll just rebuild it again from scratch, as I may have
made some sort of mistake somewhere, the order of installing the various
elements, whatever...

Again thanks -- Paul


On Tue, 5 Jul 2022 at 16:24, Paul  wrote:



I'm going nowhere for what must be a small glitch.  Ubuntu server
20.04LTS, Apache/2.4.41 (Ubuntu) using mpm_prefork behind Nginx proxy
server.

We use php 7.4 for many thousands of static pages that use e.g.  giving us "  , css, js, etc" sent to clients. Always reliable,
production and backup machines delivering perfectly for many years.

Just built a sandbox (to start looking at Apache Solr) as an exact
replica of our production servers (but without letsencrypt), exact down
to every file, version, release, permission, owner, dot and comma as far
as I can see after hours of searching around.

The sandbox is delivering "raw text" ,
not the content of the included file. Log files give no clue -- apache
just "200" responses for the  text and images, but obviously not
the css, js, layout -- syslog, auth, nginx and php exactly the same as
on the production servers.

Suggestions, pointers, ideas would be warmly welcomed -- and save what's
left of my sanity ;=}

Many thanks,
Paul

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is a home directory for the httpd user safe?

2022-02-27 Thread Stormy 

On 2022-02-27 10:31 a.m., Tom Browder wrote:

On Sun, Feb 27, 2022 at 09:11 Jeroen Verhoeckx
 wrote:


Why do you need a predefined user with a writeable home directory?



Because that user executes the server loop behind the reverse proxy. The
program running that server uses the Raku programming language which needs
some default settings to execute.  I may be able to handle some of that in
the governing systemd service file, but this way seems easier.


Please be more specific. "the server loop" behind "the reverse proxy" is 
totally meaningless without context.


Please do not blame your problems on "Raku" -- a quick look shows it to 
be a derivative of c or c++.  I started in FORTRAN in 1957, cobol in 
1960, and have never, ever, blamed coding for any failure -- crap in, 
crap out -- YMMV.


Paul

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Dynamic authentication rules

2022-02-11 Thread stormy 

On 2022-02-11 2:52 p.m., Marc SCHAEFER wrote:

Hello,

In general, I would handle that kind of authentification tricks in a
perl script, however in this case I would need to protect a script
directly in Apache.

What presumably would work:


AuthType Basic
AuthName "Login Required for testing"
AuthUserFile /shared/testing/htpasswd
Require valid-user



Maybe I'm missing something that you refer to as "tricks" and 
"presumably"?  Proof of concept?  Context?


To "protect a script" is normally at system level.  Why do you "need" to 
do this "directly in Apache"?  Users?  Permissions?  It doesn't really 
matter whether you write in perl or my favourites fortran and cobol.


Best -- Paul
Tired old sys-admin.



What I would like to do:


AuthType Basic
AuthName "Login Required for $1"
AuthUserFile /shared/$1/htpasswd
Require valid-user


Is there a way to do something dynamic like this ?

Thank you for any pointer.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache Reverse Proxy for more than one website.

2021-03-16 Thread Stormy 

On 2021-03-16 5:43 p.m., Jason Long wrote:

I used Name-based Virtual Host too:


Dear moderators,

I have been subscribed to this list since 2010-10-16, 6:34 p.m. and have 
always enjoyed collegial conversations and learned a lot.  The person 
promoting this thread, whose email address contains the phrase 'hack3r' 
appears to be more interested in creating noise than learning.  My 
opinion is mine alone and does not engage the responsibility of anyone 
except myself, but I am asking if one of you would be kind enough to 
diplomatically and respectfully reduce the noise level.


Many thanks, best regards, and please stay safe,

Paul
Tired old sys-admin.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache Reverse Proxy for more than one website.

2021-03-16 Thread Stormy 

On 2021-03-16 4:23 p.m., Jason Long wrote:

Thanks.
Thus, I can one .conf file under the "/etc/httpd/conf.d/" directory with some 
servers. For example,

[snip]

Maybe semantic, maybe not absolute, maybe you've already read or been 
told, but using .d locations for user/programatic orientated files is 
not pure linux and might turn around and bite you.


YMMV

Paul

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Compiling Apache 2.4 on Fedora 32

2020-10-22 Thread Stormy 

On 2020-10-22 4:25 p.m., Wolfeman wrote:

cannot find -lz


I'm not a Fedora expert, but have you got zlib1g-dev installed?

Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] "Work from home" access

2020-03-19 Thread Stormy 

On 2020-03-19 5:15 p.m., Jim Albert wrote:

On 3/19/2020 4:50 PM, Stormy wrote:

Jim -- tnx -- see below

On 2020-03-19 4:05 p.m., Jim Albert wrote:

On 3/19/2020 3:48 PM, Stormy wrote:

I have, on Apache 2.4.7:
https://mysite.com/ which runs a Perl/Mysql based application perfectly
and a parallel "staff only" accessed (now) only on our LAN to edit 
the above public application.


I need to add "outside" access for staff working from home, so that 
I would end up with e.g.


https://mysite.com/  [working exactly as before]
and
https://mysite.com/foo  [for the "staff_only", fully working on LAN]

I have tried variations of:   Redirect permanent "/foo/" 
"http://mysite.com/staff_only/; -- but end up with 404 every time.


Is there an elegant solution for this?

Many thanks -- Paul


You need to explain in more detail what you are trying to do.
Is mysite.com referencing the same server whether accessed publicly 
or privately?
Yes -- its a standalone LAMP server with a very large Mysql db with 
public access for output, and a staff interface to edit the data. It 
is behind an Nginx front end server to four others and which takes 
care of Letsencrypt, firewall etc.


Are you trying to use split-DNS to reference public vs private 
servers so you can use the same domain name to access a private 
server across a VPN? 


Split-DNS, if I understand the term is already in place on the LAN, 
the app is on 192.168.1.50 and the editing is on 192.168.1.50, but 
Bell only give us a single static public IP. (I'm not certain that 
this meets the definition of VPN)


If staff-only is confidential and on the same server as public 
mysite.com you still have some significant risks which can be 
mitigated with apache access controls (.htaccess for example)... but 
still not a very good idea.


If none of above is relevant to what you want to do then your 
redirect is to an http resource where you reference https everywhere 
else... is that your problem?


All the public interfaces are https (I tried that in the "Redirect" 
and get 404)


If still none of my discussion is relevant then what is the purpose 
of https://mysite.com/foo redirecting to staff_only... why not just 
use a URL directly to staff_only?


I maybe oversimplified: the site is in fact 
https://database.mysite.com which goes direct to the public app. I was 
looking to add /foo (even /gobble-de-gook-foo) for hopefully temporary 
"staff at home" access.


If working from home is completely new to your company (and I imagine 
there's a lot of that with current health concerns) and security is a 
concern then opening up private resources on a public server is not a 
good idea and you should look into some secure remote access 
solutions to access private servers across a vpn.


The staff resources are of course pw protected. A vpn might make 
sense, but I have no experience (virt-manager, Gnome-boxes whatever 
would put me into a brand new learning curve :={ )


I was just hoping for a simple Apache redirect that can be put in 
place quickly as a temporary work-around and removed just as quickly.


Thanks -- paul


OK... I've presented the caveats of serving private resources on a 
public server... if, in fact, that's what you are trying to do and if so 
please consider how you are protecting those private resources from the 
public.
I take it your employees need to work from home and instead of accessing 
via private 192.168... IP as they would on your LAN, you'll be accessing 
via public IP?


Just going back to what you want to do outside of the topic of security, 
give us the Redirect configuration again (did you really make an http vs 
https mistake in your original post?)


What is the context of the Redirect?... .htaccess, config file, etc...


Jim thanks -- here's the relevant parts of the .conf:

paul@-:/etc/apache2/sites-available$ cat database_public.conf
# Database public access Configuration Directives
# This file invoked by nginx
Listen 8088
## database
  
   ServerName database.mysite.com
   ServerAlias database_public

## Trial 18 March 2020
#   Redirect "/gobble-de-gook-foo/" "192.168.1.151"
#   Redirect "/gobble-de-gook-foo/" "db_staff"
#   Redirect permanent "/gobble-de-gook-foo/" 
"http://database.mysite.com/db_staff/;
   Redirect permanent "/gobble-de-gook-foo/" 
"https://database.mysite.com/db_staff/;


   ServerAdmin  webmas...@mysite.com
   DocumentRoot /usr/share/database_public/htdocs
  
 Options -Indexes
  
# Secure internal stuff
   "//usr/share/database_public/htdocs/.*/(modules|xslt|includes)">

  Require all denied
   
etc..


As Richard asks, please present relevant apache error logs rather than 
what you are simply seeing in your browser.


Pls see previous reply.

Many thanks -- Paul

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] "Work from home" access

2020-03-19 Thread Stormy 

Jim -- tnx -- see below

On 2020-03-19 4:05 p.m., Jim Albert wrote:

On 3/19/2020 3:48 PM, Stormy wrote:

I have, on Apache 2.4.7:
https://mysite.com/ which runs a Perl/Mysql based application perfectly
and a parallel "staff only" accessed (now) only on our LAN to edit the 
above public application.


I need to add "outside" access for staff working from home, so that I 
would end up with e.g.


https://mysite.com/  [working exactly as before]
and
https://mysite.com/foo  [for the "staff_only", fully working on LAN]

I have tried variations of:   Redirect permanent "/foo/" 
"http://mysite.com/staff_only/; -- but end up with 404 every time.


Is there an elegant solution for this?

Many thanks -- Paul


You need to explain in more detail what you are trying to do.
Is mysite.com referencing the same server whether accessed publicly or 
privately?
Yes -- its a standalone LAMP server with a very large Mysql db with 
public access for output, and a staff interface to edit the data. It is 
behind an Nginx front end server to four others and which takes care of 
Letsencrypt, firewall etc.


Are you trying to use split-DNS to reference public vs private servers 
so you can use the same domain name to access a private server across a 
VPN?  


Split-DNS, if I understand the term is already in place on the LAN, the 
app is on 192.168.1.50 and the editing is on 192.168.1.50, but Bell only 
give us a single static public IP. (I'm not certain that this meets the 
definition of VPN)


If staff-only is confidential and on the same server as public 
mysite.com you still have some significant risks which can be mitigated 
with apache access controls (.htaccess for example)... but still not a 
very good idea.


If none of above is relevant to what you want to do then your redirect 
is to an http resource where you reference https everywhere else... is 
that your problem?


All the public interfaces are https (I tried that in the "Redirect" and 
get 404)


If still none of my discussion is relevant then what is the purpose of 
https://mysite.com/foo redirecting to staff_only... why not just use a 
URL directly to staff_only?


I maybe oversimplified: the site is in fact https://database.mysite.com 
which goes direct to the public app. I was looking to add /foo (even 
/gobble-de-gook-foo) for hopefully temporary "staff at home" access.


If working from home is completely new to your company (and I imagine 
there's a lot of that with current health concerns) and security is a 
concern then opening up private resources on a public server is not a 
good idea and you should look into some secure remote access solutions 
to access private servers across a vpn.


The staff resources are of course pw protected. A vpn might make sense, 
but I have no experience (virt-manager, Gnome-boxes whatever would put 
me into a brand new learning curve :={ )


I was just hoping for a simple Apache redirect that can be put in place 
quickly as a temporary work-around and removed just as quickly.


Thanks -- paul


Jim Albert



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] "Work from home" access

2020-03-19 Thread Stormy 

I have, on Apache 2.4.7:
https://mysite.com/ which runs a Perl/Mysql based application perfectly
and a parallel "staff only" accessed (now) only on our LAN to edit the 
above public application.


I need to add "outside" access for staff working from home, so that I 
would end up with e.g.


https://mysite.com/  [working exactly as before]
and
https://mysite.com/foo  [for the "staff_only", fully working on LAN]

I have tried variations of:   Redirect permanent "/foo/" 
"http://mysite.com/staff_only/; -- but end up with 404 every time.


Is there an elegant solution for this?

