Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif
[Wed Nov 01 18:47:08 2023] [error] Unable to configure verify locations for client authentication
[Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line
[Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 185090057 error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
It actually gives us a good clue that at last one component of our cert is invalid/improperl........
[error] (28)No space left on device: Cannot create SSLMutex Apache Solution Linux CentOS Ubuntu Debian Mint
Have you got this error from Apache?
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[error] (28)No space left on device: Cannot create SSLMutex
At first glance it appears that you may be out of disk space but the issue is ipc or interprocess communication.
This will clear out the ipcs processes so things can work, this often happens during high traffic and may be a sign of DDOS.
The command below will fix it, it will list al........
apache2 httpd apache server will not start [pid 22449:tid 139972160445760] AH00052: child pid 23248 exit signal Aborted (6) solution Mint Debian Ubuntu Redhat
If you get this error, it is often because you have configured Apache with modules that weren't actually installed. Eg. you try to load the PHPmodule but didn't actually install the apache2 php module, so the server can't start. In general, this error can often be caused by issues with problematic modules and/or Apache being configured for modules that have not actually be installed (eg. libapache2-mod-php) is missing.
The above results in this less than obv........
How To Setup Python3 in Ubuntu Docker Image for AI Deep Learning
The issue is that Docker images are stripped down, so many tools and even python3 is missing, so you'll have to build or update the actual image yourself.
I assume you have started an image with something like this and that you have the Nvidia Toolkit installed (assuming you are using GPUs). If you're not using nvidia just remove --runtime=nvidia --gpus all.
docker run -it --runtime=nvidia --gpus all ubuntu bash
These works for most images li........
How to install and configure haproxy on Linux Ubuntu Debian
haproxy is one of the best known and widely used Open Source load balancers out there and a strong competitor to nginx.
haproxy is used by many large sites per Wikipedia:
HAProxy is used by a number of high-profile websites including GoDaddy, GitHub,........
Docker Tutorial HowTo Install Docker, Use and Create Docker Container Images Clustering Swarm Mode Monitoring Service Hosting Provider
The Best Docker Tutorial for Beginners
We quickly explain the basic Docker concepts and show you how to do the most common tasks from starting your first container, to making custom images, a Docker Swarm Cluster Tutorial, docker compose and Docker buildfiles.........
Ansible Tutorial - Playbook How To Install From Scratch and Deploy LAMP + Wordpress on Remote Server
1. Let's work from an environment where we can install Ansible on.
If you are using an older version of Linux based on Mint 18 or Ubuntu 16, you may want to get the PPA and get the latest version of Ansible that way:
sudo apt install gpg
sudo add-apt-repository ppa:ansible/ansible
sudo apt update........
How To Install NextCloud on Centos 7 and Centos 8
yum -y install wget unzip
wget https://download.nextcloud.com/server/releases/nextcloud-18.0.2.zip
unzip nextcloud-18.0.2.zip
yum -y install php php-mysqlnd php-json php-zip php-dom php-xml php-libxml php-mbstring php-gd mysql mysql-server
Last metadata expiration check: 0:58:02 ago on Fri 13 Mar 2020 02:12:49 PM EDT.
Dependencies resolved.
===================================================================........
AH01630: client denied by server configuration:
This happens when upgrading to Apache 2.4 from 2.2 or just because you don't have the right permissions set which we'll get into.
You need this in the ........
How To Install OpenProject on Centos 7 Step-by-Step Guide
There are a few caveats that may not be obvious to everyone so I am going to cover them here but keep this in mind before starting.
Before starting install epel or you will be missing tesseract:
yum -y install epel-release
#1) When you specify your SSL certificate with a full path, it really needs to exist where you tell it to (including the default location of /etc/ssl/certs and /etc/ssl/c........
httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load modules/libphp5.so into server: /lib64/libresolv.so.2: symbol __h_errno, version GLIBC_PRIVATE not defined in file libc.s
httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load modules/libphp5.so into server: /lib64/libresolv.so.2: symbol __h_errno, version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference
This is usually caused by a mismatch in OpenSSLversion. Interestingly enough a lot of times if it has happened during an update of your system, or after, usually just restarting httpd........
apache symlinks denied even with followsymlinks
Symbolic link not allowed or link target not accessible: /path/httpdocs/news.html
There are a few reasons that can cause this message and this is for people who have ruled out the basics, eg. your symlinks are enabled and the right permissions are applied (but read on to learn about ownership requirements above the directory in question).
