Apache Cheatsheet (htaccess, htpasswd)
htpasswd
- sudo htpasswd -c /etc/apache2/example.htpasswd myusername
- vi /etc/apache2/sites-available/example.conf
-
<Directory "/var/www/html"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/example.htpasswd Require valid-user </Directory>
-
- apache2ctl restart
htaccess
basic auth
But except from two IPs
- sudo htpasswd -c /home/myusername/public/.htpasswd
-
<If "%{REMOTE_ADDR} != '1.1.1.1' && %{REMOTE_ADDR} != '2.2.2.2'"> AuthType Basic AuthName "Please login" AuthUserFile "/home/myusername/public/.htpasswd" Require valid-user </If>
Temporary Maintenance
ErrorDocument 503 "Our website is temporarily closed for maintenance..." RewriteEngine On RewriteRule .* - [redirect=503,last]
Temporary Maintenance with Admin Access
ErrorDocument 503 "Our website is temporarily closed for maintenance..." RewriteEngine on RewriteCond %{REMOTE_ADDR} !^80\.110\.176\.152$ RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$ RewriteRule .* - [redirect=503,last]
Or with a maintenance page: https://css-tricks.com/snippets/htaccess/temporary-maintenance-using-mod_rewrite/
Permanent Redirect
Hard redirect
Redirect permanent / http://www.example.com/
(Seems to have problems with subpages: www.one.com/uno.php is redirected to www.two.comuno.php)
Redirect all (sub-)pages to a single new page
<VirtualHost *:80> ServerName www.old-name.com ServerAlias www.old-name2.com RewriteEngine On RewriteRule /.* http://www.new-name.com </VirtualHost>
Preserve subpage
<VirtualHost *:80> ServerName www.old-name.com RewriteEngine on RewriteCond %{HTTP_HOST} ^www\.old-name\.com$ [NC] RewriteRule ^(.*)$ http://www.new-name.com$1 [R=301,L] </VirtualHost>
Redirect to HTTPS
<VirtualHost *:80> ServerName www.example.com RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] # This rule will redirect users from their original location, to the same location but using HTTPS. # i.e. http://www.example.com/foo/ to https://www.example.com/foo/ # The leading slash is made optional so that this will work either in httpd.conf # or .htaccess context # Alternative which seems to work better for iPhones? RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>
Force SSL
<Directory /your/path> SSLRequireSSL </Directory>
Redirect only base dir
RewriteEngine On RedirectMatch 301 ^/$ /horde/
NameVirtualHost
On recent Ubuntu the "NameVirtualHost" directive goes into /etc/apache2/ports.conf:
NameVirtualHost *:80 NameVirtualHost *:443 Listen 80 <IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
Reverse Proxy For Seamless Migration
- a2enmod proxy_http
<VirtualHost *:80> ServerName YOUR_SERVER_DOMAIN ProxyPreserveHost On ProxyPass / http://YOUR_NEW_SERVERS_IP_ADDRESS/ ProxyPassReverse / http://YOUR_NEW_SERVERS_IP_ADDRESS/ </VirtualHost>
- apache2ctl stop
- apache2ctl start
- Note: a hard "stop/start" cycle seems to be necessary for proxy module
Restrict to IP
<Location /> Order deny,allow Deny from all Allow from 91.119.195.37 Allow from 127 </Location>
Protect a subdirectory/path
Example: password protect /admin/...
Options +FollowSymLinks +ExecCGI AuthUserFile /var/www/app/public/.htpasswd AuthGroupFile /dev/null AuthName "Login required!" AuthType Basic SetEnvIf Request_URI .* noauth SetEnvIf Request_URI /admin/* !noauth # Require environment "noauth" or a valid (=authenticated) user <RequireAny> Require env noauth Require valid-user </RequireAny>
Performance
http://www.tecmint.com/monitor-apache-web-server-load-and-page-statistics/
- apache2ctl fullstatus
- apt-get install apachetop
- apachetop
MaxClients
https://fuscata.com/kb/set-maxclients-apache-prefork
https://servercheck.in/blog/3-small-tweaks-make-apache-fly
- top -> check usual apache "RES" memory usage e.g. 50MB
- Check mysql mem usage: ps aux | grep 'mysql' | awk '{print $6/1024 " MB";}'
- MaxClients = (totalmem - mysql - linux reserve) / average apache process size
Example: (12000 - 500 - 500) / 75 = 146 - Find out type of MPM:
- apachectl -V | grep "Server MPM"
- Example: Server MPM: ITK -> based on "prefork MPM"
- vi /etc/apache2/apache2.conf
- TODO
- apache2ctl restart
Proxy
https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
link in german: https://www.netnea.com/cms/apache-tutorial-9-reverse-proxy-einrichten/