Many thanks -- Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Problem setting up ssl

2018-08-21 Thread Stormy 

On 2018-08-20 01:38 PM, Mahmood Naderan wrote:
[snip]

Now, when I open https://w.x.y.z in firefox, I get
Your connection is not secure
The owner of 5.57.36.104 has configured their website improperly. To 
protect your information from being stolen, Firefox has not connected to 
this website. > So, I have to click on advanced and then "add exception".

Is that related to apache configuration?


Apache? No -- it's related to what Firefox says on that page:

5.57.36.104 uses an invalid security certificate. The certificate 
is not trusted because it was signed using a signature algorithm that 
was disabled because that algorithm is not secure. The certificate is 
only valid for the following names: *.scu.ac.ir, scu.ac.ir 


and even then *it's_not_valid* -- a little further digging comes up with:

scu.ac.ir uses an invalid security certificate.
The certificate is only valid for *.scu.ac.ir
The certificate expired on 2017-01-18 04:22 AM. The current time is 
2018-08-21 10:38 AM.


which suggests to me that your certificate (or the one you are 
attempting to use) expired some twenty months ago...


Paul

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] How to start perl script using FCGID module

2018-08-09 Thread Stormy 

On 2018-08-09 12:51 PM, Ananya Dey wrote:

Thanks for the response Yehuda Katz :)
Also, to run python scripts we need to use the WSGI module. So how do we 
implement that with mod_fcgid?


You don't need any *cgi* -- just a2enmod wsgi.conf, works like a dream :=}

Paul




Regards
Ananya

On Thu, Aug 9, 2018 at 6:50 PM, Yehuda Katz > wrote:


The difference between FastCGI and regular CGI is that regular CGI
runs the program directly and FastCGI is expected to run
continuously and handle requests. If you want to use FastCGI in
Perl, you might want to start with a library like PSGI or a
framework like Catalyst.

- Y

Sent from a device with a very small keyboard and hyperactive
autocorrect.

On Thu, Aug 9, 2018, 8:10 AM Ananya Dey mailto:ananyadey...@gmail.com>> wrote:

Hi,

I am trying to run a perl script using fcgid module.
I have loaded mod_fcgid module.

I have created a directory in apache called fcgi-bin and added
the below snippet to my httpd.conf file.

AddHandler fcgid-script .pl
AllowOverride All
Options +Indexes +FollowSymLinks +ExecCGI
Require all granted


And have also added -
ScriptAlias /fcgi-bin/
'/home/ananya/apache-http-connector/apache-2.4.29/fcgi-bin/'

My perl program is a simple hello world programme as follows-

#!/usr/bin/perl
print("Content-Type: text/plain\n\n");
print "Hello world";

But the problem that I am facing is that the 'Hello World'
output is getting printed in my Apache error logs and not in the
browser as a perl script. Can someone please help me out with this?

Thanks
Ananya


On Aug 9, 2018 8:10 AM, "Ananya Dey" mailto:ananyadey...@gmail.com>> wrote:

Hi,

I am trying to run a perl script using fcgid module.
I have loaded mod_fcgid module.

I have created a directory in apache called fcgi-bin and added
the below snippet to my httpd.conf file.

AddHandler fcgid-script .pl
AllowOverride All
Options +Indexes +FollowSymLinks +ExecCGI
Require all granted


And have also added -
ScriptAlias /fcgi-bin/
'/home/ananya/apache-http-connector/apache-2.4.29/fcgi-bin/'

My perl program is a simple hello world programme as follows-

#!/usr/bin/perl
print("Content-Type: text/plain\n\n");
print "Hello world";

But the problem that I am facing is that the 'Hello World'
output is getting printed in my Apache error logs and not in the
browser as a perl script. Can someone please help me out with this?

Thanks
Ananya






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] mod_wsgi in Apache 2.4

2018-06-01 Thread Stormy 
To support Python code, it appears that mod_wsgi is necessary? | 
desirable. It appears to function correctly within Apache 2.4, but I 
cannot find it in the *Apache* documentation 
 (the developer's documentation 
is easily available.)


Does anyone have any experience, thoughts, caveats, recommendations?

Thanks -- Paul

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] In directory pages, how to show file dates in a specific timezone?

2018-05-17 Thread Stormy 

On 2018-05-17 12:30 PM, Dedeco Balaco wrote:
[snip]

How to make Apache file listing pages be shown in the correct timezone,
or a specific one (possibly using a "SetEnv TZ" line in .htaccess ?
p.s.:
There is a small error in the users list page (
https://httpd.apache.org/userslist.html ). 
The verb in the note sentence is wrong.


s/ send|sent ??? I've just looked at your reference, the page is 
perfect. I might suggest that if you want help, don't insult the 
volunteers who *can* help.


As to your question, "timezones" is rather vague. Depending upon your 
hardware and your o/s, you may have BIOS time, o/s time and various 
pieces of coding that consciously (or not) use one, the other or a 
possibly incorrect interpretation of either one.


Paul

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: pf 2017

2017-01-01 Thread Stormy 

At 04:25 PM 1/1/2017 +, Good Guy wrote:

On 01/01/2017 00:51, Spork Schivago wrote:

I don't understand why I'm receiving this e-mail. Is this spam?
Thanks.


Of course it is.  Some people celebrate new year by spamming people.
They seem to enjoy this.


I would add that the owners/moderators of this list do a remarkable job of 
keeping spam at a near zero percentage of postings.



Anyway, Have a very happy and prosperous 2017.


And from the frozen North, my wishes for 2017 to all...

Paul 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] ** MOD_RELEASE ** Apache2.x (mod_fence) Flood/DOS/DDOS Protection + stuck detection

2016-12-05 Thread Stormy 

At 04:26 PM 12/5/2016 +0100, DaVieS wrote:

Hi Everyone!

As a FullStack I had a very long headache with Apache, especially with 
crappy and slowly pages, that the PHP stucks (FLOCK() && Session) the 
processes over-time until the webserver become unavailable meanwhile 
unfortunately slow pages (1-4 secs) will able to kill the whole webserver 
with hammering F5 or with external help (with mod_evasive On and/or nginx 
rate limiting).


On 3 November I posted a question about mod_evasive and here's another one. 
Could someone involved with Apache "background" please advise (on- or 
off-list) if such mods, distributed under the Apache license, have gone 
through any form of QA?


tnx -- paul


In the case described before we made a module that only mitigate requests 
when unfinished jobs remaining in apache and its stopped my headache as 
well and it is available for public,

"Licensed under the Apache License, Version 2.0".


(Links below does not contains any advertising)

If you are interesting how is it works please visit: 
https://web-flood-test.npulse.net/
If you are interested for source: 
https://devel.npulse.net/npulse-public/mod_fence
If you are interested for our article about the problem: 
https://npulse.net/en/apache-php-stuck-session-bug-mod_fence-protection-dos-ddos-protection


Feel free to test / use / share and also pull requests are welcome.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Configuration Problem - VHosts on Apache 2.2

2016-09-27 Thread Stormy 

At 04:08 PM 9/26/2016 -0700, Milt Spain wrote:
[snip]
When the DNS is pointed at the IP address of my new server that doesn’t 
happen. You get the index page but when the CGI TEST PAGE link is clicked 
you get an error –‘Systems cannot find the specified file’.


I am not a Win expert, but "file not found" is fairly explicit -- Apache 
can't find the file.


That might be in some part of the Apache config, but could very well be in 
more general, or user specific terms, envars (environment variables) that 
renew on reboot or may be able to be applied after a manual edit.


The question, that only you can answer, is why there is a missing path to 
the file that you expect Apache to find? The fact that a previous install 
finds the file might give you some clues if you "follow the trail."


Best -- Paul

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

2016-09-23 Thread Stormy 

At 12:18 AM 9/24/2016 +0530, Rashmi Srinivasan wrote:

Hi,

This is the output of ulimit -aÂ

[snip]

max user processes              (-u) 1024


Pure guesswork, but this looks low -- on a 32bit system, try 2^15; on 
64bits, 2^16 ... or more ...


P.


virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Thanks,

On Fri, Sep 23, 2016 at 8:25 PM, Rubén Toribio Aldeguer 
 wrote:

I think your problem is not Apache, but your OS.
I think Apache 2.2 and 4.4 uses diferent mpm mode (my memory is poor).
I think you OS is limiting the number of Opens Files that can Manage. 
(safety reasons)

Please, can you print you ulimit output, as I advise on a previous mail?

Thanks.

2016-09-23 11:55 GMT+02:00 Rashmi Srinivasan :
Hi,
Do you feel this is the issue with some configuration or would this be an 
issue with apache itself.

Has anybody encountered a performance issue of this kind.
Please comment

Thanks,
RS

On Fri, Sep 23, 2016 at 1:43 PM, Rashmi Srinivasan 
 wrote:

Is there a minimum requirement for apache 2.4 to run these tests?
I have tried on different machines with different configurations with the 
same outcome.

Please advise.

Thanks,
RS

On Fri, Sep 23, 2016 at 1:14 AM, Rashmi Srinivasan 
 wrote:

Hi,
Thanks for checking this,

I wanted to check the below:'
        Stress testing of apache 2.2 works very well with the default 
mpm worker onfiguration
        However, apache 2.4 doesnt work at all with the default 
configuration, gives the error:

         2000 concurrent requests
      Benchmarking x.x.x.x (be patient)
      socket: Too many open files (24)

After changing the configuration, as described in the previous email, it 
starts processing them:

Lots of timeouts are occurring.
Error in the error_lo is:
                           "AH00046: child process still did 
not exit, sending a SIGKILL"
                           (2)No such file or directory: 
[client x.x.x.c] AH01256: connect #7 to cgi daemon failed, sleeping before 
retry
                            11)Resource temporarily 
unavailable: AH01252: couldn't create child process: 11:

I also noticed that the CPU utilzation reached 99.9%
Which is when apache terminates

What changes are to be done in this case.
Please advise

Thanks,
RS
Â

On Thu, Sep 22, 2016 at 9:54 PM, Yann Ylavic  wrote:
On Thu, Sep 22, 2016 at 5:20 PM, Rashmi Srinivasan
 wrote:
>
> Access log has the following status:
>Â  [22/Sep/2016:20:17:21 +0530] "GET /cgi-bin/script.cgi HTTP/1.0" 200 16

What's in the *error* log (path from the ErrorLog directive)?
What about resources (CPU, load average, ...) on the httpd machine
during the stress?

Regards,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org







--

Rubén Toribio Aldeguer
Técnico Sistemas DataCenter
Informática Área Sistemas
(+34) 971743030
www.riu.com / www.riuplaza.com

                    Â
Â

This e-mail and its attachments, if any, are confidential and may be 
legally privileged. If you have received it in error, you are on notice of 
this status. Please do not copy or use it for any other purpose or 
disclose its contents to any other person: to do so could be a breach of 
confidence. You may contact us at +34 971 74 30 30 or at sender's e-mail 
address.

 Please, consider the environment before printing this email.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Change user for Apache web server to a non-privileged user?

2016-09-19 Thread Stormy 

At 03:19 PM 9/19/2016 -0400, Rich Bowen wrote:

On 09/19/2016 03:16 PM, Rich Bowen wrote:
> You are *probably* encountering selinux permission problems.
>
Or, as this appears to be a Debian/Ubuntu machine, AppArmor.


If this is the case, mpm-itk *might* be a possibility. I tried it, for 
something vaguely similar, and was not impressed, but mileage might vary.


Best -- Paul



> No doubt, if you investigate that line, you'll find lots of people
> telling you to disable selinux, or set it to permissive. These people
> are evil, and should be ignored. Instead, you need to learn how to
> correctly give permission to the web content to your Apache user
> account. You're looking for the chcon command line utility.
>
> See http://serverfault.com/questions/396036/apache-httpd-permissions for
> a possible starting place.
--
Rich Bowen - rbo...@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Unexpected shutdown

2016-07-03 Thread Stormy 

At 05:49 PM 7/2/2016 -0700, Kurtis Rader wrote:

On Sat, Jul 2, 2016 at 5:26 PM, Stormy <storm...@stormy.ca> wrote:
Apache/2.4.7 (Ubuntu 14.04LTS) Server built: Mar 10 2015 13:05:59; Intel 
8-core 64-bit, 16 Gigs RAM.


