Archive for the ‘Apache’ Category

4 my apache keep crashing

Tuesday, January 4th, 2011

Hi
My apache keep crashing

Apapce 2: How to turn off directory listings

Monday, November 22nd, 2010

Directory listings can be a security threat .

By default apache has bellow lines:

 
Options Indexes FollowSymLinks

Delete indexes from that line, so it will be like bellow

 
Options  FollowSymLinks

Now restart apache daemon.

It will stop Apache to show directory listing .

useful apache server documentation link

Tuesday, December 15th, 2009
  1. Prefix for configutraion: http://httpd.apache.org/docs/2.2/en/programs/configure.html#installationdirectories

How to configure nagios to work with apache source install(/usr/local/apache)

Monday, November 16th, 2009

Ref:http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html

Basic nagios setup works well if you install apache server by yum. But if you install and configure Apache from source to run different directory(i.e /usr/local/apache) other then /etc/httpd/conf then then the default nagios web interface would not work because , by default nagios creates nagios.conf file in /etc/httpd/conf.d directory for fedora.

So if you have already installed apache from source then do the following:

Follow step 1 to 5 as documented in nagios website (Except htpasswd section)

(a)

I assume , you have configured your Apache to run from /usr/local/apache , and your apache configuration file is in /usr/local/apache/conf/

copy nagios.conf file from /etc/httpd/conf.d to /usr/local/apache/conf/extra

cp /etc/httpd/conf.d/nagios.conf /usr/local/apache/conf/extra/

Edit httpd.conf which located in /usr/local/apache/conf/httpd.conf and add the bellow line

Include conf/extra/nagios.conf

(b)

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account – you’ll need it later.

/usr/local/apache/bin/htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

stop the apache server by /usr/local/apache/bin/apachectl stop

start the Apache server by /usr/local/apache/bin/apachectl start

Then Follow rest of the steps .

Extra note:

if you did install apache by yum , then you might see error like bellow :

[root@web nagios-3.2.0]# make install-webconf
/usr/bin/install -c -m 644 sample-config/httpd.conf /etc/httpd/conf.d/nagios.conf
/usr/bin/install: cannot create regular file `/etc/httpd/conf.d/nagios.conf’: No such file or directory
make: *** [install-webconf] Error 1

Solution : mkdir /etc/httpd/conf.d , now run

make install-webconf

So it will install nagios.conf file in /etc/httpd/conf.d directory. Now follow form (a) to (b)

Note : I am assuming you have configured apache to install on /usr/local/apache directory

How to compile php for GD library

Friday, November 13th, 2009

Install necessary software by yum or from source

yum install gd gd-devel yum install zlib zlib-devel

then

a) Download the php source from here : http://www.php.net/downloads.php
b) Download the source file in to /tmp directory
c) Here I am gussing the php version is php-5.3.0.tar.gz
d) Tar –xvzf php-5.3.0.tar.gz
e) Cd php-5.3.0
f)

 ./configure --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --enable-mbstring –-with-gd –-with-zlib –-with-jpeg-dir-with-png-dir

g) make
h) make install
i) setup your php.ini : cp php.ini-dist /usr/local/lib/php.ini
j) Stop apache /usr/local/apache/bin/apachectl1 stop
k) Restart apache /usr/local/apache/bin/apachectl1 start

How to check :

create a file phpinfo.php

<?php
phpinfo();
?>

Open the file in your browser , http://localhost/phpinfo.php

and Look for 2 section , GD and ZLIB. You should see something like bellow pictures

How to install apache2-php-mysql from source

Thursday, September 10th, 2009

Prerequisite : yum install gcc-c++ gcc make ncurses-devel openssl-devel glibc* libc-*

Packages required for php: yum install libjpeg-devel libpng-devel curl-devel libmcrypt-devel krb5-devel

