On Fri, Jun 16, 2023 at 13:07 Tom Browder wrote:
> Is Debian's certbot package required for MD use? Or does it interfere with
> it?
>
> I suspect the latter.
>
Suspicion confirmed.
-Tom
Is Debian's certbot package required for MD use? Or does it interfere with
it?
I suspect the latter.
Thanks.
-Tom
On Fri, Mar 24, 2023 at 20:26 Ruben Safir wrote:
> On 3/24/23 20:53, Sean Conner wrote:
> > /usr/local/apache2/bin/apachectl graceful
>
> that might not work if systemd is superving
What would you recommend?
-Tom
On Fri, Mar 24, 2023 at 12:23 Tom Browder wrote:
> I have all my websites using Apache's managed certs. Up to now I have been
> restarting them periodically manually as root executing "apachectl
> graceful" and then checking to see if the update happened. I have for a
>
l" or a systemd command?
Thanks,
-Tom
On Thu, Jun 16, 2022 at 08:03 Tom Browder wrote:
> I have a website whose home page appearance online is as expected. The
> site has a subpage using css (in a separate file linked into the head
> element) to form a modern, simple grid layout for testing. Both pages look
> as expected
On Thu, Jun 16, 2022 at 11:44 Deepak Goel wrote:
> Try giving the full path (https://gbumc.church/css/css.photo) instead of
> ( ../css/css.photo.)
>
Thank you Deepak.
Best regards,
-Tom
not recognise what type of file it is.
Thank you!
BTW, HTTPD 2.4.54 has been released a week ago.
Yes, and I will upgrade soon.
Thanks, Konstantin.
Best regards,
-Tom
/public/ and the home index.html is rooted
there. Under that directory are css/ and pages/. The pages/congregants.html
file internally points to ../css/css.photo.
The online site is at https://gbumc.church.
Any suggestions are greatly appreciated.
-Tom
On Tue, Jun 14, 2022 at 07:21 Tom Browder wrote:
> On Tue, Jun 14, 2022 at 07:15 Eric Covener wrote:
>
Use developer tools in the browser or a command-line client to look at
>> the response headers. Share them here.
>
>
Will a curl response be useful? Or do I need wireshark?
-Tom
e response headers. Share them here.
It will be some time before I can do that, but it’s on my TODO list.
Thanks!
-Tom
I am using a long ssl session cache settings in my httpd.conf file. Will
that delay viewing a refreshed page during a session?
I have noticed the long page delays for seeing refreshed paged for my sites
for some time in all browsers and on all OSs. Any suggestions?
Thanks.
-Tom
On Tue, Jun 14, 2022 at 02:24 Thomas WILLIAMSON <
t-william...@eauxdevienne.fr> wrote:
> @Tom Browder: it seems to be a Symfony and SSO issue. Our developers team
> is facing issues when accessing simultaneously to different applications
> hosted on the server (in different t
ng a hard restart, checking the logs and saw in the error log the system
was waiting for a graceful restart, did so and all is well now.
I will definitely keep a note of my steps for future reference.
Thanks, and blessings to all!
-Tom
On Sun, Jun 12, 2022 at 09:12 Tom Browder wrote:
> On Sun, Jun 12, 2022 at 08:09 Frank Gingras wrote:
>
>> Changing certificates means that you have to issue a full restart, and
>> not graceful.
>>
>
> Thanks, Frank. I tried stop then start, then restart, but no ch
e checked the
httpd.conf file again to make sure I'm NOT using the staging url.)
-Tom
, running fine.
Any ideas would be appreciated.
Best regards,
-Tom
ubdomain naming)
> system. For instance:
>
> https://srv-intra.mydomain.fr/basecolldev
>
>
> should become
>
> https://basecolldev.mydomain.fr
>
>
I am curious as to why they think there is a need for a change since the
alias can handle the desired name format. And the alias should be much
easier to maintain.
-Tom
pak.
Best regards,
-Tom
>
On Sat, May 14, 2022 at 18:20 Tom Browder wrote:
> I have tried to move from openssl 1.1.1o to 3.0.3 and am getting lots of
> deprecated warnings during the httpd build. I also tried when attempting
> http 2.4.52 and didn't complete iththen either because of the same warnings.
ual hosts defined by SNI. See
the Apache section on my "config-scripts" module at github
(tbrowder/config-scripts).
Essentially, you use the macro (with args) to define a template for a host.
Then use it with one-line definitions for each host. Finally, undef the
macro.