Perfect for 479 days.

Crashed today (Saturday afternoon, no particular activity that I can 
find.) Tried to restart # service apache2 reload, nothing... Error log 
(nothing closely relevant before this):


[Sat Jul 02 18:24:41.754237 2016] [mpm_prefork:notice] [pid 1673] AH00171: 
Graceful restart requested, doing restart
(98)Address already in use: AH00072: make_sock: could not bind to address 
192.168.0.33:80
[Sat Jul 02 18:24:41.809755 2016] [mpm_prefork:alert] [pid 1673] no 
listening sockets available, shutting down
[Sat Jul 02 18:24:41.809758 2016] [:emerg] [pid 1673] AH00019: Unable to 
open logs, exiting


Rebooted (hate that) -- *seems* to be OK; hardware seems OK (LAN eth cards 
listening 192.168.0.30, 31, 32, 33.) Nothing else in logs -- access shows 
average use.



We'll never know now.


Thank you (and Curtis, see below.) Most probably agree, but I'm still 
looking...


If this happens again you'll need to employ tools like "sudo netstat -anp" 
to find the process that has bound to port 80.


In fact, it was by running "# netstat -natp" that I found one eth card was 
down (and the rather problematic Ubuntu ifup|down didn't work, that's why I 
ended up "# shutdown -r".) The three other cards were OK, but the "normal" 
"tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1682/apache2" was missing.


I'm still trying to understand "[mpm_prefork:notice] ... AH00171: Graceful 
restart requested, doing restart" -- nobody was in the $workplace, only I 
have ssh, so who/what "requested"?  If it was a hardware failure (not 
obvious even for a single card), does Apache automagically try a graceful 
restart? -- even if three cards still showed "tcp 0 0 192.168.0.30|31|32:53 
0.0.0.0:* LISTEN 1412/named"? -- and what's the "(98)Address already in use"?


And At 09:00 PM 7/2/2016 -0400, Curtis Maurand wrote:
It didn't fully go away. Some process was still there. Was it running fast 
cgi or php-fm? Those processes moght still have been running.


No -- cgid was "enabled" (not fcgid), and nothing "php" (I'm a tad 
paranoid, and we only use Perl) ... [access_compat, alias, auth_basic, 
authn_core, authn_file, authz_core, authz_host, authz_user, autoindex, 
cgid, deflate, dir, env, filter, include, mime, mpm_prefork, negotiation, 
proxy, reqtimeout, rewrite, setenvif]


tnx and br -- Paul

[users@httpd] Unexpected shutdown

2016-07-02 Thread Stormy 
Apache/2.4.7 (Ubuntu 14.04LTS) Server built: Mar 10 2015 13:05:59; Intel 
8-core 64-bit, 16 Gigs RAM.


Perfect for 479 days.

Crashed today (Saturday afternoon, no particular activity that I can find.) 
Tried to restart # service apache2 reload, nothing... Error log (nothing 
closely relevant before this):


[Sat Jul 02 18:24:41.754237 2016] [mpm_prefork:notice] [pid 1673] AH00171: 
Graceful restart requested, doing restart
(98)Address already in use: AH00072: make_sock: could not bind to address 
192.168.0.33:80
[Sat Jul 02 18:24:41.809755 2016] [mpm_prefork:alert] [pid 1673] no 
listening sockets available, shutting down
[Sat Jul 02 18:24:41.809758 2016] [:emerg] [pid 1673] AH00019: Unable to 
open logs, exiting


Rebooted (hate that) -- *seems* to be OK; hardware seems OK (LAN eth cards 
listening 192.168.0.30, 31, 32, 33.) Nothing else in logs -- access shows 
average use.


Thoughts anyone?

tnx -- paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] root perms / rewritemap prg / module system()

2016-06-24 Thread Stormy 

At 03:53 PM 6/24/2016 +0200, Ben RUBSON wrote:

On 2016-06-08 at 14:24, Nick Kew wrote :
> On Wed, 2016-06-08 at 08:01 -0400, Eric Covener wrote:
>> On Sat, Apr 16, 2016 at 6:00 PM, Ben RUBSON  wrote:
>>> Then my question is, could it be possible ?
>>
>> You would need your own daemon launched during an early hook (like
>> post_config).  You wouldn't be able to respond [directly] to requests,
>> you'd need to reach out over something like a pipe the way rewritemap
>> does.
>>
> A hacked suexec would be a per-request option.  Or using
> solaris and mod_privileges might just possibly help with
> more fine-grained escalation.

Nick, thank you very much for your answer, and sorry for my late reply.

I red suexec source code, it gave me some ideas :
I could write my own setuid-ed program which would :
- setuid()
- only perform the needed tasks under 
- exit
This program could be then called from any other custom module etc...


Maybe esoteric, possibly off-topic for this precise thread, but would 
mod-itk be potentially useful? I looked into it a few years back, it 
*seemed* to do what was promised, but also carried a fairly major cpu-cycle 
overhead. I didn't have time to try and refine implementation and never put 
it into production...


Best -- Paul 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] ProxyPassMatch and space in path to a file socket

2016-03-30 Thread Stormy 

At 04:02 PM 3/30/2016 +0200, Ghislain wrote:

hi,

 I have ProxyPassMatch redirecting to a file socket to a php FPM process. 
The issue i have is that the ProxyPassMatch support sockets but it send 
the URL with encoding.


  Therefor "my list.php" is sent as "my%20list.php" then making it a 404 
not found.


Too long to rehash old stories of "don't use spaces in *nix file names" -- 
you can, with caveats, but probably shouldn't, particularly if you want to 
save your sanity ;=}


Try renaming "my list.php" to mylist.php or my_list.php.

Best -- Paul



  I use

ProxyPassMatch ^/(.*\.php(/.*)?)$ 
"unix:/home/site1/logs/php-fpm-1151.sock|fcgi://localhost/home/site1/logs/public_html" 
timeout=900


  I tried to modify things but was not able to find a solution to this. 
Is there a secret option to make it send the path unencoded ?



regards,
Ghislain.

ps: no, i would not use a network socket i don't want anybody on the 
localhost to be able to launch php code on it ;)


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Need Help with SSL Certificate Installation

2016-02-22 Thread Stormy 

At 12:28 AM 2/22/2016 -0700, ch...@adamstelecom.com wrote:

To whomever may be able to help,

I am fairly new to Apache. I have begun developing a CRM software for my 
company, and chose Linux as my platform. I have been running Apache for 
several months, in its basic form, while developing. I went online tonight 
and bought an SSL certificate from GoDaddy, and went to install it. It 
seems pretty straight forward, and I have plenty of experience with IIS 
and SSL. However, I can not seem to get it to work. I have added my files 
to /etc/pki/tls/certs/ folder, and my key to the /etc/pki/tls/private 
folder. I have opened firewalld port for https. But I continue to get an 
error in Chrome of "ERR_SSL_PROTOCOL_ERROR". So I am not sure what is 
going on...


FWIW using Firefox 38.3 ESR, your login page works on port 80; forcing 
https results in: "Secure Connection Failed An error occurred during a 
connection to tracss.adamstelecom.com. SSL received a record that exceeded 
the maximum permissible length. (Error code: ssl_error_rx_record_too_long)"


Googling that error finds a multitude of suggestions

Best -- Paul


Below is my ssl.conf file: [snip]



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] How to build Apache with FIPS mode capable?

2016-02-10 Thread Stormy 

[Apologies for top-posting, and I've never used FIPS...]

Ubuntu 12.04 uses apache 2.2; the "out of the box" ssl.conf has the lines:

# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2

and [if I'm reading www.openssl.org correctly] FIPS is "v2"...

Best -- Paul


At 08:24 AM 2/10/2016 -0800, cloud force wrote:

Hi Chris,

Please see my comments below.

Thanks,
Rich

On Wed, Feb 10, 2016 at 7:20 AM, Christopher Schultz 
<ch...@christopherschultz.net> wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rich,
On 2/9/16 6:21 PM, cloud force wrote:
> On Tue, Feb 9, 2016 at 2:59 PM, Christopher Schultz
> <ch...@christopherschultz.net
> > wrote:
>
> Rich,
>
> On 2/9/16 4:09 PM, cloud force wrote:
>> Yes I do have* *some regulatory requirement to use FIPS and I
>> have built the FIPS capable OpenSSL lib.
>
> Where is that library located on the disk?
>
>> [Rich] The new libcrypto.so located in the same directory
>> /lib/x86_64-linux-gnu/
>
>
>
>> I tried to add the "SSLFIPS on" parameter to the httpd.conf
>> config file as suggested in the ssl_mod manual page, but the
>> httpd failed to start with errors which seemed to due to the fact
>> that my apache server was not compiled against an SSL library
>> which support the FIPS_mode flag.
>
> Maybe you are getting the system-provided OpenSSL library and not
> the one you custom-built.
>
>> I need helps with guidance of how to compile apache server with
>> FIPS capable OpenSSL lib so that the Apache server can be
>> operating under the OpenSSL FIPS mode.
>
> Recompiling httpd is never needed to switch-out a shared library.
> You just need to fix the way the OS loads things.
>
>> [Rich] How do I do that?
That depends upon the answers to your various questions.
> What OS? What version of that OS? Architecture, etc.?
>
>> [Rich] Ubuntu Linux 64 bit (version 12.04)
>
>
> How did you install httpd?
>
>> [Rich] Httpd is packaged by Ubuntu as a package called apache2,
>> and I installed the apache2 package.
Good. Keep that package as it is.
> How did you install OpenSSL (originally)?
>
>> [Rich] OpenSSL is also packaged by Ubuntu as a package. I
>> installed the original Ubuntu openssl package.
Okay. And that package is still installed and not broken?
> Did you build the FIPS-capable OpenSSL library yourself or did you
> get it from some other source?
>
>> [Rich] I downloaded the FIPS modules source and built it with the
>> stock openssl library, and then installed the newly rebuild FIPS
>> capable openssl library. I was able to verify by using the FIPS
>> capable openssl lib, running the openssl command to generate a
>> MD5 checksum failed due to it's an non-approved FIPS algorithm.
Okay, good. IIRC, the "openssl" CLI is statically-linked so that will
always work as long as you use the full path to the FIPS-capable
openssl binary. Getting another program to load using the FIPS-capable
library takes a bit of work.
> Where is the FIPS-capable OpenSSL library on the disk?
>
>> [Rich] The .so files are mostly under the directory
>> /lib/x86_64-linux-gnu/
Isn't that where the Ubuntu-packages libraries are as well?

[Rich] Yes, basically my newly built FIPS capable OpenSSL lib files 
replaced the original Ubuntu installed ones.

Â
What does this command show?
$ dpkg -L libssl1.0.0
(This will still work if you have OpenSSL 1.0.1.)
Where *exactly* are the FIPS-capable libraries you built? There should
be several .so files produced by the build. What are they and where
did you put them?
> How do you launch httpd?
>
>> [Rich] Ubuntu uses upstart script to launch service like httpd. I
>> just ran the upstart script (service apache2 start) to start the
>> httpd.
Ultimately, this is going to involve you adjusting the LD_LIBRARY_PATH
environment variable to point to the place where your FIPS-capable
OpenSSL libraries are. But if you put them into the existing library
search path, you may have broken both your original OpenSSL
installation, plus the FIPS-capable libraries as well.

[Rich] My understanding is, if I replace the Ubuntu installed OpenSSL lib 
files with the FIPS capable version built by myself, as long as the 
application which uses openssl (e.g. Apache server) doesn't explicitly 
invoke FIPS_mode_set() API to enable FIPS mode, they will work pretty much 
the same as there 's no FIPS.
From the ssl_mod's doc it looks like I need to recomplile with some 
different option so that it will allow Apache to invoke FIPS_mode_set 
API, as I did find the FIPS_mode_set API got invoked somewhere in the 
stock httpd source code. Is my understanding correct?

