How to Hide Apache Information on Ubuntu VPS/Dedicated Web server

By default the sensitive server information such as of Apache version, modules, operating System was not hide from the HTTP Header. This information will be display when there is a request to it. Attackers can use those information when they performing attacks to your VPS webserver. This post will show you how to hide apache details on Ubuntu 14.04 VPS or dedicated server.

1. Modify security.conf :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/conf-enabled/security.conf

Change “ServerTokens OS” to “ServerTokens Prod” then
Change “ServerSignature On” to “ServerSignature Off”

..
..
ServerTokens Prod
..
..

..
ServerSignature Off
..
..

2. After done the changes, restart the apache2 :

ehowstuff@ubuntu14:~$ sudo service apache2 restart
 * Restarting web server apache2                                                             [ OK ]

3. Perform the following command before change and after change the configuration :

ehowstuff@ubuntu14:~$ sudo curl -I http://192.168.0.114

The result should be as below :

Before :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:25:52 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

After hide should be like this :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:29:50 GMT
Server: Apache
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

Done!!

How to Install and Configure Apache2, PHP and MySQL 5.6 on Ubuntu 14.04

LAMP stack is a group of open source software that installed together to let you run a server to host dynamic websites. “L” stand for Linux, “A” stand for Apache (to host Web server), “M” stand for MySQL(to store database) and “P” stand for PHP(to process dynamic content). With the release of Ubuntu 14.04 on April 17 2014, i would share the steps to setup Apache2, PHP and MySQL on Ubuntu 14.04 in order to run a dynamic websites. This may useful for those who plan to run their websites on Virtual private server (VPS) or dedicated server.

1. Install Apache2, MySQL and PHP :

ehowstuff@ubuntu14:~$ sudo apt-get install apache2 php5 php5-cgi libapache2-mod-php5 php5-common php-pear mysql-server-5.6 -y

During this installation, you will require to set MySQL’s root password :
1

2

2. Backup the original Apache2 configuration file :

ehowstuff@ubuntu14:~$ sudo cp -p /etc/apache2/conf-enabled/security.conf /etc/apache2/conf-enabled/security.conf.bak

3. Open security.conf and modify the OS to become Prod. For security reason, Prod will tells apache to only return Apache in the Server header, returned on every page request.

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/conf-enabled/security.conf
..
..
ServerTokens Prod
..
..
ServerSignature Off
..
..

4. Add file extension that can be access :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
        DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

5. Specify server name :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/apache2.conf
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
ServerName ubuntu14.ehowstuff.local
#
# The accept se

6. Specify webmaster’s email :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/sites-enabled/000-default.conf

        ServerAdmin webmaster@ubuntu14.ehowstuff.local
        DocumentRoot /var/www/html

7. Restart web server apache2 :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                             [ OK ]

8. Near line 220: add extension for PHP :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/mods-enabled/mime.conf
..
..
AddHandler php5-script .php
..
..

9. Comment and add your timezone :

ehowstuff@ubuntu14:~$ sudo vi /etc/php5/apache2/php.ini
..
..
date.timezone = "Asia/Kuala Lumpur"
..
..

After change php.ini, restart the apache :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                             [ OK ]

10. Connect to MySQL :

ehowstuff@ubuntu14:~$ sudo mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 36
Server version: 5.6.17-0ubuntu0.14.04.1 (Ubuntu)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

11. Show user info :

mysql> select user,host,password from mysql.user;
+------------------+-----------+-------------------------------------------+
| user             | host      | password                                  |
+------------------+-----------+-------------------------------------------+
| root             | localhost | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | ubuntu14  | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | 127.0.0.1 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | ::1       | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| debian-sys-maint | localhost | *9C063813F4CC3C2E09995B0D043C7375C5E5538A |
+------------------+-----------+-------------------------------------------+
5 rows in set (0.00 sec)

12. Show databases :

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.01 sec)

Done!!

How to Fix _default_ VirtualHost overlap on port 80, the first has precedence

Question :
I running wordpress blog on apache web server on Virtual private server (VPS). I had the problem when i restarted the httpd service on my VPS. This error came after i setup multiple domain on my httpd config file, meaning i used more than one VirtualHost on httpd.conf :

[root@vps ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: [Thu May 01 00:01:03 2014] [warn] _default_ VirtualHost overlap on port 80, the first has precedence
                                                           [  OK  ]

Solution :

After a few hours troubleshooting and googling to internet, i managed to fix the issue. When we decide to run multiple domain in one web server or web hosting world called it shared hosting service, you need to configure name-based virtual hosts on your apache httpd service. NameVirtualhost is require to be included in httpd.conf file as below :

..
..
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#
..
..

