Here is summary of definition for both modules from Apache docs.

mod_proxy:

This module implements a proxy/gateway for Apache. It implements proxying capability for FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and HTTP/1.1. The module can be configured to connect to other proxy modules for these and other protocols.

Apache's proxy features are divided into several modules in addition to mod_proxy: mod_proxy_http, mod_proxy_ftp and mod_proxy_connect. Thus, if you want to use one or more of the particular proxy functions, load mod_proxy and the appropriate module(s) into the server (either statically at compile-time or dynamically via the LoadModule directive).

In addition, extended features are provided by other modules. Caching is provided by mod_cache and related modules. The ability to contact remote servers using the SSL/TLS protocol is provided by the SSLProxy* directives of mod_ssl. These additional modules will need to be loaded and configured to take advantage of these features.

mode_vhost_alias:

This module creates dynamically configured virtual hosts, by allowing the IP address and/or the Host: header of the HTTP request to be used as part of the pathname to determine what files to serve. This allows for easy use of a huge number of virtual hosts with similar configurations.

How to host multiple domains/sub-domains on a web-server using Apache Virtual-Hosting (mod_vhost_alias)?

This is another common requirement where we need to host multiple domains or sub-domains on a single web-server, to do if you are using Apache 2.x then just un-comment following line from httpd.conf file if it is commented.

LoadModule vhost_alias_module modules/mod_vhost_alias.so

With Apache 2.x directory structure for go to /apache/conf/extra/httpd-vhost.conf and paste following line of code:

 
 
<VirtualHost *:80>
    DocumentRoot D:/www/digitss.com
    ServerName digitss.com
    ServerAlias www.digitss.com
    ServerAlias digitss.net
    ErrorLog logs/digitss.com-error.log
    CustomLog logs/digitss.com-access.log common
 
    <Directory "D:/www/digitss.com">
        Options Indexes FollowSymLinks
 
        #
        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   Options FileInfo AuthConfig Limit
        #
        AllowOverride None
 
        #
        # Controls who can get stuff from this server.
        #
        Order allow,deny
        Allow from all
 
    </Directory>
</VirtualHost>
 

We can specify another web-root for specific virtual-host as well and it can have complete different configuration too. We can also specify as much ServerAlias as we want, all of which will point to a single server.

How to pass request from Apache to ISS or any other web-server running on another port of same/other server?

This could be a common requirement when we need to have one main domain running with Apache Server serving LAMP web-app and we want some IIS application to host on same server but we don't want user to access them by typing in www.domain.com:88 or something similar we just want it to be accessible via regular port 80. Yes, we would need mod_vhost_alias and mod_proxy both of them active to make it work. Un-comment following lines from Apache's httpd.conf file:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

Here is the simple set of line, placing them in /apache/conf/extra/httpd-vhost.conf file should do the magic for you:

 
<VirtualHost *:80>
     ProxyPreserveHost On
     ProxyPass / http://127.0.0.1:88/
     ProxyPassReverse / http://127.0.0.1:88/
     ServerName apps.digitss.com
     ErrorLog logs/apps.digitss.com-error.log
     CustomLog logs/apps.digitss.com-access.log common
</VirtualHost>
 
#or 
 
<VirtualHost *:80>
     ProxyPreserveHost On
     ProxyPass / http://anotherdomain.com:8008/
     ProxyPassReverse / http://anotherdomain.com:8008/
     ServerName apps.digitss.com
     ErrorLog logs/apps.digitss.com-error.log
     CustomLog logs/apps.digitss.com-access.log common
</VirtualHost>
 

For above example, apps.digitss.com will point to either local or remote proxy server running on other port and will be transparent to users.