It would be best to keep the FIPS-capable libraries somewhere out of
the way where you won't confuse them with the package-installed ones.
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird -

Re: [users@httpd] Apache2 does not properly start

2015-12-11 Thread Stormy 

At 09:23 AM 12/11/2015 -0600, Andy Wang wrote:

On 12/10/2015 08:21 PM, William A Rowe Jr wrote:

It's been too many years since I and others have looked at 2.4.7, if you
can try this on a modern release of httpd and share those error logs, be
glad to review.
[snip] it looks like you're attempting to use the ubuntu packaged httpd 
and the ubuntu upstart(or are they using systemd now?) scripts.


You should probably ask on the ubuntu forums to see if people are familiar 
with that.


Ubuntu 14.04 tries to use upstart... 15.04 recognizes a "return" to systemd 
(see ). In my experience 
many admins have tweaked their servers to their own preferences. Certainly 
with Ubuntu 14.04LTS it is trivial to have systemd work as expected.


On the other hand, Ubuntu is not necessarily user friendly for less 
experienced admins to compile more recent versions than recommended 
"packages" -- I *think* 2.4.10 is the latest "stable" for 14.04LTS, but 
2.4.17-3ubuntu1 (amd64, i386) is available, but may still be "somewhat 
beta" to backport (I do not follow dependencies.)


Best -- Paul 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache24 - how to optimize httpd.conf

2015-06-09 Thread Stormy 

At 09:24 AM 6/9/2015 +0100, James Smith wrote:
[snip good advice]
   * For minifying CSS/JS: look at yui compressor and google closure 
compiler...  (Use jshint to check your js to make sure that it will 
merge/compress OK)

   * Can use a number of build tools to do some of this auto-magically...
One possible caveat -- mod_pagespeed which is from Google dev (the start 
of this thread.)  We tried it in a pre-production 2.4 environment, and 
while most of the output was well rewritten/minified/re-ordered, it put an 
enormous hit on server CPU cycles (on a very fast machine) -- to the point 
that end-user browser load times suffered. We had to drop it.  (Note this 
was for a fairly complex perl/js site, so YMMV. Note also that Google do 
not *now* recommend it for 2.4, only 2.2, if I understand their notes 
correctly.)


Best -- Paul


   * Move (most) JS to the foot of the page

Watch out with minifying HTML - there is a minor bug with most of the 
minifiers which which can't handle correctly ends of line after tags, and 
if you have gzip encoding it usually doesn't make a difference!


Finally...
   * Look at your code and try and optimize your HTML { put as much 
presentation as possible into CSS }
   * Look at your JS - don't use multiple library classes - I have seen 
sites using jQuery, Scriptaculous and YUI at the same time!


On 08/06/2015 22:43, Motty Cruz wrote:

Hello,
I added this code on .htaccess

IfModule mod_mime.c
 AddType application/x-javascript .js
 AddType text/css .css
/IfModule
IfModule mod_deflate.c
 AddOutputFilterByType DEFLATE text/css application/x-javascript 
text/x-component text/html text/richtext image/svg+xml text/plain 
text/xsd text/xsl text/xml image/x-icon application/javascript

 IfModule mod_setenvif.c
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
 /IfModule
 IfModule mod_headers.c
  Header append Vary User-Agent env=!dont-vary
 /IfModule
/IfModule

does not seem to make a difference!




On 06/08/2015 02:38 PM, Emir Ibrahimbegovic wrote:

What have you tried?

On Mon, Jun 8, 2015 at 5:35 PM, Motty Cruz 
mailto:motty.c...@gmail.commotty.c...@gmail.com wrote:

Hello,
I am getting the following suggestions from:
https://developers.google.com/speed/pagespeed/insights/https://developers.google.com/speed/pagespeed/insights/


Should Fix:
Optimize images
Leverage browser caching
Consider Fixing:
Eliminate render-blocking JavaScript and CSS in above-the-fold content
Minify CSS
Minify HTML

What is the best practice to solve errors above?

Thanks,

-
To unsubscribe, e-mail: 
mailto:users-unsubscr...@httpd.apache.orgusers-unsubscr...@httpd.apache.org
For additional commands, e-mail: 
mailto:users-h...@httpd.apache.orgusers-h...@httpd.apache.org





-- The Wellcome Trust Sanger Institute is operated by Genome Research 
Limited, a charity registered in England with number 1021457 and a company 
registered in England with number 2742969, whose registered office is 215 
Euston Road, London, NW1 2BE.

Re: [users@httpd] Web app works with Apache Server (1.3.20) on some but not all identically configured PCs

2015-06-02 Thread Stormy 

At 12:20 PM 6/2/2015 +, Hessel, Carl wrote:
[snip]
[Tue May 12 09:31:00 2015] [error] [client 127.0.0.1] Premature end of 
script headers: c:/program files/apache 
group/apache/cgi-bin/promptforuserinitials.cgi


[Tue May 12 09:31:00 2015] [error] [client 127.0.0.1]
Can't open perl script c:\program: No such file or directory

 ^^

Windows or *nix?

Paul 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Web app works with Apache Server (1.3.20) on some but not all identically configured PCs

2015-06-02 Thread Stormy 

At 04:20 PM 6/2/2015 +0200, Bremser, Kurt (AMOS Austria GmbH) wrote:
Looks like you have a problem with the blank in Program Files. You may 
be missing quotes around the path name somewhere.


Maybe I was a bit too cryptic, but there's also an apparent mix of back and 
forward slashes in the directory structures in the error messages.


P.



Kurt Bremser
AMOS Austria

Newton was wrong. There is no gravity. The Earth sucks.

Von: Hessel, Carl [carl.hes...@subcom.com]
Gesendet: Dienstag, 2. Juni 2015 16:04
An: users@httpd.apache.org
Betreff: RE: [users@httpd] Web app works with Apache Server (1.3.20) 
on  some but not all identically configured PCs [wd-vc]


Paul,

I am running on Window 7 Pro, Version 6.1, Build 7601, Service Pack 1.

Carl Hessel
End User Documentation (EUD) Technical Consultant
TE Subsea Communications
732-915-6433

This e-mail (including any attachments) is intended only for the exclusive 
use of the individual(s) to whom it is addressed or copied. The 
information contained hereinafter may be proprietary, confidential, 
privileged, or exempt from disclosure under applicable law. If the 
addressee(s) of this e-mail is/are not the intended recipient(s) or 
agent(s) responsible for delivering the message to the intended 
recipient(s), the addressee is hereby put on notice that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If the addressee has received this communication in error, 
please immediately notify the sender by telephone or e-mail and delete all 
copies of this e-mail and any attachments. Thank you.


-Original Message-
From: Stormy [mailto:storm...@stormy.ca]
Sent: Tuesday, June 02, 2015 9:41 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Web app works with Apache Server (1.3.20) on 
some but not all identically configured PCs


At 12:20 PM 6/2/2015 +, Hessel, Carl wrote:
[snip]
[Tue May 12 09:31:00 2015] [error] [client 127.0.0.1] Premature end of
script headers: c:/program files/apache
group/apache/cgi-bin/promptforuserinitials.cgi

[Tue May 12 09:31:00 2015] [error] [client 127.0.0.1] Can't open perl
script c:\program: No such file or directory
  ^^

Windows or *nix?

Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
AMOS Austria GmbH
1130 Wien, Hietzinger Kai 101-105
FN 365014k, Handelsgericht Wien
UID: ATU 66614737

http://www.allianz.at


Dieses E-Mail und allfaellig daran angeschlossene Anhaenge
enthalten Informationen, die vertraulich und
ausschliesslich fuer den (die) bezeichneten Adressaten
bestimmt sind.
Wenn Sie nicht der genannte Adressat sind, darf dieses
E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen
Personen zugaenglich gemacht noch in anderer Weise
verwertet werden.
Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten
wir Sie, dieses E-Mail und saemtliche angeschlossene
Anhaenge zu loeschen.

Please note: This email and any files transmitted with it is
intended only for the named recipients and may contain
confidential and/or privileged information. If you are not the
intended recipient, please do not read, copy, use or disclose
the contents of this communication to others and notify the
sender immediately. Then please delete the email and any
copies of it. Thank you.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Apache 2.4 SSI

2015-04-05 Thread Stormy 
Looking for help with SSI. We have a production boxes using Apache/2.2.22 
on Ubuntu 12.04 LTS that renders (thousands of) pages like:


!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
?php include '/inc/header.inc';?

which I'm trying to migrate to Apache/2.4.7 on Ubuntu 14.04 LTS.

After several hours of googling/reading/trying, these pages only render 
(perfectly) by using:


!--#include virtual=/inc/header.inc --

yet other ?php expressions such as ?php phpinfo(); ? work flawlessly.

There's got to be something simple that I haven't cottoned onto... (logs 
show no errors)


Using (per virtual host) a directory:
Directory /var/www/andequip
XBitHack on
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
AddType text/html .inc .html
AddOutputFilter INCLUDES .inc .html
/Directory

Relevant(?) mods include cgid, fcgid, include, mpm-prefork and php5

Thanks for any thoughts, pointers, etc

Best - Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] 2.4.7 setup Ubuntu 14.04 LTS

2015-01-07 Thread Stormy 

At 12:28 PM 1/7/2015 -0500, you wrote:

On Wed, Jan 7, 2015 at 12:20 PM, Stormy storm...@stormy.ca wrote:
 apachectl -S gives me:

 VirtualHost configuration:
 [snipped -- all good]

 but apache2 -S gives me:

 [Wed Jan 07 10:51:31.785510 2015] [core:warn] [pid 4783] AH00111: Config
 variable ${APACHE_LOCK_DIR} is not defined
 [Wed Jan 07 10:51:31.785542 2015] [core:warn] [pid 4783] AH00111: Config
 variable ${APACHE_PID_FILE} is not defined

On Ubuntu, apachectl sources /etc/apache2/envvars (where those vars
are set) before calling /us/sbin/apache2 [the executable].  So your
command-line result is not too odd.  But I am not sure how your logs
contain the same thing.


Thanks Eric.  It's weird that 2.2 is totally 'clean', with identical 
/etc/apache2/envvars (only the depth of the .pid file directory 
/var/run/[apache2]/ changes.)


Best -- Paul  



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] 2.4.7 setup Ubuntu 14.04 LTS

2015-01-07 Thread Stormy 
I'm looking for some help, please, in understanding *if* I have problems, 
and recommendations for what to do (Google has not yet been my friend.)


Brand new server Ubuntu 14.04.1 LTS with Ubuntu package Apache/2.4.7, 
appears to be working, but I'm not certain that all envvars are set up 
correctly, as I keep getting Define warnings/messages, which I'd like to 
eleiminate.  (Our production servers use 2.2, with none of these 
messages.  This new server is LAN only at the moment.)


apachectl configtest reports Syntax OK

Log has intermittent [core:warn] [pid 2620:tid 140267284031360] AH00111: 
Config variable ${APACHE_LOG_DIR} is not defined with ${APACHE_LOCK_DIR} 
${APACHE_PID_DIR} and ${APACHE_RUN_DIR} appearing very occasionally.