-Tom
On Sat, May 14, 2022 at 18:20 Tom Browder wrote:
> I have tried to move from openssl 1.1.1o to 3.0.3 and am getting lots of
> deprecated warnings during the httpd build. I also tried when
Looking more closely at the build, the warnings *are* coming from the httpd
code.Since they are wa
version) since my last successful build with http 2.4.43 and openssl
1.1.1o, so I wonder what I might need to do configuration-wise.
I am happy to show my configuration if it would help.
Thanks.
-Tom
On Sun, Feb 27, 2022 at 3:24 PM Stormy wrote:
>
> On 2022-02-27 10:31 a.m., Tom Browder wrote:
> > On Sun, Feb 27, 2022 at 09:11 Jeroen Verhoeckx
> > wrote:
> >
> >> Why do you need a predefined user with a writeable home directory?
...
Sorry, I was not very c
ngs to execute. I may be able to handle some of that in
the governing systemd service file, but this way seems easier.
-Tom
working, so I can create a new user for
that purpose if need be.
Thanks.
-Tom
I'll attempt that in another email.
Thank you very much, Eric.
Cheers!
-Tom
On Wed, Feb 23, 2022 at 06:03 Tom Browder wrote:
…
> I seem to be making some progress. I can get an A from SSL Labs, but I'm
> getting a 503 response when I try to go to the website directly (
> https://gbumc.church).
>
I turned on DumpIO input and output and see the following
On Tue, Feb 22, 2022 at 12:16 Tom Browder wrote:
> On Tue, Feb 22, 2022 at 11:59 Eric Covener wrote:
> ...
>
>> The server decrypts incoming requests the same way regardless of how
>> it will later handle the request (static file, CGI, proxy).
>
>
> Okay, thank
, Eric, for your patience and help.
-Tom
On Tue, Feb 22, 2022 at 09:50 Eric Covener wrote:
> On Tue, Feb 22, 2022 at 10:44 AM Tom Browder
> wrote:
> >
> > On Mon, Feb 21, 2022 at 13:34 Tom Browder wrote:
> >>
> >> On Mon, Feb 21, 2022 at 10:16 Eric Covener wrote:
> >
> >
>
On Mon, Feb 21, 2022 at 13:34 Tom Browder wrote:
> On Mon, Feb 21, 2022 at 10:16 Eric Covener wrote:
Let me try to rephrase the situation and question:
If I use a reverse proxy as in the basic example in the docs, does that
handle https traffic also? Or does the the "http://www.exa
think I've found a solution here:
<https://seeq.atlassian.net/wiki/spaces/KB/pages/116188360/Apache+Reverse+Proxy+for+HTTPS+on+Ubuntu>
Best regards,
-Tom
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For ad
On Sun, Feb 20, 2022 at 06:30 Tom Browder wrote:
> I am trying to integrate some Raku (formerly Perl 6) code to handle post
> TLS inputs (decrypted dat) to one of my websites. How can I get access to
> the decrypted input via a reverse proxy?
I think I see that can be done using Re
of a reverse proxy (I hope not)?
Thanks.
-Tom
rsion
> > Well, the obvious answer is "no," at least for my other
> > configurations. I got all kinds of compilation warnings and errors.
> Hi Tom,
> sharing the errors you got could be interesting.
> AFAIK, httpd 2.4.52 should work fine with openssl 3.
Thanks, Chris
On Tue, Feb 1, 2022 at 11:06 AM Tom Browder wrote:
> I am upgrading from Apache 2.4.43 to 2.4.52 and using openssl from
> source. I currently use 1.1.1.k and would normally go to the latest
> LTS version1.1.1.m; however, would it be better to move to version
> 3+ now?
Well, the ob
I am upgrading from Apache 2.4.43 to 2.4.52 and using openssl from
source. I currently use 1.1.1.k and would normally go to the latest
LTS version1.1.1.m; however, would it be better to move to version
3+ now?
Thanks.
-Tom
f
I back out the intranet stuff.
I'll try it and see what happens.
-Tom
On Fri, Sep 3, 2021 at 16:21 Orendt, John
wrote:
> Hi Tom
>
...
>
These two techniques can be used separately or together.
>
When both password and client cert are used it could be called two factor
> authentication.
>
> Any of the above combinations are supported by
I provide both access methods to the same directory?
I know it would be not as secure as a TLS cert and it would reduce the
overall security of the directory, but is it feasible?
Thanks.
-Tom
On Mon, Aug 9, 2021 at 11:21 AM Dino Ciuffetti wrote:
...
> Richard is right.
> It's this image in your HTML that is loading via HTTP instead of HTTPS:
Thanks, Dino.
