x83.net » apache http://www.x83.net Tue, 31 Jan 2012 13:53:33 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Plesk 10 nginx reverse proxy configuration in front of Apache http://www.x83.net/plesk-10-nginx-reverse-proxy-configuration-in-front-of-apache/ http://www.x83.net/plesk-10-nginx-reverse-proxy-configuration-in-front-of-apache/#comments Mon, 01 Aug 2011 12:40:14 +0000 Giany http://www.x83.net/?p=769 Plesk 10 nginx reverse proxy configuration

On older Plesk version (

websrvmng –set-http-port –port=8080

Starting with Plesk 10 this is not so easy since you have to edit a php file called /usr/local/psa/admin/conf/templates/default/domain/domainVirtualHost.php. In my case instead of :

domain->physicalHosting->ipAddress->address ?>:server->webserver->httpsPort : $VAR->server->webserver->httpPort ?>>
ServerName "domain->asciiName ?>:server->webserver->httpsPort : $VAR->server->webserver->httpPort ?>"

I’ve set :

 

<VirtualHost <?php echo $OPT['ipAddress']->escapedAddress ?>:<?php echo $OPT['ssl'] ? 8043 : 8080 ?>>
ServerName “<?php echo $VAR->domain->asciiName ?>:<?php echo $OPT['ssl'] ? 8043 : 8080 ?>”


Where 8043 will be the new https port and 8080 will be the http port.

After this change I had to run :

/usr/local/psa/admin/bin/httpdmng –reconfigure-all

Note that this is only for Plesk 10.x. On 9.x we used to have

/usr/local/psa/admin/sbin/websrvmng –reconfigure-all

After this make sure that the Apache server has set in its configuration files (/etc/httpd/conf/httpd.conf) Listen 8080 instead of Listen 80. Same thing for the /etc/httpd/conf.d/ssl.conf file, Listen 8043 instead of Listen 443.

Then you need to install nginx (yum install nginx) and download this zip file that these guys provided http://www.grafxsoftware.com/download/nginx/nginx_setup.zip. Furthermore you can check their http://www.grafxsoftware.com/faq.php/HOW-TO-configure-PLESK-with-NGinx-proxy-reverse/1/1/.

Once downloaded run:

sh generate_nginx_conf.sh

Verify with “nginx -t” that there isn’t any error and finally restart the involved services :

service httpd restart
service nginx restart

Make sure that 8043 and 8080 accept connections. (Note that its not necessary to change the https port).

]]> http://www.x83.net/plesk-10-nginx-reverse-proxy-configuration-in-front-of-apache/feed/ 0 Installing mod_suphp http://www.x83.net/installing-mod_suphp/ http://www.x83.net/installing-mod_suphp/#comments Fri, 22 Apr 2011 22:32:21 +0000 Giany http://www.x83.net/?p=715 Usually if you add a simple VirtualHost and set the DocumentRoot into on /home/ then its possible for some files not to be owned by that (e.g: uploaded images via web interface, php sessions..etc).

A solution for this problem is to install mod_suphp which will make Apache to write in /home/ with permissions. To install mod_suphp :

Download http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar zxvf suphp-0.7.1.tar.gz
cd suphp-0.7.1
yum install httpd-devel
./configure --with-apxs=/usr/sbin/apxs --with-apache-user=httpd --with-logfile=/var/log/httpd/suphp.log --with-setid-mode=paranoid --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-php=/usr/bin/php-cgi --enable-SUPHP_USE_USERGROUP=yes
make
make install
cd /etc/httpd/conf.d/
mv php.conf php.conf.bk

Then create suphp.conf and put in it:

LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php5 .php5 .php4 .php .php3 .php2 .phtml

suPHP_AddHandler application/x-httpd-php5

Then create /etc/suphp.conf and put in it:

; This file is parse anew by suPHP for each request
; rather than being loaded once.

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
; MANDATORY
webserver_user=apache

; Path all scripts have to be in
; This works as a prefix when a trailing slash is not specified.
; e.g. /home will match /home /home2 /home3 etc While /home/ will only match /home/
;
; Changing this to a more specific path will improve security
docroot=/

;Path to chroot() to before executing script
;chroot=/home

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=true
allow_directory_group_writeable=true
allow_directory_others_writeable=true

; Check whether script is within DOCUMENT_ROOT
; Does NOT perform this check on included scripts.
; i.e. include_once("/test3.php"); works even though it's in the root directory
;
; Changing this to true will improve security but make all php userdir requests fail
check_vhost_docroot=false

; Allow the user and group specified by a ~userdir request to override the
; suPHP_UserGroup directive inside the source virtualhost
;
; Changing this to false will improve security but make some types of php userdir
; requests fail
;userdir_overrides_usergroup=true

; suPHP Paranoid mode checks that the target script UID and GID match
; the UID and GID of the user running the script. To disable these
; checks change the following values to false. Without these checks, mod_suphp
; is effectively running in "Force" mode.
;paranoid_uid_check=true
;paranoid_gid_check=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path="/bin:/usr/bin"

;Umask to set, specify in octal notation
umask=0022

; Minimum UID
;min_uid=100

; Minimum GID
;min_gid=100

; Normally suPHP only displays the PHP binary in process lists (ps aux).
; Setting this option to 'true' will cause suPHP to display both the
; PHP binary and the script filename.
;full_php_process_display=true

[handlers]
;Handler for php-scripts
application/x-httpd-php="php:/usr/bin/php-cgi"
application/x-httpd-php4="php:/usr/php4/bin/php-cgi"
application/x-httpd-php5="php:/usr/bin/php-cgi"

;Handler for CGI-scripts
;x-suphp-cgi="execute:!self"

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
;application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php4=/usr/local/php4/lib/
;application/x-httpd-php5=/usr/local/lib/

After this make sure that the VirtualHost contains :



suPHP_UserGroup user user


SuexecUserGroup user user

Also /etc/httpd/conf/httpd.conf should contain:

DirectoryIndex index.html.var index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.jp index.php4 index.php3 index.php index.phtml default.htm default.html home.htm index.php5 Default.html Default.htm home.html

Finally do a service httpd restart

Check /var/log/httpd/suphp.log and error_log for possible errors. In my case I noticed this:

“[Fri Apr 22 14:36:55 2011] [warn] Mismatch between target UID (501) and UID (48) of file “/home/arpart/public_html/index.php”

Which means that some files were not owned by . Use chown -R user.user /home/user to fix the problem.

]]> http://www.x83.net/installing-mod_suphp/feed/ 0 Script to autorestart httpd server if it fails http://www.x83.net/script-to-autorestart-httpd-server-if-it-fails/ http://www.x83.net/script-to-autorestart-httpd-server-if-it-fails/#comments Thu, 18 Jun 2009 06:24:38 +0000 Giany http://www.x83.net/?p=261 I use this script on a cpanel server..if output of pgrep command is 0 then the $restart command is issued

#!/bin/bash
restart=”/scripts/restartsrv_httpd”
pgrep httpd || $restart
exit 0

If its a VPS then I might add to clear the Semaphore Arrays.

for i in `ipcs -s | grep nobody | awk ‘{print $2}’`; do ipcrm -s $i; done

Then I put this script into Cron to run every 5 minutes.

# MIN HOUR DAYOFMONTH MONTH DAYOFWEEK COMMAND
*/5 * * * * /root/checkhttp.sh

]]> http://www.x83.net/script-to-autorestart-httpd-server-if-it-fails/feed/ 0