I've tried using mpm_event with occasional [mpm_event:notice] [pid 
1322:tid 140096310007680] AH00493: SIGUSR1 received.  Doing graceful restart


I've also tried mpm_worker with mpm_itk (recommended/required for one 
open-source package we use), and get numerous [mpm_prefork:notice] [pid 
1475] AH00163: Apache/2.4.7 (Ubuntu) mpm-itk/2.4.6-01 configured -- 
resuming normal operations.  (I realize mpm_itk may be problematic.)


apachectl -S gives me:

VirtualHost configuration:
[snipped -- all good]
ServerRoot: /etc/apache2
Main DocumentRoot: /var/www
Main ErrorLog: /var/log/apache2/error.log
Mutex default: dir=/var/lock/apache2 mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: /var/run/apache2/apache2.pid
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name=www-data id=33 not_used
Group: name=www-data id=33 not_used

but apache2 -S gives me:

[Wed Jan 07 10:51:31.785510 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_LOCK_DIR} is not defined
[Wed Jan 07 10:51:31.785542 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_PID_FILE} is not defined
[Wed Jan 07 10:51:31.785550 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_RUN_USER} is not defined
[Wed Jan 07 10:51:31.785553 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_RUN_GROUP} is not defined
[Wed Jan 07 10:51:31.785562 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_LOG_DIR} is not defined
[Wed Jan 07 10:51:31.786574 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_RUN_DIR} is not defined
[Wed Jan 07 10:51:31.786825 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_LOG_DIR} is not defined
[Wed Jan 07 10:51:31.786890 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_LOG_DIR} is not defined
[Wed Jan 07 10:51:31.786897 2015] [core:warn] [pid 4783] AH00111: Config 
variable ${APACHE_LOG_DIR} is not defined

AH00526: Syntax error on line 76 of /etc/apache2/apache2.conf:
Invalid Mutex directory in argument file:${APACHE_LOCK_DIR}

[N.B. line 76 of apache2.conf is Mutex file:${APACHE_LOCK_DIR} default]

Thoughts?  Where and how should these variables be defined?

Many thanks -- Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Virtual Hosting: One website doesn't work.

2015-01-03 Thread Stormy 

At 08:40 PM 1/3/2015 -0500, ghalvor...@hushmail.com wrote:
[snip]
I'm not sure why these two behave differently (www.example.com vs 
example.com) I always thought the extra four letters were something that 
Apache knew how to deal with.  It's hard to guarantee that the user will 
user type or omit the 'www.'  What should be done about this?


ServerAlias ?

Best -- Paul 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Problem with HTML datalist tag

2014-10-15 Thread Stormy 

At 03:19 PM 10/15/2014 +0200, Daniel wrote:

Don't know where you got that idea supposing httpd modifies html pages.

HTTPD does not touch html pages, it's not its function, nor the function 
or any other web server, httpd sends them to the client when requested and 
the client interprets them.


It is at least surprising you blame the Apache Web Server over the client 
in something like this.


and he's using an HTML5 tag dataset which is browser sensitive (e.g 
Safari won't touch it...)


--Paul


I would be inclined to think (but you didn't showed the source of the file 
you see with the browser when you access it in the server), since your 
server is in Linux and you are handling the file and testing locally in a 
windows, that it is a carriage return thing rather than any other. Try 
dos2unix the file in the server or similar, remember windows and Linux do 
not use the same characters for newline/carriage returns.


Regards

2014-10-14 17:09 GMT+02:00 barry kimelman 
mailto:barryk_apa...@outlook.combarryk_apa...@outlook.com:

Hello,
Â
my laptop at the office is windows 7 with internet explorer 10.
Â
our apache server is version 2.2.3 running on a Linux system.
Â
I have a small HTML test file with a datalist tag that works fine when 
runlocally through the browser.

Â
However when I send the file up to the apache server and then attempt to 
display the web page with the datalist tag it does not display 
correctly. I just see an input box with the contents of the datalist tag 
choices displayed beside it. I have checked the apache error log and there 
was no entry of any klind for my web page. Why does the apache web server 
somehow manage to mess up my simple little web page which is as follows :

Â
!DOCTYPE HTML
HTML
HEAD
TITLEDatalist/TITLE
/HEAD
BODY
H1Datalist/H1
input type=text name=product list=productName/
datalist id=productName
    option value=PenPen/option
    option value=StaplerStapler/option
    option value=PencilPencil/option
    option value=EraserEraser/option
    option value=PaperPaper/option
/datalist
/BODY
/HTML

Re: [users@httpd] Hiding Query Strings

2014-07-10 Thread Stormy 

At 01:16 PM 7/10/2014 -0400, Otis Dewitt - NOAA Affiliate wrote:

Greetings,

I am having a problem hiding query strings:

Example:

Change: 
http://www.fishfry.gov/pls/webpls/car_1.data_in?jtype=IMPjmnth=01jyear=2014jcountry=USAjoutput=TABLEhttp://www.fishfry.gov/pls/webpls/car_1.data_in?jtype=IMPjmnth=01jyear=2014jcountry=USAjoutput=TABLE


To Show: http://www.fishfry.govhttp://www.fishfry.gov on query return 
instead of showing the complete URL as above to help mitigate the public 
trying different years,country,output from the URL.


Is there a way to solve this as a re-write?


Counterintuitive?  How could I reference your specific document in an 
email, journal, webpage, report, whatever?


Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] module identification

2014-04-11 Thread Stormy 

At 12:41 PM 4/11/2014 -0400, you wrote:

Is there a command in Apache that lists the modules loaded with their
version numbers?

-M shows everything but without the version numbers.

-l does the same for modules that are compiled in.

I just updated to openssl 1.0.1g and I need to confirm that that is really
the version that is running.


Debian/ubuntu:  openssl version

If that fails, cross check with the installation: dpkg-query -l 'openssl'

Best -- Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Error :usr/include/unistd.h:1058: error: expected ')' before '[' token

2013-11-15 Thread Stormy 

At 07:36 PM 11/15/2013 +0800, you wrote:

Dear Paul,
Thank you for your reply.
Now I am trying to install (httpd 2.2.25) version  and we get the below 
error. Kindly help us to resolve the problem.


Sorry - I have little (very old) or no experience on AIX; anyone else?

Paul



make
Making all in srclib
Making all in apr
/bin/sh /GPFS/install/SAP/apache/httpd-2.2.25/srclib/apr/libtool 
--silent --mode=compile gcc -g -O2   -DHAVE_CONFIG_H -U__STR__ 
-D_THREAD_SAFE   -I./include 
-I/GPFS/install/SAP/apache/httpd-2.2.25/srclib/apr/include/arch/unix 
-I./include/arch/unix 
-I/GPFS/install/SAP/apache/httpd-2.2.25/srclib/apr/include/arch/unix 
-I/GPFS/install/SAP/apache/httpd-2.2.25/srclib/apr/include  -o 
file_io/unix/filedup.lo -c file_io/unix/filedup.c  touch 
file_io/unix/filedup.lo

file_io/unix/filedup.c: In function 'file_dup':
file_io/unix/filedup.c:49: error: 'F_GETFD' undeclared (first use in this 
function)
file_io/unix/filedup.c:49: error: (Each undeclared identifier is reported 
only once

file_io/unix/filedup.c:49: error: for each function it appears in.)
file_io/unix/filedup.c:52: error: 'FD_CLOEXEC' undeclared (first use in 
this function)
file_io/unix/filedup.c:53: error: 'F_SETFD' undeclared (first use in this 
function)

make: 1254-004 The error code from the last command is 1.

Stop.
make: 1254-004 The error code from the last command is 1.
Stop.
make: 1254-004 The error code from the last command is 1.


Thanks  Regards,
Baskaran.V





On Friday, 15 November 2013 1:16 AM, Stormy storm...@stormy.ca wrote:
At 06:49 AM 11/15/2013 +0800, you wrote:
Dear All,

I did not find the solution in google and archiving mail list .
Hence I am posting my issue here.
I am trying to install Apache (httpd-2.0.64)
^
http://www.apache.org/dist/httpd/Announcement2.0.html The Apache
Software Foundation and the Apache HTTP Server Project are pleased to
announce the final 2.0 release version 2.0.65 of the Apache HTTP Server
(Apache). This version of Apache will be the last 2.0 bug and security
fix release, covering many but not all issues addressed in the stable 2.4
and legacy 2.2 released versions.

Personally, I don't always chase the absolute latest version, but 2.2.x
(which I use on hundreds of servers) should be the legacy version of
choice (2.4 might allow you more forward flexibility.)

Why 2.0?

Best - Paul





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Error :usr/include/unistd.h:1058: error: expected ')' before '[' token

2013-11-14 Thread Stormy 

At 06:49 AM 11/15/2013 +0800, you wrote:

Dear All,

I did not find the solution in google and archiving mail list .
Hence I am posting my issue here.
I am trying to install Apache (httpd-2.0.64)

^
http://www.apache.org/dist/httpd/Announcement2.0.html The Apache 
Software Foundation and the Apache HTTP Server Project are pleased to 
announce the final 2.0 release version 2.0.65 of the Apache HTTP Server 
(Apache). This version of Apache will be the last 2.0 bug and security 
fix release, covering many but not all issues addressed in the stable 2.4 
and legacy 2.2 released versions.


Personally, I don't always chase the absolute latest version, but 2.2.x 
(which I use on hundreds of servers) should be the legacy version of 
choice (2.4 might allow you more forward flexibility.)


Why 2.0?

Best - Paul





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Apache server on Ubuntu 13.10

2013-11-06 Thread Stormy 

At 10:46 AM 11/6/2013 +0100, Vincent Lefevre wrote:

On 2013-11-04 07:13:56 -0800, Make Myday wrote:
 (98)Address already in use: AH00072: make_sock: could not bind to 
address [::]:80
 (98)Address already in use: AH00072: make_sock: could not bind to 
address 0.0.0.0:80

 no listening sockets available, shutting down
 AH00015: Unable to open logs
 Action 'start' failed.
 The Apache error log may have more information.

Same problem, until I noticed that a tntnet web server was installed
during the upgrade to Ubuntu 13.10!!!


Perhaps going a little off-topic (although tntnet apparently does disable 
apache2), could you please be more specific?


Upgrading *from* what version? Server or desktop? As far as I can tell, 
tntnet is either a very specific addition during install/upgrade, or can be 
added with the app Freemind in a desktop environment. I can find no 
mention of it being included in any server package (after a quick look at 
13.10, but we only use the LTS in production.)



# apt-get remove --purge tntnet tntnet-runtime libtntnet11
solved the problem, so that I can now start apache2.


Best - Paul 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Permission Still Denied with Moodle

2013-10-15 Thread Stormy 

At 10:00 PM 10/14/2013 -0400, Yehuda Katz wrote:
On Mon, Oct 14, 2013 at 6:06 AM, Timothy Curchod 
mailto:timof...@hotmail.comtimof...@hotmail.com wrote:
The bad news is that in the error log there is nothing when going to 
http://192.186.1.100/info.phphttp://192.186.1.100/info.php or 
http://*my*.*ip*.*goes*.*here*/info.php.  Localhost works fine.
 So if there is no error in the httpd error_log, then I am on the wrong 
mailing list now, right?  It's not an Apache problem, it's a network 
setup/hardware issue.


To recap, the problem now is that requests through localhost work properly 
and other requests time out. Is that correct?


To me this really indicates that either Apache is not listening on other 
IPs (which we went through already) or (not sure why I did not mention 
this sooner) you might have a firewall in the way. Can you check if you 
have a firewall (like iptables) running on the system?


I *could* be way off track, but, as I wrote previously, this user has a 
Linksys WRT54C router using Automatic Configuration DHCP -- this is quite 
an old residential item, and istr that these were problematic. I can't even 
remember if it's a modem as well as a router. In any case, try setting it 
to static IP (or particularly if it's a modem, set to straight through, 
disable any IP intervention and rely on your server set up for routing and 
firewall.)


Best - Paul

RE: [users@httpd] Permission Still Denied with Moodle

2013-10-10 Thread Stormy 

At 10:17 AM 10/10/2013 +, you wrote:
[snip]

/sbin/ifconfig
em1: flags=4163UP,BROADCAST,RUNNING,MULTICAST  mtu 1500
inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255

  ^^

Have you got a router set up for DHCP?
[snip]

Something funny is going on with the ip address however.  When I go to 
localhost, like I said before, it prints this message:  Incorrect access 
detected, this server may be accessed only through 
http://*.*.*.30:80/moodle; address, sorry.



