Introduction: In the following example I try to set environment variables according to the incoming request’s ‘HTTP_HOST’ value. The following example pertains to Magento Webshop software which offers a different Store view for every domain configured to land in the main store. Prerequisites: – Magento is been configured, apart from its default Store View, to …
Category: Apache
Apache 1.3 and 2.x Tips and tricks
Installing the missing mcrypt module for PHP 7.2
Inroduction: Because of the module mcrypt for PHP neot being maintained since a bout 10 years the PHP team has decided to drop it from the PHP version 7.2 on. For PHP applications that need this module here are the instructions to compile and install it for PHP 7.2. Reference: https://lukasmestan.com/install-mcrypt-extension-in-php7-2/ STEPS: We need to …
Install CERTBOT in Ubuntu-16-04-xenial and Debian Stretch
Intro: Here is a 1-to-1 copy of the article on how to install certbot in Ubuntu 16.04 and Debian Stretch Ubuntu 16.04 HOWTO: Install On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages. $ sudo apt-get …
Configuring Letsencrypt in ISPConfig 3.1
Intro: Since a while now the wonderful idea of creating the service Letsencrypt has made lots of admins happy. Here is how we can also use Letsencrypt with ISPConfig 3.1. Ref: https://www.howtoforge.com/community/threads/ssl-how-to-for-ispconfig-3-with-letsencrypt.74738/ STEPS: Define ISPconfig to use the new SSL certificate with symbolic links. (If you don’t know how to use symbolic links this how-to …
Verifying PHP syntax.
After an upgrade from php 5.6 to 7.0/7.1 many php scripts gave me trouble. So I looked for a way to test the php syntax before errors showed up later when the sites are live. I found this one which is quite helpful: find . -name “*.php” -exec php -l {} \; 1>/dev/null
piwik: Could not open input file: ./console
Introduction: In order to know the location of the visits your website received before you started using Piwik with GeoIP you need to run a command. The reference to this command is at: https://piwik.org/faq/how-to/faq_167/ Problem: Unfortunately after having logged in as root in the server this command gave me the following error: Could not open …
Hardening the SSL security in Apache, Dovecot and Postfix
Introduction: After having gotten a report from OpenVAS that my SSL security level of the mail server were medium, I looked for ways to improve this. I found very good sites which helps me making these improvements: https://weakdh.org/sysadmin.html https://wiki.dovecot.org/SSL/DovecotConfiguration Click to access applied-crypto-hardening.pdf Based on this site and extending to cover dovecot mail service here …
Installing TeamPass in Debian Jessie
Introduction: TeamPass is a very good Web application which can store securely Passwords for single person or teams. Here are the steps I used to install it in Debian Jessie. These instructions can also be used with no or minimal changes to install TeamPass in other Debian or Ubuntu systems. These instruction are partly based …
Upgrading Apache2 from Debian Wheezy to Jessie
Introduction: As I tried to make a full distribution upgrade from Wheezy to Jessie the upgrade of Apache2 didn’t go well at all: dpkg kept coming up with dependencies errors and post-install scripts errors. Unfortunately I don’t have a sample of these errors here. Since I had to dist-upgrade over 30 servers of the same …
Upgrading php from 5.4 to 5.6 in Debian Wheezy
In order to upgrade PHP from 5.4 to 5.6 we need to use the DOTDEB repositories by which many other packages will also be upgraded. Here are the steps. References: https://www.dotdeb.org/instructions/ STEPS: Edit the file /etc/apt/sources.lst and add the following lines: deb http://packages.dotdeb.org wheezy all deb-src http://packages.dotdeb.org wheezy all deb http://packages.dotdeb.org wheezy-php56-zts all deb-src http://packages.dotdeb.org …
Activating SPDY in Apache 2.4 (Ubuntu 14.04)
SPDY is a new protocol created by Google and given to the Apache Foundation which allows faster Web traffic under SSL. Apache 2.4 is SPDY capable but its module is not included in Ubuntu 14.04 LTS Server. Here are some instructions that allow to get, install and enable SPDY feature foe Apache 2.4 under Ubuntu …
Using HTTPS as proxy backend in Apache 2.4
Introduction: In Apache 2.4 in a Vhost in order to be able to proxy to a backend with HTTPS using either a self-signed or expired certificate on the backend we need to include the following directives: SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off You also need to enable the required Apache2 modules …
Testing SSL Connections with SSLyze, Nmap or OpenSSL
Introduction: OpenSSL is a great tool to check SSL connections to servers. The difficulty here is when one want a full scan of all possible SSL Cyphers and protocols used by a server. That is where SSLyze comes in handy. This tool is a Python script which will scan the target host/port for SSL handshake …
Issue free and CA signed SSL certificates for web servers from LetsEncrypt
Introduction: SSL Certificates provide two functions: 1. Authentication 2. Encryption Encryption can be achieved without authentication but, for some reason, someone decided to join them together in one certificate. It seem to make sense for banks and serious e-commerce sites which need to be properly authenticated. Therefore when the HTTPS protocol got developed it was …
Creating a web certificate CSR file.
The process of buying an SSL certificate for a web site is usually as follows: – You create a secret key and CSR files using the method showm in this post. – You cut and paste the content of the CSR file into a field in a SSL Vendor web site – The SSL vendor …
Configuring HAproxy load balancer in Ubuntu 14.04
Goal: In this example HTTP requests are proxied directly as HTTP requests to the HTTP web servers. In the case of HTTPS requests, they are handled with the certificates by HAproxy and then proxied to the web servers as HTTP requests. SSLCertificates: The certificates for all virtualhosts being proxied are stored as one PEM format …
Installing pure-ftpd in Debian/Ubuntu
Difficulty with FTP servers and firewall: If you configure a firewall for a host which runs an FTP server you normally need to leave the ports 1024-65365 range open, since you never know which port the FTP server will use to send data to the FTP client. This situation is quite critical if you have …
Fine tune Ubuntu TCP stack for web server
The following tips taken from the site will help reduce the TCP latency of Ubuntu as a web server : http://www.cyberciti.biz/faq/linux-tcp-tuning/
Limiting the number of connected clients on a VirtualHost in Apache
Problem: When a DDOS attack or a burst of requests are coming at the same time in my Apache2 Web server, the whole server can run out of RAM and crash. Possible solution: Limit the number of simultaneous connections to your Web server per VirtualHost Method: One simple and effective method done directly on the …
Using mod_cluster in Apache
The newly discovered Apache module mod_cluster seems to offer many advantages compared to mod_jk which could be used in the new Apache/Jboss environment. The following features are listed: – Dynamic configuration of httpd workers – Server-side load balance factor calculation – Fine grained web-app lifecycle control – AJP is optional – Compatible staring at JBoss …