Earlier, we created a script to restart the Apache web server HERE. Today we are going to add this to Cron so it restart every day a 3:00AM.
Category: Apache
Today, we are installing certbot on Debian 11 with Apache2 (Apache/2.4.54 (Debian). This article assumes you have Apache installed. If not, see How To Install LAMP (Linux, Apache, MySql-Maria, PHP) On Debian 11.
This article describes How to install LAMP (Linux, Apache, MySql-Maria, PHP) on Debian 11. The first step is to install a Devian server.
So, the following we run the commands to set up apache for wordpress.
Download and unzip the WordPress package from:
# wget https://wordpress.org/latest.tar.gz
Then extract the package to the apache root directory:
# tar -xzvf latest.tar.gz --directory /var/www/kdoozle
Activate Mod Rewrite.
# sudo a2enmod rewrite
Create vhosts.
<VirtualHost *:80>
ServerName ipgw.io
ServerAlias www.ipgw.io
ServerAdmin webmaster@ipgw.io
DocumentRoot /var/www/ipgw
<Directory /var/www/ipgw>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/ipgw.io-error.log
CustomLog ${APACHE_LOG_DIR}/ipgw.io-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin rogerp@local
ServerName www.ipgw.io
ServerAlias ipgw.io
DocumentRoot /var/www/ipgw
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ipgw.io.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ipgw.io.key
</VirtualHost>
<VirtualHost *:443>
ServerAdmin rogerp@local
ServerName www.ipgw,io
ServerAlias ipgw.io
DocumentRoot /var/www/ipgw
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ipgw.io.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ipgw.io.key
</VirtualHost>
After installing it, you will need to restart Apache services with the command:
service apache2 restart
If needed, you will need to edit the config file and find the directive:
AllowOverride None
Change it to:
AllowOverride All
Order allow,deny
Allow from all
Create the Database
MariaDB [(none)]> CREATE database kdoozle;
Query OK, 1 row affected (0.001 sec)
Add user and set up permissions.
MariaDB [(none)]> CREATE USER 'kdoozle'@'localhost' IDENTIFIED BY 'sdsrg54yhs';
Query OK, 0 rows affected (0.032 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON kdoozle.* to 'kdoozle'@'localhost' IDENTIFIED BY 'sdsrg54yhs';
Query OK, 0 rows affected (0.017 sec)
Next, run the installer by loading the website in the browser.
This how-to guide will help you to step by step create and install Self Signed Certificate in Apache server on Linux systems.
Read moresudo apt-get install openssl # Debian based systems
sudo yum install mod_ssl openssl # Redhat / CentOS systems
sudo dnf install mod_ssl openssl # Fedora 22+ systemsStep 2 – Create Self Signed Certificate (please change to your domain name 🙂
Now create SSL certificate. Change the name “apache” to your site name if you plan on multiple sites. Openssl will ask you for some info about your organization. You can leave most of this blank, but the one important thing you’ll need to fill out is the “Common Name,” which you’ll want to set to your server’s IP address or domain name.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crtOutput:
Generating a RSA private key
.............................+++++
......+++++
writing new private key to 'apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:TX
Locality Name (eg, city) []:Austin
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Apache
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:apache.com
Email Address []:user@localhostWe’ll also want to generate a Diffie-Hellman group. This is used for perfect forward secrecy, which generates ephemeral session keys to ensure that past communications cannot be decrypted if the session key is compromised.
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096Step 3 – Configure Apache to Use Your Self-Signed Certificate
Edit Apache SSL configuration file and edit/update as per following directives.
Add a snipit file.
sudo touch /etc/apache2/conf-available/ssl-params.confAdd the following:
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"Apache VirtualHost Configuration
<VirtualHost *:80>;
ServerName ipgw.io
ServerAlias www.ipgw.io
ServerAdmin webmaster@ipgw.io
DocumentRoot /var/www/ipgw
<Directory /var/www/ipgw>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/ipgw.io-error.log
CustomLog ${APACHE_LOG_DIR}/ipgw.io-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin rogerp@local
ServerName www.ipgw.io
ServerAlias ipgw.io
DocumentRoot /var/www/ipgw
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ipgw.io.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ipgw.io.key
</VirtualHost>Step 4 – Test config, Enable SSL and Restart Apache
sudo a2enmod ssl
sudo apachectl configtest
sudo systemctl restart apache2 # Debian based systemsStep 5 – Test Website with HTTPS
Finally, open your site in your favorite web browser using https.
https://www.example.com
As we are using a self-signed certificate, you will get a warning message in your browser. You can simply ignore this message.
If you find this helpful, please donate.
Here is a simple lamp install script for CentOS 8.
#!/bin/bash #update system dnf update #install apache dnf install httpd httpd-tools -y systemctl enable httpd systemctl start httpd systemctl status httpd #update firewall firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload #install mariadb dnf install mariadb-server mariadb -y systemctl start mariadb systemctl enable mariadb systemctl status mariadb mysql_secure_installation # Install PHP 7 on CentOS 8 dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm #dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm #dnf module list php dnf install php php-opcache php-gd php-curl php-mysqlnd -y systemctl start php-fpm systemctl enable php-fpm systemctl status php-fpm setsebool -P httpd_execmem 1 systemctl restart httpd
Check the installation
# nano /var/www/html/info.php
Insert the PHP code below and save the file.
[/bash]
Then head out to your browser, and type the URL below. Remember to replace the server IP address with your server’s actual IP address.
http://server-ip-address/info.php
How to test apache.
Create 2 files:
testload.php
test.php
Create a php file testload.php that checks the existence of another file named test.php in the same directory of two CentOS 7 servers with the same hardware characteristics and load but with different MPM. One of them will use event and the other one will use prefork.
<!--?php $filename = 'test.php'; if (file_exists($filename)) { echo "The file $filename exists"; } else { echo "The file $filename does not exist"; } ?-->
With ab, we will sent 50 (-c 50) concurrent requests at the same time and repeat the test 1000000 times
# ab -c 50 -n 100000 http://localhost/testload.php
200 simultaneous requests until 2000 requests are completed:
# ab -k -c 100 -n 2000 localhost/testload.php
Another test to localhost
PREFORK
]# ab -c 50 -n 100000 http://localhost/index.html
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking localhost (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
^C
Server Software: Apache/2.4.6
Server Hostname: localhost
Server Port: 80
Document Path: /index.html
Document Length: 15167 bytes
Concurrency Level: 50
Time taken for tests: 3596.808 seconds
Complete requests: 34570
Failed requests: 0
Write errors: 0
Non-2xx responses: 34571
Total transferred: 537122767 bytes
HTML transferred: 524331497 bytes
Requests per second: 9.61 [#/sec] (mean)
Time per request: 5202.210 [ms] (mean)
Time per request: 104.044 [ms] (mean, across all concurrent requests)
Transfer rate: 145.83 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 3
Processing: 213 5198 241.5 5203 10154
Waiting: 174 4428 227.6 4435 9302
Total: 214 5198 241.5 5203 10154
Percentage of the requests served within a certain time (ms)
50% 5203
66% 5264
75% 5302
80% 5327
90% 5391
95% 5449
98% 5532
99% 5617
100% 10154 (longest request)
The Apache mod_status module is something that can be very useful when troubleshooting high CPU or Memory usage with Apache.
Taken it directly from the Apache documentation:
– The number of worker serving requests.
– The number of idle worker.
– The status of each worker, the number of requests that worker has performed and the total number of bytes served by the worker.
– A total number of accesses and byte count served.
– The time the server was started/restarted and the time it has been running for.
– Averages giving the number of requests per second, the number of bytes served per second and the average number of bytes per request.
– The current percentage CPU used by each worker and in total by all workers combined.
– The current hosts and requests being processed.
Setting it up is simple.
# CentOS 6 / CentOS 7 [root@web01 ~]# vim /etc/httpd/conf.d/status.conf
# Ubuntu 12.04 [root@web01 ~]# vim /etc/apache2/conf.d/status.conf
# Ubuntu 14.04 [root@web01 ~]# vim /etc/apache2/conf-available/status.conf
Using the correct location for your distro use the following configuration to enable mod_status. Update the AuthUserFile line accordingly for your distro:
<IfModule mod_status.c>
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
ExtendedStatus On
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Uncomment and change the ".example.com" to allow
# access from other hosts.
#
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost ip6-localhost
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
Allow from 127.0.0.1
# On CentOS / RedHat systems, uncomment the following line
AuthUserFile /etc/httpd/status-htpasswd
# On Debian / Ubuntu systems, uncomment the following line
# AuthUserFile /etc/apache2/status-htpasswd
AuthName "Password protected"
AuthType Basic
Require valid-user
# Allow password-less access for allowed IPs
Satisfy any
</Location>
</IfModule>
Once you have the configuration in place, you can secure it with a username and password:
# CentOS 6 / CentOS 7 [root@web01 ~]# htpasswd -c /etc/httpd/status-htpasswd serverinfo [root@web01 ~]# service httpd restart
# Ubuntu 12.04 [root@web01 ~]# htpasswd -c /etc/apache2/status-htpasswd serverinfo [root@web01 ~]# service apache2 restart
# Ubuntu 14.04 [root@web01 ~]# htpasswd -c /etc/apache2/status-htpasswd serverinfo [root@web01 ~]# a2enconf status.conf [root@web01 ~]# service apache2 restart
Now go to:
http://serverip/server-status
You can have the /server-status page refresh automatically by using the following in the URL:
http://serverip/server-status?refresh=2
It may give you some idea of what client, or what types of requests, are causing the resource contention issues. Usually it is a specific web application misbehaving, or a specific client is attacking a site.
How to Install mod_cloudflare.so, file_cache_module.so and mod_mem_cache.so on CentOS 6
CentOS 6
# yum install php-xcache xcache-admin
Debian/Ubuntu/Linux Mint
# apt-get install php5-xcache
Configure
RHEL/CentOS/Fedora
# nano /etc/php.d/xcache.ini
Debian/Ubuntu/Linux Mint
# nano /etc/php5/conf.d/xcache.ini
OR
# nano /etc/php5/mods-available/xcache.ini
once you’re done with configuration settings, restart your Apache web server.
# /etc/init.d/httpd restart
# /etc/init.d/apache2 restart
Verify
# php -v
Enabling XCache Admin Panel for PHP
By default the admin panel is protected with http-auth and in disabled state. To set user/password open the Xcache.ini file. But, first you have to create md5 password using following command. (Where typeyourpassword is your password).
# echo -n "typeyourpassword" | md5sum
Sample Output
ae9ac3f19ae3990b2c99701061c5d8c2
Now open Xcache.ini file add the generated md5 password. See the following example, add your own password md5 string.
[xcache.admin] xcache.admin.enable_auth = On ; Configure this to use admin pages xcache.admin.user = "mOo" ; xcache.admin.pass = md5($your_password) xcache.admin.pass = "ae9ac3f19ae3990b2c99701061c5d8c2"
The simplest way to do so is copying the whole directory xcache (admin was in older release) to your web root directory (i.e. /var/www/html or /var/www).
# cp -a /usr/share/xcache/ /var/www/html/
OR
# cp -a /usr/share/xcache/htdocs /var/www/xcache
OR
cp -a /usr/share/xcache/admin/ /var/www/ (older release)
Now call it from your browser, a http-auth login prompt window will pop-up. Enter your user/pass in, and it’s done.
http://localhost/xcache OR http://localhost/admin (older release)