References:

http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

http://httpd.apache.org/docs/2.0/mod/mod_vhost_alias.html

Please comment and let me know if mod_proxy or mod_vhost_alias has done some other magic for you.!Similar Posts:

• Faster Page Loads with Apache mod_deflate output filtering
• Installing Apache on Windows 2008
• Beginner’s Resources for PHP-MySQL Development
• How to generate Certificate Signing Request (CSR) file with Apache OpenSSL
• Generating 2048-bit CSR with OpenSSL

So if we are installing Apache on Windows 2008 then first thing to take care is go to Control Panel > User Accounts > Enable or Disable UAC. Un-check the checkbox and Finish wizard. It will require a reboot. Once it is done Apache should be able to start without any problem. If you don't do that it gives really wired error which is "Unable to open logs" which really does not make any sense that why this is happening.Similar Posts:

• Beginner’s Resources for PHP-MySQL Development
• Setting up PHP, MySQL, Apache with most up-to-date WAMP Package
• Windows Terminal Server and User Auto Log-Off for RDP
• RSA server certificate CommonName (CN) does NOT match server name!?
• mod_proxy & mod_vhost_alias to host multiple domains on Web-Server and running Apache+IIS together

I have recently faced similar case while I had given older CSR which I gave last year for the renewal to GoDaddy and it didn't worked due to security reasons.

We need to simply regenerate Private Key and CSR with the help of following OpenSSL command:

 openssl req -nodes -newkey rsa:2048 -keyout new-digitss.key -out new-digitss.csr

This will generate 2048-bit key file and after that it will ask few basic information about the entity being certified. Private Key file generated with above command won't have secret pass-phrase so it won't be a problem deploying them on Windows based Apache server setups or either on Linux platforms. But if you really want to have pass-phrase then please refer to a previous post and replace it with 2048 or 4096 instead of 1024 which is being used in commands or just remove the "-nodes" from the above command which will ask for a pass-phrase.

Removing the "-nodes" option from the above mentioned openssl command will ask for a pass-phrase and encrypt the private key. This can increase security, but please note that the pass-phrase will be required each time Apache is started. In that case you need to get a un-secure private key for your Windows based Apache setup. It is as simple as writing following line of command on OpenSSL.

 rsa -in digitss.key -out unsecured.digitss.key

Above OpenSSL command will give unsecured private key which will have pass-phrase removed and so can be used with Windows based Apache setups.

More References:

For more detailed information on CSR generation please refer following post: (Just use 2048 or 4096 instead of 1024 to make it work)
http://blogs.digitss.com/apache/how-to-generate-certificate-signing-request-csr-file-with-apache-openssl/

See GoDaddy Help for detailed reason on: Why does my CSR need to be 2048 bit length?

CSR Generation Instructions for Rest of the Web-Servers: Certificate Signing Request (CSR) Generation InstructionsSimilar Posts:

• How to generate Certificate Signing Request (CSR) file with Apache OpenSSL
• Installing Apache on Windows 2008
• Beginner’s Resources for PHP-MySQL Development
• RSA server certificate CommonName (CN) does NOT match server name!?
• mod_proxy & mod_vhost_alias to host multiple domains on Web-Server and running Apache+IIS together

Output compression is effective way of serving faster web-pages when you have content rich website with loads of html data, css and javascript assets in your web-site or web-application. It would help in saving bandwidth and data transfer over the wire (Internet) will be faster for users too. Though it will have impact on server's CPU utilization due to compression but this compression will be on the fly and level of compression will depend on server's load.

Still good practice is to use gzipped javascript assets as they will not be changed dynamically most of the time and we can save server's CPU utilization by not asking Apache to compress javascript files on each request.

To enable Apache > mod_deflate module, make sure you enable module by un-commenting it from httpd.conf file.

LoadModule deflate_module modules/mod_deflate.so

Then change <Directory ...> sections for Document Root in httpd.conf file as following:

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "d:/www">
 #
 # Possible values for the Options directive are "None", "All",
 # or any combination of:
 #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
 #
 # Note that "MultiViews" must be named *explicitly* --- "Options All"
 # doesn't give it to you.
 #
 # The Options directive is both complicated and important.  Please see
 # http://httpd.apache.org/docs/2.2/mod/core.html#options
 # for more information.
 #
 Options Indexes FollowSymLinks Includes ExecCGI

 #
 # AllowOverride controls what directives may be placed in .htaccess files.
 # It can be "All", "None", or any combination of the keywords:
 #   Options FileInfo AuthConfig Limit
 #
 AllowOverride All
 AllowOverride FileInfo
 #
 # Controls who can get stuff from this server.
 #
 Order allow,deny
 Allow from all