Best - Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] locating cgi-bin

2013-04-08 Thread Stormy 
I'm missing something, probably simple, so assistance appreciated. Apache 
2.2.22 on Ubuntu 12.04(LTS) server. I have, for site foo which uses some 
Perl scripts:


ScriptAlias /cgi-bin/ /var/www/foo/cgi-bin/
Directory /var/www/foo/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AddHandler cgi-script .pl
Order allow,deny
Allow from all
/Directory

I have tried the ScriptAlias and the Directory with and without trailing 
slashes and double quotes, but user error: The requested URL 
/cgi-bin/login.pl was not found on this server and error.log gives: [Mon 
Apr 08 12:28:40 2013] [error] [client 192.168.x.x] script not found or 
unable to stat: /usr/lib/cgi-bin/login.pl, referer: http://foo/;


Perl has an  @INC: /usr/lib/perl5 and there is an [empty] /usr/lib/cgi-bin/ 
-- which I don't want to use. Apache user is 'www-data' and foo is 
'drwxr-xr-x 5 root www-data 4096 Apr 3 22:51 foo'


Questions: can my ScriptAlias work? if not what EnvVar should I set and where?

Many tnx - Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Followup to [Bug 50028] (LDAP authentication with encrypted passwords)

2013-03-30 Thread Stormy 

At 12:05 PM 3/30/2013 +1000, Noel Butler wrote:

Sounds like a package manager problem to me


I'm not sure of that, but I'm not a php expert :(  Just been doing some 
testing on the sandbox (dpkg --force-all, not apt), and it comes back to 
php lack of thread safety. Blowfish encryptation doesn't function without 
full php and libapache2-mod-php5, and if I leave those in place and go back 
to mpm-worker (faster, less overhead for my server usage) I seem to be in 
trouble with env vars (setlocale.php). Not sure if I can run FastCGI and 
remove mod-php? I've read that this would restore thread safety by taking 
php outside Apache (2.2.22 on U 12.04 LTS)


By the way, is there a quick way of swapping between worker and prefork 
without re-compiling? That would make my testing a whole lot easier.


Thanks a million - Paul



On Fri, 2013-03-29 at 19:30 -0400, Stormy wrote:



At 07:11 PM 3/28/2013 -0400, Eric Covener wrote:
[snip]
mod_authnz_ldap requires HTTP Basic Authentication, which doesn't have
any provision to encrypt the password separately from the rest of the
connection.

mod_authnz_ldap doesn't work with Digest authentication -- I don't think
it can.

(Slight tangent to this thread) does anyone know of an equivalent to
php-crypt-blowfish that works with Apache2 compiled as worker? it seems to
want to:

The following packages will be REMOVED:
   apache2-mpm-worker
The following NEW packages will be installed:
   apache2-mpm-prefork libapache2-mod-php5 php-crypt-blowfish php5

I'm not stuck on php and might prefer Perl or PEAR, whatever.

Thanks - Paul


-
To unsubscribe, e-mail: 
mailto:users-unsubscr...@httpd.apache.orgusers-unsubscr...@httpd.apache.org
For additional commands, e-mail: 
mailto:users-h...@httpd.apache.orgusers-h...@httpd.apache.org

Re: [users@httpd] Followup to [Bug 50028] (LDAP authentication with encrypted passwords)

2013-03-29 Thread Stormy 

At 07:11 PM 3/28/2013 -0400, Eric Covener wrote:
[snip]

mod_authnz_ldap requires HTTP Basic Authentication, which doesn't have
any provision to encrypt the password separately from the rest of the
connection.

mod_authnz_ldap doesn't work with Digest authentication -- I don't think 
it can.


(Slight tangent to this thread) does anyone know of an equivalent to 
php-crypt-blowfish that works with Apache2 compiled as worker? it seems to 
want to:


The following packages will be REMOVED:
  apache2-mpm-worker
The following NEW packages will be installed:
  apache2-mpm-prefork libapache2-mod-php5 php-crypt-blowfish php5

I'm not stuck on php and might prefer Perl or PEAR, whatever.

Thanks - Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] headers null in a custom module

2013-03-01 Thread Stormy 

At 11:13 AM 3/1/2013 -0800, Crne We wrote:
why the heck some of the essential headers present in the request are null 
when being processed in a custom apache module/hook function?


Perhaps because you coding skills are at the same level as your societal 
skills writing to this list for assistance?


plonkCrne We crn...@yahoo.com/plonk

P.
The only two things that are infinite in size are the universe and human 
stupidity. And I'm not

completely sure about the universe. -- Albert Einstein


if this list is dead, is there another list dedicated for apache module 
developers?



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Building Apache for Windows

2012-12-09 Thread Stormy 

At 03:20 PM 12/9/2012 +, Good Guy wrote:

Somebody should take the responsibility to write the instructions clearly 
and succinctly (together with php)


Try a php mailing list?

so that users can compile the source files for their own use.I have 
been working on 2.2.23 for about a week to no avail.  Why can't it be as 
simple as hello world program?


Try Bill Gates?

Although I have to admit that a quick google for 'apache 2.2 windows' gives 
me About 9,240,000 results (0.27 seconds) and at least the first ten 
appear relevant.


As a last resort, change windows == *nix and experience the ease and joy 
of a proper o/s.


Best - Paul
tired old sysadmin




On 07/12/2012 00:33, Alex Chen wrote:
I tried Visual Studio 2008 first but got a lot error messages saying the 
project files are corrupted. So I resorted to use command line tool but 
it still failed.

These are the error messages:
=
C:\Projects\Apache\HTTP Server\2.4.3\httpd-2.4.3nmake /f Makefile.win 
_apacher

Microsoft (R) Program Maintenance Utility Version 11.00.50727.1
Copyright (C) Microsoft Corporation.  All rights reserved.

Please check out or download and unpack the Apache Portability Runtime
sources (apr, apr-iconv and apr-util) into your srclib dir.
Apache cannot build without these libraries!

Makefile.win(74) : fatal error U1050: Need srclib\  apr, apr-iconv and 
apr-util

Stop.
===

I downloaded the dependency library httpd-2.4.3-deps.tar.gz and unpacked 
it.  But it only contained apr and apr-util so I got the same error 
message above.


Any idea how I can build on Windows with either IDE or command line?

Thanks.



On 12/6/2012 3:49 PM, Alex Chen wrote:
I am trying to build Apache 2.4 on Windows 7 with Visual Studio 
2012.  In the document page 
http://httpd.apache.org/docs/2.4/platform/win_compiling.html, it says 
the workspace file to be used is Apache.dsw.  However there is another 
Apache-apr2.dsw that is newer and has similar projects included.  Which 
one should I use to convert to new Visual Studio?


Thanks.

Alex

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



--
Good Guy
Website: http://mytaxsite.co.uk
Website: http://html-css.co.uk
Email: http://mytaxsite.co.uk/contact-us



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] apache won't start

2012-10-14 Thread Stormy 

At 09:43 PM 10/13/2012 -0400, Yehuda Katz wrote:
On Sat, Oct 13, 2012 at 3:46 PM, Ben 
mailto:benj@gmail.combenj@gmail.com wrote:

* Starting web server apache2
apache2: Syntax error on line 210 of /etc/apache2/apache2.conf: Syntax
error on line 1 of
/etc/apache2/mods-enabled/osrf_http_translator.load: Cannot load
/usr/lib/apache2/modules/osrf_http_translator.so into server:
libmemcached.so.2: cannot open shared object file: No such file or
directory


The error is that libmemcached.so is missing. Reinstall it (which I can't 
give you more information about because I can not find any documentation 
for osrf_http_translator) and you should be fine.


For Ubuntu 12.04, apt-get finds libmemcached6 which *might* work (I'm not 
sure about backwards compatibility, and memcached can be a bit touchy.)


Regards - Paul


You could also disable that module: a2dismod osrf_http_translator .

[users@httpd] Directory permissions

2012-07-12 Thread Stormy 

Maybe not a pure Apache question, but...

Using Apache 2.2.17 and Perl 5.10.0, a script [1] uses a temp directory for 
read/write.  When the directory is 755, the script can read but fails to 
write a new temp file -- secondary result Apache outputs a *text* file for 
*download* containing the desired html, rather than a normal html page.


chmod-ing the temp directory to 777 gives the desired, fully functional 
result.  I have not been able to find any documentation (either Apache or 
Perl) on this subject.


Between the two sys-admins for this system, we have never seen Apache 
bundle html into a text file and are scratching our heads as to why this 
happens.  Thoughts anyone?


Thanks - Paul

[1] after fully completing the form at 
http://navalmarinearchive.com/membership/member_form.html 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Build problem

2012-05-30 Thread Stormy 

At 02:28 PM 5/30/2012 -0700, Bill Vance wrote:

On Wed, May 30, 2012 at 08:54:32AM -0400, Mark Montague wrote:
Date: Wed, 30 May 2012 08:54:32 -0400
From: Mark Montague m...@catseye.org
Subject: Re: [users@httpd] Build problem

On May 30, 2012 8:06 , Bill Vance p...@xpresso.seaslug.org wrote:
I'm new to the list, so this may allready be
addressed somewhere.  Basically, I', trying
to put the sources for apache2 and php,
etc., together, and I seem to be having some
heavy wading.

[snip]

Actually I'm running KUbuntu 10.04, Lucid Lunatic, or Lynx, or
whatever that stupid name is, on an i386-32  One of the problems
here are utils like apt-get, aptitude, and synaptic, etc.  They
work real good if you only want to deal with .deb archives, but
don't seem to leave much in the way of a program directory behind
them, which some things require for working with them.


Not sure why you need KDE for a server, but...

Maybe 10.04 is a bit long in the tooth?  I just rebuilt (Monday 
afternoon) from scratch an old i386-32 as a sandbox using Ubuntu 12.04 (the 
latest LTS), and had Apache 2.2.22 and PHP 5.3.10 (as well as MySQL 5.5.22) 
up and running in less than an hour. I used apt-get for each package 
(wanted MySQL, not Postgre which comes in the standard LAMP package 
available at installation time from the standard .iso).


The Ubuntu stupid name for 12.04 is Precise; maybe for you it would be 
Perfect?


HTH - Paul  



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: authnz_ldap LDAP bind + Error 500

2012-05-21 Thread Stormy 

At 02:24 PM 5/21/2012 -0700, you wrote:
I expect a response to this. I submitted this over a month ago.. Get with 
the program and answer.
On Mon, Apr 16, 2012 at 8:19 PM, Grope Fruit 
mailto:gropefr...@gmail.comgropefr...@gmail.com wrote:

[snip]

We are stumped.

[snip]
Not just stumped - you've alienated a whole group of very friendly and 
helpful experts.


As Huck Finn said: I reckon I got to light out for the Territory, because 
Aunt Sally she's going to adopt me and civilize me and I can't stand it.

Re: [users@httpd] attack on apache - solved -

2012-01-13 Thread Stormy 

At 04:48 PM 1/13/2012 -0300, you wrote:

Thanks a lot to everyone who help me to solve the problem.
I had installed phpmyadmin and they used it to attack my server.
I found this in /var/log/httpd/access_log


Was your compile of apache2 prefork or worker?  And could you be a 
little more explicit with what you found in your logs (without compromising 
security?)


I'm interested because I have a worker compile of 2.2.17 that I will 
shortly be changing either to FastCGI or prefork, because of php that 
requires libapache2-mod-php5, which in turn depends on apache2-mpm-prefork 
( 2.0.52) and apache2-mpm-itk.


tnx - paul 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] worker, prefork, .apache2.conf.swp and php

2012-01-13 Thread Stormy 

At 10:05 PM 12/9/2011 +, Nick Kew wrote:

On Fri, 09 Dec 2011 16:17:16 -0500
Stormy storm...@stormy.ca wrote:
 Appreciated.  Is it just a question of:
  $ sudo apt-get remove apache2-mpm-worker apache2-threaded-dev
  $ sudo apt-get install apache2-mpm-prefork
 or do I need a complete remove/reinstall?

That's a matter of how your distro packages it.  But it looks
fine in principle.


