Category Archives: Apache

Now is the time to switch to secured connections via SSL. Howto for Apache 2.4

Since a couple of moths Google is using SSL as a ranking signal which means that the use of secured SSL connections will improve the ranking of your page in the Google Serp. Furthermore it will increase the trust in your project if you use SSL connections. Switching to SSL is has never been easier than now. Here a short step-by-step guide which is showing you how to make your website secure.

Step 1: Create your a private and public key

The first thing you have to do to get started with encrypting your website is getting creating a SSL key and a certification request file based on that key. Using Linux this step is very easy. Just execute the following tow commands.

openssl genrsa -out mykey.key 2048
openssl req -new -key mykey.key -out mykey.csr -config req.conf

The directory where you execute the command has also to contain the following req.conf:

[ req ]
default_bits        = 2048
default_keyfile     = mykey.key
distinguished_name  = req_distinguished_name
req_extensions     = req_ext # The extentions to add to the self signed cert

[ req_distinguished_name ]
countryName           = US
countryName_default   = US
stateOrProvinceName   = Colorado
stateOrProvinceName_default = Colorado
localityName          = Denver
localityName_default  = Denver
organizationName          = myproject.com
organizationName_default  = myproject.com
commonName            = www.myproject.com
commonName_max        = 64

[ req_ext ]
subjectAltName          = @alt_names

[alt_names]
DNS.1   = www.myproject2.com
DNS.2   = www.myproject3.com

Important: The [ req_ext ] and [alt_names] sections are only needed if you want to issue a certificate which is valid for multiple domains. Otherwise you can just leave these tow sections out.
Step 2: Now we arrived at the time where you have to issue your SSL certificate. You can either do that for free or get a commercial certificate. The advantage of the latter solution is that these certificates are recognized by all common web-browsers while the free certificates still have some acceptance issues.

A a really good provider of free SSL certificates is CaCert.org. The acceptance of these free SSL certificates will increase with the time so it is definitely worth considering this option. If you decide to get a non-free certificate you might have a look at Namecheap.com or GoDaddy.com to get cheap ones.

The certificates are simply issued after you uploaded your CSR Request file you have created before. If you got your certificate the only thing missing is to correctly setup your Apache Webserver

Step 3: Configure your webserver to use the SSL Certificates
The easiest way to do is to use virtual hosts. Adding the following two configs to your webserver will do both enable SSL and also maintain the normal HTTP connection.

<VirtualHost *:443>

   <Directory "/var/www/html">
      Require all granted
    </Directory>

    DocumentRoot /var/www/html
    ServerName www.mysite.com
    SSLEngine On
    SSLCertificateFile /etc/httpd/conf.d/ssl.key/cert.crt
    SSLCertificateKeyFile /etc/httpd/conf.d/ssl.key/djvupdf.key
    SSLCACertificateFile /etc/httpd/conf.d/ssl.key/cert.ca-bundle
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot /var/www/html
    ServerName www.mysite.com

   <Directory "/var/www/html">
      Require all granted
   </Directory>
</VirtualHost>

The files cert.crt and cert.ca-bundle will be provided by your certification authority after the transaction has been completed.

Step 4: Solving SEO issues and testing your SSL configuration
Now you are done already. Your server is reachable via secured connections now. You can test if your SSL configuration is up-to-date at the following site:

https://www.ssllabs.com/ssltest/

If you get an A+ to A- there you are completely fine.

In case you did not disable the normal HTTP connection to your server there is a little issue with duplicate content you should solve. Search engines do not like duplicate content therefore you should tell them which is the preferred version of your site. This can be done easily by including the so-called canonical tag to the header section of your pages and setting it to the https:// URL of the particular page. This will fix those issues. Make sure, that the URL is exact!