Apache Server Installation from Source:
Apache installation directory is : /usr/local/apache
a) Download the apache source file from : http://httpd.apache.org/download.cgi
b) Download the source file in to /tmp directory.
c) I am guessing the source file is httpd-2.2.13.tar.gz
d) Cd /tmp
e) tar –xvzf httpd-2.2.13.tar.gz
f) cd httpd-2.2.13

g)

 
./configure  --prefix=/usr/local/apache --with-included-apr --with-php --with-mysql --with-susexec --disable-info --with-mpm=prefork --enable-so --enable-cgi --enable-rewrite --enable-ssl --enable-mime-magic --enable-unique-id --enable-mods-shared="proxy cache ssl all"

h) make
i) make install
j)To restart apache : /usr/local/apache/bin/apachectl start

MySql Server Install from source:

Ref:http://dev.mysql.com/doc/refman/5.1/en/quick-install.html

a)Download my.version.tar.gz from
http://dev.mysql.com/downloads/mysql/5.1.html#source

b)shell> groupadd mysql
c)shell> useradd -g mysql mysql
d)shell> gunzip < mysql-VERSION.tar.gz | tar -xvf – e)shell> cd mysql-VERSION
f)

   ./configure --prefix=/usr/local/mysql --with-ssl --with-plugins=innobase

note:: for mysql 5.1 : to add innodb support its ” –with-plugins=innobase” but for 5.0 its “./configure –with-innodb”
g)shell> make
h)shell> make install
i)shell> cp support-files/my-medium.cnf /etc/my.cnf
j)shell> cd /usr/local/mysql
k)shell> chown -R mysql .
l)shell> chgrp -R mysql .
m)shell> bin/mysql_install_db -–user=mysql
n)shell> chown -R root .
o)shell> chown -R mysql var
p)shell> bin/mysqld_safe -–user=mysql &

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
./bin/mysqladmin -u root password 'new-password'

Php installation from source with GD library Support

http://www.php.net/manual/en/install.unix.apache2.php

a) Download the php source from here : http://www.php.net/downloads.php
b) Download the source file in to /tmp directory
c) Here I am gussing the php version is php-5.3.0.tar.gz
d) Tar –xvzf php-5.3.0.tar.gz
e) Cd php-5.3.0
f)

./configure --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --enable-mbstring --with-gd --with-zlib --with-jpeg-dir --with-png-dir --with-openssl --with-curl --with-mcrypt --with-imap --with-imap-ssl --with-kerberos --with-mysqli=/usr/local/mysql/bin/mysql_config

g) make
h) make install
i) setup your php.ini : cp php.ini-dist /usr/local/lib/php.ini

j) In httpd.conf file.. check for bellow lines

LoadModule php5_module modules/libphp5.so

j) Add the bellow lines in httpd.conf file to allow .php extension.
add bellow lines under directive

Add php extension

 
<FilesMatch "\.phps$">
          SetHandler application/x-httpd-php-source
      </FilesMatch>
 
 <FilesMatch "\.ph(p[2-6]?|tml)$">
          SetHandler application/x-httpd-php
      </FilesMatch>

j) Stop apache /usr/local/apache/bin/apachectl1 stop
k) Restart apache /usr/local/apache/bin/apachectl1 start

Note :

(a) configure: error: xml2-config not found. Please check your libxml2 installation. : yum install libxml2-devel

(b) configure: error: libpng.(a|so) not found.
configure: error: libjpeg.(a|so) not found.
(c) Error : configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing
yum install libc-client-devel*
So it will try to find accurate rpm for your kernel(32/64)

(d) If you have older httpd daemon running , please stop that daemon,Other wise when you will start apache daemon, it will through an error .You can check by bellow command to make sure you don’t have any other httpd is running in background.

ps aux | grep -v grep | grep httpd

If this returns value that means another httpd daemon is running and you can stop it by executing

service httpd stop

Last Update : 14-09-2010

How to install mod_security by yum(Redhat-Centos 5)

Friday, August 28th, 2009

1.Download the EPEL repo :

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

2.Then type the following command :

yum install mod_security

Note : Mod_security require liblua-5.1.so, If you don’t have this , it will throw an error while installing by yum.


