Pursuit of excellence: apache

Showing posts with label apache. Show all posts

Sunday, November 3, 2013

Apache errors after upgrade from 2.2 to 2.4, or upgrading ubuntu 13.04 to ubuntu 13.10

Today I upgraded my laptop ubuntu from raring ringtail to saucy salamander. After setting the desktop to the salamander wallpaper, I moved to my http://localhost, but alas! the apache configuration was not working. I was getting the default "It works" page from /var/www/index.html . During the upload process, I was asked whether I want to update the configurations in /etc/apache2/envvars and /etc/php5/apache2/php.ini. I had selected to upgrade both of them while noting down the previous customizations that will be lost. So, I set out to correct this new after upgrade error :

1. Bring back the customization removed during the upgrade process. I usually run the apache2 process by the normal user instead of www-data. Edited the /etc/apache2/envvars file to bring back old users.
Then changed the error reporting on php.ini files. Apache restart with sudo service apache2 restart. Check http://localhost/ , still getting the default "It works" page. Moving on..

2. The vhosts not working :
The first obvious error was that none of the virtual hosts were working. After looking through the apache.conf file in /etc/apache2 I found the line :
Include sites-enabled/*.conf
This made it mandatory for virtual hosts files to have *.conf ending to be read as legit files. To correct this error, it is better to delete all links in sites-enabled/ folder. Then append .conf to the vhosts file inside sites-available/. Then enable each site one by one. Apache reload with sudo service apache2 reload Check http://localhost/ . New error : 403 permission denied. But I corrected the run user to the file owner, let's check the logs

3. The authz issue :
Going through the logs, error coming up was
[Sun Nov 03 18:02:27.790498 2013] [authz_core:error] [pid 5530] [client 127.0.0.1:50046] AH01630: client denied by server configuration: /home/vibhav/public_html/
So apparently, the line "allow from all" in vhosts was not working as it was working before. I went to the upgrading document of apache and found that some things have changed her. Instead of
order allow, deny
allow from all
The new configuration needed
Require all granted
Do a sudo service apache2 reload again and head to http://localhost/ . It's all working.

This worked for me. If this is not all, please check out http://httpd.apache.org/docs/2.4/upgrading.html for the official upgrade documentation. If you are still having problems, please mention it in comments below.

Tuesday, February 26, 2013

Preventing upstart service from starting on every boot - Things I learned today

Being a curious linux user I have installed a lot of things, server on my system. Apache, tor, ssh, mysql, postgresql are all installed. Due to this reason there were so many ports open on my system that many of them I could't understand. This situation has serious security concerns. Take for example ssh, given the laptop password, anybody on the web can login and access my data without any notification to me. (I am looking for a software which notifies me of any incoming ssh connection. Leave that for some other time.) Today, I found a way to prevent so many daemon to start with the boot up.
PS: I hate installing even a small software for doing the same job as a simple terminal command.

To stop upstart jobs from initialization during boot, one need to override the starting configuration file store in /etc/init/ . In this folder , the specific run level at which these jobs are to be started is specified in their respective ****.conf files. To override any of these jobs , simply create a file with content "manual" and give it an extension .override.

Example : To prevent mysql server to start :

$ cd /etc/init #go to the folder containing start scripts
$ ls - l # take time to look into the folder
$ sudo echo "manual" > mysql.override #create a file mysql.override with content "manual"

Done !!

Restart the system and do a quick nmap/nc/telnet to find if the mysql port (3306) is running.
Now, to start the stopped service manually use the service command :

$ sudo service mysql start #the service command to start mysql manually

Rollback : If you have disabled your upstart job, but now want to roll back simply delete the file .override (e.g. apache2.override) from the folder /etc/init/ .

System information : The above instructions are tested upon Ubuntu 12.10 but shall be valid for most of the linux distros. If this does not work on your system, mention your system info in the comments as it shall help others.

Monday, January 14, 2013

.htaccess in apache2.2/2.4 on Ubuntu LAMP setup

.htaccess not working after installing Apache

htaccess files don't work on Apache server server by default and anybody who moved from using wamp/xampp to apache encounter this problem.

htaccess is a file which can be placed in the folders of document root and is meant to override apache configurations for that particular folder. It is loaded by apache while serving request i.e. during runtime. htaccess being located inside the document root can be accessed by anybody editing the application and thus pose a security risk by it's ability to override server configuration. Hence, an Apache installation installed with default virtual hosts in /etc/apache2/sites_available/ have htaccess disallowed.

But wait! I have used wamp without any such configuration. Why this mess? If you have any experience with XAMPP or WAMP, you might have noted they allow the htaccess files by default. The reason is that while these two are for development purposes only, Apache on Linux is built for production environments. Hence, it has most of the security arrangements in place by default.

So what should you do?

It is therefore recommended to add the htaccess commands inside a directive tag in the apache configurations. Edit the virtual host file under
/etc/apache2/sites-available/
and replace

Allowoverride None with Allowoverride all . Save the file and reload apache server with

sudo service apache2 reload

Now the .htacces files located in the document folder should start working.

Why not to use .htaccess? What could be problems with .htaccess?

On a production environment, if you have access to the apache configuration files, it's always better to edit apache.conf or virtual-hosts file instead of allowing .htaccess. Why?
It decreases server load, decreases page load time resulting in better user experience. If htaccess is set to allowed and you are serving a request for /scripts/js/jslib/myjavascript.js, the server searches for a .htaccess at each folder i.e. it first searches for /.htaccess, then /scripts/.htaccess ,then /scripts/js/.htaccess ,then /scripts/js/js-lib/.htaccess . This has a direct effect on server load.

How to edit apache configuration instead of allowing .htaccess?

Case: You need to put a .htaccess file in the folder /var/www/master/ to redirect users from example.com to www.example.com. Thus, the contents of your .htaccess should be roughly the following

RewriteEngine on

# if a directory or a file exists, use it directly

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

# otherwise forward it to index.php

RewriteRule . index.php

Alternative: Edit the apache virtual host file corresponding to your site and add the following directive instead inside the virtual host tags

<VirtualHost *:80>
 ......
 <Directory /var/www/master/>
  RewriteEngine on
  # if a directory or a file exists, use it directly
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  # otherwise forward it to index.php
  RewriteRule . index.php
 </Directory>
 .....
</VirtualHost>

Reference :

1. http://httpd.apache.org/docs/2.2/howto/htaccess.html#when