So there are a few key things here that cause Apache not to follow symlinks:........
PHP 7.2, Apache and Centos 7 How To Install
yum install centos-release-scl
yum install rh-php72 rh-php72-php rh-php72-php-mysqlnd
Symlink PHP binary:
ln -s /opt/rh/rh-php72/root/usr/bin/php /usr/bin/php
Symlink Apache and PHP module config:
ln -s /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php72-php.conf /etc/httpd/conf.d/
ln -s /opt/rh/httpd24/root/etc/httpd/conf.modules.d/15-rh-php........
Apache Cannot Start Listening Already on 0.0.0.0
A lot of times busy servers will have this issue and you cannot even force kill -9 the apachectl or httpd process:
[root@apachebox stats]# ps aux|grep httpd
root 1547 0.0 0.2 495452 32396 ? Ds Sep08 3:23 /usr/sbin/httpd
root 3543 0.0 0.0 6448 724 pts/1 S+ 13:11&nbs........
Wordpress overwrites and wipes out custom htaccess rules and changes soluton
cat .htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
I keep reading there is a "# BEGIN WordPress" and a "# END WordPress" in the wordpress htaccess above but there is clearly not.
Even more strange is that my permissions are just 444 (read only).
so i changed it........
Apache htaccess and mod_rewrite how to redirect and force all URLs and visitors to the SSL / HTTPS version
It is really simple using .htaccess with mod_rewrite.
Here is all you need:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://site.com/$1 [R=301,L]
Another more graceful way is to use the %{SERVER_NAME}variable to make it dynamic. Just be careful that the server name will always match what you expect. (eg. if you are doing load balancing or clustering what if the server name may be somethi........
letsencrypt certbot error "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80."
./certbot-auto --apache certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): yourdomain.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yourdomain.com
Cleaning........
PHP Displaying Blank Page on Apache
Almost always the reason will be that the php.so file is missing but also that php.conf is misconfigured.
In the problem machine it is actually PHP7 installed so if you reference PHP5 of course things wil be broken!
Take for example here:
cat /etc/httpd/conf.d/php.conf
#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamica........
[warn] VirtualHost 10.2.5.101:443 overlaps with VirtualHost 10.2.5.101:443, the first has precedence, perhaps you need a NameVirtualHost directive
[root@thetor2017 conf]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers,
lowering MaxClients to 300. To increase........
Howto install ioncube loader to PHP by Zend
First of all download the raw .so file from zend:
Copy the one relevant to your PHPversion to /usr/lib64/php/modules/
eg.:cp ioncube_loader_lin_5.3.so /usr/lib64/php/modules/
Then in your /etc/php.d/ directory create the file:
vi /etc/php.d/zend.ini
zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.3.so
After that restart apache/httpd and you'll be good to go!........
No comments are allowed here Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.15 (CentOS) Server at testdomain.com Port 80........
Apache htaccess Custom ErrorDocument not working properly for root home page 403 Error Issue and Solution
So I have a domain "testdomain.com".
Inside test domain.com's root is the following .htaccess:
Options +FollowSymLinks -Indexes
ErrorDocument 403 /launch/index.html
Order Deny,Allow
Deny From All
Allow From 192.168.1.2
When you visit anything other than root things work fine. Eg. if you visit http://testdomain.com/somedirfile.html
It will show the right error in /launch/........
curl: (35) Unknown SSL protocol error in connection Solution Centos
curl: (35) Unknown SSL protocol error in connection
The main solution is to update curl and nss. If you are having an issue with curl through Apache/PHPyou will need to restart PHPafter.