--> Processing Dependency: liblua-5.1.so for package: mod_security
--> Finished Dependency Resolution
mod_security-2.5.9-1.el5.i386 from epel has depsolving problems
--> Missing Dependency: liblua-5.1.so is needed by package mod_security-2.5.9- 1.el5.i386 (epel)
Error: Missing Dependency: liblua-5.1.so is needed by package mod_security-2.5.9 -1.el5.i386 (epel)

Solution: You can download the rpm from this website

http://rpm.pbone.net/index.php3/stat/4/idpl/12580541/com/lua-5.1.4-1.i386.rpm.html

If your server complain you have installed already newer version then you can reinstall the installed version by using

-bash-3.2# rpm -qa | grep lua
lua-5.1.4-1.el5.rf
-bash-3.2# rpm -e lua-5.1.4-1.el5.rf
-bash-3.2# rpm -Uvh lua-5.1.4-1.i386.rpm
Preparing… ########################################### [100%]
1:lua ########################################### [100%]

Now type

-bash-3.2# updatedb

-bash-3.2# locate liblua-5.1.so
/usr/lib/liblua-5.1.so

So it shows that your server has the required file for it to install mod_security

Now run

yum install mod_security

It should installed now
mod_security configuration files

  1. /etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.
  2. /etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
  3. /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf – Configuration contained in this file should be customized for your specific requirements before deployment.
  4. /var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.
  5. /var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events (as detected) or a serer error are logged (“RelevantOnly”) are logged into this file.

After installing mod_security , Edit modsecurity_crs_10_config.conf file and make sure

bellow line is enabled.

SecRuleEngine On

Now restart the httpd server by

service httpd restart

Check the /var/log/httpd/error_log for this lines

[Fri Aug 28 10:48:24 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.mod security.org/) configured.

Note : I have tested this on Centos5 (2.6.18-128.1.14.el5xen).

Ref:http://www.cyberciti.biz/faq/rhel-fedora-centos-httpd-mod_security-configuration/

Ref:http://www.modsecurity.org/documentation/

reverse proxying with apache

Wednesday, August 26th, 2009

Ref: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

Module : mod_proxy.c

In httpd.conf , under bellow section all reverse proxy rules will go

<IfModule mod_proxy.c>
#ProxyRequests On

ProxyRequests Off
#
#<Proxy *>
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Proxy>

#
# Enable/disable the handling of HTTP/1.1 “Via:” headers.
# (“Full” adds the server version; “Block” removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
#ProxyVia On

#
# To enable a cache of proxied content, uncomment the following lines.
# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
#
#<IfModule mod_disk_cache.c>
# CacheEnable disk /
# CacheRoot “/var/cache/mod_proxy”
#</IfModule>
#
#Add the Reverse Proxy rules

ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar

</IfModule>

#End of proxy directives.

Note : Make sure if you use reverse proxy then ProxyRequests is Off.

How to allow perl/cgi script to run from virtualhost

Wednesday, August 26th, 2009

Ref: http://httpd.apache.org/docs/2.0/howto/cgi.html

If you want to run a perl script like this http://www.mydomain.com/test.pl , you will have to to define explicitly use the Options directive, inside your main server configuration file, to specify that CGI execution was permitted in a particular directory:

Example:

<VirtualHost *:80>
ServerAdmin adin@mydomain.co.uk
DocumentRoot /var/www/html/mydomain/
ServerName mydomain.co.uk
ServerName www.mydomain.co.uk
ErrorLog logs/mydomain.co.uk-error_log
CustomLog logs/mydomain.co.uk-access_log common

<Directory “/var/www/html/mydomain/”>
Options FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all

</Directory>
</VirtualHost>

The above directive tells Apache to permit the execution of CGI files.

You will also need to tell the server what files are CGI files. The following AddHandler directive tells the server to treat all files with the cgi or pl extension as CGI programs:

AddHandler cgi-script .cgi .pl

Now Save the configuration file and Restart apache.