Apache – dump.4network.org

SUSE 12 – enable SSL and Create a Self-Signed Certificate

The SSL module is enabled by default in the global server configuration. In case it has been disabled on your host, activate it with the following command: a2enmod ssl. To finally enable SSL, the server needs to be started with the flag “SSL”. To do so, call a2enflag SSL (case-sensitive!). If you have chosen to encrypt your server certificate with a password, you should also increase the value for APACHE_TIMEOUT in /etc/sysconfig/apache2, so you have enough time to enter the passphrase when Apache starts. Restart the server to make these changes active. A reload is not sufficient.

Creating a Self-Signed Certificate on SUSE 12:

root# openssl req -new > vhostname.csr root# openssl rsa -in privkey.pem -out vhostname.key root# openssl x509 -in vhostname.csr -out journal.crt -req -signkey vhostname.key -days 3650

Copy the certificate files to the relevant directories, so that the Apache server can read them. Make sure that the private key /etc/apache2/ssl.key/vhostname.key is not world-readable, while the public PEM certificate /etc/apache2/ssl.crt/vhostname.crt is.

Check open connections for Apache/httpd

Check currently TIME_WAIT connections
root# netstat -ant | grep TIME_WAIT | wc -l

Check total httpd processes
ps -aux | grep 'httpd|apache' | wc -l

Motion and reverse proxy mode.

Apache HTTP Server can be configured in both a forward and reverse proxy (also known as gateway) mode. An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites. Reverse Proxy example:
ProxyPass "/foo" "http://foo.example.com/bar" ProxyPassReverse "/foo" "http://foo.example.com/bar"

ProxyPass /camera http://127.0.0.1:10000 ProxyPassReverse /camera http://127.0.0.1:10000

Continue reading “Motion and reverse proxy mode.”

authz_core:error – client denied by server configuration: /var/lib/roundcube/

From logs:

[Tue May 05 10:01:46.317409 2015] [authz_core:error] [pid 5837] [client 109.70.215.137:32407] AH01630: client denied by server configuration: /var/lib/roundcube/

From browser:

Forbidden
You don’t have permission to access / on this server.

To enable roundcube on Debian 8 after an upgrade add the following “Require all granted” to a virtual host configuration file:

<Directory /var/lib/roundcube/> Options +FollowSymLinks AllowOverride All Order allow,deny Allow from all Require all granted </Directory>

Continue reading “authz_core:error – client denied by server configuration: /var/lib/roundcube/”