|
Related Topic: |
niq
The blame deliverer
IIRC allow from domain.com should work
tias
tias is Try it and See - if you want to know if something will work, give it a go. If not, then you can ask why it didn't work as expected
Hi! I have a small question about mod_rewrite.
I'm using mod_userdir and i'm connecting to http://server.zone/~bessarabov/. (I have html root dir in ~/html and the cgi-bin dir in ~/cgi-bin )
I have a script ~/cgi-bin/test.pl. It works fine and i can access it http://server.zone/~bessarabov/cgi-bin/test.pl
I want to make it possible to access it http://server.zone/~bessarabov/test/
I've did .htaccess in the root, containg: RewriteEngine On || RewriteBase /~bessarabov/ || RewriteRule ^test /home/bessarabov/cgi-bin/test.pl [T=application/x-httpd-cgi,L]
It makes the rewriting, but there is error. In browser i see "The requested URL /home/bessarabov/cgi-bin/test.pl was not found on this server." and in the error log i can see "File does not exist: /var/www/server.zone/html/home/bessarabov/cgi-bin/test.pl"
As i understand this is because i have in httpd.conf VirtualHost with just the same DocumentRoot /var/www/server.zone/html/
So, the question is - what should i do to make it possible to make mod_rewrite from my home dir?
you need the wise words of
granny
Granny Weatherwax tells us the most important thing about magic is when _not_ to use it. The same is true of mod_rewrite.
Granny Weatherwax tells us the most important thing about magic is when _not_ to use it. The same is true of mod_rewrite.
is fajita sick? She seems remarkably slow
alias
alias is http://httpd.apache.org/docs/2.2/mod/mod_alias.html#alias
what do you mean?
how will look RewriteRule to redirect all http://mysite.com to https://mysite.com ?
Hi all
All is not in today, smellyfish
is it possible to have two NameVirtualHosts in vhosts.conf ?
because i have 2 network cards, one external, and one internal. I need to create vhosts for each interface
sure
you can have many, even
excellent. Do they have to be in any specific order ?
i have one for each ip:port i use
you're making your life unnecessarily complicated
not that i know of
and see also
htaccess use
htaccess use is If you have access to httpd.conf, there is no reason to use htaccess. You can get a significant performance boost disabling htaccess altogether with AllowOverride None. my RewriteRules will be simpler too!
thanks. will check now
thx i will try that
what?
she (fajita) is a bot
i've already got that
http://wiki.apache.org/httpd/RedirectSSL
hi all, how can i open a file without prompting the "Open this file with" dialog?
as in open you mean in the browser or in an application, if its in the browser it might be a mime type probelm
no, i want to open them with external app
they are log files but i want to open them with vim
hey guys, i'm having a problem with my apache access_log. Whats happening is that the access log is recording the time/date correctly for maybe 10 records then -0700 for the next 10 and then back to the correct format. Does anybody know why this is happening?
I think thats there for a safety reasons... don't think you can remove it... certainly nothing httpd can do about it
i mean, there isn't a way though the conf to associate an external app to a mime type?
nope
ops sorry..
i'm not using the apache at all
cause i access with file://
so maybe should be a browser configuration
try asking in #firefox myabe? (well if thats what your using)
so i'm using galeon but should be similar
thanks
So does anybody have any idea who/how apache would be assigned two different time zones to my log entries even when there coming from the same ip address and maybe seconds apart?
rsty27, I use script which come with awstats that can do this
rsty27, try #awstats
thanks eject_ck. What i've just tried is disabling the default timezone in php.ini and restarted apache, this seems to have sorted out the problem, which is strange because the timezones set in php.ini is the timezone set on the server and the correct current time! madness, thanks for the
heads up aject
set.... but when I go to /~user it brings a 404
bpat1434, show u r log
find 404 in log ?
empty log file
look at path
maybe wrong hostname
using an IP
mayby, looking into log for u not r VirtualHost?
my logs aren't even created Seems to be a larger problem here....
http://pastebin.com/m360e2b4d -- The output at the very end after doing make install with Apache
is your / full?
are you root?
why not compile 2.2.4 ?
my / is not full. I am root (for now). I'm not compiling 2.2.4 because I'm trying to mirror what i have set up on my dedicated elsewhere.
chek your fs for corruption
check, rather
hmm.... how?
man fsck
thanks
q
comes back clean
and you can see the config line I had with it at the paste too.
http://pastebin.com/mfd4a96b
any ideas?
thinking is *hard*!
sorry, one more silly question
ssi is not working
thereis the string !--#include virtual="cgi-bin/index.pl"
in the test.html but the server returns in in the browser
try specifying --with-bundled-apr
i have such settings for the directory
Options All
AllowOverride All
Options All is All options except for MultiViews. This is the default setting
AddType text/html .html
AllowOverride All is a really bad idea, because it implies AllowOverride Options, which lets people do stuff like Options FollowSymlinks and Options ExecCGI, even though they are explicitly disabled in the main config.
AddHandler server-parsed .html
apc
Try using http://apache.pastebin.ca - It's a good pastebin, and is even set up to highlight Apache 'stuff'.
ssi
ssi is http://httpd.apache.org/docs/howto/ssi.html or http://httpd.apache.org/docs-2.0/howto/ssi.html
hi guys
^^
hi
thanks!
same error with apr not being installed
you added --with-bundled-apr? please check configure --help, as I might have made a typo
i'm wondering what can be the reason that apache reads only first vhost configuration and ommits rest. i'm including vhost configs in httpd.conf with "include /some/foo/*.conf". there are few configs but apache loads only default virutal host and next first config in order. if i concatate all
configs into one file apache does the same. what am i doing wrong?
don't forget to clear your config cache too
how do I clear the config cache?
faq1
exactly. For example, NameVirtualHost *:80 must be used with VirtualHost *:80
rm config.cache
make clean ... bla bla bla
not there in the first place
default vhost
The first-listed virtual host is always the default one when using name based virtual hosts. See http://www.onlamp.com/pub/a/apache/2004/01/08/apacheckbk.html for more details.