The remove worked just fine, but I'm now going around in circles and would 
really appreciate some assistance:


sudo apt-get install apache2-mpm-prefork
The following packages have unmet dependencies: apache2-mpm-prefork :
Depends: apache2.2-common (= 2.2.16-6+squeeze4) but it is not going to be 
installed
Depends: apache2.2-bin (= 2.2.16-6+squeeze4) but 2.2.17-1ubuntu1.2 is to be 
installed


sudo apt-get install apache2.2-bin
apache2.2-bin is already the newest version.

sudo apt-get install apache2.2-common
The following packages have unmet dependencies: apache2.2-common :
Depends: apache2.2-bin (= 2.2.16-6+squeeze4) but 2.2.17-1ubuntu1.2 is to be 
installed


sudo apt-get install apache2.2-bin
apache2.2-bin is already the newest version.

Could someone please (and I realize that this might be distro dependant) 
exactly what package[s] I need???


What is the squeeze4 and ubuntu1.2 reference?  I've tried looking for all 
packages that approach these names (e.g apache2.2.17-1ubuntu1.2) with no 
success.


Many thanks,
Paul





-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Partial file uploads

2011-12-31 Thread Stormy 

At 08:59 PM 12/31/2011 +, Tomasz Muras wrote:

Hello,

I would like to create a website that allows users uploading only
first N bytes of the file. I'm interested only in the file headers, so
I will never need a full file. I would like Apache to allow uploading
X bytes, interrupt the upload - but keep  pass the partial file to
mod_php. Do you think it's possible? Where should I look - maybe
creating a custom Apache mod is the only way?


ftp?

Happy new year to all on this list,

Paul
Tired old sys-admin 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] worker, prefork, .apache2.conf.swp and php

2011-12-09 Thread Stormy 
Apache2 2.2.17 on a possibly overbuilt (8 core CPU, 8 Gigs RAM, solid state 
+ raid drives) lightly loaded server using MySql, Perl and PHP.  Built 
using 'worker' rather than 'prefork' (Googling seemed to suggest 
performance improvement under light loads) but now I'm reading various 
reports that PHP could be troublesome (Debian User forum, PHP5 stopped 
working.)


Am I paranoid?  I found this while trying to find out about 
.apache2.conf.swp and am now totally confused.  Insight from the experts 
here would save my sanity.


Thanks - Paul


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] worker, prefork, .apache2.conf.swp and php

2011-12-09 Thread Stormy 

At 02:55 PM 12/9/2011 -0500, Mark Montague wrote:

On December 9, 2011 13:30 , Stormy storm...@stormy.ca wrote:
Apache2 2.2.17 on a possibly overbuilt (8 core CPU, 8 Gigs RAM, solid 
state + raid drives) lightly loaded server using MySql, Perl and PHP.
Built using 'worker' rather than 'prefork' (Googling seemed to suggest 
performance improvement under light loads) but now I'm reading various 
reports that PHP could be troublesome (Debian User forum, PHP5 stopped 
working.)

[snip]
PHP has had long-standing thread safety issues.  The worker MPM for 
Apache HTTP Server is threaded.  This can create problems and 
instability.  See 
http://www.php.net/manual/en/faq.installation.php#faq.installation.apache2 
If you want to use PHP, either use the prefork MPM or FastCGI.


Appreciated.  Is it just a question of:
$ sudo apt-get remove apache2-mpm-worker apache2-threaded-dev
$ sudo apt-get install apache2-mpm-prefork
or do I need a complete remove/reinstall?

I'll also look into FastCGI - I've got no experience with it.

Which would you prefer? (particularly for speed performance)

Again thanks - Paul 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] name-server

2011-12-03 Thread Stormy 

At 05:27 PM 12/3/2011 +0530, Dr. Sunil M. Dogra wrote:

hi Lester Caine,
my ISP is ernet india and  http://cdrstdu.edu.incdrstdu.edu.in is also 
registered with http://www.registry.ernet.in/http://www.registry.ernet.in/

[snip]
This is getting off-topic for this list, but you have registered your own 
server as the Name Server (NS record) which does not work (if you can't be 
found, nobody can look up *how* to find you.)


I understand that you are a department of a major university which has 
proper DNS/NS setup. Suggest you contact:


Tech Email:direc...@ducc.du.ac.in
Name Server:E-EIHQ01.EIS.ERNET.IN
Name Server:E-EIHQ02.EIS.ERNET.IN
Name Server:HIMALAYA.DU.AC.IN

for resolution.

br - Paul
Tired old sys-admin

[users@httpd] Virtual hosts

2011-11-30 Thread Stormy 
Just finished setting up a new server (Ubuntu 11.10) and copied/pasted all 
conf files for Apache2 from an older fully functional server (Ubuntu 
10.04). All the virtual hosts are functioning, but on apache2 restart I get 
the following warning (the old server gives no warnings, just a clean restart):


 * Restarting web server 
apache2[Wed Nov 30 14:02:12 
2011] [error] (EAI 2)Name or service not known: Failed to resolve server 
name for 127.0.0.0 (check DNS) -- or specify an explicit ServerName
[Wed Nov 30 14:02:12 2011] [warn] NameVirtualHost 192.168.0.90:80 has no 
VirtualHosts
[Wed Nov 30 14:02:12 2011] [warn] NameVirtualHost 192.168.0.90:80 has no 
VirtualHosts

etc, etc 19 times
 ... waiting [Wed Nov 30 14:02:13 2011] [error] (EAI 2)Name or service not 
known: Failed to resolve server name for 127.0.0.0 (check DNS) -- or 
specify an explicit ServerName
[Wed Nov 30 14:02:13 2011] [warn] NameVirtualHost 192.168.0.90:80 has no 
VirtualHosts
[Wed Nov 30 14:02:13 2011] [warn] NameVirtualHost 192.168.0.90:80 has no 
VirtualHosts

etc, etc 19 times

The only differences that I can find between the two installations (used a 
default install on both) using apache2 -V are that (a) the new version is 
2.2.17 (old 2.2.16) and that (b) the new one gives me


-D APACHE_MPM_DIR=server/mpm/worker while the old gives
-D APACHE_MPM_DIR=server/mpm/prefork

Is there anything in 2.2.17 c/w .16 or in the worker/prefork that would 
explain this? And is there a quick method of changing worker to prefork?


Tnx - Paul


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Virtual hosts

2011-11-30 Thread Stormy 

At 02:36 PM 11/30/2011 -0500, Mark Montague wrote:

On November 30, 2011 14:16 , Stormy storm...@stormy.ca wrote:
Just finished setting up a new server (Ubuntu 11.10) and copied/pasted 
all conf files for Apache2 from an older fully functional server (Ubuntu 
10.04). All the virtual hosts are functioning, but on apache2 restart I 
get the following warning (the old server gives no warnings, just a clean 
restart):


 * Restarting web server 
apache2[Wed Nov 30 
14:02:12 2011] [error] (EAI 2)Name or service not known: Failed to 
resolve server name for 127.0.0.0 (check DNS) -- or specify an explicit 
ServerName


Do you have a ServerName directive in every one of your virtual hosts?
Does each one specify a valid, fully qualified domain name?


All virtual hosts directives are separate files in 
etc/apache2/sites-available. All are identical (+/- name/docroot and 
directory), as in:


NameVirtualHost 192.168.0.90:80
VirtualHost 192.168.0.90:80
# VirtualHost 127.0.0.1:80 192.168.0.90:80
   #Basic setup
   ServerAdmin ab...@stormy.ca
   ServerName stormy
ServerAlias *.stormy
   DocumentRoot /mnt/www/stormy

   Directory /mnt/www/stormy
Order Deny,Allow
Allow from all
# Don't show indexes for directories
Options -Indexes
   /Directory
/VirtualHost

I just rem'd out all the NameVirtualHost 192.168.0.90:80 and now the 
warning has changed to:


paul@nelson:/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
 * Restarting web server 
apache2[Wed Nov 30 15:02:51 
2011] [warn] VirtualHost 192.168.0.90:80 overlaps with VirtualHost 
192.168.0.90:80, the first has precedence, perhaps you need a 
NameVirtualHost directive


[Wed Nov 30 14:02:12 2011] [warn] NameVirtualHost 192.168.0.90:80 has no 
VirtualHosts
[Wed Nov 30 14:02:12 2011] [warn] NameVirtualHost 192.168.0.90:80 has no 
VirtualHosts


It seems like you have a NameVirtualHost 192.168.0.90 directive in one 
of your configuration files.  Do you have virtual hosts are assigned IP 
address?


We're using names for a single IP / port (192.168.0.90:80), LAN only, 
hosts file, not DHCP


If not, then remove this NameVirtualHost directive to fix the 
warning.   Or, if you have a missing virtual host, then copy it's 
configuration from the old server to the new server.


There's nothing on the old server, but I'm getting the impression 
(perhaps way off-track) that I need an umbrella virtual host in the 
server's name (nelson).  How would I set that up, if needed?


Again, tnx - paul

[snip]

--
  Mark Montague
  m...@catseye.org



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fw: favicon.ico

2011-10-14 Thread Stormy 

At 09:56 PM 10/14/2011 +0100, Steve Swift wrote:
It is surprising that the installation of apache does not install a sample 
favicon.ico (the apache feather, perhaps).


Why?  It's already above and beyond that httpd gives you a success 
page.  A server is designed to serve what *you* want -- and that includes 
gizmos that have nothing to do with serving.


It's trivial for the owner|user to customize -- I would not want official 
distros to get bloated à la M$.


Best - Paul
Tired old sys-admin



On 14 October 2011 14:34, Mark H. Wood mw...@iupui.edu wrote:
On one hand:  favicon.ico must be readable by the process which runs
the web server.  Check the ACL on that file.
[snip] 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] httpd Will Not Start ....

2011-10-01 Thread Stormy 

At 01:55 PM 10/1/2011 -0500, William A. Rowe Jr. wrote:
[snip]
 Does anyone knows what is going on?  What can I do to investigate this 
problem?


http://lmgtfy.com/?q=Init%3A+Session+Cache+is+not+configured+%5Bhint%3A+SSLSessionCache%5D


OT maybe ... but what is lmgtfy.com - seems to be a cloaked proxy via 
godaddy to google cookies.


tnx - paul

Paul
Tired old sys-admin 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] PHP files not being parsed in HTML pages

2011-07-30 Thread Stormy 

At 07:06 PM 7/30/2011 +0100, Mark Rousell wrote:

On 30/07/2011 18:43, Jeroen Geilman wrote:
 So, why does a simple file with phpinfo() work and an html page with an
 include xyz.php NOT render the page as desired in the browser
 It just
 ignores the include.

 HTML does not have an include directive.
 Please don't confuse PHP with HTML.

As an aside and for the avoidance of doubt, whilst they are not strictly
part of HTML,


SSI are *text* in a format that can be interpreted by an HTML client.


Server Side Includes (which include a #include directive)
are commonly available to plain HTML on many servers.


If php includes as output from the server (SSI) anything that cannot be 
parsed as HTML [or as HTML parsable script, js etc] by the client (browser) 
then it will not be render[ed ...] as desired in the browser which 
was the question in this thread.


Servers can send anything, invalid text/html from a php script, whatever 
... if the client browser cannot parse|interpret the content it is doomed 
to failure.


Best - Paul

Tired old sys-admin 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] LogFormat Combined - many logfile lines with no Referer or User-agent

2011-07-28 Thread Stormy 

At 09:40 AM 7/28/2011 -0400, Rich Bowen wrote:
[snip]

  However, I have observed a HUGE increase in the number of logfile lines
 missing these two fields, starting early in June, 2011.

It would be interesting to see what version of what browser released in 
the last 30 days.


FireFox 5 ... ???


Paul
Tired old sys-admin 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_deflate and chunked encoding

2011-06-05 Thread Stormy 

At 09:15 PM 6/5/2011 +0200, Xavier Noria wrote:
On Sun, Jun 5, 2011 at 8:16 PM, William A. Rowe Jr. wr...@rowe-clan.net 
wrote:

 httpd (conditionally) handles the chunking... the app generator's
 chunking is never used. Â What *module* is installed in httpd? Â I'm
 not familiar with the above.