Then restart the apache httpd. Issue resolved!

How to Install Varnish Cache With Apache On CentOS 6.5

Varnish is an open source web accelerator (also called a HTTP reverse proxy) designed for content-heavy dynamic web sites to speed up web server’s performance. Typical Web server will handles all the request and returning a response to the client. But with Varnish cache, it will serve the saved copy page instead of re-requesting the same revisited page from web server. This will reduced the server load and increased the response times. For those who plan to run a virtual private server (VPS) and also run a dedicated web server, hope that this article will help. This article will describe how to install and configure Varnish Cache with Apache on CentOS 6.5.

1. Setup varnish repo :

[root@centos6 ~]# wget http://repo.varnish-cache.org/redhat/varnish-3.0/el6/noarch/varnish-release/varnish-release-3.0-1.el6.noarch.rpm
[root@centos6 ~]# rpm --nosignature -i varnish-release-3.0-1.el6.noarch.rpm

2. Install Varnish and Apache :

[root@centos6 ~]# yum install varnish -y
[root@centos6 ~]# yum install httpd -y

3. Make both program start at boot :

[root@centos6 ~]# chkconfig --level 345 varnish on
[root@centos6 ~]# chkconfig --level 345 httpd on

4. Configure apache to listen to port 8080 :

[root@centos6 ~]# vi /etc/httpd/conf/httpd.conf

Modify below :

Listen 8080

5. Configuring Varnish Cache :

[root@centos6 ~]# vim /etc/sysconfig/varnish
..
..
# # Main configuration file. You probably want to change it :)
VARNISH_VCL_CONF=/etc/varnish/default.vcl
#
# # Default address and port to bind to
# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=
#VARNISH_LISTEN_PORT=6081
VARNISH_LISTEN_PORT=80
#
# # Telnet admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
#
# # Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret
#
# # The minimum number of worker threads to start
VARNISH_MIN_THREADS=50
#
# # The Maximum number of worker threads to start
VARNISH_MAX_THREADS=1000
#
# # Idle timeout for worker threads
VARNISH_THREAD_TIMEOUT=120
#
# # Cache file location
VARNISH_STORAGE_FILE=/var/lib/varnish/varnish_storage.bin
#
# # Cache file size: in bytes, optionally using k / M / G / T suffix,
# # or in percentage of available disk space using the % suffix.
VARNISH_STORAGE_SIZE=1G
#
# # Backend storage specification
VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
#
# # Default TTL used when the backend does not specify one
VARNISH_TTL=120
#
# # DAEMON_OPTS is used by the init script.  If you add or remove options, make
# # sure you update this section, too.
DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
             -f ${VARNISH_VCL_CONF} \
             -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
             -t ${VARNISH_TTL} \
             -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
             -u varnish -g varnish \
             -S ${VARNISH_SECRET_FILE} \
             -s ${VARNISH_STORAGE}"
#
..
..

Add the following in /etc/varnish/default.vcl :

[root@centos6 ~]# vim /etc/varnish/default.vcl
backend default {
  .host = "127.0.0.1";
  .port = "8080";
}

6. Start Varnish and Apache ”

[root@centos6 ~]# service varnish start
Starting Varnish Cache:                                    [  OK  ]
[root@centos6 ~]# service httpd start
Starting httpd:                                            [  OK  ]

7. verify varnish and Apache running on the correct port :

[root@centos6 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1042/rpcbind
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      21729/varnishd
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1075/sshd
tcp        0      0 127.0.0.1:6082              0.0.0.0:*                   LISTEN      21728/varnishd
tcp        0      0 :::111                      :::*                        LISTEN      1042/rpcbind
tcp        0      0 :::80                       :::*                        LISTEN      21729/varnishd
tcp        0      0 :::8080                     :::*                        LISTEN      1182/httpd
tcp        0      0 :::22                       :::*                        LISTEN      1075/sshd
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               1042/rpcbind
udp        0      0 0.0.0.0:793                 0.0.0.0:*                               1042/rpcbind
udp        0      0 :::111                      :::*                                    1042/rpcbind
udp        0      0 :::793                      :::*                                    1042/rpcbind

8. Verify the Varnish by running the following command.

[root@centos6 ~]# curl -I http://www.ehowstuff.local
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.ehowstuff.local/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7990
Accept-Ranges: bytes
Date: Sun, 13 Apr 2014 15:41:41 GMT
X-Varnish: 1889373153
Age: 0
Via: 1.1 varnish
Connection: keep-alive