it's one of those reasons.
either your alternate vhost's servernames are not resolving, or you forgot to put a NameVirtualHost line
start with a new fresh directory then
so delete my apache dir?
no
make a new compilation directory
and extract the source there
i've got namevirtualhost, then the default vhost config is loaded and after it the first vhost configuration.
httpd -S
httpd -S tells you what your virtualhost configuration is.
pastebin that output, please
k
does the namevirtualhost line match each vhost definition?
faq1
exactly. For example, NameVirtualHost *:80 must be used with VirtualHost *:80
don't use pastebin,com
apc
Try using http://apache.pastebin.ca - It's a good pastebin, and is even set up to highlight Apache 'stuff'.
thanks for tip for a future...
pastebin.com is too slow
use another bin
3 minutes to show on the screen
you were more than correct Thank you. (about not working ssi, now it works fine
cool.
http://apache.pastebin.ca/616071 here you go
ok.
do all servername's resolve?
do you see any error in the error log?
can you also pastebin the output of httpd -S ?
sure they are
sure
Syntax OK
[;
well give us two urls
what distro are you using?
gentoo
are you absolutely SURE there are no config files that you're loading that could cause a conflict?
and again
default vhost
The first-listed virtual host is always the default one when using name based virtual hosts. See http://www.onlamp.com/pub/a/apache/2004/01/08/apacheckbk.html for more details.
it may simply be that the other vhosts don't resolve.
i'll check it twice and read stuff on onlamp and be back
Hi! I have a question concerning authentication and I did not find an answer to it yet. Hopefully someone in here can help: I want to authenticate using LDAP. require ldap-user works as does require ldap-group. Yet I can not use both, only the first one seen is used.
how do i know what conf file my apache2 is using
Is there an OR for require statements?
Hi, I've got a question. Can I use custom variables in my vhost.conf file? I'd like to use something like this: SetEnv DOMAIN mydomain.com ServerName www.%{DOMAIN} How can I make it work?
setenv
setenv is http://httpd.apache.org/docs/2.0/mod/mod_env.html#setenv http://httpd.apache.org/docs/1.3/mod/mod_env.html#setenv
J-roen: ^^
satisfy any
satisfy any is the way to allow either password or ip address authorisation. or ask me about satisfy or http://wiki.apache.org/httpd/BypassAuthenticationOrAuthorizationRequirements
^^
Yes, I saw SetEnv, but how can I get the value?
I'm not sure. I believe there are examples there
Instead of ServerName www.mydomain.com I'd like to use ServerName www.DOMAIN
Merci vielmals!
I tried this:
SetEnv HOSTNAME domain.com
ServerName env=HOSTNAME
Like the example at http://httpd.apache.org/docs/2.2/env.html
But it says:
Errr
No good example, another example:
SetEnv DIRECTORY /var/www/domain.com
DocumentRoot env=DIRECTORY
DocumentRoot [/etc/apache2/env=DIRECTORY] does not exist
How can I make it work?
Can anyone tell if it is possible?
http://apache.pastebin.ca/616108 --
Any clue how to use mod_rewrite with a QUERY_STRING to redirect a page, i.e. /dir/file.ext?qs=stuff to redirect to /clowns/ ? I know it's something to do with RewriteCond (according to google), but am not quite sure how to do it
http://apache.pastebin.ca/616108 --
4 access.log # is this the right permissions for an access
i'm writing a script to add vhosts to the debian layout, with everything pre-determined... in /websites/$domain, vhost for $domain, etc and I can't find anything in the error.log (it's zero sized)
meow?
meow is a small Cat's BIG roarrrrr
http://apache.pastebin.ca/616108 --
you said debian, so half of the channel is ignoring you now :-/
OK, jMCg.
O_o
s/fajita/f00li5h/
so "debian" is to #apache as SOAP is to #perl... i see
f00li5h++ # perl
my virtualhosts are being ignored because i don't have a ServerName
so, put in a servername! \o/
or, if you don't want that, don't use NameVirtualHost
that makes it an ip host
yeah, i copied my old config, when i added it as a template, i must have deleted parts
ServerName [% vhost.domain %]
win!
anyone have any ideas why suexec wouldn't compile host correctly?
http://apache.pastebin.ca/616108
apache version / OS ?
apache 2.0.59 / Fedora 7
sec
--with-suexec-uidmin --with-suexec-umask
you're supposed to supply values for those things
really?
./configure is filling in "yes" as a default value for uidmin, and that's not a number
I thought it defaulted to 100 and the system value?
as per the documentation
sure
so don't override it
--with-suexec-uidmin=50 is how you'd override it
aaw, that didn't do it
okay
so if I remove all the --with-suexec-* I should be okay right?
because it'll use the default values
that did it... thank you rici
rici++ # for knowing the obscure
paste?
No, please don't paste here, use http://apache.pastebin.ca
http://apache.pastebin.ca/616150
would it help if i prentend it's not on debian?
say, i'm runing NetBSD, and i need a bit of help with a vhost declaration
is incorrect
that's not the default
or whatever port it belongs to
and that should match a NameVirtualHost *:80
can i do it with 2 ports?
'cause i want to run on 80 and 81
rather than NameVirtualHost *
and the only way i know to do that is to duplicate the whole entry
virtualhost * does not mean "any port"
I have a mods-available/ in my apache2/, when I want to load modules in ubuntu, whats the command?
it means "use the port in the last listen directive"
i think
a2enmod
i could be wrong, though, the logic is a bit convoluted
better to always specify your namevirtualhosts
make it explicit
that's my theory, yeah
it's every interface
unless you don't give a fuck, in which case you could use * for everything
why do you want to use two ports, out of curiosity?
the first * means every interface, yes
a port is not an interface
that i also know
every interface, what port?
