The SSL module is enabled by default in the global server configuration. In case it has been disabled on your host, activate it with the following command: a2enmod ssl. To finally enable SSL, the server needs to be started with the flag “SSL”. To do so, call a2enflag SSL (case-sensitive!). If you have chosen to encrypt your server certificate with a password, you should also increase the value for APACHE_TIMEOUT in /etc/sysconfig/apache2, so you have enough time to enter the passphrase when Apache starts. Restart the server to make these changes active. A reload is not sufficient.
Creating a Self-Signed Certificate on SUSE 12:
root# openssl req -new > vhostname.csr
root# openssl rsa -in privkey.pem -out vhostname.key
root# openssl x509 -in vhostname.csr -out journal.crt -req -signkey vhostname.key -days 3650
Copy the certificate files to the relevant directories, so that the Apache server can read them. Make sure that the private key /etc/apache2/ssl.key/vhostname.key is not world-readable, while the public PEM certificate /etc/apache2/ssl.crt/vhostname.crt is.
Check currently established connections
root# netstat -an | grep 'ESTA' | wc -l
root# netstat -an | grep ':80|:443' | grep -i EST | wc -l
Check currently TIME_WAIT connections
root# netstat -ant | grep TIME_WAIT | wc -l
Check total httpd processes
ps -aux | grep 'httpd|apache' | wc -l
Apache HTTP Server can be configured in both a forward and reverse proxy (also known as gateway) mode. An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites. Reverse Proxy example:
ProxyPass "/foo" "http://foo.example.com/bar"
ProxyPassReverse "/foo" "http://foo.example.com/bar"
ProxyPass /camera http://127.0.0.1:10000
ProxyPassReverse /camera http://127.0.0.1:10000
Continue reading “Motion and reverse proxy mode.”
[Tue May 05 10:01:46.317409 2015] [authz_core:error] [pid 5837] [client 220.127.116.11:32407] AH01630: client denied by server configuration: /var/lib/roundcube/
You don’t have permission to access / on this server.
To enable roundcube on Debian 8 after an upgrade add the following “Require all granted” to a virtual host configuration file:
Allow from all
Require all granted
Continue reading “authz_core:error – client denied by server configuration: /var/lib/roundcube/”