 AddOutputFilterByType DEFLATE text/plain
 AddOutputFilterByType DEFLATE text/html
 AddOutputFilterByType DEFLATE text/javascript
 AddOutputFilterByType DEFLATE text/css
 AddOutputFilterByType DEFLATE text/xml
 AddOutputFilterByType DEFLATE application/xhtml+xml
 AddOutputFilterByType DEFLATE application/javascript
 AddOutputFilterByType DEFLATE application/xml
 AddOutputFilterByType DEFLATE image/svg+xml
 AddOutputFilterByType DEFLATE application/rss+xml
 AddOutputFilterByType DEFLATE application/atom_xml
 AddOutputFilterByType DEFLATE application/x-javascript
 AddOutputFilterByType DEFLATE application/x-httpd-php
 AddOutputFilterByType DEFLATE application/x-httpd-fastphp
</Directory>

You can change/alter above filters based on your requirement, means that if you don't need some specific file-types not to be compressed then you can remove those filters by just removing those lines from above list. Almost all file-types are added in above mentioned configuration but if anything else needs to be added then just add another line next to if with "AddOutputFilterByType DEFLATE <FILE_TYPE_INFO>".

After making this change restart Apache service and to see the immediate difference go to Information > Document Size option on your Firefox > Web Developer toolbar.

Document Size option in Web Developer toolbar

It will give detailed report of document assets/parts as seen in the next image with size after compression.

Document Size: Report

• mod_proxy & mod_vhost_alias to host multiple domains on Web-Server and running Apache+IIS together
• Installing Apache on Windows 2008
• How to generate Certificate Signing Request (CSR) file with Apache OpenSSL
• Beginner’s Resources for PHP-MySQL Development
• Generating 2048-bit CSR with OpenSSL

While configuring SSL for one of my Client I got this error and it took me little while to figure it out that what went wrong with the configuration. Initially I thought that there must be something wrong with the generated certificate as I have generated CSR myself and given it to client and client gave back me Certificate files.

But I was wrong as I was using LogMeIn to connect to the client's Windows 2003 Web-Server and using remote clipboard (Copy+Paste). Something went wrong while pasting that file on the remote Web server. So I transferred files directly and then it worked well without any problem.

[Mon Jun 01 03:22:49 2009] [warn] RSA server certificate CommonName (CN) `portal.client.com' does NOT match server name!?
[Mon Jun 01 03:22:49 2009] [error] Unable to configure RSA server private key
[Mon Jun 01 03:22:49 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Reference URL that helped me find the answer is below:

http://www.howtoforge.com/forums/showthread.php?t=22493

Similar Posts:

• How to generate Certificate Signing Request (CSR) file with Apache OpenSSL
• Generating 2048-bit CSR with OpenSSL
• This download has been blocked by your security zone policy
• mod_proxy & mod_vhost_alias to host multiple domains on Web-Server and running Apache+IIS together
• VMWare Workstation: This virtual machine appears to be in use.

IndexIgnore *
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

It will rewrite all URLs with HTTPS instead of HTTP. This may be helpful in case while you want only specific directory to be accessed via Secure HTTP or you want your users to redirect to correct address/protocol when they type in http:// by mistake and port 80 is not accessible.

It is also possible to do same with PHP or any other scripting language we use, but then it depends on the application and approach we choose.Similar Posts:

• PHP – Downloading a File from Secure website (https) using CURL
• Using Zimbra LDAP Server Authentication with PHP
• How to generate Certificate Signing Request (CSR) file with Apache OpenSSL
• backup/restore MySQL db using MYSQLDUMP (quick reference)
• mod_proxy & mod_vhost_alias to host multiple domains on Web-Server and running Apache+IIS together

Now if you are running and managing your own webserver and you have to get certificate(s) for your company/client or your own website then first requirement is to generate "Certificate Signing Request" - CSR file, which you need to send to Certificate Authority to sign and give back to you as CRT file. This tutorial is not meant for Apache expert but for those who have not much experience SSL and Apache stuff.

Generation of CSR files with Apache on OpenSSL is quite simple and it is matter of typing few commands and we are done. You need to follow similar commands on OpenSSL prompt whether you are running Apache over Windows or Linux. Here is the routine which we need to follow to get our .CSR file ready.

If you have your Apache setup ready with OpenSSL then goto BIN directory under your Apache's installation directory. If you are on Windows machine then it could be under D:\Program Files\Apache\bin and if it is Linux you know better where to find it. Open Command Prompt and goto Apache's BIN directory and then type "openssl" over there. You will get OpenSSL prompt immediately. You may need not to goto Apache/Bin directory if that path is set in your system variables, you can just type openssl and you will get the prompt like below.


Now, first of all we need to generate RSA Private key for our server. This key will be Triple-DES encrypted and PEM formatted. Type in following command to get encrypted private key on OpenSSL prompt.

OpenSSL genrsa -des3 -out digitss.key 1024

You can keep it my_server.key or something like that. Once you type in above command it will ask for pass-phrase, please keep a note of that pass-phrase at some secure place. Also, take backup of your private key file at some secure place. Here is the screen-shot(s) visualizing above command over windows command-line.

If you will try to see contents of that file it would look something similar to what I have got here.


To see something which is more readable type in following line and it will ask you pass-phrase which you previously specified.

OpenSSL rsa -noout -text -in digitss.key
Enter pass phrase for digitss.key:
Private-Key: (1024 bit)
modulus:
00:c6:54:39:f5:c5:ae:5a:ef:f5:53:9c:13:c9:86:
27:c5:19:9f:25:ab:a5:96:5a:2e:f3:c0:5b:b0:c5:
02:a6:e0:53:a8:fa:34:e1:8f:55:b4:ee:57:e3:54:
65:70:6a:f0:0c:4d:b1:ed:9f:31:38:51:3c:e1:99:
fe:82:6c:0d:3d:a5:d3:6e:01:8c:89:cc:f1:97:c0:
95:0e:80:1a:c7:0a:ac:56:15:27:cd:08:32:e0:2c:
39:00:77:2f:d1:83:4f:2e:ff:ea:50:fb:26:6c:fd:
dd:ea:38:3b:ec:c0:f7:d3:c6:c2:23:20:12:40:bf:
1b:94:59:d8:d6:34:8d:7c:dd
publicExponent: 65537 (0x10001)
privateExponent:
23:5b:b8:c9:9c:68:ad:45:c2:93:19:6c:5d:ad:51:
31:ce:83:95:0f:b9:01:c9:2a:3d:c2:b9:96:16:49:
96:be:bf:ab:8c:90:08:f6:a8:ed:0c:e1:16:62:61:
83:5d:4d:56:a4:33:68:8d:cd:14:a1:47:1d:61:7b:
02:7d:89:0e:77:f9:0b:b9:89:02:a5:e1:0a:ba:66:
f2:25:dc:06:7e:74:b2:c7:6a:be:1a:e1:6f:fb:b7:
e2:2d:b5:f2:ca:a8:ec:27:9e:81:25:7e:8a:2d:6c:
94:6f:f5:ca:f3:4e:bc:3d:1e:e9:5d:74:47:59:8c:
f7:29:d8:8e:9c:d2:e0:01
prime1:
00:f4:85:25:2e:6c:02:79:02:58:c9:ec:29:a8:11:
33:9e:db:bf:84:0a:a2:87:f9:2b:82:f5:a0:04:59:
69:bb:f7:d3:6a:d8:ee:6d:74:0e:bb:62:01:8e:bf:
5f:85:d8:3d:de:e9:12:86:c9:20:de:7c:cf:4c:f2:
6a:1b:40:e2:01
prime2:
00:cf:a3:ea:a4:39:10:6c:4e:3c:58:b1:8e:f0:17:
33:ea:1f:9d:0c:be:0a:bd:3b:d5:80:76:70:e3:e4:
54:4f:1a:8f:8a:ab:00:d5:64:e6:8a:e7:24:12:2b:
3e:97:b9:24:96:b5:f4:31:eb:ae:6d:fa:83:b2:32:
92:8b:06:62:dd
exponent1:
00:b4:40:d2:bf:fd:ef:74:b5:3e:2e:dc:61:78:fc:
34:77:9f:16:f7:87:bf:78:ed:3e:1e:34:63:d9:d0:
f0:19:19:00:49:6b:d1:97:ee:4e:4d:e4:59:b1:99:
72:19:80:e7:5b:44:05:dc:46:b8:6c:4b:25:a6:5b:
ad:cc:99:70:01
exponent2:
00:b8:a7:83:41:ec:65:88:8b:c2:ea:f5:6c:b2:63:
33:98:9f:e8:a0:ae:59:0a:94:ad:78:02:dc:be:2e:
3e:34:12:e0:d8:66:de:e4:e7:48:86:fa:ab:7f:64:
e9:d3:30:19:33:d6:38:86:34:9b:f8:be:32:64:44:
c9:41:cd:ba:19
coefficient:
7c:9a:fa:80:72:8a:74:11:7b:f0:32:d0:e4:b3:44:
cd:d4:2c:4e:6b:37:38:68:9a:6e:cd:ae:f0:9f:54:
31:a5:f6:f7:c8:16:f3:1a:4a:5c:d3:6b:60:a1:7d:
f5:a2:6c:b2:ab:12:1d:1c:5c:dd:63:57:d5:c0:be:
a3:d1:37:67
OpenSSL