80, or 81
the ones listed in Listen
unless i want separate name based vhosts on different ips
me too
"every" port is almost always wrong, particularly if you're using ssl
i'm not using ssl
yodayou will be... you will be... /yoda
no, not on a connection that blocks the ports i won't
and i'm sure i'm not going to get an ssl cert for a no-ip address
yodaalways with you, what can not be done... the force is my ally... /yoda
the cert doesn't care about your ip number
right, what do i have to change to stop this conversation?
what is it that the config you pasted is doing incorrectly?
it doesn't seem to be matching anything, there are no entries in the access/error logs, the content for that host doesn't appear when i request it
no indication in your main error log?
have you tried apache -S ?
httpd -S
httpd -S tells you what your virtualhost configuration is.
or whatever the apache executable is called on your system
nope
(on both counts)
probably worth trying the latter
probably, but that'd be too fsckin' logical, now wouldn't it?
i had a syntax error in there (a vhost that i'd removed without disabling first...)
that didn't produce an error in your main error log?
debian calls it apache2 -S
nope, 'cause i hadn't restarted since
ah
honistly, i do my best to not lie to peopel that are trying to help me
well, it could have been a misconfiguration of your errorlog, too.
i was going to suggest revising that config
yeah, that's the problem with breaking the error log...
have you looked into mod_macro, by the way?
i find it really convenient for that sort of thing
wassat?
mod_macro
mod_macro is an Apache module written by Fabien Coelho that lets you define and use macros in the Apache configuration file. or http://www.cri.ensmp.fr/~coelho/mod_macro/
it's not as powerful as perl, which might be considered a blessing
proxypassmatch
:-/
right, so this request doesn't occur in any of the logs that i can see ... /var/log or /websites/*/*log -_-
uright, so this request doesn't occur in any of the logs that i can see ... /var/log or /websites/*/*log -_-/u
you have access logs set up in every vhost? including the default one?
i'll double check the default one
cool! where is the shop?
yeah, i do
- get it here
hehe
are you the one that's respawning too fast?
mh? no
oh!
that you mean
sometimes
didnt had that error for a long time, dont do console stuff often
and in the main configuration, too, i suppose.
Hi world
hrm, i have 2 vhosts, default and f00li5h.info...
is the request being served at all?
nope
i suspect that there's dns-retardation going on
maybe it's not getting to the server then
it does resolve ... but i'll stick a hosts entry in or something
servertokens f00li5h.info
Couldn't get a useful value for http://f00li5h.info
that's enough out of you
excuse me?
you know
sorry...
damn right.
that was a test, actually
fajita's dns configuration is better than my isp's
perhaps opera's caching something... wget ahoy
hrm, that earns me a 403
well, good luck with it all
well, as i always say "the error message has changed, that means i'm making progress"
yes, as long as you're not repeating your errors, you're doing fine
there are only a finite number of possible errors, so the process will terminate.
i guess.
eventually
hey fellas.. does anybody know how i would achieve getting mod_vhost_mysql running on a windoze box?
ah! a warning about an undefined value... that undefined thing was (and here's the kicker) the permission to chmod /websites/$domain_name to!
chmod 0000 /websites/$domain_name
yup, that'll do it every time
1 2007] [error] [client 60.242.154.3] (13)Permission denied: access to /
Hi all, I've been working on this project for a month now, and I can't reached how to do it. I wan to host my website behind a router with a dynamic IP address, I've tried dyndns.org and zoneedit butI still can't display the webpage, when i enter the domain name of the site a it direct me to
192.168.1.1, I've forwarded the port but still I can't get it done.. anybody can help?
http://www.thescripts.com/serveradministration/webservers/apache/virtual-hosting/app/dynamic_static_router.html but still the same
router
In order to access fajita's web site behind a NAT router, you must forward the port apache is listening on to fajita's internal IP. Then you can access fajita's site by pointing fajita's browser to http://your external IP here:port. If fajita's ISP blocks port 80, see
'port 80 redirection'. Instructions on how to forward a port using most common routers can be found at http://portforward.com.
so its that mean that I have to run the server on 192.168.0.1 ? not other like 19.168.1.xx ?
the 192.168.1.1 is a GateWay.. can I have ifconfig eth0 192.168.1.1, and Have it as my external ip??
sorry,,, i meant internal
what does error on line 22 mean for apache2??
it means you have a syntax error on line 22 of your conf...
most likely
but that's not possible, cause its all just explanation of text
uh... if you say so
I do.
what is on line 22?
exactly... that is...
i'm on debian etch
um... so what?
what?
that just means extra caution :o
i'll get you the file
sed -n 22p config.file
s/jink/junix|work/
# same Apache server process.
that is line 22
Yep.. same here on ubuntu....
wait
it says, useless use of allowoverride in line 22
where would that be?
is that a trick question?
what file is it complaining about?
it doesn't say...
line 22 in one of your configs has AllowOverride
we are setting up otrs
what, exactly, are you talking about?
be homer
Can't talk. Eating. Go Hell.
be george
she would like to get nt network installed on her desktop, bah just replace it
ushe would like to get nt network installed on her desktop, bah just replace it/u
so, errm, wassup doc?
A little quiet in here isn't it? Why don't we all sing my favourite Queen song. "Fat bottom girls"
fat bottom girls
You make this rockin' world go 'round!
Boring...... ZzZzZzZzZzZzZzZzZz
to run a server host do i have to have the gateway ip address??
how do i show line numbers in vim?
http://www.tech-recipes.com/unix_tips402.html
Is there any way to use VirtualDocumentRoot in a sort of fallback "catchall" for *.example.com
Is there any way to use VirtualDocumentRoot in a sort of fallback "catchall" for *.example.com
Hi! i want to implement httpready on my box, but don't know if it's supported by linux since it uses sockopt SO_ACCEPTFILTER. The problem is i don't know if linux supports that sockopt. I did some research but nothing came. All i know it's full supported by FreeBSD
acceptfilter
acceptfilter is http://httpd.apache.org/docs/2.2/mod/core.html#acceptfilter
tells you what's supported on different OSs
remove certificate password
remove password
remove ssl hosting password
remove ssl password is 1http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31
remove password certificate
ty
remove ssl password
remove ssl password is http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31
hi, does anyone in here knows something about ActiveMQ??
hey all
all is relative
having some problems
5 2007] [warn] child process 3397 still did not exit, sending a
its PHP I think
but I cant get any more logs out of anything
thats all I get
you did a restart or a stop, and some request was still being handled
often it is php, yes.
sorry thats when restarting...