A example how this looks like is the following line. Make sure to put it in the head section:

<link rel="canonical" href="https://www.go4epub.com/" />

Host WordPress using Apache 4.2

Want to host your own WordPress installation with a recent version of the apache webserver (e.g. apache 4.3). Here you find everything you need. If you have been upgrading from an older apache version there might be a little obstacle you have to get around but with the directory permissions which is already perfectly fixed in the code sample below. Setting up WordPress is really easy. Here all the steps needed:

1. Download WordPress from WordPress.org

2. Unpack the Zip Archive you just have downloaded and put it into the document root of your webserver

3. Create a virtual host for your new apache installation.

To create the virtual host you simply have to put the following code snippet into your httpd.conf. In the following example the blog has been unpacked in the directory /var/www/myblog

<VirtualHost *:80>
 
      DocumentRoot /var/www/mydailyhacks
 
      ServerName www.mydailyhacks.org
      ServerAlias mydailyhacks.org *.mydailyhacks.org
 
      <Directory "/var/www/mydailyhacks/">
            Require all granted
            Options FollowSymLinks
            AllowOverride Limit Options FileInfo
            DirectoryIndex index.php
      </Directory>
 
</VirtualHost>

Make sure that you use all the directory setting exactly as they show up here, otherwise you will run in trouble.

4. The last step before you can activate your blog is setting up a MySql data base which can be used by wordpress. This is a lot easier than it sounds. Assuming you are running linux you have to make sure that the mysql-server is installed. In Fedora, Centos etc. you can achieve this by typing

yum install mysql-server
/sbin/service mysqld start

5. Now you only have to set up a new user and (in the example for simplicity the root user is used) and create the database for your WordPress install.

mysqladmin -u root password 'mypassword'
mysql -u root -pmypassword
CREATE DATABASE wordpress;

5. Just contact your virtual server now under the address you defined in step 3. The automatic setup interface for your new blog will show up. Enter wordpress at database name and also enter the username and password which have been defined before.

Thats it! Enjoy your new self-hosted blog!

How to set up a Load Balancer with Apache in 5 Minutes

True, there are professional tools for Load Balancing like the HAP Proxy which are used by big enterprises in the web. However, for small-scale until medium scale users such a high end tool may be a bit of an overhead. Instead one could think of using the build-in load balancing features of the apache webserver. They are really easy to set up and full-fill basic requrirements. A simple setup looks like follows

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED

<Proxy balancer://mycluster>
                # WebHead1
                BalancerMember http://node1:80/ route=1 loadfactor=4
                # WebHead2
                BalancerMember http://node2:80 route=2 loadfactor=6

               # Security "technically we aren't blocking
                # anyone but this the place to make those
                # chages
                Order Deny,Allow
                Deny from none
                Allow from all

                # Load Balancer Settings
                # We will be configuring a simple Round
                # Robin style load balancer.  This means
                # that all webheads take an equal share of
                # of the load.
                ProxyPreserveHost On
                ProxySet lbmethod=bybusyness
                #ProxySet lbmethod=byrequests
                ProxySet stickysession=ROUTEID
 </Proxy>

In this case the load balancer is thought to produce use sticky sessions which is achieved by a cookie. If you want to achive really persistent session you might think just setting the expiration date of your cookie far in the future. An example you can find here. The load-factor simply defines a weight for the particular node.

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; Expires=Tue, 15-Jan-2019 21:47:38 GMT; path=/" env=BALANCER_ROUTE_CHANGED

There are also other ways to implement stickyness for the Apache Load Balancer. You can find a good overview about them in the apache documentation:

http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html#stickyness_implementation

That is everything you need to know to set up a load balancer using mod balancer and Apache. Hope that helps. Life can sometimes really be easy…

Multiple Domains on one IP Address using Apache Virtual Server

Using Apache Virtual Servers it is easy to make multiple domains point at the same IP address displaying different content. You just have to add the following lines to the file /etc/httpd/conf/httpd.conf and restart apache:

NameVirtualHost *:80

&lt;VirtualHost *:80&gt;
ServerName www.first-domain.com
ServerAlias first-domain.com *.first-domain.com
DocumentRoot /var/www/html
&lt;/VirtualHost&gt;

&lt;VirtualHost *:80&gt;
ServerName www.second-domain.com
DocumentRoot /var/www/samples
&lt;/VirtualHost&gt;


In this setup www.first-domain.com is displaying the content of /var/www/html while www.second-domain.com is displaying the content of /var/www/samples.