9. ApacheBench performance test without Varnish Cache

[root@centos6 ~]# ab -k -n 1000 -c 50 http://www.ehowstuff.local:8080/
This is ApacheBench, Version 2.3 < $Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking www.ehowstuff.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        Apache/2.2.15
Server Hostname:        www.ehowstuff.local
Server Port:            8080

Document Path:          /
Document Length:        0 bytes

Concurrency Level:      50
Time taken for tests:   217.545 seconds
Complete requests:      1000
Failed requests:        81
   (Connect: 0, Receive: 0, Length: 81, Exceptions: 0)
Write errors:           0
Non-2xx responses:      1000
Keep-Alive requests:    0
Total transferred:      318518 bytes
HTML transferred:       20331 bytes
Requests per second:    4.60 [#/sec] (mean)
Time per request:       10877.237 [ms] (mean)
Time per request:       217.545 [ms] (mean, across all concurrent requests)
Transfer rate:          1.43 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    3  12.1      0      65
Processing:   219 10822 17202.8   3275   61139
Waiting:      218 10802 17210.6   3228   61138
Total:        239 10825 17201.5   3275   61139

Percentage of the requests served within a certain time (ms)
  50%   3275
  66%   4513
  75%   5570
  80%  12099
  90%  40539
  95%  60069
  98%  60103
  99%  60200
 100%  61139 (longest request)

10. ApacheBench performance test with Varnish Cache

[root@centos6 ~]# ab -k -n 1000 -c 50 http://www.ehowstuff.local/
This is ApacheBench, Version 2.3 < $Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking www.ehowstuff.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        Apache/2.2.15
Server Hostname:        www.ehowstuff.local
Server Port:            80

Document Path:          /
Document Length:        7990 bytes

Concurrency Level:      50
Time taken for tests:   0.227 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Keep-Alive requests:    1000
Total transferred:      8565396 bytes
HTML transferred:       8221710 bytes
Requests per second:    4410.08 [#/sec] (mean)
Time per request:       11.338 [ms] (mean)
Time per request:       0.227 [ms] (mean, across all concurrent requests)
Transfer rate:          36888.79 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   3.2      0      19
Processing:     7   10   1.7     10      18
Waiting:        1    4   2.3      4      15
Total:          7   11   4.1     10      31

Percentage of the requests served within a certain time (ms)
  50%     10
  66%     10
  75%     11
  80%     11
  90%     12
  95%     13
  98%     27
  99%     31
 100%     31 (longest request)

11. Result on Steps (9) and (10) shows that Apache with Varnish serve faster response than running Apache standalone.

 

How to Install WordPress on Remote MySQL

WordPress is an open source content management system (CMS) and popular blogging platform in the world based on PHP and MySQL platform. WordPress can be install on multiple way, either using dedicated server, virtual private server(VPS) or the cheapest way is running on shared hosting. When come to decision to run the wordpress on dedicated server or on VPS, the next question would be whether to run a web service and database service on single or multiple server. We have an option to combine it or to split it. For high performance wordpress website, i would suggest you to run web server(Apache, NGINX, Lighttpd) and database server (MySQL) on different server. Below steps should provide the basic steps how you can setup the wordpress on remote MySQL.

server1 = 192.168.0.5 = Apache server
server2 = 192.168.0.6 = Remote MySQL server

1. Login as a root on server1 then download latest wordpress file and extract the file :

[root@server1 html]# cd /var/www/html
[root@server1 html]# wget http://wordpress.org/latest.tar.gz
[root@server1 html]# tar xzvf latest.tar.gz

2. Login to server2, create the database for the wordpress :

[root@server2 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database wordpressdb;
Query OK, 1 row affected (0.00 sec)

mysql> create user 'wordpressuser'@'192.168.0.5' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on wordpressdb.* to 'wordpressuser'@'192.168.0.5';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'wordpressuser'@'192.168.0.5';
+------------------------------------------------------------------------------------------------------------------------+
| Grants for wordpressuser@192.168.0.5                                                                                   |
+------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpressuser'@'192.168.0.5' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
| GRANT ALL PRIVILEGES ON `wordpressdb`.* TO 'wordpressuser'@'192.168.0.5'                                               |
+------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

