Apache HTTP

Management

Check configuration syntax

apachectl -t

List virtual host mapping

apachectl -t -D DUMP_VHOSTS

Configuration Examples

Minimal virtual host

<VirtualHost *:80>
	DocumentRoot /var/www/html

	#This section is optional
	<Directory /var/www/html>
		Options -Indexes
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Default virtual host without access

<VirtualHost *:80>
	ServerName example.org
	
	<Location />
		Deny from all
		Options None
		ErrorDocument 403 "Forbidden"
	</Location>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Common SSL configuration (may be used with Include directive)

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

SSLCertificateFile    /etc/apache2/ssl/certs/domain/cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/certs/domain/privkey.pem
SSLCACertificateFile /etc/apache2/ssl/certs/domain/fullchain.pem

BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

SSL-enabled virtual host (WSGI)

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName foo.org

	WSGIScriptAlias / /path/to/foo.py/
	Alias /static /var/www/ssl/foo

        <Directory /var/www/ssl/foo>
                Options FollowSymLinks
                AllowOverride None
        </Directory>

	ErrorLog ${APACHE_LOG_DIR}/ssl/foo.error.log
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/ssl/foo.access.log combined

	SSLEngine on

	SSLCertificateFile    /etc/apache2/ssl/certs/domain/cert.pem
	SSLCertificateKeyFile /etc/apache2/ssl/certs/domain/privkey.pem
	SSLCACertificateFile /etc/apache2/ssl/certs/domain/fullchain.pem
</VirtualHost>
</IfModule>

Modules

mpm_* + mod_wsgi

Scoreboard is full error

Symptom:

scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

How to reproduce:

Visit the wsgi application url
Reload apache configuration

Resolution:

Delegate wsgi application to mod_wsgi separate daemon process.

In site.conf after the WSGIScriptAlias add:

WSGIDaemonProcess foo.example.org processes=2 threads=5 display-name=%{GROUP}
WSGIProcessGroup foo.example.org

and restart apache http.

mpm_common

Set graceful shutdown timeout

# echo 'GracefulShutdownTimeout 30' > /etc/apache2/conf-available/graceful-shutdown.conf
# a2enconf graceful-shutdown
# service apache2 restart

Utilities

htpasswd

Compute the bcrypt hash for a phrase

htpasswd -bnBC 10 "" PASSWORD | tr -d ':\n' | sed 's/$2y/$2a/'

ab

Benchmark

ab -n 1000 -c 10 -k -H "Accept-Encoding: gzip, deflate" https://www.example.org/

n: nubmer of requests
c: concurrency level
k: keepalive
H: additional header to send

Logging

Access log

Show unique ips sorted by occurrence frequency:

cat access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr

Show entries with status codes other than 200:

grep -E '\" [1345][01235][0-9] ' access.log