It's important to remember that this error could mean a lot of things but most often it simply means that curl and openssl may be outdated and only allow newer secure ways of connecting to SSL.
In general here is how you would fix it in most c........
Installing SSL Certificate with Chain Intermediary CA File
Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!).
In the Apache vhost conf for the domain here is what you add:
SSLCACertificateFile /path/to/your/cafile.pem
Here is a full example of an SSL Vhost config in Apache using a CA Certificate file
........
htaccess apache how deny/allow to block or allow by IP address
order deny,allow
Deny From All
Allow From 8.8.8.8
A simple and quick way to improve security by only allowing specific IPs to your web application.
In this case the above allows only the IP 8.8.8.8 to access things and everything else is denied.........
Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/httpd/modules/libphp5.so: cannot open shared object file: No such file or direct
Stopping httpd: [ OK ]
Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/h........
How To Create Apache htpasswd file
This just simply outputs what you need a username and password that can be used to authenticate from .htaccess
htpasswd -nb user password
user:Gnb6uE9Lp4gt2
If you want to write it straight to a file
htpasswd -cb /tmp/somefile.pw user password
How To Use This In .htaccess
AuthUserFile /tmp/somefile.pw
AuthName GetLost!!
AuthType B........
kdenlive titles/text renders as white screen when using .sh script
When using the .sh script the rendering doesn't work after an upgrade of related packages to kdenlive.
kdenlive (kdenlive:amd64 (4:17.04.1+git201705191233~ubuntu16.04.1)) with affine or composite transitions was fine but is now broken during the time of transition it is just a white screen.
The previous version was fine:
kdenlive:amd64 (4:17.04.1+git201705191233~ubuntu16.04.1
But now I can't find it or install it:........
Apache SSL very slow response with Firefox Freezes/Loads Very slow when checking self-signed SSL certificate
I was sure this was a Centos bug with OpenSSL, Apache, MySQL or even PHP. I tried everything but nothing helped. One clue is that if you check the Apache logs you will see nothing in the access logs until minutes later (this means Firefox has not even passed your request to the remote Apache/htttpd server).
When even accepting the invalid certificate message that would show up minutes later when trying to "View the Certificate" Firefox would freeze. This bu........
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution
Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
How can you fix it and do it properly?
Step 1.) Make a new Private KeyCreate server pass key:........
phpBB3 slow and internal dummy connection
Using Apache 2.2 and PHP5.6 PHPBB3 is very slow to respond. Actually for some reason it takes so long to even register a log entry in access_log as in several seconds or a few minutes later it shows up in Apache. All other vhosts and Apache access stops working and freezes until the request to access PHPBB3 slowly completes.
It seems to randomly be slow if you stop using it whether for posting or reading the forums. I've migrated to different machines including........
check if Apache uses worker MPM or prefork MPM
apachectl -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
It is "prefork.c" so in httpd.conf these settings are what you would use (if you use worker.c it won't have any impact):
StartServers 2
MinSpareServers 5
MaxSpareServers&nb........
How to Execute PHP in .html files with Apache in Linux Centos/Debian/Ubuntu etc
Add this to the .htaccess file
#right/working:
AddType application/x-httpd-php .html .htm
#wrong (won't work in many cases):
AddHandler application/x-httpd-php5 .html .htm........
Centos 5 OpenSSL does not support TLS 1.2 Apache Error
[Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down
[Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert'
[Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled
[Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
How to Properly Secure SSL/TLS Apache Settings against Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST CRIME
Many users still are not aware but simply patching OpenSSL does not secure you against many known and easy to exploit attacks that will render your encryption useless by an attacker.
Use the following setings in /etc/httpd/conf.d/ssl.conf
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !........
apc_shm_attach: shmat failed: in Unknown on line 0 & apc_shm_create: shmget(0, 67108864, 914) failed PHP Solution
PHP Fatal error: PHP Startup: apc_shm_create: shmget(0, 67108864, 914) failed: Invalid argument. It is possible that the chosen SHM segment size is higher than the operation system allows. Linux has usually a default limit of 32MB per segment. in Unknown on line 0
PHP Fatal error: PHP Startup: apc_shm_attach: shmat failed: in Unknown on line 0
This error is not at all fun because it actually prevents Apache/httpd from starting or working at all. It will........