 Only the entry point to httpd, e.g. mod_proxy, mod_wl, mod_ws, mod_jk
 mod_cgi or whatnot should ever dechunk. Â The response body must pass
 through httpd without any protocol (chunking) or headers.

Ah, interesting.

Phusion Passenger is an Apache module itself:

http://www.modrails.com/


Yes - ah, interesting... from the web site you quote:

__Supports__ ... the industry standard Apache web server [my emphasis]
Zero maintenance. No ... server process monitoring ... 
'Phusion' and 'Phusion Passenger' are trademarks of Hongli Lai  Ninh Bui. 
All rights reserved.


Ah, interesting... that you say it's an Apache module. Maybe Messrs Hongli 
Lai  Ninh Bui could help you with your compression and chunking 
challenges?  'Cos when you suggest that Apache is functioning Guess that 
works by luck I might be tempted to suggest that Apache is a little more 
mature than Phusion.


But then again, your P.S. implies that you're a Phusion developer... ah, 
interesting.


Best - Paul
Tired old sys-admin. 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_deflate and chunked encoding

2011-06-05 Thread Stormy 

At 10:56 PM 6/5/2011 +0200, Xavier Noria wrote:

[snip] I mean. If it is true that Passenger should dechunk (as William says),
but it is not doing that, but the client still gets the chunked
response, I wondered whether it worked by luck rather than by all
the pieces following the contracts. Always according to William's.


mod_deflate is a compression (input decomp possible) capability with client 
caveats. Eric C. has given you the definitive response including streaming, 
but maybe you should have a look at 
http://httpd.apache.org/docs/2.0/mod/mod_deflate.html


I'm not an expert in MS = Java matters - but there's a group at 
poi.apache.org that might help with chunking (but then again, I'm getting 
long in the tooth and maybe have missed some of the latest innovations.)


Paul
Tired old sys-admin 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] O.T. [was: how many Location directives can you have?]

2011-06-03 Thread Stormy 

At 08:59 AM 6/3/2011 -0400, Tommy Peterson wrote:

tongue in cheek

Paul
Best regards,
Because it messes up the order in which people normally read text.


But why is top-posting such a bad thing?

RFC 1855 specifically states that the quoted message be above the reply 
text (and trimmed appropriately.)


But what do you mean Please dont top-post? I dont understand.What do you 
mean by top posting?



/tongue in cheek


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Tomcat hangs while stopping - bug48470

2011-03-16 Thread Stormy 

At 05:58 PM 3/16/2011 +0530, Shekhar Chaudhary wrote:

I have read these mailing list here only.


All:   Can we please stop feeding the troll? If he can't find 
http://tomcat.apache.org/lists.html#tomcat-users on his own after nearly 
a dozen explicit hints he's unlikely to be able to update any software.


The signal-to-noise ratio on this thread is tending towards zero.

Thanks,
Paul
Tired old sys-admin

The only two things that are infinite in size are the universe and human 
stupidity. And I'm not

completely sure about the universe. -- [attributed to] Albert Einstein





-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: 16 March 2011 17:43
To: users@httpd.apache.org
Subject: Re: [users@httpd] Tomcat hangs while stopping - bug48470

On Wed, Mar 16, 2011 at 2:48 AM, Shekhar Chaudhary
shekhar.chaudh...@cairnindia.com wrote:
 Hi Experts,



 Can anyone please tell me how to install/configure patches in apache tomcat
 application server.


Probably lots of people on the Apache Tomcat mailing list.

http://tomcat.apache.org/lists.html

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


Please do not print this email unless it is absolutely necessary.

This email contains privileged and/or confidential information and is 
meant for the named recipient(s) only. Please be aware that if you enter 
into email correspondence with Cairn India Limited, its subsidiary Cairn 
Energy India Pty Limited or any of its other subsidiaries (collectively 
referred to as the Cairn India Group) this communication may be subject to 
monitoring and all emails will be stored in archives. If you are not a 
named recipient you should neither copy nor distribute this email nor 
disclose its contents to any person. If you have received this email in 
error, please notify the sender immediately by way of a return email or 
telephone +91 124 414 1360 and then delete it from your system. The views, 
opinions, and judgments expressed in this email are solely those of the 
author. The contents of this email have not been reviewed or approved by 
any company of the Cairn India Group. This email and any attachments are 
not guaranteed to be free from computer viruses and it is recommended that 
you check for such viruses before downloading it to your computer equipment.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd]

2011-02-17 Thread Stormy 

At 10:53 PM 2/17/2011 +, you wrote:

It seems like a keyboard problem to me


Seems more like the list got spammed to me ;-{

Paul





On 17 Feb 2011, at 10:24 PM, Can Le lecan75...@yahoo.com wrote:




 -
 The official User-To-User support forum of the Apache HTTP Server Project.
 See URL:http://httpd.apache.org/userslist.html for more info.
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Domain Registrant's Details

2011-02-09 Thread Stormy 

At 03:25 AM 2/9/2011 +, Stephen Love wrote:
I do know that GoDaddy.com has a private/lock feature that hides details 
of the ownership info, but I've just never chosen to use it. [snip]


This is really OT for this list, but one of my functions is setting 
policy and overseeing the abuse desks covering nearly 3*10^6 user email 
addresses. If spam is detected coming from *your* domain (whether you are a 
direct spammer or your system has become infected with a worm, trojan, 
botnet, etc) and we cannot contact *you*, then we will contact your IP 
supplier - and this can hurt *you* as most suppliers (who are not already 
black-listed) have strict ToS (Terms of Service) and AUPs (Authorized User 
Policies) banning Unsolicited Bulk Email (UBE).


Godaddy are amongst the worst offenders (from an abuse desk pov) for 
cloaking - to the point that we hardly use their whois at all, and just 
advise the IP supplier direct. Other registrars offer a semi private 
email forwarding scheme that will take most of *your* pain away while still 
allowing contact with role addresses (postmaster@, admin@, etc)


My two cents...
Best - Paul


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Log entries

2011-01-16 Thread Stormy 

At 08:59 AM 1/16/2011 +0100, Jørn wrote:

On Saturday 15 January 2011 23:06, Jeroen Geilman wrote:
 On 1/14/11 9:31 AM, Jørn wrote:
  Hello,
 
  This may be a bit off-topic but...
 
  During the last months I have noticed this kind of entries in the apache
  log file:
 
  84.48.198.105 - - [09/Jan/2011:12:41:24 +0100]
  GET
  /dahls/Vin/url(res://C:/Programfiler/Google/Google%20Toolbar/Component/Go
 ogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/ findy_buttons.png)
  HTTP/1.1 404 333
 
  217.144.240.150 - - [14/Jan/2011:09:24:39 +0100]
  GET
  /dahls/Nofaq/Trening/url(data:image/png;base64,iVBORw0KGgoNSUhEUgAAAD
 gOCAYAAAB6pd%2buAXNSR0IArs4c6QZiS0dEAP8A%2fwD%2foL2nkwlwSF

[snip

I more interested in what at the client side is causing such requests.


I had a look into this a few weeks ago, and it appears to be IE8 related 
and concerns the google.com search page with the live search results and 
preview - although I never got to the bottom of exactly how the mechanism 
is supposed to work and then fails. (somehow a mismatch between google 
toolbar and MSIE8???)


I guessed at that time that google had invented some specific way of 
getting webmasters to put some code into their pages so as to get 
preferential preview treatment, e.g.:


[defanged] html
head

titlerogers and browne url(res: C: Program Files Google Google Toolbar 
Component GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll 
findy_buttons.png)/title


meta name=keywords content=rogers and browne url(res: C: Program Files 
Google Google Toolbar Component 
GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll findy_buttons.png)
meta name=description content=rogers and browne url(res: C: Program 
Files Google Google Toolbar Component 
GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll findy_buttons.png)


Best - Paul
tired old sys-admin




-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] access from LAN to virtual hosts

2010-10-24 Thread Stormy 
Apache 2.2 on ubuntu server 10.10 [LAN only, no WAN] all running well, 
except that virtualhosts is not functional as expected. All other LAN boxes 
are Win XP Pro SP2 and can see the ubuntu server2 (hard coded IPs for LAN, 
no DHCP.) 192.168.0.20 is NameVirtualHost on the ubuntu server2.


Set up 4 websites (sdb/www/site1, sdb/www/site2, etc, not using 
public_html) and the corresponding entries in hosts and sites-enabled - all 
accessible from Firefox on server2. HOWEVER, from the XP boxes on the LAN 
they were not directly visible using http://site1 (they were visible for a 
request http://server2/site1 but this was bypassing virtualhosts and going 
straight to the directory - proved it by adding a fully functional site5 
with no corresponding VirtualHost in sites-enabled). After modifying the 
Win hosts file to add lines 192.168.0.20 site1, 192.168.0.20 site2, etc all 
functioned as expected but is probably still finding the directory rather 
than the VirtualHost.


This to me appears to be Win forcing the address at http request level, 
rather than apache resolving via virtualhosts. Am I correct? and if so how 
do I get apache to resolve correctly? or conversely is there an http 
request (similar to ~site1 using public_html) that should be used.


The reason for this request is that I am trying to differentiate between 
two entries to a single app on different ports (koha on 80 and koha.admin 
on 8080) and cannot get it to work. Snipped version of VirtualHost file in 
sites-enabled as follows:


# Koha Apache Configuration Directives

# NameVirtualHost 192.168.0.20:80 - see ports.conf
NameVirtualHost 127.0.0.1:80

## OPAC
VirtualHost 127.0.0.1:80 192.168.0.20:80
   ServerAdmin  webmas...@server2
   DocumentRoot /usr/share/koha/opac/htdocs
   ServerName koha
   ServerAlias *.koha
   ScriptAlias /cgi-bin/koha/ /usr/share/koha/opac/cgi-bin/opac/
   ScriptAlias /index.html /usr/share/koha/opac/cgi-bin/opac/opac-main.pl
   ScriptAlias /opac-search.pl /usr/share/koha/opac/cgi-bin/opac/search
   ScriptAlias /search /usr/share/koha/opac/cgi-bin/opac/search
   ErrorLog /var/log/koha/koha-opac-error_log
   SetEnv KOHA_CONF /etc/koha/koha-conf.xml
   SetEnv PERL5LIB /usr/share/koha/lib
/VirtualHost

NameVirtualHost 192.168.0.20:8080

VirtualHost 127.0.0.1:8080 192.168.0.20:8080
   ServerAdmin webmas...@server2
   DocumentRoot /usr/share/koha/intranet/htdocs
   ServerName server2:8080
   ServerAlias koha.admin:8080 koha.admin http://koha.admin
   ScriptAlias /cgi-bin/koha/ /usr/share/koha/intranet/cgi-bin/
   ScriptAlias /index.html /usr/share/koha/intranet/cgi-bin/mainpage.pl
   ScriptAlias /search /usr/share/koha/intranet/cgi-bin/search.pl
   ErrorLog /var/log/koha/koha-error_log
   SetEnv KOHA_CONF /etc/koha/koha-conf.xml
   SetEnv PERL5LIB /usr/share/koha/lib
/VirtualHost

The server aliases in the second VirtualHost do not work.

Many thanks - Paul
[first post to this list]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] access from LAN to virtual hosts

2010-10-24 Thread Stormy 

At 06:03 PM 10/24/2010 -0400, Eric Covener wrote:

 HOWEVER, from the XP boxes on the LAN they were not
 directly visible using http://site1

None of your name-based vhosts know about site1.


Thanks for the reply. I did not want to overload my original post, so did 
not paste the relevant VirtualHost entries - but they are in the 
sites-available (and therefore in sites-enabled), and after modifying the 
C:\$win\system32\drivers\etc\hosts in the Win boxes, they work perfectly.


My problem is differentiating between the two koha sites, one on port 80, 
the other on port 8080 - that is why I included just those two vhost 
entries (the listen and VirtualHostName entries are - I think sufficient.) 
The workstation Win boxes 'hosts' files will not take a port# as an argument.


I could add an IP address on eth0 (I believe as eth0:1 ???) - would this be 
the easiest work around?


Thanks - Paul


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org