I am not getting a responds from my apache server though I can see php webhosting hitting the database to procceess the request.
Any ideas?
thinking is *hard*!
you might want to use 'graceful' instead
the php script is hanging somewhere
it's not responding
I turned on all logging and I get nothing.
so it's somewhere after it connects to the database
#php
It used to work no problem
#php is thattaway. See the TOPIC for #apache!
I did goto #php
they are not responding
well, at least they're not insulting you
anybody know a good tutorial for using mod_perl to control virtual hosts?
it's certainly a problem somewhere in the php, but i couldn't even begin to guess what
ii have a weird problem, ive been developing an app with ActiveMQ JMS provider and multi-threading, and something weird its happening... when i have messages on my Queue, they always look for the first thread, even though all threads have been already started...
xfoe is scaring me :-/
... why?
foriegn terminology with little or no chance of relevacny to apache?
he's timid.
hmm, lots of google in my linked in
havent discovered the value of this thing yet.
you're 3.7x more likely to get job offers
of course, 3.7x0 = 0
i really hate the spam
yep, time to see how to get off the list.
how can i log errors preventing apache from starting?
/var/log/error_log
yeah, well im on windoze.. :P
Well.. yeah... I don't know.
okay then
so.. anyone knows?
why not run IIS?
choke and die.
heh
regardless, i have no choice...
IIS will too
it's not up to me to juggle the servers
personally i would prefer a BSD server
but alas...
im stuck with what i've got
so again... my apache dies upon startup.. any way to log the error?
LogLevel debug
thanks
it's already on debug
nothing is logged
httpd -X
httpd -X is supposed to get you meaningful error messages when it fails. It should work or fail the same as normal running of apache
strace
strace is strace -o /tmp/outputfile -s 5000 httpd -X or http://www.wi.leidenuniv.nl/~wichert/strace/ or strace -ff -F -s200 -oo /tmp/strace.out -p PID or http://www.liacs.nl/~wichert/strace/
hi there
hey, _Shade_.
my hosting company uses apache on their servers and the problem is i have made an ftp account and now i can't access it using http
did i mention i was on a windows server? i think i did...
ah
well...
then any equivalent of strace running on windows )
meh..
i know this can be done.. i have done it long ago.. :P
tearing out hair ?
sure
that would require buying and installing Visual Studio
when i try to do this the browser says that i have no permissions to do so, and more over there is a 404 error
g
easy to do
code debugging in windoze isn't free
i have changed the permissions to 777 but it came to nothing
well anyway windoze users are used to pay. So it should be no pb
777?
There is never an appropriate time to set a file mode of 777. And don't tell me it's just a test server
yes, 777
how do I ask for help here?
obviously there is, or *nix would bawk at it
luke-jr|work: i'm not following you...
...
start by reading the channel topic
no it doesn't
i'm not following you...
isn't even
i have created an ftp account for one user so as to make him able to put his gallery in there etc
sorry...
goddamn.. there should be a simple way to log startup errors ... in windows too..
work on windows?
(and there probably is)
have you tried that?
?
google windows redirect stderr
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/redirection.mspx
he has an index file there so he can enter this resources using http
huh?
which part isn't clear for you?
what?
damn... i have an ftp account in my public_html which i cannot access in view of the fact i haven't got the permissions
what?
bot
I am a bot. I am not a sentient being. I cannot hold intelligent conversations.
i have no idea how to apply that in windows.. all i get is a syntax error
Grr.
lol
so what do you want from me
wish i knew
well anyways... anyone knows how to solve the problem?
looks like the syntax is: somecommand some.log 2&1
i haven't tried that, i just read that useful page
okay i figured it out
apparantly apache logs to something called "event viewer" under windows
i have located my error..
i have this mod_rewrite rule in my httpd.conf: http://pastebin.ca/616436 . how can i change it to redirect www.domain.com to domain.com permanently, so it changes in the url bar?
i have this mod_rewrite rule in my httpd.conf: a href="http://pastebin.ca/616436"http://pastebin.ca/616436/a . how can i change it to redirect www.domain.com to domain.com permanently, so it changes in the url bar?
or, is it supposed to do that already?
can someone take a look at this mod rewrite & error, its causing my server to crash
http://dark-code.bulix.org/g3pkvb-48645?raw
what is 'not' in regex in apache?
like Location !/bla
what could possibly or probably be terminating apache? error log says it received the SIGTERM signal?
LocationMatch
LocationMatch is http://httpd.apache.org/docs/2.2/mod/core.html#locationmatch
its apache2 running under ubuntu in vmware
This is probably a deeply noobish question, but how would I bind httpd to listen to two IPs on a linux box? I have updated ssl.conf for "Listen ipone:8443" and "Listen iptwo:443", but only the original ip, "ipone", works. The other fails.
This is ssl only.
mod_log_forensic
mod_log_forensic is http://httpd.apache.org/docs/2.2/mod/mod_log_forensic.html
^^
hels to find out what is killing apache if not already evident in error_log
helps
Whoops! That's not the name of a module.
Listen *:port will bind to all addresses
ok, i'll check it out
thanks
what does your virtualhost look like ?
for each port
I don't have a virtual host setup.
this ones more useful
mod_whatkilledus
mod_whatkilledus is at http://people.apache.org/~trawick/ , and reports exact details of a request that caused a crash
anyone know how to say to locationMatch everything but a certain directory?