-Tom
-
To unsubscribe, e-mail: users-un
On Mon, Aug 9, 2021 at 10:21 Richard wrote:
> > Date: Monday, August 09, 2021 09:51:39 -0500
> > From: Tom Browder
...
> > I have a site, <https://nwflug.org>, that shows secure (black lock
...
> Firefox on linux indicates that "Parts of this page are not
I have
for years seen Apple devices behind Linux and Windows on https issues
amongst my classmate users of my primary and default site:
<https://usafa-1965.org>.)
Thanks.
Blessings,
-Tom
-
To unsubscribe, e-mail: us
On Sat, Oct 10, 2020 at 15:01 Antony Stone <
antony.st...@apache.open.source.it> wrote:
> On Saturday 10 October 2020 at 20:23:46, Tom Browder wrote:
...
>
> > I've been looking at ways to speed up my web services using
> > https://webpagetest.org for analysis. One thing
mas.
-Tom
P.S. I am NOT using compression, nor have I ever used it.
so far I've not found anything saying that threat has been
mitigated. Does anyone here use compression with TLS or have any current
advice about the issue?
Thanks.
Cheers!
-Tom
On Sun, Oct 4, 2020 at 17:49 James Moe wrote:
...
> Aren't cookies good for this type of tracking?
I don't think data from cookies would be as reliable. Anyway, I just
haven't dealt with cookies up till now and probably won't any time soon.
Thanks.
-Tom
her sites:
https://psrr.info
Cheers!
-Tom
anks, Rob.
Cheers,
-Tom
oblem.
Also, I do have a good Pg db running I've intended to use but just haven't
gotten a "round tuit" yet.
But, could a web socket setup help do you think?
Best,
-Tom
On Sat, Oct 3, 2020 at 12:18 Tom Browder wrote:
> I have been using server side includes since I started my websites on Apache
...
> Any suggestions for SSI replacement with a more asynchronous method?
Let me be more specific about the data flow I'm using with the landing
(home) page
programs to track and update the visitor's who use the site, but the
handling delay during page load is getting too large. I suspect I could
speed them up but haven't looked into actual debugging yet.
Any suggestions for SSI replacement with a more asynchronous method?
Best regards,
-Tom
interesting and clever. I'll have to chew on that a bit.
Thanks!
-Tom
hat mean I should define one server outside a virtual context?
Or does that "virtual" refer to using mod_virtual which I do not use at all?
Thanks.
Best regards,
-Tom
On Tue, Sep 1, 2020 at 10:18 Eric Covener wrote:
> On Tue, Sep 1, 2020 at 10:58 AM Tom Browder wrote:
> > Is there any way with the Apache logs to see (and capture) the raw data
> being received on the backside of a reverse proxy using TLS?
>
> I assume https://httpd.apach
Is there any way with the Apache logs to see (and capture) the raw data
being received on the backside of a reverse proxy using TLS?
If so, is there any way to unenccode the data offline with OpenSSL if one
has the public and private keys?
Thanks so much.
Best regards,
-Tom
think I'm getting to the proxy pass point okay. My logs don't show any
errors but I can't see that my backend server is reading the frontend data
properly.
Can you show any code from the backend server? How does it listen or
respond to the proxypass data?
Thanks,
Best regards,
-Tom
On Mon, Aug 31, 2020 at 07:10 Tom Browder wrote:
> On Sun, Aug 30, 2020 at 11:12 Tom Browder wrote:
>
>> On Sun, Aug 30, 2020 at 10:37 Yuma Technical Inc. <
>> yumatechni...@gmail.com> wrote:
>>
>>> I may be using the setup you describe. I have Webmin t
On Sun, Aug 30, 2020 at 11:12 Tom Browder wrote:
> On Sun, Aug 30, 2020 at 10:37 Yuma Technical Inc.
> wrote:
>
>> I may be using the setup you describe. I have Webmin to manage services
>>
> ...
>
Can you tell me how the _default_ works with SNI virtual hosts?
-Tom
On Sun, Aug 30, 2020 at 10:37 Yuma Technical Inc.
wrote:
> I may be using the setup you describe. I have Webmin to manage services
>
...
Thanks, that helps. My data flow is a bit different, but every little piece
of a working solution is a step in the right direction!
Best regards:
-Tom
On Sun, Aug 30, 2020 at 06:58 Tom Browder wrote:
> I have a successful non-apache reverse proxy server working behind a
> non-tls public-facing apache server. What do I have to do to use TLS with
> Let's Encrypt certs managed certificates?
I'll be showing the virtual host macro
tery to me.
Thanks.