Apache Log Error Message when starting
Usage: geoiplookup [-h] [-?] [-d custom_dir] [-f custom_file] [-v] [-i] [-l]
Usage: geoiplookup [-h] [-?] [-d custom_dir] [-f custom_file] [-v] [-i] [-l]
grep: Address: No such file or directory
grep: not: No such file or directory
grep: found: No such file or directory
sh: -c: line 1: syntax error near unexpected token `|'
sh: -c: line 1: `|cut -d ',' -f 2'
........
Apache Centos Stopping httpd: [ OK ] Starting httpd: [Wed Jun 29 19:29:44 2016] [warn] _default_ VirtualHost overlap on port 80, the first has precedence [Wed Jun 29 19:29:44 2016] [warn] _default_ Virtual
Stopping httpd: [ OK ]
Starting httpd: [Wed Jun 29 19:29:44 2016] [warn] _default_ VirtualHost overlap on port 80, the first has precedence
[Wed Jun 29 19:29:44 2016] [warn] _default_ VirtualHost overlap on........
HTML files in Apache still displaying as raw text even with DefaultType, ForceType etc.
There was only one solution here and it was the following:
edit /etc/httpd/conf/httpd.conf
Comment the lines for the Mime Magic Module:
# MIMEMagicFile /usr/share/magic.mime
# MIMEMagicFile conf/magic
*Don't forget to restart Apache and clear your browser cache twice
I was using DefaultType and ForceType a........
Cannot load /etc/httpd/modules/mod_file_cache.so into server: /etc/httpd/modules/mod_file_cache.so:
Stopping httpd: [FAILED]
Starting httpd: httpd: Syntax error on line 73 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_file_cache.so into server: /etc/httpd/modules/mod_file_cache.so: cannot open shared obje........
Apache SSL Reverse Proxy Very Slow Solution
This is a simple fix but not a simple problem and it still doesn't make sense to me.
But in a nutshell if your target proxy server works fast when accessing directly over SSL then this may be your issue.
It seems SSL does not play nicely when the target proxy destination/host has a riduculously long key (such as 8192 bits long). Now this is normally not a problem, in fact the target server could be accessed with hardly any delay directly despite such a long key.........
Apache Vhost HowTo Serve Same Content using a different domain and IP
There are a few ways of doing this and all basically involve using the reverse proxy or "ProxyPass" feature of Apache to accomplish it.
1.) Create a normal vhost and simply symlink the root directory of the site you want to mirror.
Eg. originalsite.com and newsite.com
/vhosts/originalsite.com/httpdocs
You would symlink like this:
ln -s /vhosts/originalsite.com/httpdocs vhosts/originalsite.com/........
Redirect www host to non-www Linux Apache modrewrite
The below forces all request to your domain to go to the main non-www root domain.
Updated code:
RewriteCond %{HTTP_HOST} !=domain.com
RewriteRule ^(.*)$ https://newurl.com/subdir/$1 [R=301,L]
If you don't want it to go to a subdirectory:
RewriteCond %{HTTP_HOST} !=domain.com
RewriteRule ^(.*)$ https://newurl.com/$1 [R=301,L]
Bad code:
This code is bad beca........
Force SSL for all URLs Apache htaccess modrewrite
The best way is as below in .htaccess using modrewrite, any request that is not SSL will be redirected to https://domain.com and the exact same URL
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]........
Location of cPanel apache access logs
It is very handy to remember this and nice that the logs for all domains are in a central location:
/usr/local/apache/domlogs........
Installing zoneminder on Ubuntu/Debian Linux Howto
sudo apt-get install zoneminder
[sudo] password for one:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libuser-perl python-evince kdebase-apps kwrite unixodbc
libgnomeprint2.2-data python-soappy vgabios python-metacity hddtemp
python-mediaprof........
Unable to configure RSA server private key SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key
[Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
The above is an accurate description of what is wrong.