Could that be the problem -- Noob
?
apc
Try using http://apache.pastebin.ca - It's a good pastebin, and is even set up to highlight Apache 'stuff'.
put up your config please
one minute.
one minute is understandable
tomh-: Location's are applied to paths, not directories. What is it you do not want to happen on this directory? or did you mean path?
path i mean ye
do i just compile it with gcc?
i need to route everything from /svn/* to my svn mod
there should be some instructions included
and everything else needs to route to a proxy
tomh-: That's easy, in this order Proxypass /svn/ http://mysvnserver/ ProxyPass / http://myotherserverforeverythingelse/
no location needed
oops, pms blocked to pnonregistered users. Please wait while the warning messages die down.
well the /svn/ is not a proxy pass
its with mod_svn
tomh-: or is /svn/ is local then do ProxyPass /svn/ !
ok
It is fairly basic. I've kept only the default settings comments and the noncommented material (minus certificate stuff, I'm nuts).
LoadModule ssl_module modules/mod_ssl.so
Listen ipone:443
Listen iptwo:8443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLPassPhraseDialog builtin is not supported on Win32
no!
#SSLSessionCache none
apc
Try using http://apache.pastebin.ca - It's a good pastebin, and is even set up to highlight Apache 'stuff'.
#SSLSessionCache dbm:/var/cache/mod_ssl/scache(512000)
#SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
no paste here.
SSLMutex default
The default value for SSLMutex is SSLMutex none
SSLRandomSeed startup file:/dev/urandom 256
uggggg
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
PASTEBIN
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
stop it.
##
VirtualHost _default_:8443
ErrorLog logs/ssl_error_log
he probably cant now
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLEngine on is indeed valid directive in 1.3.x
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
# Server Certificate:
/PART #apache NOW!
# DELETE!
# Server Private Key:
# DELETE!
Files ~ "\.(cgi|shtml|phtml|php3?)$"
SSLOptions +StdEnvVars
/Files
Directory "/var/www/cgi-bin"
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom ssl certificates log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
doesn't help, someone would need to kick him or you can just put him on the ignore list
/VirtualHost
What did I do?
leave?
yes
IF YOU DONT FUCKING PART RIGHT NOW I AM GOING TO COME OVER THERE AND KICK YOU IN THE FACE
hehe
apc
Try using http://apache.pastebin.ca - It's a good pastebin, and is even set up to highlight Apache 'stuff'.
you paste there, we go look at it
you pasted about 100 lines to a channel
ok, sorry. My bad.
if he uses the part command, it will be at the end of his queue
some clients will just scrap it all
okay, now that thats over. how can we help you?
Apologies. Arreyder said to paste my config. I am not registered and was unable to send him a PM with it.
yeah what else did I say? :P
So I foolishly pasted it into the main area.
apc
Try using http://apache.pastebin.ca - It's a good pastebin, and is even set up to highlight Apache 'stuff'.
don't send pm's either, unless you ask first
"pastebin.ca" dont ever forget it.
I won't.
k, understood, rici.
you flodded RoUS! :
oops.
Should I even bother pasting on pastebin or should I just leave?
we will try to help you. its an honest mistake.
could you be more specific about what "fails" means?
( some of me just gets really pissed because my client goes nuts when someone pastes that much )
did you check the error log?
bbiab
I have visitors that click on a link in mysite.com and are redirected to anothersite.com
"The connection was interrupted" is what I get.
mysite.com uses a script to do it so anothersite.com can see that visitors are redirected from mysite.com/script.php?dest=anothersite.com
i have this mod_rewrite rule in my httpd.conf: http://pastebin.ca/616436 . how can i change it to redirect www.domain.com to domain.com permanently, so it changes in the url bar?
I want that anothersite.com can see only mysite.com in longs, without the sctipt stuff
http://apache.pastebin.ca/616535
as if sufers had clicked on a simple link
is that possible with mod_rewrite maybe?
the other site sees the users referrer, its completely a client thing, nothing you can do
SSLEngine On for the new port vitualhost
hmm ok thanks imMute
hi, i want to have a single cgi script on a directory
the other alternative is to have a simple html in a cgi hosting directory. how can i do this...
oh you posted it
one option, was using "#!/usr/bin/php" as the handler for index.html, but i will this is way too ugly
nm that, I see you have it. Did you put https://mysite:8443/ in the browser?
Actually, 8443 was the original port. 443 was added later to iptwo.
well you do not show a virtualhost directive for 443 in your paste
Okay, that is probably the problem.
I'm adding a new virtual host now.
hi
arreyder, thanks a million. It works.
I knew it was a noob question, had to be something simple.
Is mod_security2 just mod_security for apache 2.x ?
And apache.pastebin.ca/ is now bookmarked. Won't forget.
we needed some excitement
where do i get the required libraries? i isntalled the apache-dev package but can't locate httpd.h and a lot of other files
can someone help me with these error? http://rafb.net/p/zaK8go12.html
i'm doing SSL with apache for the first time
order allow,deny
order allow,deny is The Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server
what would cause this ssl error? "Unable to read pass phrase"
your key is protected with a pass phrase (password) and apache needs it to be entered at startup
owned
rici, how do i give it to apache?
rici, looking through ssl.conf right now
you should have generated your key with -nodes
you need to start apache manually
rather decrypt your key
i think you can strip des from a key
and then you'll get a request
but im not sure how
remove ssl password
remove ssl password is http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31
openssl rsa -in encrypted -out decrypted
+ chmod 400 decrypted
thanks, will read
I am confused. A normal user can't drop content into /var/www/html because it's owned by apache, so what is the recommended method of serving user content ?
give each user their own directory
and make them all readable by the apache user or group
under DocumentRoot ?
the usual way of doing it is with
?
mod_userdir
mod_userdir is http://httpd.apache.org/docs-2.0/mod/mod_userdir.html or http://httpd.apache.org/docs/mod/mod_userdir.html http://httpd.apache.org/docs/2.2/mod/mod_userdir.html
bloody lag
except that then I have to include the users name in the URL
don't I ?
yes, with mod_userdir
you could do the same thing with mod_rewrite, the principle is the same
assuming you have multiple users
rici, thanks... any idea why i would have gotten the warnings shown in http://rafb.net/p/zaK8go12.html ? i had entered my domain name as the CN
looks like you used localhost.localdomain
rici, i guess that's possible.. but i did it just awhile ago, i put in my domain.. are there tools to look at the contents to verify?