3. Once step 2 above has been done, login again to server1, test the connectivity to database server :

[root@server1 html]# mysql -u wordpressuser -p -h 192.168.0.6
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
| worpressdb         |
+--------------------+
3 rows in set (0.00 sec)

4. Still on server1, copy the config.php file :

[root@server1 ~]# cp /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php

5. Modify the config.php file and enter the database informations and remote mysql server details :

[root@server1 ~]# vi /var/www/html/wordpress/wp-config.php
define('DB_NAME', 'wordpressdb');

/** MySQL database username */
define('DB_USER', 'wordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'password');

/** MySQL hostname */
define('DB_HOST', '192.168.0.6');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

6. To install, navigate the browser to http://servername/wordpress/.

http://192.168.0.5/wordpress/

Install MySQL, Apache and PHP on CentOS 6.5

LAMP stand for Linux, Apache, MySQL and PHP which is group of software used to run an web applications. The combination of these software is called LAMP stack. This document will walk you through the steps to install MySQL, Apache and PHP on CentOS 6.5.


What is Apache ?

Apache httpd is one of the most popular web servers and has a lot of features that make it very extensible and useful for many different types of websites.

What is MySQL?
MySQL Database server is one of the most popular used database in the internet especially for content management and blogging site.

What is PHP?
PHP is a widely-used and open-source server-side scripting language that was especially designed for web development to produce dynamic web pages and can be embedded into HTML.

Steps :
1. Install MySQL, Apache and PHP :

[root@centos6-05 ~]# yum install mysql mysql-server httpd php* -y

2. Start Apache and MySQL :

[root@centos6-05 ~]# service httpd start
[root@centos6-05 ~]# service mysqld start

3. Check Apache, MySQL and PHP version :
Apache

[root@centos6-05 ~]# httpd -v
Server version: Apache/2.2.15 (Unix)
Server built:   Aug 13 2013 17:29:28

MySQL

[root@centos6-05 ~]# mysql -V
mysql  Ver 14.14 Distrib 5.1.71, for redhat-linux-gnu (x86_64) using readline 5.1

PHP

[root@centos6-05 ~]# php -v
PHP 5.3.3 (cli) (built: Dec 11 2013 03:29:57)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

4. Verifying Apache, MySQL and PHP :

Create a page called phpinfo.php under web root directory /var/www/html.

[root@centos6-05 ~]# vi /var/www/html/index.php
<?php

     phpinfo ();
?>

Restart Apache :

[root@centos6-05 ~]# service httpd restart

php-info

How to Setup Apache httpd on CentOS Dedicated Server

apachehttpdThe Apache HTTP Server is a free or open source Web server developed by the Apache Software Foundation (http://www.apache.org/). This post describes the basic steps to setup Apache httpd on CentOS 6.4 64 bit dedicated server to host the website and blog. Having dedicated web server, you will get more control and flexibility on the configuration and you does not share its resources with anyone else. With at least 2GB RAM, you will get fairly consistent load times and better speed if compared to shared hosting and virtual private server (VPS). Bloggers or webmasters can get reasonable dedicated server price starting at $139 at very reputable companies such as hostgator.

1. How to Install httpd :

[root@centos64 ~]# yum install httpd -y

2. How to Check Apache server version :

[root@centos64 ~]# httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   Feb 22 2013 11:19:58
Server's Module Magic Number: 20051115:25
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

3. Change /etc/hosts file :

[root@centos64 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.2.62 centos64.ehowstuff.local

4. Always backup the original configuration file before doing any changes :

[root@centos64 ~]# cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.backup.01042013

Note : -p mean preserve the specified attributes (default: mode,ownership,timestamps)

5. How to Configure httpd Apache service :

[root@centos64 ~]# vi /etc/httpd/conf/httpd.conf
ServerTokens Prod
KeepAlive On
ServerAdmin root@ehowstuff.local
ServerName www.ehowstuff.local:80
Options Indexes FollowSymLinks ExecCGI
AllowOverride All
DirectoryIndex index.html index.cgi index.php
ServerSignature Off
#AddDefaultCharset UTF-8
AddHandler cgi-script .cgi .pl

6. Restart Apache httpd :

[root@centos64 ~]# /sbin/service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

7. How to configure Apache httpd auto start at boot :

[root@centos64 ~]# chkconfig httpd on

8. How to check the apache access log :

[root@centos64 ~]# tail -f /var/log/httpd/access_log
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2524 "http://192.168.2.62/" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2146 "http://192.168.2.62/" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET / HTTP/1.1" 200 71412 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:36 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:36 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"

How to Fix “Could not reliably determine the server’s fully qualified domain name”

apache-http-serverQuestion :
How to fix “Could not reliably determine the server’s fully qualified domain name” when starting apache httpd service ?