In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
Error code: ssl_error_rx_record_too_long
An error occurred during a connection to site.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
When the above happens in our experience it is a misconfiguration of........
CPanel Link to all of the command line options
CPanel says you can access 98% of the functions through CLI which experienced Unix/Linux admins prefer for simplicity and for scripting. I've never found CPanel easy to use from the admin panel, it seems everything is hard to find and a simple task becomes a series of hunts.
So for people like me here's the list: http://cpanel.net/system-administrators/command-line-scrip........
How to update Open Office in Ubuntu/Debian if your repository is outdated or no longer supported
http://sourceforge.net/projects/apacheoo-deb/files/debian/dists/wheezy/main/binary-i386/
To install AOO on your computer, you need to add the following entry to the /etc/apt/sources.list file:
deb http://downloads.sourceforge.net/project/apacheoo-deb/debian wheezy main
sudo apt-get update && sudo apt-get install openoffice-en* openoffice-brand-writer openoffice-brand-calc openoffice-brand-impress openoffice-brand-base open........
CPanel Apache httpd won't start solution: Starting httpd: Syntax error on line 2 of /etc/httpd/conf/httpd.conf: Invalid command 'Alias', perhaps misspelled or defined by a module not included in the server configuration
root@hkhosting [/]# service httpd start
Starting httpd: Syntax error on line 2 of /etc/httpd/conf/httpd.conf:
Invalid command 'Alias', perhaps misspelled or defined by a module not included in the server configuration
........
/usr/local/cpanel/bin/apache_conf_distiller 100% cpu
On some CPanel installs we see complaints of "/usr/local/cpanel/bin/apache_conf_distiller" causing 100% cpu usage without any solution.
Killing the process causes it to spawn again, actually it seems it tends to spawn multiple processes itself.
Restarting CPanel itself is a temporary but not permanent solution.........
[emerg] (28)No space left on device: Couldn't create accept lock (/etc/httpd/logs/accept.lock.15449) (5) solution
[Wed Jan 08 18:50:07 2014] [emerg] (28)No space left on device: Couldn't create accept lock (/etc/httpd/logs/accept.lock.15449) (5)
This may happen when trying to restart Apache and you find it dies right after starting and check /var/log/httpd/error_logs.
What is the cause of this?
You could be out of disk space (if you're not then see #2 and below)
You're out of Semaphores, you need to kill all the old ones.........
Howto Execute PHP from within an HTML or other file with an htaccess file on Apache
Add this to a new ".htaccess" file inside the directory where the .html resides:
AddType application/x-httpd-php .php .html........
CPanel Log File Locations for access_log,error_log, mysql
All Errors (CPanel does not report by domain, but puts everything in a single log which Ithink is a bit silly and annoying):
/usr/local/apache/logs/error_log
Access_Logs
They are found within the home directory of the site user eg.:
/home/admin/access-logs/yoursite.com
MySQL Logs
/var/lib/mysql/yourhostname.err........
VBulletin Enhanced Captcha / RegSecure not showing/working images solution.
This happened after a customer migrated their hosting and the issue was being unable to access PHP sessions.
Warning: session_start(): open(/var/lib/php/session/sess_3e0oms763m6mrqekdnnmodlhs3, O_RDWR) failed: Permission denied (13) in /register.php(202) : eval()'d code on line 1
Solution:(use the correct ownership/permissions)
chown apache.apache -R /var/lib/php........
Show Directory/File Listing in httpd/Apache Howto with htaccess
Add this to htaccess:
Options +Indexes
After that people will be able to browse files and directories of your site.........
Apache SNI is not needed what is the issue?
Iread this article and still don't understand the issue.
If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate.
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :)
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
B........
PHP Security - Enable Safe Mode to increase security
Everyone should be running with safe_mode on in /etc/php.ini (on Centos) as it makes exploiting your system more difficult is PHPcan't execute anything on the system if a script is exploited.
For example with Safe_Mode on the only executable files on the system are ones in the safe_mode_exec_dir = /safephp
This is crucial, if you must execute anything from PHPthen you have to copy the binary and assign to the user that Apache runs your site under.&........
