apache http auth with cgi

If you are using apache http auth with cgi, you have a few more things to do.

You need to enable .htaccess

RewriteEngine On

RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

protecting web access with mod_auth

You can limit web access by password. Apache has module mod_auth* for you. It's easy.

1. create password file

# htpasswd -c /usr/local/apache/passwd/passwords rbowen

New password: mypassword

Re-type new password: mypassword

Adding password for user rbowen

for additional user just remove "-c"

2. add directive to apache (.httaccess or )

AuthType Basic

AuthName "Restricted Files"

# (Following line optional)

AuthBasicProvider file

AuthUserFile /usr/local/apache/passwd/passwords

Require user rbowen

3. Restart apache and have fun!

If you have a problem, please investigate the error_log first.

More information :

http://httpd.apache.org/docs/trunk/howto/auth.html

Configuring gentoo apache with fcgi

mod php and worker are not stable as PHP official page.

Gentoo user might not aware this because we can compile PHP with threads use flag without realizing the warning.

Before get start with apache-worker fcgid and php. You need the following :

1) installed PHP with cgi use flag.

2) installed mod_fcgid (emerge mod_fcgid)

PHP configuration :

- modify /etc/php/cgi-php5/php.ini to suite your need.

apache configuration :

- modify /etc/apache2/modules.d/20_mod_fcgid.conf adding the following in

AddHandler fcgid-script .php .fcgi

DefaultInitEnv PHPRC "/etc/php/cgi-php5"

IdleTimeout 60

BusyTimeout 120

ProcessLifeTime 360

SpawnScoreUpLimit 2100

MaxProcessCount 2100

DefaultMaxClassProcessCount 2100

IPCConnectTimeout 120

IPCCommTimeout 120

FCGIWrapper /usr/bin/php-cgi .php

Please change the /usr/bin/cgi/ to your path. And don't forget to add +ExecCGI to option directive.

- edit /etc/conf.d/apache2 add -D FCGID to APACHE2_OPTS

restarting apache.

Monit : debuging monit process

Misconfiguration on apache can lead monit false alet and do wrong action. I found that some monit process in one of my servers always complaining about apache cannot connect port 80. which is not right cause I can still access the pages.

Here are tip for debugging what goes wrong:

1) stop monit as a daemon
2) smart monit in foreground
#monit -Iv
3) see the message

From my experience, the server response with 403 http code cause monit alert cannot connect host port 80.
So, I change apache config to get 200 code and everything back to work :)

Monit : server monitoring tools

If you have a web server, have you ever experience apache process not responding to http request?

or

How to make sure that apache are running? and If server load go too high please restart it for me.

Monit can help you monitoring common for system admin.


It can monitoring server process, file size, memory server load. And, you can set the appropriate action to those events: sending email, restart process etc.

To install monit
for gentoo :
#emerge -av monit
for debian:
#apt-get install monit

Configuring monit
Locate configuration file : /etc/monitrc or /etc/monit/monitrc
Here is the example configuration for apache with these condition
1) check whether apache is running : if not restart
2) check http:80 is working : if not restart
3) if server go to high : restart apache process

set daemon 120

set mailserver smtp.localhost


set mail-format { from: admin@localhost.com }

set alert systemadmin@localhost.com


check process apache with pidfile /var/run/apache2.pid
start program = "/etc/init.d/apache2 start"
stop program = "/etc/init.d/apache2 stop"
if failed port 80 protocol http then restart
if loadavg(5min) greater than 100 for 2 cycles then restart
alert extrapeople@localhost.com

If you are interested in monit for advance feature please visit monit official site.
check out monit document

apache with fcgid

Once, I used gentoo with apache(worker) + phpmod as a webserver. After switching to ubuntu, I've found that phpmod is not stable with apache(worker), this is not a problem with gentoo b'coz u can customize everything by yourself.

Up to this point ,there are 2 choice for ubuntu apache works with php
1) use apache prefork + phpmod
2) use apache worker + cgi + php

More description about fcgid/fastcgi http://www.seaoffire.net/fcgi-faq.html

I found the following study show that fcgid might be a good choice. And, it is.
http://2bits.com/articles/apache-fcgid-acceptable-performance-and-better-resource-utilization.html

For fcgid reference for apache :
http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html

Apache Mod setenvif

Some software/browser didn't follow the standard or have some bugs. I found that MSIE 6 have problem with richtext editor -javascript. Mod setenvif can be used to set special variable to correct the problem.



In file: /etc/apache2/mods-enabled/setenvif.conf
BrowserMatch "MSIE 4\.0b2;" gzip-only-text/html
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

With this line apache the user with MSIE6 will be:
-send gzip format for text/html only
-disable keepalive
-downgraded request to HTTP 1.0
-response with HTTP 1.0

To find our more directive of this mod.
http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html

There are more interesting variable that can be set.
http://httpd.apache.org/docs/2.2/env.html

Understanding apache config order in debian/ubuntu

In ubuntu, i've found a lot of config file for apache. To identify the problem, you need to know which config loading sequence which might overwrite another one.

/etc/apache2

1) apache2.conf - define #process, timeout etc...
2) mods-enabled/*.conf - module configuration
3) httpd.conf (user configuration)
4) ports.conf - port listening
5) conf.d/*- generic snippet statement - charset localized-error-pages, security
6) sites-enable/* -all vhost

webserver http-caching header

Here are link to speed up your http server :

http://www.mnot.net/cache_docs/
http://www.web-caching.com/

Apache Segmentation fault

Recently, I've found the message in
#/var/log/apache2/error_log
[notice] child pid 20295 exit signal Segmentation fault (11)

Getting core dump file : http://www.question-defense.com/2009/07/15/apache-notice-child-pid-27609-exit-signal-segmentation-fault-11

debugin apache : http://httpd.apache.org/dev/debugging.html

Apache document directive for coredump : http://httpd.apache.org/docs/2.0/mod/mpm_common.html

CoreDumpDirectory Directive

Description:	Directory where Apache attempts to switch before dumping core
Syntax:	CoreDumpDirectory directory
Default:	See usage for the default setting
Context:	server config
Status:	MPM
Module:	beos, leader, mpm_winnt, perchild, prefork, threadpool, worker

This controls the directory to which Apache attempts to switch before dumping core. The default is in the ServerRoot directory, however since this should not be writable by the user the server runs as, core dumps won't normally get written. If you want a core dump for debugging, you can use this directive to place it in a different location.