Apache

Check which php.ini file is loaded

Create the following code and load it into apache. Call it whatever.php

<?php // Show all information, defaults to INFO_ALL phpinfo(); ?>

Simple URL redirect in Apache

[http://www.yolinux.com/TUTORIALS/ApacheRedirect.html]

RewriteEngine On

RewriteRule /.* http://www.example.com/ [R]

Redirect http to https

RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

Quick self signed

openssl genrsa -des3 -out nixcraft.in.key 1024

openssl req -new -key nixcraft.in.key -out nixcraft.in.csr

cp nixcraft.in.key nixcraft.in.key.bak

openssl rsa -in nixcraft.in.key.bak -out nixcraft.in.key

openssl x509 -req -days 365 -in nixcraft.in.csr -signkey nixcraft.in.key -out nixcraft.in.crt

SSL and certificates (beware rh6.0 bug)

For apache - remember you need intermediates. For nginx you need to concatonate your intermediates after you cert and use the ssl checker to verify. Can also use openssl -verify option.

To Generate the private key:

openssl genrsa -out www.vuvuplaza.com.key 2048

To create CSR:

openssl req -new -key www.vuvuplaza.com.key -out www.vuvuplaza.com.csr

Get the code:

cat www.vuvuplaza.com.csr

Generate CSR

openssl req -nodes -newkey rsa:2048 -keyout support.vuvuplaza.com.key -out support.vuvuplaza.com.csr

Generate the Key with the following command:

NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.

If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.

$ openssl genrsa -des3 -out www.yourdomain-example.com.key 2048

This command will generate 2048 bit RSA Private Key and stores it in the file www.yourdomain-example.com.key.

It will ask you for a pass phrase: use something secure and remember it. Your certificate will be useless without the key. If you don't want to protect your key with a pass phrase (only if you absolutely trust that server machine, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option above. Also leave out -des3 option if you are running Apache on Windows as it does not work on Windows.

Backup your www.yourdomain-example.com.key file and make a note of the pass phrase. A good choice is to backup this information onto a diskette or other removeable media.

Note: If you are attempting to request an Extended Validation certificate, ensure that 2048 is selected as your key-bit length.

Generate the CSR with the following command:

$ openssl req -new -key www.yourdomain-example.com.key -out www.yourdomain-example.com.csr

This command will prompt you for the X.509 attributes of your certificate. Remember to give the namewww.yourdomain-example.com when prompted for 'Common Name (eg, www.yourdomain-example.com)'.

Do not enter your personal name here. We are requesting a certificate for a webserver, so the Common Name has to match the FQDN of your website (a requirement of the browsers).

You will now have a RSA Private Key in www.yourdomain-example.com.key and a Certificate Signing Request in www.yourdomain-example.com.csr.

The file www.yourdomain-example.com.key is your secret key, and must be installed as per the instructions that will come when your certificate is issued. The file www.yourdomain-example.com.csr is your CSR, and the important bit looks something like this:

-----BEGIN CERTIFICATE REQUEST-----

Code

-----END CERTIFICATE REQUEST-----

Self Signed

# Generate private key

openssl genrsa -out ca.key 1024

# Generate CSR

openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations

cp ca.crt /etc/pki/tls/certs

cp ca.key /etc/pki/tls/private/ca.key

cp ca.csr /etc/pki/tls/private/ca.csr

Check if port 443 is being grabbed by the ssl.conf in /etc/http/conf.d/ssl.conf

Then copy the certificates from host1 to host2 and specify them in host2's httpd.conf and if pages not displaying check:

AllowOverride All

Step A: Determine the location of the private key and certificate files.

• 1. Look in the httpd.config file for the following directives because they point to the location of the key and certificate files:

  2. SSLCertificateFile .../path/to/mycertfile.crt

  3. SSLCertificateKeyFile .../path/to/mykeyfile.key

  4. SSLCertificateChainFile or SSLCACertificateFile /etc/ssl/crt/ca_bundle.crt

  5. Note: Certain Apache server, utilizes the SSLCACertificateFile as SSL directive for Intermediate CA.

  7. After locating the key and certificate location, copy the files from the original server to the httpd.conf file of the target server.

  8. Set the above-listed directives to point to the new locations of the .crt and .key files:

  9. Ensure that the SSLCertificateFile directive points to the *.crt file.

  10. Ensure that the SSLCeritificateKeyFile directive points to the *.key file.

  11. Ensure that the SSLCertificateChainFile or SSLCACertificateFile directive points to the *.crt file (Intermediate CA bundle).

Step B: Export (back up) the certificate.

• Copy the .key file, both .crt file for SSL and Intermediate CA and the httpd.conf file to a diskette or CD.

Step C:Import the certificate.

1. On the target host, copy the .key file and both .crt file for SSL and Intermediate CA from the diskette or CD to the appropriate directory.

   1. Edit the virtual host section of the httpd.conf file so that the SSLCertificateFile / SSLCertificateChainFile or SSLCACertificateFile directive points to the .crt file and the SSLCertificateKeyFile directive points to the .key file. You can use the virtual host section of the httpd.conf file on the diskette or CD as a guide.

   2. SSLCertificateFile .../path/to/mycertfile.crt

   3. SSLCertificateKeyFile .../path/to/mykeyfile.key

   4. SSLCertificateChainFile or SSLCACertificateFile /etc/ssl/crt/ca_bundle.crt

Blank pages on samba share

If you use a cifs mount as the documentRoot for the apache server, you will see that the files are not served by Apache. You get blank pages.

The fix is EnableSendfile Off !

Apache HTTP server

Why do I get a "Forbidden" message whenever I try to access a particular directory?

This message is generally caused because either

• • The underlying file system permissions do not allow the User/Group under which Apache is running to access the necessary files; or

  • The Apache configuration has some access restrictions in place which forbid access to the files.

You can determine which case applies to your situation by checking the error log.

In the case where file system permission are at fault, remember that not only must the directory and files in question be readable, but also all parent directories must be at least searchable (i.e., chmod +x /directory/path) by the web server in order for the content to be accessible.

To compress outbound web traffic from your server (halves your bandwidth)

Use the mod_deflate plugin (apache2) or mod_gzip (apache1). Add the following to the httpd.conf:

This will compress everything outbound from the webserver except pdf / movies / mp3's etc:

### Mod_deflate settings

## Dont compress these file extentions

SetOutputFilter DEFLATE

SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary

SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary

SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary

SetEnvIfNoCase Request_URI \.avi$ no-gzip dont-vary

SetEnvIfNoCase Request_URI \.mov$ no-gzip dont-vary

SetEnvIfNoCase Request_URI \.mp3$ no-gzip dont-vary

SetEnvIfNoCase Request_URI \.mp4$ no-gzip dont-vary

SetEnvIfNoCase Request_URI \.rm$ no-gzip dont-vary

SetEnvIfNoCase Request_URI \.flv$ no-gzip dont-vary

######################################################

Testing it

http://www.whatsmyip.org/mod_gzip_test/

Logging apache to SQL

http://www.howtoforge.com/apache2-logging-to-a-mysql-database-with-mod_l...

Reducing Apache load with Nginx

http://www.howtoforge.com/reduce-apache-load-with-nginx-rhel5.2