PHP5 Centos 6 displays part of code from PHP file for some scripts
PHP5 Centos 6 displays part of code from PHP file for some scripts
Solution
edit /etc/php.ini change short_open_tag = Off to:
short_open_tag = On
Then restart Apache and it should be resolved (assuming the scripts failing used )
........
CPanel suhosin install failed
/scripts/phpextensionmgr install PHPSuHosin
Updating md5sum list
Fetching http://httpupdate.cpanel.net/cpanelsync/easy/targz.yaml (connected:0).......(request attempt 1/12)...Resolving httpupdate.cpanel.net...(resolve attempt 1/65)...
Fetching http://httpupdate.cpanel.net/mirror_addr_list (connected:0).......(request attempt 1/3)......connecting to 74.50.120.123...@74.50.120.123......connected......receiving...100%......request success......Done........
CPanel domain not working properly: http://vps.thedomain.com/domainnotknown.html Solution
The Cause
Basically it's usually because your Cpanel has new IPs and the old IPs it knows are no longer available/working/valid.
The solution is to change the site's IP but you may run into issues for various reasons. Here is what I encountered below.
It redirects there even though public_html is empty and doesn't have any index or htaccess redirect.
---
This issue happened after a CPanel migration, the site is bein........
Execute Local Bash Scripts remotely by SSH
for ip in `cat fixlist.txt`; do
sudo -u apache ssh root@$ip "`cat iptablesrules.sh`"
done
In the above example we are going to execute the commands within the local file "iptablesrules.sh" on all the machines in "fixlist.txt". This is a great way of performing server maintenance in a clustered or cloud environment.........
Apache SSL Change Default SSL Vhost and Listening Port for SSL
vi /etc/httpd/conf.d/ssl.conf
Change the following from "Listen 443" to something like below
Listen 2243
Then find the SSLVirtual Host Context and edit like below (to your new listening port)
##
## SSL Virtual Host Context
##
........
Directadmin Log File Locations
This is a handy link and list of all the relevant Directadmin log files and related servers.
http://help.directadmin.com/item.php?id=11
DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/system.log
/var/log/directadmin/security.log
Apache:........
How to log all PHP based E-mails for abuse
Step #1 - Create Wrapper Script
vi /usr/local/bin/phpsendmail
#!/usr/bin/php
........
Joomla Error - JFolder::create: Could not create directory
JFolder::create: Could not create directory
Plugin Install: Failed to create directory:
This can occur when trying to upload content or when installing themes/templates.
It's usually not a permissions issue per say but doing a 777 (which is very insecure) will fix it. But the real problem solution is that the owner of the files is different than the owner of the Apache process/server.
Eg. if your Apache is running as user "apache........
Error code: sec_error_unknown_issuer Solution Valid SSL Certificate Throwing Error in Firefox
So you've just purchased your SSL cert, renewed it and installed it or maybe you've had it installed and working fine all the time with all other browsers but you've upgraded to a recent version of Firefox and suddenly get the warning "Error code: sec_error_unknown_issuer" error.
This is terrible since if you bought an SSL cert, you are most likely using it for trust purposes for your business and obviously that message will scare away most potential customers.........
Apache Crash Solution Can't Restart Due to Socket In use - (98)Address already in use: make_sock: could not bind to address [::]:80 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting d
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
This will even trip you up if you have a service like monit to save you if httpd crashes. The only way to fix this is to either wait (it's not an option for production situations) or to kill the ghost httpd processes that wouldn't gracefully close:
So........
Apache High CPU Usage Enable Mod_Status Guide Solution - Find Cause of High CPU Usage Script/Domain
mod_status is a great way to track down the source of high CPU usage and to find what vhost/script is the cause of it.
It gives you a live view of bandwith usage, CPU usage, and memory usage broken down by domain/vhost and script/URI.
