Tag Archives: apache

Linux ACL examples

Group permissions are NO LONGER related to group. It’s a MASK!

# setfacl -R -m u:apache:rwx html/
# getfacl html/
# file: html/
# owner: root
# group: root
user::rwx
user:alphausr:rwx
user:caesar:rwx
group::r-x
mask::rwx
other::r-x

To remove ACL as this is a temporary user and reinstate alphausr;

cd /var/www/; setfacl -R -b html/; setfacl -R -m u:alphausr:rwx html/


DEFAULT ACL
# setfacl -m d:u:apache:rwx html/

BACKUP
# getfacl -R /var/www/html/ > /root/html.perm

RESTORE (need to be in / )
# cd /
# setfacl –restore=/root/html.perm


ACL for WordPress

APACHE_ROOT=/var/www/vhosts/
SITE=mydomain.com
USERNAME=ftpuser

cd $APACHE_ROOT
setfacl -m d:u:apache:rwx .
setfacl -R -m u:apache:rwx .

find . -type d | xargs chmod 775
find . -type f | xargs chmod 664

chown -R $USERNAME $SITE

getfacl $SITE
# file: document_root
# owner: <username> <<<<<<< check this
# group: root
user::rwx <<<<<<< this
user:apache:rwx <<<<<<< and this 🙂
group::rwx
mask::rwx
other::r-x

Apache loop with WordPress and SSL cert installed on a Cloud Load Balancer

  • Terminate SSL onto the CLB
  • Change the main site URL to use HTTPS in the WordPress configuration
  • Add “SetEnvIf x-forwarded-proto https HTTPS=on” in the vhost configuration
  • add these in wp-config: [OPTIONAL]
    define(‘FORCE_SSL_ADMIN’, false);define(‘FORCE_SSL_LOGIN’, false);
    if (strpos($_SERVER[‘HTTP_X_FORWARDED_PROTO’], ‘https’) !== false)
    $_SERVER[‘HTTPS’]=’on’;


  • a good test to make sure PHP is receiving HTTPS are these lines in a test.php file. If should return “on” if PHP is getting HTTPS properly, or if it returns no value, PHP is not aware it’s being called over HTTPS.

     

PHP test pages

Basic PHP page

 

PHPinfo page

(command line)

php-fpm/users php page check

 

 

Apache not www to www redirects

not www to www

Excluding ‘mysubdomain’

 

Apache MaxClients and ServerLimit on Centos 7 and Ubuntu 14.04

In Apache 2.4 (which is in Centos 7 and Ubuntu 14.04 default) the mpm_worker MaxClients has been replaced with MaxRequestWorkers.

In Ubuntu 14.04 you can see the below in /etc/apache2/mods-enabled/mpm_prefork.conf

In Centos 7 however there is NO configuration for this, which means it’s at the default value of 256 unless set by the user. This also means that StartServers is set by default to 3, MinSpareServers is set to 5, and MaxSpareServers is 10.
To configure Centos and set some limits, you need to edit this file /etc/httpd/conf.modules.d/00-mpm.conf appending the above content.

Always verify with apachectl -t or  httpd -t if all is ok before reloading/restarting Apache.

NOTE1: ServerLimit is not in the default configurations for either Centos 7 or Ubuntu 14.04 which means that if you set MaxRequestWorkers above 256, you must remember to add ServerLimit!

NOTE2MaxConnectionsPerChild set to 0 on Ubuntu 14.04, and 0 is also the default in Centos 7. This means that on both the Apache processes will not expire. This is going to be bad for users who like to set their php memory_limit to 1G!

WordPress Apache ProxyPass

Option 1

Ensure certain traffic goes to a certain server, you can use this:

Option 2

Step One: Configure Environment

We need to setup some environment variables to get this to work correctly.
Add the following to your environment on the slave server(s):

RHEL/CentOS: /etc/sysconfig/httpd

Ubuntu: /etc/apache2/envvars

Step Two: Configure your VirtualHost

In your VirtualHost configuration do something like the following.

APC (php module) and OPcache

PHP5.5 -> If it has Zend OPcache it doesn’t need APC anymore

Look for this:

GUI: https://github.com/amnuts/opcache-gui

/etc/php5/mods-available/opcache.ini or /etc/php5/fpm/conf.d/05-opcache.ini

One liners alternative for apachebuddy


average apache process mem usage

highest process mem usage cd

php-fpm – www pool average

php-fpm – ALL active pools average memory

MANUAL CHECKS (understanding)

-> RSS is the real memory value
-> VSZ is the one that it might reach (important mostly for MySQL)

# Quicker way is to do top and than press ‘>’