Best regards,
-Tom
On Thu, Jul 23, 2020 at 12:51 Tom Jubb wrote:
> Understood. Just trying to exhaust all possible solutions before doing an OS
> upgrade.
FYI, I recently completed a local src build of Apache 2.4.43 (and APR
and APR-UTIL), and OpenSSL 1.1.1g on Debian 10 Buster. I have
documented the p
brought up in a SuSE listerv and not the
general Apache listserv.
From: Dennis Clarke
Sent: Thursday, July 23, 2020 12:59 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache 2.2 and tls 1.2
On 7/23/20 4:41 PM, Tom Jubb wrote:
> New ce
.
Thanks,
Tom
reliable and also offers monitoring. But it is a
> new thing and bugs may be found.
I think I will try it. I have nothing really mission critical running.
Thank you very much, Stefan!
Cheers,
-Tom
time?
2. After I follow the recommendations for the move of the other
domains, will they require an initial manual restart?
3. According to my reading of the docs, using OCSP via mod_md looks to
be the best practice. Am I correct?
Thank you.
Best regards,
-Tom
server so it appears to my browsers
to be running on the remote server?
For one thing I would have to copy the certs from my remote server to my
local one. Then I think I would have to play with, among other things,
/etc/hosts and /etc/resolve.conf.
But the devil is in the details...
Thanks.
-Tom
On Sun, Jun 28, 2020 at 18:19 Tom Browder wrote:
> I'm using locally built Apache 2.4.43 with Apr 1.7.0 and Apr-util 1.6.1 on
> Debian Buster. I'm trying to use DBM password files I built with an earlier
> version (approx 2.4.30ish) which worked fine.
>
...
PROBLEM SOLVED
The prob
logs still show the following error:
DSO load failed: [client 1.2.3.4:56931] AH01754: could not open dbm (type
DB) auth file:
/opt/data/passwords/examplecom.dat, referer: https://example.com/
I'm out of airspeed and ideas.
Thanks.
-Tom
On Thu, Jun 18, 2020 at 07:48 David Copeland
wrote:
> Hi Tom,
>
> To have Apache start on boot do: *systemctl enable apache2*
>
David, thanks so much!
So should a person installing Apache from source with "--enable-systemd"
expect the service to be enabled during
d
shutdown of httpd upon reboot?
Manual use is pretty straight forward, but, for me, the service file syntax
is not so clear. I'm afraid of getting locked out without easy hands-on
access to my remote servers.
Cheers,
-Tom
On Wed, Jun 17, 2020 at 18:11 @lbutlr wrote:
> On 17 Jun 2020, at 16:37, Tom Browder wrote:
> > Thanks for the info--but all I'm only running a dozen or so hosts on a
> single
...
> Zero maintenance. Set it up once and forget it. It is all automated.
I wish I could use
On Wed, Jun 17, 2020 at 11:50 dmallor wrote:
> I have never used that module and always preferred to keep 80 open purely
> for redirects (and LE)
>
...
Thanks, Danny.
-Tom
On Wed, Jun 17, 2020 at 11:47 @lbutlr wrote:
> On 17 Jun 2020, at 07:05, Tom Browder wrote:
...
> Most of the automation scripts for LE pretty much walk your through
> setting this up.
...
> Not making a suggestion, as this is harder to setup, but it is something
> to think
nks, Richard.
Hm, that doesn't work, and "systemctl list-unit-files" shows nothing for
httpd.
So what is "--enable-systemd" supposed to give me?
-Tom
downside of blocking port 80 entirely since mod_md doesn't need
it?
Using my wife as an example, when looking for a site she usually doesn't
specify http[s?] at all--she just clicks on what Google shows her. [:-(
Cheers!
-Tom
I've read a bit about mod_md but wasn't sure if I could add
a new, certless domain. I'll try it, then.
Cheers!
-Tom
. Is there
any way to allow port 80 access but only from an LE server?
The only time that would be needed, as far as I know, is when I first add a
new domain and it obviously would not have a cert yet.
Thanks.
Best regards,
-Tom
If I build a new server using --enable-systemd how does that affect using
apachectl?
Can I still apachectl for interactive start/stop while systemd takes care
of reboots?
Thanks.
Best regards,
-Tom
On Thu, Jan 30, 2020 at 09:31 o1bigtenor wrote:
> On Wed, Jan 29, 2020 at 5:28 PM Tom Browder wrote:
...
>
> > > > But I'm in the process of putting most of the config online. I'll put
> > > > my main macro first.