[root@centos64 ~]# service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for centos64.ehowstuff.local
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
                                                           [  OK  ]

Answer :

Step 1:

Update /etc/hosts and do server’s ip address resolvable to the fully qualified domain name(fqdn) or hostname.

[root@centos64 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.2.62 centos64.ehowstuff.local

Step 2:

Restart apache httpd service :

[root@centos64 ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

Apache Reverse Proxy Configuration for Linux

Reverse Proxy is a gateway and it’s appears to the client like an ordinary web server. In this article, i will show quick steps to setup and configure Apache Reverse Proxy server. We need to add reverse proxy configuration into configuration to tell apache where it should be redirecting or caching information for clients that request for information. In this case, the following servers will involve in the setup.

(Server1) http://www.ehowstuff.local –> 192.168.2.54
(Server2) http://web.ehowstuff.local –> 192.168.2.55

When the client browsing /web on Server1, the traffic will redirecting to Server2.

Apache Reverse Proxy Configuration for Linux CentOS 6/ RHEL 6/ Oracle Linux 6

1. To use the Apache proxy directives, the following modules should be loaded :

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

2. Configure /web on Apache web server on Server1 :

# vi /etc/httpd/conf.d/reverse_proxy.conf

Add this lines :

<IfModule mod_proxy.c>
 ProxyRequests Off
 <Proxy *>
  Order allow,deny
  Allow from all
 </Proxy>

 ProxyPass /web http://web.ehowstuff.local
 ProxyPassReverse /web http://web.ehowstuff.local
</IfModule>

3. Restart or reload Apache to take effect :

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

4. Browse the URL http://www.ehowstuff.local/web as below :

Apache Reverse Proxy

 

How to Enable mod_perl on Linux CentOS 6.3

The default apache configuration installed without mod_perl. This can be a good idea in order to minimize the number of things that can go wrong. This post will covers the steps to enable mod_perl on linux CentOS 6.3. This will make Perl script be fast and increase the performance.

Prerequisites:
How to Install Httpd on CentOS 6.3

1. To Enable mod_perl, simply run the following command :

[root@centos63 ~]# yum install mod_perl -y
Loaded plugins: fastestmirror, presto, priorities
Loading mirror speeds from cached hostfile
 * base: centos.ipserverone.com
 * extras: centos.ipserverone.com
 * updates: centos.ipserverone.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_perl.i686 0:2.0.4-10.el6 will be installed
--> Processing Dependency: perl(BSD::Resource) for package: mod_perl-2.0.4-10.el6.i686
--> Running transaction check
---> Package perl-BSD-Resource.i686 0:1.29.03-3.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                       Arch             Version                      Repository        Size
====================================================================================================
Installing:
 mod_perl                      i686             2.0.4-10.el6                 base             3.2 M
Installing for dependencies:
 perl-BSD-Resource             i686             1.29.03-3.el6                base              35 k

Transaction Summary
====================================================================================================
Install       2 Package(s)

Total download size: 3.2 M
Installed size: 6.0 M
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 3.2 M
(1/2): mod_perl-2.0.4-10.el6.i686.rpm                                        | 3.2 MB     00:27
(2/2): perl-BSD-Resource-1.29.03-3.el6.i686.rpm                              |  35 kB     00:00
----------------------------------------------------------------------------------------------------
Total                                                               117 kB/s | 3.2 MB     00:27
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : perl-BSD-Resource-1.29.03-3.el6.i686                                             1/2
  Installing : mod_perl-2.0.4-10.el6.i686                                                       2/2
  Verifying  : mod_perl-2.0.4-10.el6.i686                                                       1/2
  Verifying  : perl-BSD-Resource-1.29.03-3.el6.i686                                             2/2

Installed:
  mod_perl.i686 0:2.0.4-10.el6

Dependency Installed:
  perl-BSD-Resource.i686 0:1.29.03-3.el6

Complete!

