Posts Tagged ‘VirtualHosts’

Speed up Apache webserver by including htaccess mod_rewrite rules in VirtualHosts / httpd.conf

Wednesday, November 12th, 2014

speed-up-apache-through-include-htaccess-from-config
There are plenty of Apache Performance Optimization things to do on a new server. However many sysadmins miss  .htaccess mod_rewrite rules whole optimization often leads to a dramatic performance benefits and low webserver responce time, making website much more attractive for both Search Engine Crawlers and End User experience.

Normally most Apache + PHP CMS systems, websites, blogs etc. are configured to use various goodies of .htaccess files (mostly mod_rewrite rules, directory htpasswd authentication  and allow forbid directives). All most popular open-source Content management systems  like Drupal, Joomla, WordPress, TYPO3, Symphony CMS are configured to get use  .htaccess file usually living in the DocumentRoot of a virtualhost ( website/s )httpd.conf , apache2.conf /etc/apache2/sites-enabled/customvhost.com or whichever config the Vhost resides…

It is also not uncommon practice to enable .htaccess files to make programmers life easier (allowing the coder to add and remove URL rewrite rules that makes URL pretty and SEO friendly, handle website redirection or gives live to the framework like it is the case with Zend PHP Framework).

However though having the possibility to get the advantages of dynamically using .htaccess inside site DocRoot or site's subdirectories is great for developers it is not a very good idea to have the .htaccess turned on Production server environment.

Having

AllowOverride All

switched on for a directory in order to have .htaccess enabled, makes the webserver lookup for .htaccess file and re-read its content dynamically on each client request.
This has a negative influence on overall server performance and makes Apache preforked childs or workers (in case of mpm-worker engine used) to waste time parsing .htaccess file leading to slower request processing.

Normally a Virtualhost with enabled .htaccess looks like so:

<VirtualHost 192.168.0.5:80>
ServerName your-website.com:80 …
DocumentRoot /var/www/website
<Directory /var/www/website>
AllowOverride All …
</Directory> …
</VirtualHost>

And VirtualHost configured to keep permanently loaded mod_rewrite .htaccess rules in memory on Apache server start-up.
 

<VirtualHost 192.168.0.5:80>
ServerName your-website.com:80 …
DocumentRoot /var/www/website
<Directory /var/www/website>
AllowOverride None
Include /var/www/website/.htaccess …
</Directory> …
</VirtualHost>

Now CMS uses the previous .htaccess rules just as before, however to put more rewrite rules into the file you will need to restart webserver which is a downside of using rewrite rules through the Include directive. Using the Include directive instead of AllowOverride leads to 7 to 10% faster individual page loads.

I have to mention Include directive though faster has a security downside because .htaccess files loaded with Include option (uses mod_include) via httpd.conf doesn't recognize <Directory> … </Directory> set security rules. Also including .htaccess from configuration on Main Website directory, could make any other sub-directories .htaccess Deny / Allow access rules invalid and this could expose site to  security risk. Another security downside is because Include variable allows loading a full subset of Apache directives (including) loading other Apache configuration files (for example you can even override Virtualsthost pre-set directives such as ErrorLog, ScriptAlias etc.) and not only .htaccess standard directives allowed by AllowOverride All. This gives a potential website attacker who gains write permissions over the included /var/www/website/.htaccess access to this full set of VirtualHost directives and not only .htaccess standard allowed.

Because of the increased security risk most people recommend not to use Include .htaccess rules, however for those who want to get the few percentage page load acceleration of using static Include from Apache config, just set your Included .htaccess file to be owned by user/group root, e.g.:

chown root:root /var/www/website/.htaccess

Adding multiple VirtualHosts hosting on fresh installed Debian GNU / Linux

Monday, September 10th, 2012

Nowdays most of my new (fresh) Linux server configurations are installed with Debian Linux.

Through the years I worked with most major GNU / Linux distributions. Though intalling Apache for multiple domain VirtualHost-ing is almost equally easier to set up on all distros I tried, (Slackware, Redhat, Fedora) etc., I found Debian to be most convenient in terms of freqeuent easy updates and general security.

Every time I configure a new host which is supposed to host a dozen of websites with Apache webserver and a DB backend, it is of course necessery to enable the server to have support multiple domain VirtualHosts.