so, what is the issue with symbolic links. this seems amazing confusing. I mean, if I create a symbolic link inside /var/www/html/ and it points to a directory under /home/user/public, why is this so bad ?
openssl will print out certs for you
symlinks create all sorts of security holes
so I have been told
aside from turning your filesystem into Hunt the Wumpus
rici, thanks
anyway, you don't need to do that. use alias
alias
alias is http://httpd.apache.org/docs/2.2/mod/mod_alias.html#alias
I tried that
you probably didn't allow access
block for the target directory
with the settings for that directory
got that already
allow from all
That isn't the default ?
most apache config files set the default to deny from all
since you probably don't want the default to be "ok, world, read it. read it all!"
oh, look, there's pintail's /etc/passwd file
http://apache.pastebin.ca/616587
Allow from All, and still no good
rici, i printed out the cert, no mention of localhost
So, the implication is that apache doesn't have permission to see that directory ?
are you using a self-signed cert?
i don't know what the implication is.
you haven't said what's going wrong.
step one?
whatever the problem, step one is to look in the error log (and any other logs that may apply, such as suexec, mod_rewrite, or mod_security).
rici, no, been generated by godaddy... about to pen the https port and try it out
perhaps you're not pointing apache at the right cert, then
access to /interesting denied
your distro might have included a default snakeoil cert
that's a unix file permission error
make sure the directory and the files are readable by the apache group or apache user
i personally prefer the apache group
rici, well i put in all the correct paths, and enabled the distros ca cert, but i only got the warning on the first try, before decrypting the key
that sounds like you've got both certs enabled, then.
rici, never got ti again, just tried the ssl connection, and i got no warnings... which i assume is good
the godaddy one, and the original snakeoil one, which you really don't want to use
but at least it's working for you.
rici, shouldn't be... i commented it out, either way firefox is recognizing the cert without issue... thanks dude
ok
Doesn't that mean the user has to be in the apache group ?
i'm gonna mad
rici, is it safe (do you know) to chmod 400 all my keys and certs?
yes
apache2 refuses to start, but there is no error-message or anything in the logs
they're read at startup while apache is still root
apache2 -k start results just in nothing, there is no message after this command
and apache isn't started and i just don't know why
no, it means the files and directory need to be chgrp to the apache group and chmod g+r
rici, sweet .. I have SELinux enabled.. but still
any ideas? seriously, i'm gonna lose it
it's highly recommended that your key be 0400 owned by root
windows?
check the event viewer
bwhaah
debian linux, what else
rici, was originally going to use 640, but 400 sems better
yeah, 0400 is highly recommended
error log?
error log
Look for the ErrorLog directive in your configuration file. Common locations include /var/log/apache/error_log, /var/log/httpd/error_log, /usr/local/apache/logs/error_log, and "C:/Program Files/Apache Software Foundation/Apache/[version]/logs/error.log"
debianlike
debian
debian is "we complicate it for you so you don't have to" or see /usr/share/doc/apache*/README.Debian* or http://wiki.apache.org/httpd/Platform/DebianLike
debian--
no, there aren't any entries in any sys- or apache-logs
are you root when you try to start it?
rici, seems like i may need to keep the certs at 444
i think it has something to do with the semaphores
but i don't know how to clean them up
i remember, that i had such a case a long time ago
it's the key that you need to protect
ipcrm
ipcrm is sthe command to remove SysV IPC artifacts possibly left around from apache processes that were not shutdown properly
cleaning up semaphores helped
rici, cool.. will divide and conqueror
ipcrm - didn't help
ipcs returns still a lot of www-data-entries
i know that a restart helps
but then after the first apache2 -k restart it doesn't work again
ipcs -s | awk ' $3 == "user" {print $2, $3}' | awk '{ print $1}'
i shall replace user with what..?
www-data? that didn't work
the user apache runs as
that's www-data
thats just a quick way to clean up
how are you starting apache?
rici, bye
apache2 -k start
apache2 -k start is what I usually use
-D
er -Dwhateveryouneed
-DSSL for example if you use IfDefine SSL's
ooooh, an error
how curious, apache didn't tell me anything about errors before.
errors are good.
yeah
wow, a wonder occured. apache is running...
soooo, debian is to blame with it's bastardized apachectl
or something.
well, it doesn't start again, just as i guessed
ii have a weird problem, ive been developing an app with ActiveMQ JMS provider and multi-threading, and something weird its happening... when i have messages on my Queue, they always look for the first thread, even though all threads have been already started... help =
did you keel it?
*
keel?
kill before restarting
action
action is http://httpd.apache.org/docs/2.2/mod/mod_actions.html#action (has the 'virtual' argument in 2.2) http://httpd.apache.org/docs/2.0/mod/mod_actions.html#action
make && apache2 -k restart
no no
i'm modifying the php-sourcecode
yes yes
do not restart apache when you change a module
stop and start it
oh?
why?
because it needs to start to load the new module
it can't dynamically unload the old one and load the new one
that also applies if you add or remove loadmodule directives
well, now we know your problem
ah, thanks
so now i'll ned to get it running once again
i just don't know what i did before, that helped. because i repeated all step since the last restart and apache refuses to start again
is it already running?
nope
just for a test, try to comment out loading your php (if you made changes to module)?
will it start httpd -f etc... way?
no
php works for sure
listen to lamp, good test.
another wonder occured
i just tried it again, without changing anything
now apache runs
magic
magic is http://httpd.apache.org/docs-2.0/mod/mod_mime_magic.html
not that kind of magic!
hm, hopefully it will work now, by stopping and starting it instead of restarting
heheh
thanks a lot guys
you can run into problems when you're changing modules while apache is running
or changing your loadmodule statements
the absolutely correct way of doing it is:
or Listen statements, at least I got some weird issues few times
cd /path/to/module && make && { apache -k stop; apache -k start }
s/{/(/
damn, forgot a step
make // stop apache // make install // start apache
is the idea
or
stop apache // install new config file // start apache
otherwise apache -k stop can fail
yes, that's the way i'm doint it now, thanks for the advice
my suexec.log says command not in docroot (/home/supaplex/domains/dev-sites/www.allyourgeek.com/website/cgi-bin/php5) - but it's a scriptalias, and the directory is naturally not in docroot. how do I allow cgi-bin to run under suexec?
in suexec, docroot does not mean the apache docroot
it's compiled into suexec, and it's the root of the directory tree for cgis
suexec -V should tell you what it's compiled as
I agree
think of it as the doroot. if the file isn't in the doroot suexec doesn't
AIDSHFOlqk34ht2q4l3rhjasdf
i got pwned again
do I have to recompile suexec to change AP_DOC_ROOT ?
and i stopped apache first, before (re)starting it
yes, you do
Is it bad to put my user in the www-data group by any chance?