Enable mod_status
vi /etc/httpd/conf/httpd.conf
ExtendedStatus On
SetHandler server-status
Order Deny,Allow
Deny from all
All........
htaccess modrewrite problem with rewriting url with- dashes solution
I was getting frustrated with trying to write a simple URL like this:
/example-withdash
I used the htaccess code like this:
Rewriterule ^example-withdash$ / [R=301]
I also tried escaping the dash which I thought should have treated it as a literal but that didn't work either:
Rewriterule ^example-withdash$ / [R=301]
But it wouldn't work, apparently the "-" dash means don't substitute,........
phpMyAdmin - Error Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.
The fix for this was setting the correct permissions in /var/lib/php, it needs to be "root.root"
And /var/lib/php/session needs to be "root.apache" to work properly.
After that I was able to login to phpMyAdmin as normal. This whole thing happened because I accidentally changed all of /var/lib to root.root.........
monit example tutorial how to enable status checking and manipulation
You need to enable the httpd daemon with monit to actually view the status and control, it's not only for the web interface since the httpd is theONLY way of controlling monit and viewing the status.
monit monitor all will also reinstate disabled services if they've timed out too much. Just restarting the service will do nothing to re-monitor a service that monit has stopped monitoring due to too many failures.
*Also note that /etc/monit.conf i........
Apache MPM worker vs prefork
find what MPM Apache is using, it will either be using "worker" or "prefork"
apachectl -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
In my case it is "prefork"
vi /etc/httpd/conf/httpd.conf
Find the section that looks like this (by default one will normally exist for prefork and for worker, but in my case I only care a........
Apache Forbidden You don't have permission to access / on this server.
Forbidden
You don't have permission to access / on this server.
[Sun Jan 23 15:28:12 2011] [crit] [client 96.44.31.12] (13)Permission denied: /www/vhosts/domain.com/httpdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Solution
I've done a chmod 755 .htaccess and index.php and restarted Apache
That wasn't the only issue, the issue was the httpdocs direc........
PHP5 & Apache Blank/White Screen/Page PHP won't work
PHP5 & Apache Blank Screen/Page
The PHP package is installed and works from the CLI
Error reporting is enabled
The only way I could get it working was:
rm /etc/php.ini
yum remove php
yum install php-* -x php-pear* -x php-pecl*
Interestingly enough reinstalling php did not bring back the deleted php.ini but everything is working.
........
Failed to save enabled features : The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.
Apache/httpd
Failed to save enabled features : The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.
This is because I never edited the Apache Config and Virtualmin config to reflect my new/current updated structure.........
crontab/cronjob running multiple times at the wrong time
crontab not working
It is running as user Apache
I've tried 0 0 * * * (which means midnight 00:00) and it does run at midnight but also 13:25 for some reason?
25 0 * * * with this it runs at 00:25 but again also at 13:25
Solution - Restart the Cron Service (especially if you changed your time/timezone)
*Update I had a suspicion that changing the timezone a few weeks ago caused this. I restarted lhe cron service and the problem h........
PHP CURL SSL won't work or connect
I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself).
* About to connect() to ip.ip.ip.ip port 25000
* Trying ip.ip.ip.ip... * connected
* Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000
* succes........
How not to change an IP address in CPanel during a migration
/usr/local/cpanel/bin/swapip domain(s)
It simply doesn't work, the Apache VHOSTS remain 100% unchanged, why does this script exist? I'm sure it would work from the control panel but I am locked out because my IP was changed and it doesn't match the CPanel license. I wish CPanel would make it easier to update the license IP.
I even took it a step farther, I manually edited the vhosts and restarted Apache and it........
sed script to automatically update IPs in named/BIND and httpd/Apache
Always make a backup of the original file before trying this, I find this kind of thing when updating IPs etc.. to use a script.
Where the old IP is "192.168.5.8" and the new IP is "10.10.5.8"
sed -i s/192.168.5.8/10.10.5.8/g testdomain.org.db
The -i with sed means "inline" meaning we edit the file directly, but without the -i we could just use >and output the results to another file or do whatever else we wanted.........
Linux Centos/RHEL can't find php/apache/httpd/mysql/ftp/exim/sendmail ?