I thought there are people out who look to configure Multiple domains on fresh installed Apache webserver and this how this short post get born.

I will explain hereby in short how I configure VirtualHosts on new Debian Linux servers with fresh installed Apache.

All required to have a working many domains hosted VirtualHosts on Debian is:

1. Have installed Apache serve package

# apt-get --yes install apache2

This would install all packages necessery for VirtualHost-ing.
After apache2 installed the system should have at least this packages present.

# dpkg -l |grep -i apache2
ii apache2-mpm-prefork 2.2.16-6+squeeze7 Apache HTTPServer - traditional non-threaded model
ii apache2-utils 2.2.16-6+squeeze7 utility programs for webservers
ii apache2.2-bin 2.2.16-6+squeeze7 Apache HTTPServer common binary files
ii apache2.2-common 2.2.16-6+squeeze7 Apache HTTPServer common files
ii libapache2-mod-php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripting language (Apache 2 module)

Nowadays, having enabled mod_rewrite is necessery in almost any website, so the next thing I usually do is enable mod_rewrite webserver module.

# ln -sf /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load
# apache2ctl -k restart

By default there is an index.html page containing the annoying phrase It Works!

I really dislike this default page and many times I start configuring a server, I wonder how to remove it; if you’re like me before doing anything other I advice you edit /var/www/index.html to change it to Coming Soon or just substitute the file with some nice looking Coming Soon page (custom page) …

Once this is done, I proceed adding as many Virtualhosts as I need with the respective Virtualhost names. To Do so on Debian, just create new Vhost config files in files /etc/apache2/sites-available/yoursite.com, /etc/apache2/sites-available/yoursite1.com etc.br />
Before creating any other VHosts, I usually edit the main webserver VirtualHost which is located in /etc/apache2/sites-available/000-default, there in the VirtualHost section normally need to add proper:

ServerName and ServerAlias variables as well as change DocumentRoot to whatever the default server host Virtualhost directory will be.

An example of 000-default Vhost config I do looks like so:

<VirtualHost *>ServerName server-main-host-name.com
ServerAlias www.server-main-host-name.com server-main-host-name.com
DocumentRoot /var/www
....
</Virtualhost>

Onwards add the same ServerName server-main-host-name.com as a new line in /etc/apache2/apache2.conf config

Now for those not too unfamiliar with VirtualHost types, it is useful to say there are two ways of VirtualHosts:

  • IP Based VirtualHost
  • and

  • Host Based VirtualHosts

IP Based VirtualHosts are added by using Apache directive syntax:

<VirtualHost 192.168.0.2:80>
ServerName ....
ServerAlias ....
</VirtualHost>

whether Host Based VirutalHosts are added by using in config file, the IP address on which the respective Vhost will reside:

<VirtualHost *>
ServerName ....
ServerAlias ....
</VirtualHost>

Host Based VirtualHosts directive syntax can be either in form:

a)Virtualhost *
or
b) Virtualhost port_number (Virtualhost 80, VirtualHost 90) etc.

If a host is configured with directive <VirtualHost *>, this means it will listen for incoming connections on any port Apache is configured to listen on, whether if used with a concrete port number it will only enable VirtualHosts for whole Apache server on the concrete port.

Based on the configuration, VirtualHost 80 or Virtualhost *, the variable which will enable globally on the Apache server multiple VirtualHosts has to be modified e.g.:
Whether VirtualHost with port number is configured <VirtualHost 80>, NameVirtualHost 80 should be used or otherwise NameVirtualHost *

Once you choose the type of Virtualhost-ing, just continue on adding the VirtualHosts …
In the first created VirtualHost config file, let’s say /etc/apache2/sites-available/first-virtualhost.com

NameVirtualHost * has to be added as first line in file; in other words the file content should look similar to:

NameVirtualHost *
<VirtualHost*>
ServerAdmin hipo_aT_pc-freak.net AddDefaultCharset UTF-8 DocumentRoot /var/www/ ServerName pc-freak.net ServerAlias www.pc-freak.net....
</VirtualHost>

The same steps has to go for all domain names in separate files except the variable NameVirtualHost * should not be added in the rest of new created Vhosts.