2. Configure PerlRun mode :

[root@centos63 ~]# vi /etc/httpd/conf.d/perl.conf

a) Original :

#PerlSwitches -w

Uncomment or change to :

PerlSwitches -w

b) Original :

#PerlSwitches -T

Uncomment or change to :

PerlSwitches -T

c) Original :

#Alias /perl /var/www/perl
#<Directory /var/www/perl>
#    SetHandler perl-script
#    PerlResponseHandler ModPerl::Registry
#    PerlOptions +ParseHeaders
#    Options +ExecCGI
#</Directory>

Uncomment or change to :

Alias /perl /var/www/perl
<Directory /var/www/perl>
    SetHandler perl-script
#   AddHandler perl-script .cgi
#   PerlResponseHandler ModPerl::Registry
    PerlResponseHandler ModPerl::PerlRun
    PerlOptions +ParseHeaders
    Options +ExecCGI
</Directory>

d) Original :

#<Location /perl-status>
#    SetHandler perl-script
#    PerlResponseHandler Apache2::Status
#    Order deny,allow
#    Deny from all
#    Allow from .example.com
#</Location>

Uncomment or change to :

<Location /perl-status>
    SetHandler perl-script
    PerlResponseHandler Apache2::Status
    Order deny,allow
    Deny from all
    Allow from 192.168.2.0/24
</Location>

3. Restart Apache :

[root@centos63 ~]# /etc/rc.d/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

4. Make sure if it works normally :

Browse to http://192.168.2.54/perl-status

mod_perl

5. Configure Registry mode :

Alias /perl /var/www/perl
<Directory /var/www/perl>
    SetHandler perl-script
# AddHandler perl-script .cgi
    PerlResponseHandler ModPerl::Registry
#  PerlResponseHandler ModPerl::PerlRun
    PerlOptions +ParseHeaders
    Options +ExecCGI
</Directory>

6. Restart Apache :

[root@centos63 ~]# /etc/rc.d/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

How to Install Mod_Security to Apache HTTP Server on CentOS 6.3

ModSecurity is an open source web application firewall and intrusion detection and prevention system that provide filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

1. Install some dependency packages for mod_security :

[root@centos63 ~]# yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel -y

Compile the modsecurity source code and module to install mod_security in your httpd.conf file. Run the followings commands as root :

[root@centos63 ~]# cd /usr/src/

2. Download mod_security :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz

Examples :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
--2012-09-17 16:06:20--  http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
Resolving www.modsecurity.org... 204.13.200.240
Connecting to www.modsecurity.org|204.13.200.240|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:21--  http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:22--  http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz [following]
--2012-09-17 16:06:23--  http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz
Resolving cdnetworks-kr-1.dl.sourceforge.net... 211.39.135.162
Connecting to cdnetworks-kr-1.dl.sourceforge.net|211.39.135.162|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 785852 (767K) [application/x-gzip]
Saving to: âmodsecurity-apache_2.6.7.tar.gzâ

100%[==========================================================>] 785,852     88.6K/s   in 8.7s

2012-09-17 16:06:32 (88.1 KB/s) - âmodsecurity-apache_2.6.7.tar.gzâ

3. Unpack the ModSecurity archive :

[root@centos63 src]# tar xzvf modsecurity-apache_2.6.7.tar.gz

4. Enter the extracted mod_security’s directory :

[root@centos63 src]# cd modsecurity-apache_2.6.7

5. Run the configure script to generate a Makefile. Typically no options are needed.

[root@centos63 modsecurity-apache_2.6.7]# ./configure

6. Install the ModSecurity module with :

[root@centos63 modsecurity-apache_2.6.7]# make install

7. Copy the The configuration file to /etc/httpd/conf.d directory :

[root@centos63 modsecurity-apache_2.6.7]# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

8. Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration. It’s used to protect from unknown vulnerabilities which often found on web applications :

[root@centos63 ~]# cd /etc/httpd
[root@centos63 httpd]# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# tar xzvf modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# mv modsecurity-crs_2.2.5 modsecurity-crs
[root@centos63 modsecurity-crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

9. Configure Apache httpd config file :

[root@centos63 ~]# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and make sure you load the ModSecurity module with the following line :

..
..
LoadModule security2_module modules/mod_security2.so
..
..

Configure ModSecurity. Add these line at the bottom of http.conf file :

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_setup.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

10. Restart the Apache service to enable mod_security module and their rules :

[root@centos63 ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

11. Verify everything working fine :

[root@centos63 ~]# httpd -t
Syntax OK
[root@centos63 ~]# tail -f /var/log/httpd/error_log
[Mon Sep 17 18:49:58 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Mon Sep 17 20:24:27 2012] [notice] caught SIGTERM, shutting down
[Mon Sep 17 20:24:28 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Mon Sep 17 20:24:28 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Sep 17 20:24:28 2012] [notice] Digest: done
[Mon Sep 17 20:24:28 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations