Archive for the ‘Apache’ Category

  1. A browser requests a secure page (usually https://)
  2. The web server sends its public key with its certificate.
  3. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
  4. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
  5. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
  6. The web server sends back the requested html document and http data encrypted with the symmetric key.
  7. The browser decrypts the http data and html document using the symmetric key and displays the information.

 

Advertisements

What is Difference between event, worker and prefork

Apache (HTPD) is  very popular and widely deployed web server arround the world. A-Patchy server comes with multiple modules. The term MPM is used for multiprocessing module. We can check for default mpm by running this command “ httpd -l ”

Apache 2 is available with following 3 MPM modules.

PREFORK
WORKER

EVENT

(mpm_winnt This Multi-Processing Module is optimized for Windows NT.)
(mpm_netware Multi-Processing Module implementing an exclusively threaded web server optimized for Novell NetWare)

Prefork MPM

A prefork mpm handles http requests just like older Apache 1.3. As the name suggests it will pre-fork necessary child process while starting Apache. It is suitable for all those websites which don’t want threading for compatibility. i.e for non-thread-safe libraries . It is also known as the best MPM for isolating each incoming http request.

How it works

A single control (master) process is responsible for launching multiple child processes which serves incoming http requests. Apache always tries to maintain several spare (not-in-use) server processes, which stand ready to serve incoming requests. In this way, clients do not need to wait for a new child processes to be forked before their requests can be served.
We can adjust this spare process through the Apache configuration. Default settings are usually enough for small amount of traffic. One can always tune those Directives / Values as per their requirements.

Pre-Fork is the default module given by Apache.

#prefork MPM
#StartServers: number of server processes to start
#MinSpareServers: minimum number of server processes which are kept spare
#MaxSpareServers: maximum number of server processes which are kept spare
#ServerLimit: maximum value for MaxClients for the lifetime of the server
#MaxClients: maximum number of server processes allowed to start
#MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule prefork.c>
StartServers       8
MinSpareServers    5
MaxSpareServers   20
ServerLimit      256
MaxClients       256
MaxRequestsPerChild  4000
</IfModule>

Worker MPM

A worker mpm is an Multi-Processing Module (MPM) which implements a hybrid multi-process multi-threaded server. By using threads to serve requests, it is able to serve a large number of requests with fewer system resources than a process-based server.

The most important directives used to control this MPM are ThreadsPerChild, which controls the number of threads deployed by each child process and MaxClients, which controls the maximum total number of threads that may be launched.

Strength : Memory usage and performance wise its better than prefork
Weakness : worker will not work properly with languages like php

How it works

A single control process (the parent) is responsible for launching child processes. Each child process creates a fixed number of server threads as specified in the ThreadsPerChild directive, as well as a listener thread which listens for connections and passes them to a server thread for processing when they arrive.

Apache always tries to maintain a group of spare or idle server threads, which stand ready to serve incoming requests. In this way, clients do not need to wait for a new threads or processes to be created before their requests can be served. The number of processes that will initially launched is set by the StartServers directive. During operation, Apache assesses the total number of idle threads in all processes, and forks or kills processes to keep this number within the boundaries specified by MinSpareThreads and MaxSpareThreads. Since this process is very self-regulating, it is rarely necessary to modify these directives from their default values. The maximum number of clients that may be served simultaneously (i.e., the maximum total number of threads in all processes) is determined by the MaxClients directive. The maximum number of active child processes is determined by the MaxClients directive divided by the ThreadsPerChild directive

#worker MPM
#StartServers: initial number of server processes to start
#MaxClients: maximum number of simultaneous client connections
#MinSpareThreads: minimum number of worker threads which are kept spare
#MaxSpareThreads: maximum number of worker threads which are kept spare
#ThreadsPerChild: constant number of worker threads in each server process
#MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule worker.c>
StartServers         4
MaxClients         300
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

Event MPM

The event Multi-Processing Module (MPM) is designed to allow more requests to be served simultaneously by passing off some processing work to supporting threads, freeing up the main threads to work on new requests. Event has been released with stable in Apache 2.4. The Event MPM works the exact same way as the Worker MPM when it comes to processes and threads. The big difference is that an Event MPM will dedicate a thread to a request, not the whole HTTP connection.

How it works

This MPM tries to fix the ‘keep alive problem’ in HTTP. After a client completes the first request, the client can keep the connection open, and send further requests using the same socket. This can save significant overhead in creating TCP connections. However, Apache HTTP Server traditionally keeps an entire child process/thread waiting for data from the client, which brings its own disadvantages. To solve this problem, this MPM uses a dedicated thread to handle both the Listening sockets, all sockets that are in a Keep Alive state, and sockets where the handler and protocol filters have done their work and the only remaining thing to do is send the data to the client. The status page of mod_status shows how many connections are in the mentioned states.

This is useful in a situation where you like the idea of threading, but have an application that uses rather long KeepAlive timeouts. With the Worker MPM, the thread would be bound to the connection, and stayed tied up regardless if a request was being processed or not.

With the Event MPM, the connection the thread is only used for requests and frees backup immediately after the request is fulfilled, regardless of the actual HTTP connection, which is handled by the parent process.  Since the thread frees up immediately after the request is fulfilled,  it can be used for other requests.

<IfModule event.c>
MinSpareThreads 64
MaxSpareThreads 128
ThreadsPerChild 64
ThreadLimit 64
MaxRequestsPerChild 20000
ListenBacklog 4096
</IfModule>

How to configure multiple apache virtual hosts on multiple ports

I have a server with one IP address. I want to run several virtual hosts in an Apache 2.4. And I want all virtual hosts to be accessible on port 80,8000 and 443 (ssl).

The Listen directive tells the server to accept incoming requests only on the specified ports or address-and-port combinations. If only a port number is specified in the Listen directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.

=-==–=
Listen *:80
Listen *:8080

NameVirtualHost *:80
NameVirtualHost *:8080

VirtualHost *:80
ServerName a.foo.com
DocumentRoot /www/a
/VirtualHost

VirtualHost *:8080
ServerName b.foo.com
DocumentRoot /www/ab
VirtualHost

=-=-=-

How to Install an apache module without recompiling (Easyapache)

Login the server

cd /home/cpeasyapache/src/httpd-2.x.x/modules/mappers/

Make sure the module is in uncompiled format (mod_module.c).

From command prompt run:

/usr/local/apache/bin/apxs -c mod_module.c
Example : /usr/local/apache/bin/apxs -c mod_imagemap.c

This will create the DSO in /home/cpeasyapache/src/httpd-2.x.x/modules/mappers/.libs/ folder.

Copy the mod_module.so file to /usr/local/apache/modules/ file

Load the module and enable it in Apache configuration file.

Check whether module is installed or not by using the below command :

/usr/local/apache/bin/apachectl -t -D DUMP_MODULES
=-=-=-=-=-

How to Redirect HTTP traffic to another IP using iptables

I want to redirect all traffic coming to the old server’s http port(during the TTL change period) to the webserver running in new server with a different ip .

DETAILS:

Service : Apache(port 80 and 443)
Interface name in old server(this is a vps) : venet0
Destination ip : 198.89.54.263

SOLUTION:

Use iptables nat to redirect http and https traffic to another server ip and port. Execute the following commands in the source server.

iptables -t nat -A PREROUTING -i venet0 -p tcp –dport 80 -m conntrack –ctstate NEW -j DNAT –to 98.59.254.163:80
iptables -t nat -A PREROUTING -i venet0 -p tcp –dport 443 -m conntrack –ctstate NEW -j DNAT –to 98.59.254.163:443
iptables -t nat -A PREROUTING -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

-=-=-=-=-=

Name or service not known: mod_unique_id: unable to find IPv4 address

[Thu Jan 02 05:29:41 2014] [alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of “server hostname”
Configuration Failed

I have checked the Apache configuration syntax file and it is fine.

root@ [/]# httpd -t
Syntax OK

While checking the file “/etc/hosts” the server hostname was incorrect. After correcting the Apache service was working fine.

(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs

Check the Apache process

root@ [~]# ps aux | grep httpd
root 6846 0.0 0.0 4956 700 pts/0 S+ 04:22 0:00 grep httpd
root 29439 0.0 0.7 145736 125784 ? S 03:06 0:00 /usr/local/apache/bin/httpd -k start -DSSL

Check whether port 80 is listening on the server.

root@ [~]# netstat -lnp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29439/httpd

The below command will display which service is running on port 80. Please use lsof command before and after the process start. You can see the changes.

lsof -i tcp:80
lsof -i | grep httpd

Kill the process and start the service

root@ [~]# kill -9 29439
root@ [~]# ps aux | grep httpd
root 7258 0.0 0.0 4956 704 pts/0 S+ 04:22 0:00 grep httpd

root@ [~]# /etc/init.d/httpd start
root@ [~]# ps aux | grep httpd
root 7312 17.2 0.7 151624 127688 ? Ss 04:23 0:00 /usr/local/apache/bin/httpd -k start -DSSL
root 7335 0.0 0.7 143376 122460 ? S 04:23 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 7336 6.0 0.7 153152 127272 ? S 04:23 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 7337 2.0 0.7 152180 126460 ? S 04:23 0:00 /usr/local/apache/bin/httpd -k start -DSSL
root 7361 0.0 0.0 4960 700 pts/0 S+ 04:23 0:00 grep httpd
———————————->

Today I have faced an error while accessing the domain, also the response is too slow.

[Thu Aug 22 13:05:06 2013] [warn] [client 200.150.249.63] mod_fcgid: can’t apply process slot for /usr/local/cpanel/cgi-sys/php5, referer: http://www.domain.com/tracking/index.php

This issue commonly occur due to lower value of MaxRequestsPerProcess.

Solution :-

#vim /usr/local/apache/conf/php.conf

MaxRequestsPerProcess 1000
DefaultMaxClassProcessCount 120
IdleTimeout 60
MaxProcessCount 2000
IPCCommTimeout 40
IPCConnectTimeout 10
MaxRequestLen 10240000

Reference :
http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidspawnscoreuplimit

Unable to start Apache service on cPanel server.

If you are getting the following error while trying to restart the Apache service.

=====================>
-bash-3.2# /etc/init.d/httpd start
(20014)Internal error: Error retrieving pid file logs/httpd.pid
Remove it before continuing if it is corrupted.
=====================>

Solution :-

-bash-3.2# mv /usr/local/apache/logs/httpd.pid /usr/local/apache/logs/httpd.pid.bk
-bash-3.2# /etc/init.d/httpd restart
httpd not running, trying to start

Be sure that the apache service is running :

# /etc/init.d/httpd status

=============================>

First go to SourceGuardians download page http://www.sourceguardian.com/loaders.html

Untar the tarball

Copy the loader file ixed.5.3.lin to the /usr/lib/php5/20090626/

cp ixed.5.3* to /usr/lib/php5/20090626/

Create a Source Guardian configuration file:

vim /etc/php5/conf.d/sourceguardian.ini

Add the following two lines to sourceguardian.ini:

[sourceguardian]
zend_extension=/usr/lib/php5/20090626/ixed.5.3.lin

Restart Apache:

# php -v
PHP 5.3.3-7+squeeze14 with Suhosin-Patch (cli) (built: Aug 6 2012 14:18:06)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with SourceGuardian v9.0, Copyright (c) 2000-2012, by Inovica Ltd.
with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH
—————————————————>