Many of the new configured Debian + Apache servers does not require support for SSL, therefore where SSL support is not necessery I prefer disabling it.
To do so it is necessery to comment out everything dealing with Secure Socket Layer in /etc/apache2/ports.conf, as of time of writting lines to comment are:

<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>

How to list enabled VirtualHosts in Apache on GNU / Linux and FreeBSD

Thursday, December 8th, 2011

How Apache process vhost requests picture, how to list Apache virtualhosts on Linux and FreeBSD

I decided to start this post with this picture I found on onlamp.com article called “Simplify Your Life with Apache VirtualHosts .I put it here because I thing it illustrates quite well Apache’s webserver internal processes. The picture gives also a good clue when Virtual Hosts gets loaded, anways I’ll go back to the main topic of this article, hoping the above picture gives some more insight on how Apache works.;
Here is how to list all the enabled virtualhosts in Apache on Debian GNU / Linux serving pages:

server:~# /usr/sbin/ apache2ctl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:* is a NameVirtualHost
default server exampleserver1.com (/etc/apache2/sites-enabled/000-default:2)
port * namevhost exampleserver2.com (/etc/apache2/sites-enabled/000-default
port * namevhost exampleserver3.com (/etc/apache2/sites-enabled/exampleserver3.com:1)
port * namevhost exampleserver4.com (/etc/apache2/sites-enabled/exampleserver4.com:1)
...
Syntax OK

The line *:* is a NameVirtualHost, means the Apache VirtualHosts module will be able to use Virtualhosts listening on any IP address (configured on the host), on any port configured for the respective Virtualhost to listen on.

The next output line:
port * namevhost exampleserver2.com (/etc/apache2/sites-enabled/000-default Shows requests to the domain on any port will be accepted (port *) by the webserver as well as indicates the <VirtualHost> in the file /etc/apache2/sites-enabled/000-default:2 is defined on line 2 (e.g. :2).

To see the same all enabled VirtualHosts on FreeBSD the command to be issued is:

freebsd# pcfreak# /usr/local/sbin/httpd -S VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server pc-freak.net (/usr/local/etc/apache2/httpd.conf:1218)
port 80 namevhost pc-freak.net (/usr/local/etc/apache2/httpd.conf:1218)
port 80 namevhost pcfreak.afraid.org (/usr/local/etc/apache2/httpd.conf:1353)
...
Syntax OK

On Fedora and the other Redhat Linux distributions, the apache2ctl -S should be displaying the enabled Virtualhosts.

One might wonder, what might be the reason for someone to want to check the VirtualHosts which are loaded by the Apache server, since this could be also checked if one reviews Apache / Apache2’s config file. Well the main advantage is that checking directly into the file might sometimes take more time, especially if the file contains thousands of similar named virtual host domains. Another time using the -S option is better would be if some enabled VirtualHost in a config file seems to not be accessible. Checking directly if Apache has properly loaded the VirtualHost directives ensures, there is no problem with loading the VirtualHost. Another scenario is if there are multiple Apache config files / installs located on the system and you’re unsure which one to check for the exact list of Virtual domains loaded.

Running VirtualHosts under separate user ids (uid) and group ids (gid) on Debian Lenny (Apache 2.2.x) – A substitute alternative to suphp with Apache MPM-itk

Friday, February 19th, 2010

Before we start it might be a good idea to check out apache-mpm-itk’s officialhomepage to get a general idea of what apache mpm-itk is.
So please visit Apache2-mpm-itk’s homepage here
Now let’s continue with the installation;

1. Install Apache2-mpm-itk

# apt-get install apache2-mpm-itk

2. Configure Apache2-mpm-itk
In order to configure Apache-MPM-ITK we have to do it for each of the configuredVirtualHosts, e.g. no global options are required.
There is only one configuration Directive that has to be included in each and every Virtualhost configured in your Apache.
This is the AssignUserId and takes two parameter, (user name and group name), this are the user name andgroup name that the files on the specified virtualhosts will be executed as.

3. Here is an example on how to configure it for the default Apache virtualhost and the “example” user and group id.

<IfModule mpm_itk_module>
AssignUserId web1_admin web1
</IfModule>

So for instance edit vim /etc/apache2/sites-available/default and place there;


<IfModule mpm_itk_module>
AssignUserId web1_admin web1
</IfModule>

4. Last step is to restart Apache for the new VirtualHost configuration to be preloaded.

# /etc/init.d/apache2 restart

The End 🙂

Solution to a problem with VirtualHosts on Debian Lenny (Default Virtualhost opening by default overwritting the rest of the configured VirtualHosts)

Wednesday, February 17th, 2010

Configuring some Virtualhosts on a Debian server I administrate has led me to a really shitty problem. The problem itself consisted in that nomatter what kind of the configured VirtualHosts on the server I try to access the default one or the first one listed among Virtualhosts gets accessed. Believe me such an Apache behaviour is a real pain in the ass! I went through the VirtualHosts configurations many without finding any fault in them, everything seemed perfectly fine there. I started doubting something might prevent VirtualHosts to be served by the Webserver. Therefore to check if VirtualHosts configurations are properly loadedI used the following command:

debian-server:~# /usr/sbin/apache2ctl -S

Guess what, All was perfectly fine there as well. The command returned, my webserver configured VirtualHosts as enabled (linked) in: /etc/apache2/sites-enabled I took some time to ask in irc.freenode.net #debian channel if somebody has encountered the same weirdness, but unfortunately noobody could help there. I thinked over and over the problem and I started experimenting with various stuff in configurations until I got the problem.

The issue with non-working Virtualhosts in Debian lenny was caused by;
wrong NameVirtualHost *:80 directive
It’s really odd because enabling the directive as NameVirtualHost *:80 would report a warning just like there are more than one NameVirtualHost variable in configuration, on the other hand completely removing it won’t report any warnings during Apache start/restart but same time VirtualHosts would still be non-working.

So to fix the whole mess-up with VirtualHosts not working I had to modify in; my /etc/apache2/sites-enabled/000-default as follows;

NameVirtualHost *:80 changes toNameVirtualHost *

The rest of the Virtualhost stays the same;
This simple thing eradicated the f*cking issue which tortured me
for almost 3 hours! ghhh

Apache Warn NameVirtualHost *:80 Has No VirtualHosts Error on Start

Tuesday, February 16th, 2010

This is annoying error which occurs when you try to start, restart or
check apache configuration.
This error is caused by duplicate NameVirtualHost entries. In my case in Debian.
I had to comment it in /etc/apache2/ports.conf . Apparently,

NameVirtualHost *:80

was mentioned twice in my overall Apache configuration files.
I should note that this is just a warning so Apache will be working just fine, even when the error appears on Apache start-up.

Configuring varnishd to log client IP addresses in Apache log

Wednesday, February 3rd, 2010

I realized today, that because my varnish serves incoming connections to my
apache port a really annoying problem appears.
I mean in my httpd-access.log everytime I get some visit from the Net, the
incoming IP address logged in the Apache log is originating from 127.0.0.0
e.g. (localhost). That’s a real pain in the ass, cause it prevents me from
adequately tracking visitors countries and their networks.
Therefore to fix that and configure varnish to always log my original visitors
IPs to the apache log I had to follow instructions described in.
How can I log the client IP address on the backend? in the Varnish Cache FAQ

Here I will include step by step explanation how I practically implemented
the solution as explained in the FAQ on my FreeBSD.

First I had edit:
/usr/local/etc/varnish/default.vcl
The following is currently my default.vlc file content:
backend default {.host = "127.0.0.1";.port = "8080";}sub vcl_recv {# Add a unique header containing the client addressremove req.http.X-Forwarded-For;set req.http.X-Forwarded-For = client.ip;# [...]}
Next I had to add:
varnishd_config="/usr/local/etc/varnish/default.vcl"
to my /etc/rc.conf
And then modify my:
/usr/local/etc/apache2/httpd.conf
and include:
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" varnishcombined
as well as:
CustomLog /var/log/httpd-access.log varnishcombined
to all my VirtualHosts.

Finally it’s required to restart both varnishd and apache
pcfreak# /usr/local/etc/rc.d/varnishd restartpcfreak# /usr/local/etc/rc.d/apache2 restart

That’s all folks!