I wasted a lot of time wondering why I could never find those packages.
Check the /etc/yum.conf file and at the bottom look for the "exclude=" line.
Below is what I found in mine
exclude=apache* httpd* mod_* mysql* MySQL* da_* *ftp* exim* sendmail* php* bind-chroot*
Just remove those entries or uncomment that line and you'll get access to the missing applications.........
CPanel Use /scripts/easyapache to recompile Apache/PHP with different options
I used the "Image Manipulation and Security Options" and let the script do the rest.
/scripts/easyapache
For whatever reason, doing a manual compile of PHPmyself broke everything and I've never seen that before, that's why I resorted to the cheat of easyapache.........
Canel Default VHOST DocumentRoot/Contents Directory is /usr/local/apache/htdocs
This can be very annoying and CPanel doesn't seem to document it, or it's not found or made as obvious as it should be. It's always funny when I find it more difficult to work with a control panel than to do everytihng manually without CPanel or even Plesk.
So once again, the default serve path for contents is: /usr/local/apache/htdocs and this is especially applicable when accessing Apache by just an IP which is unbound to any domain at this point.........
pound a Linux Load Balance and Reverse Proxy
I have played around with Pound a little bit. It is a reverse proxy and load balancer in one, and it can be used as only a reverse proxy if you like. It is very simple to configure as either, and Pound even senses if one of the systems is down and stops sending requests to the dead server.
It supports SSL (but passes the request to the destination server unencrypted) and even the Apache log format. Pound is very simple, fast a........
Enable/Disable PHP Warnings/Logs and Errors from .htaccess with Apache
Put what you see below into your .htaccessand it will enable errors and notices. (change on to off and 1 to 0 to disable though)
php_flag display_startup_errors on
php_flag display_errors on
php_flag html_errors on
Now you'll be able to see errors and notices but this should really only be used for debugging purposes and only temporarily as it can be a security issue since errors can reveal information you wouldn't want hacker........
Process/Parse PHP from HTML files using .htaccess and allowoverride
RemoveHandler .html .htmAddType application/x-httpd-php .php .htm .html Just add the above into the .htaccess file for your website. Also remember that you need to be allowed to override the Apache and this should go into the vhost for your site as shown below:
# you need the AllowOverride otherwise .htaccess directives will be ignoredOptions FollowSymLinksAllowO........
Apache/Mod_SSL not serving the right/expected certificate?
There is actually by default a "Default SSL" vhost that can mess things up for you and can cause surprising and unexpected results.
Default Apache SSL Cert
in /etc/httpd/conf.d/ssl.conf there is a default SSL Virtual Host which screws things up by offering itself instead of the SSL cert I specify in my own vhosts........
Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian
Shortcut/Easiest Way To Create A Self-Signed Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below.
If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
How to avoid web content hijacking/copying/Force content to be accessed by only 1 domain name
This is something that happens a lot and it is very dirty, as you probably know each site is hosted on a certain IP address. Sometimes a domain is hosted by a single IP address and the IP address defaults to this very same domain.
This means that if someone buys domain abcd.com and enters your IP address (the one of your website) as the A record, your content will show up on their domain as if it was their own.
There is an easy way to prevent this by using .htacces........
[error] server reached MaxClients setting, consider raising the MaxClients setting - Apache
Have you ever seen this dreaded message in your Apache/HTTPD /var/log/httpd/error_log?
[error] server reached MaxClients setting, consider raising the MaxClients setting
The error itself is slightly misleading. Ibelieve this happened to one of my servers, I found Apache was running still, and that you could telnet to port 80 but no respnose would be given.
For some reason my error log initially did not have the above error, but after a restart I saw........
Apache Ignoring/Not processing .htaccess file
I was getting very frustrated one day wondering why it appeared my .htaccess file was being ignored and not processed by Apache. No matter what I did it was obvious that Apache didn't care about my .htaccess file. Then I realized that the default settings must be in effect, which is that my vhost didn't explicitly allow me to override the default settings.
This usually comes down to your vhost settings. Make sure you have an entry like this in your Apache vhost settings in........