Yes.
"This is madness."
well.. depends.. what problem are you trying to solve?
Hehe, well... we have multiple web servers... and the data rsyncs from one to the other... and I have it rsyncing as my user right now... and one of the dirs on the dev webserver has different ownership: www-data.user, 755 ... and when that rsyncs over, my user on the slave web servers can't
write to the dir since www-data only has write to it
would it be too dangerous to have the rsyncing run as www-data?
also.. have you considered
csync2
csync2 is http://oss.linbit.com/csync2/ and is not only used for sharing configurations or files across multiple servers in a cluster, but also for taking proper actions after doing so.
csync2 is a href="http://oss.linbit.com/csync2/"http://oss.linbit.com/csync2//a and is not only used for sharing configurations or files across multiple servers in a cluster, but also for taking proper actions after doing so.
csync2 is a href="a href="http://oss.linbit.com/csync2/"http://oss.linbit.com/csync2//a"http://oss.linbit.com/csync2/"http://oss.linbit.com/csync2//a/a and is not only used for sharing configurations or files across multiple servers in a cluster, but also
for taking proper actions after doing so.
haha
hmm, I suppose I could have it rsync as www-data. /me scratches head
It's probably just as stupid as any other solution.. so *shrug*
And why is it stupid ?
s/stupid/(&|smart|(in)?sane|etc|blah)/
My reasoning?!
sometimes, there is no reason.. I just talk. blah blah blah blah.. blah blah.. blah blahblha..
jMCg isn't reasonable... he jsut does what he does
dang almost beat him to it
using "your user" as a daemon is fraught with problems
create an rsync user, and put it in the right groups
haha
What kind of problems? Can you provide examples? (just curious)
well, the classic one is that you get a different job, and your user is deleted from the system
but there are other kinds of issues. your privileges and the privileges of the rsync daemon are most likely to be different
userids are cheap.
and they aid in configuration documentation, too
gtg
run, forrest,run
bye all
nite fajita
if i'm just using apache as a reverse proxy to terminate HTTPS, sending them to my backend as http, am I still required to bind apache to some ip address and port, with Listen, in httpd.conf?
can someone please explain why this configuration is dangerous?
http://apache.pastebin.ca/616686
from what I can tell, there is no way to do any harm, yet this seems to be generally frowned upon
you need to get apache to listen on port 443, yes.
was
what part of the config?
bah
humbug
personally i find the lack of g+rx on /home/me a bit odd
The reverse proxy will need to listen on 443 and have the ssl engine on, but the backend server will need only the non ssl listener
oops, beat by rici
but it can't make much difference i suppose
well, you can see the Alias pointing to a home directory, and the Directory is configured
yes i see that
so what frowns are you reacting to?
the permissions on the directory allow 'apache' to serve up content from /home/me/Public
right, but Public is presumably public
well, it seems like this is not the 'right' way to go about this
43. i also have Listen commented out. The server starts, but it
sure
Public means public
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
put in a servername directive, or get your dns set up right.
that has nothing to do with listen
presumably there is a listen in the ssl config file
yeah, i don't have it in the dns yet
non critical error, fixed by defining ServerName
I dont like dependin gon dns, best to kep simple and define servername
yeah, i agree
hey guys, we currently have 1 dev environment setup for our company running on dev.www.domain.com and dev.jobs.domain.com, are there any tools for apache that we could use to make it so that each developer can have a sandbox instance so that their changes do not effect another users
changes?
except that doesn't help anyone from outside the box
i used a tool at a previous employer that was web based but i do not recall what it was
also, if i have "proxy pass / http://www.foo.com:80" do i have to edit my /etc/hosts file so that my server knows that www.foo.com is on local
not what we are talking about
privilege separation
privilege separation is http://wiki.apache.org/httpd/Recipes/Privilege_Separation
^^
rici, thanks will read it
www.foo.com needs to resolve to th ebacke end servers address, via hosts, dns, etc... just needs to resolve some how
Recipes/Privilege Separation This page does not exist yet.
with regard to the reverse proxy
yeah, scrap the recipes part
someone should update that factoid, hint, hint
same
thanks
same is true if something is in /etc/hosts that has a different IP for that hostname
my suggestion for doing that is at the bottom of http://wiki.apache.org/httpd/DifferentUserIDsUsingReverseProxy
i just wanted it quick
http://wiki.apache.org/httpd/PrivilegeSeparation
yeah, like i said, scrap the recipes part
and the underscore
the underscore is not the same as -
oh, missed that
8-)
one more question. if the host that i'm proxying too timesout, is it possible to customize an error page?
tags to external files.
can i configure my scriptalias directory to allow 'static' content such as css and js files like that?
not with scriptalias
but you can do it with explicit addhandler directives
i see.
scriptalias declares that every file in the directory is a script
?
yeah
you also need options +execcgi
and an alias
in the directory directive?
an alias is 2a poor man's replacement for proper design however
yes, in the directory block
OK
I'll try that. Thank you
hi, i'm having problems with 'Options -indexes' in .htaccess, ie. it won't work
yes
ErrorDocument
ErrorDocument is http://httpd.apache.org/docs/2.2/mod/core.html#errordocument and http://httpd.apache.org/docs/2.2/custom-error.html
^^
also see
ProxyErrorOverride
ProxyErrorOverride is http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#proxyerroroverride
if you want grab the errors that actually originate from the back end server and present different ones.