Although it is hardly readable but makes more sense then previous screenshot.

Later on we need to specify path of this file in our httpd-ssl.conf when we get CRT file signed by Authority and we are setting up SSL over our webserver. It is required to have unsecured version of this file as with Windows Apache + OpenSSL setup it's not possible to specify "pass-phrase" (which we have given earlier) and it will give some weired error while setting up SSL and apache will refuse to start and generate errors in log for that.
So to get Unsecured version of this file type following command:

OpenSSL rsa -in digitss.key -out unsecured.digitss.key
Enter pass phrase for digitss.key:
writing RSA key
OpenSSL

Here, digitss.key is the file which we have previously generated and it is encrypted (3-DES), and -out file is the one which will be generated based on our request in non-encrypted form. During this process it will ask for pass-phrase as usual.

Now let's move to final step which is generation of CSR file using RSA private key. Following command will generate Certificate Signing Request file for us which will be PEM formatted. Key in following command:

OpenSSL req -new -key digitss.key -out digitss.csr

If you are running over Windows then probably you will get error which I have faced during this. It would be something similar to following:

OpenSSL req -new -key digitss.key -out digitss.csr
Unable to load config info from /usr/local/ssl/openssl.cnf

In that case we need to specify one more parameter in this command and we are done.

OpenSSL req -new -key digitss.key -out digitss.csr -config openssl.cnf

Here, in this command we are making request for generation of CSR file with our private key generated previously and here we have specified configuration file as "openssl.cnf" as one more parameter. If this file doesn't exist in apache/bin directory then either move it there or specify full path. After keying in above command it will prompt you with few parameters/questions and that's it we are done.
Here is the list of question you need to answer as in you type above command to generate CSR file. Provided for your reference just as an example.

OpenSSL req -new -key digitss.key -out digitss.csr -config openssl.cnf
Enter pass phrase for digitss.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Newyork
Locality Name (eg, city) []:Bellrose
Organization Name (eg, company) [Internet Widgits Pty Ltd]:DiGiTSS Inc
Organizational Unit Name (eg, section) []:DiGiTSS
Common Name (eg, YOUR name) []:www.digitss.com
Email Address []:dharmavir@digitss.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:blogs@DiGiTSS
OpenSSL

We are almost done, now we need to send this generated CSR file to a Certifying Authority (CA) for signing, they will send back us Real Certificate CRT file with the help of which we can setup SSL over our webserver running Apache and OpenSSL. We can either send it to Verisign, Thawte Consulting, CertiSign Certificadora Digital Ltd or GoDaddy.

Please note that I have used all commands on Linux server as well and they will work same as they they work on Windows.

For more advance options or more help you can refer to www.modssl.org's FAQ section.
Have your comments on this post.Similar Posts:

• Generating 2048-bit CSR with OpenSSL
• RSA server certificate CommonName (CN) does NOT match server name!?
• mod_proxy & mod_vhost_alias to host multiple domains on Web-Server and running Apache+IIS together
• PHP – Downloading a File from Secure website (https) using CURL
• Beginner’s Resources for PHP-MySQL Development