> >
> > And for the whole conf direct
On Wed, Jan 29, 2020 at 3:34 PM Tom Browder wrote:
> On Wed, Jan 29, 2020 at 11:47 AM Tom Browder wrote:
> > > >...
> > But I'm in the process of putting most of the config online. I'll put
> > my main macro first.
And for the whole conf directory see this:
https:/
/master/conf/vhost-proxy.macro.conf
-Tom
> On Wed, Jan 29, 2020 at 4:05 PM Tom Browder wrote:
>>
>> On Wed, Jan 29, 2020 at 08:36 Gillis J. de Nijs
>> wrote:
>> >
>> > There's mod_macro that might be useful. I don't think it does
>> > calculat
On Wed, Jan 29, 2020 at 11:47 AM Tom Browder wrote:
> > >...
> But I'm in the process of putting most of the config online. I'll put
> my main macro first.
See the following for my main vhost macro:
https://github.com/tbrowder/apache-httpd-tidbits/blob/master/
On Wed, Jan 29, 2020 at 9:20 AM o1bigtenor wrote:
> On Wed, Jan 29, 2020 at 7:14 AM Tom Browder wrote:
> > https://www.ssllabs.com/ssltest/
> >
> > Check one of my sites and see for yourself:
> >
> > https://freestatesofamerica.org
> >
> (Grin) Didn'
ludeOptional.
...
Thanks, Gillis. After I "pinged" this morning I checked the docs again
and I think I can use if/else directives inside the macro, something
like this pseudo code:
$port = 16000
$port = 16100
$port = 16800
Wh
in a public
place if you're interested. The examples in the Apache docs don't show
the full power of using macros for secure and working https-only
websites.
My virtual websites all get A+ grades at the SSL Labs site here:
https://www.ssllabs.com/ssltest/
Check one of my sites and see for yourself:
htt
I have a working website with part of it restricted to users with private
TLS certificates installed. I would like to add the option for some users
to access the same area with the form-based user name and password scheme.
Can that be done?
Thanks.
-Tom
On Fri, Jan 24, 2020 at 12:06 Tom Browder wrote:
> I have multiple virtual hosts for which I would like to use a reverse
> proxy to a dynamic application running constantly on my server.
>
...
Ping
$port += 10
end for
Is that possible?
Otherwise I guess I can generate the required .conf files offline and
include them in the master .conf file somehow.
Thanks.
-Tom
how to set up one such system if anyone has a suggestion.
Best regards,
-Tom
>
Does that mean the single app on the localhost port 8000 has to take care
of all domains?
Is there any way to map each unique domain.tld to a different app at a
unique port just for that domain.tld?
Thanks.
-Tom
:
Show Site Statics
Question: Can one somehow add an argument to the execution path in either
case?
I see case 1 is a likely candidate, but I would like to use the same
program in both cases but use different options as appropriate.
Thanks.
Best regards,
-Tom
This was the bit I was missing! Thanks!
--Tom Noonan II
On Wed, Feb 6, 2019 at 3:45 PM Eric Covener wrote:
> On Wed, Feb 6, 2019 at 3:38 PM Tom Noonan wrote:
> >
> > Good afternoon:
> >
> > I've written a custom Apache2 module and I'm having some difficul
hat
I'm getting some part of the module API wrong. However, I reviewed
https://httpd.apache.org/docs/2.4/developer/modguide.html and I simply
don't see my error.
The source of my module is here:
https://github.com/Root-App/mod_proxy_jwt_auth/blob/master/mod_proxy_jwt_auth.c
Can anyone advise? Thanks!
--Tom Noonan II
>
On Fri, Dec 14, 2018 at 10:22 Tom Browder wrote:
> Can anyone point to an example of a conf file with a macro defining a
> named virtual host with both the following attributes:
>
...
Ping. Anyone?
How about an example with TLS and two separate name-based virtual servers,
each using
Can anyone point to an example of a conf file with a macro defining a named
virtual host with both the following attributes:
+ TLS
+ reverse proxy
I can find good examples of macros with either attribute, but none with
both.
I currently have a single server running 10+ named virtual hosts using
On Sat, Jun 9, 2018 at 09:00 Tom Browder wrote:
> I can get htdbm to accept a cleartext password with spaces when using the
> mode where I enter the password at the command line, e.g
>
...
I’m sorry for the wasted bandwidth, but I proved myself wrong! I used a
bash script sussessfu
dbmfilename user passwordwithspaces
I have tried using single quotes around the password as well as backslashes
before the space without success.
I would love to be able to programmatically use passwords with spaces if
anyone can show me how to do it.
Thanks.
Best regards,
-Tom
1 - 100 of 1051 matches
Mail list logo