Damn
?
http://rafb.net/p/BZABbW28.html
.py or .cgi no longer work, however.
Correction, .py no longer work. Perl-cgi (.cgi) does.
oh wait....
give me a second...
i have this mod_rewrite rule in my httpd.conf: http://pastebin.ca/616436 . how can i change it to redirect www.domain.com to domain.com permanently, so it changes in the url bar?
i assume you read your comment and figured out the obvious solution
that's worked perfectly...
Yeah I didn't add a directive for /py-bin (i've split cgi and python scripts out)
Thanks a lot, rici. Problem solved
huzzah for apache. it's all working now.
block but it's not working... can someone assist?
How can I get a "tty" through apache with PHP scripts. I want to run sudo but it complains about not have a tty
what do the HTTP standards say about named anchors in the URL? does the server see them if one is present in the URL that the browser is loading?
no
me? thanks
browsers do not send the fragment part of the url
alright, i didn't think so
they handle it themselves, in theory
they still need to grab the whole page, it's just a positioning thing
does anyone know why 'options -indexes' wouldn't work?
yeah, i'm aware. i was just curious if maybe some optional header divulged that info to the server (maybe for user analysis purposes or something)
i have this mod_rewrite rule in my httpd.conf: http://pastebin.ca/616436 . how can i change it to redirect www.domain.com to domain.com permanently, so it changes in the url bar?
no, sorry
ok, thanks
that looks right to me
that goes to /mount/nfsfiles/lectures. when i try to hit www.bla.com/lectures/ i get the following error "Permission denied: access to /mount/nfsfiles/lectures/ failed because search permissions are missing on a component of the path"
any ideas?
thinking is *hard*!
right...but it doesn't work. any idea why?
have you tried it in various browsers?
yep
perhaps you should expand on what "doesn't work" means
for example, my personal site: http://www.ben.kudria.net should redirect to just http://ben.kudria.net , no?
a href="http://www.ben.kudria.net"http://www.ben.kudria.net/a should redirect to just a href="http://ben.kudria.net"http://ben.kudria.net/a , no?
where did you put those directives
?
in my httpd.conf
no ideas?
could you be a little less specific?
that means what it says
some component of that path doesn't have +x permissions
at the end...
you have vhosts?
it should go inside the relevant vhost
you could even use a trivial vhost:
// ServerName www.ben.kudria.net // RedirectPermanent / http://ben.kudria.net/ // /VirtualHost
oh, yes, i have vhosts.
about 60
i want it to apply to each of them
then take all the serveraliases for www. out of your config
and put the rewrite rules in your default vhost (the first one)
ahh. then the mod_rewrite would work?
hi all
All is not in today, necrite
the ServerLimit variable.. must be (in prefork mode) the same or less than MaxClient ?
i see you have not used nfs with apache before have you
ok, i'll try that
Hello, I have a problem with mod_rewrite MaxRedirects. All is here: http://apache.pastebin.ca/616139 . 01-07 is my .htaccess file.
Hello, I have a problem with mod_rewrite MaxRedirects. All is here: a href="http://apache.pastebin.ca/616139"http://apache.pastebin.ca/616139/a . 01-07 is my .htaccess file.
hmm, my first vhost is not a default one, it is a regular one...how do i make a default vhost? all my others are qualified with ServerName directives
the first vhost is the default vhost *by definition*
or in other words, the default vhost is whichever one comes first in the config
has anyone seen performance issues w/apache-svn-ldap configurations?
I love httpd
best webserver *ever*
aah. can i create a vhost without a servername directive?
block but it's not working... can someone assist?
i already had it that way, ganiman.
there are plenty of guides on the net
that I can find
looks to me like you're missing a space in line 6
http://www.sitepoint.com/article/guide-url-rewriting/3
all I see are .htaccess
thats probs the best way of doing it
use .htaccess then
it will default to the servername in the main configuration
it'll mean you can apply it to just about any apacje site you want
so, you can leave out the servername, but you can't really have one with no servername
use the ip number or something.
.htaccess is weak
rici...hmmm, ok. ip address is a good idea
it basically allows you to do the same stuff but on a user level, nothing weak about that
or this.domain.exists.not
yes, it's weak if you have multiple sites
why put a ton of .htaccess files out there for each site?
fair enough if you're running numerous sites from one machine
but otherwise no
htaccess?
htaccess files apply to the directory in which they are placed, and to all subdirectories thereof. or Only needed if you don't have access to the main server config. or http://httpd.apache.org/docs/howto/htaccess.html or http://httpd.apache.org/docs/configuring.html#htaccess or http://httpd.apache.org/docs-2.0/howto/htaccess.html or if it doesn't work, checkyour AllowOverride directives in
http. Ask me about AllowOv
huh, tmi
TOO MUCH INFORMATION!!!! Please shush and avoid such details in the future
yeah
actaully, i don't see how that would work. it would still default to the default servername in the httpd.conf, no?
?
no, if you specify something, it uses that
it doesn't matter if it's non-sensical, though
it doesn't check to make sure that it's actually a plausible name for the machine
#RewriteEngine on
#RewriteCond %{HTTP_REFERER} !^$
#RewriteCond %{HTTP_REFERER} "ffxiclopedia\.org|ffxiclopedia\.com" [NC]
#RewriteRule .*.(gif|jpe?g|png)$ http://www.ffxiclopedia.org/showpic.php [R,NC,L]
well, if it is non-sensical, then the vhost won't match, and the stuff won't be evaluated, right?
hope that wasn't considered a flood, sorry
did you do it like that, with the # ?
lol no
it's commented out because it wasn;'t working
the first vhost is used for any non-matching host:
that's why it's called the default vhost
define "not working"
aah, right. i'll try it then
other sites are able to hot link
it is not feeding them the php page (or anything else I put in there)
is there a way to optimize the ldap auth? looks like it hits the server for every file i check out.
you seem to be only triggering that rewriterule is the referrer has ffxiclopedia in it
perhaps you meant there to be a ! on the third line?
Related Topic: