« Back to list view

Apache Cheatsheet (htaccess, htpasswd)

htpasswd

  • sudo htpasswd -c /etc/apache2/example.htpasswd myusername
  • vi /etc/apache2/sites-available/example.conf 
    •     <Directory "/var/www/html">
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/example.htpasswd
        Require valid-user
    </Directory>
  • apache2ctl restart

htaccess

basic auth

But except from two IPs

  • sudo htpasswd -c /home/myusername/public/.htpasswd
  • <If "%{REMOTE_ADDR} != '1.1.1.1' && %{REMOTE_ADDR} != '2.2.2.2'">
  AuthType Basic
  AuthName "Please login"
  AuthUserFile "/home/myusername/public/.htpasswd"
  Require valid-user
</If>

Temporary Maintenance

  ErrorDocument 503 "Our website is temporarily closed for maintenance..."
  RewriteEngine On
  RewriteRule .* - [redirect=503,last]

Temporary Maintenance with Admin Access

    ErrorDocument 503 "Our website is temporarily closed for maintenance..."          RewriteEngine on
    RewriteCond %{REMOTE_ADDR} !^80\.110\.176\.152$
    RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
    RewriteRule .* - [redirect=503,last]

Or with a maintenance page: https://css-tricks.com/snippets/htaccess/temporary-maintenance-using-mod_rewrite/

Permanent Redirect

Hard redirect

Redirect permanent / http://www.example.com/

(Seems to have problems with subpages: www.one.com/uno.php is redirected to www.two.comuno.php)

Redirect all (sub-)pages to a single new page

<VirtualHost *:80>
  ServerName www.old-name.com
  ServerAlias www.old-name2.com

  RewriteEngine On
  RewriteRule /.* http://www.new-name.com
</VirtualHost>

Preserve subpage

<VirtualHost *:80>
  ServerName www.old-name.com

  RewriteEngine on
  RewriteCond %{HTTP_HOST} ^www\.old-name\.com$ [NC]
  RewriteRule ^(.*)$ http://www.new-name.com$1 [R=301,L]

</VirtualHost>

Redirect to HTTPS

<VirtualHost *:80>
  ServerName www.example.com

  RewriteEngine On
  # This will enable the Rewrite capabilities

  RewriteCond %{HTTPS} !=on
  # This checks to make sure the connection is not already HTTPS

  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
  # This rule will redirect users from their original location, to the same location but using HTTPS.
  # i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
  # The leading slash is made optional so that this will work either in httpd.conf
  # or .htaccess context


  # Alternative which seems to work better for iPhones?
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

Force SSL

<Directory /your/path>
        SSLRequireSSL
</Directory>

Redirect only base dir

RewriteEngine On
RedirectMatch 301 ^/$ /horde/

NameVirtualHost

On recent Ubuntu the "NameVirtualHost" directive goes into /etc/apache2/ports.conf:

NameVirtualHost *:80
NameVirtualHost *:443

Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to 
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Reverse Proxy For Seamless Migration

  • a2enmod proxy_http
<VirtualHost *:80>
ServerName YOUR_SERVER_DOMAIN
ProxyPreserveHost On
ProxyPass / http://YOUR_NEW_SERVERS_IP_ADDRESS/
ProxyPassReverse / http://YOUR_NEW_SERVERS_IP_ADDRESS/
</VirtualHost>
  • apache2ctl stop
  • apache2ctl start
    • Note: a hard "stop/start" cycle seems to be necessary for proxy module

Restrict to IP

        <Location />
          Order deny,allow
          Deny from all
          Allow from 91.119.195.37
          Allow from 127
        </Location>

Protect a subdirectory/path

Example: password protect /admin/...

Options +FollowSymLinks +ExecCGI

AuthUserFile /var/www/app/public/.htpasswd
AuthGroupFile /dev/null
AuthName "Login required!"
AuthType Basic

SetEnvIf Request_URI .* noauth
SetEnvIf Request_URI /admin/* !noauth

# Require environment "noauth" or a valid (=authenticated) user
<RequireAny>
  Require env noauth
  Require valid-user
</RequireAny>

 

Performance

http://www.tecmint.com/monitor-apache-web-server-load-and-page-statistics/

  • apache2ctl fullstatus

https://askubuntu.com/questions/239631/how-can-i-watch-the-current-connections-on-my-apache-webserver

  • apt-get install apachetop
  • apachetop

 

MaxClients

https://fuscata.com/kb/set-maxclients-apache-prefork
https://servercheck.in/blog/3-small-tweaks-make-apache-fly

  • top -> check usual apache "RES" memory usage e.g. 50MB
  • Check mysql mem usage: ps aux | grep 'mysql' | awk '{print $6/1024 " MB";}'
  • MaxClients = (totalmem - mysql - linux reserve) / average apache process size
    Example: (12000 - 500 - 500) / 75 = 146
  • Find out type of MPM:
    • apachectl -V | grep "Server MPM"
    • Example: Server MPM:     ITK -> based on "prefork MPM"
  • vi /etc/apache2/apache2.conf
    • TODO
  • apache2ctl restart

 

Proxy

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

link in german: https://www.netnea.com/cms/apache-tutorial-9-reverse-proxy-einrichten/