BLOGS@DiGiTSS

DiGiTSS Team's Programming experience with PHP, MySQL, Ajax, Javascript, jQuery, C# and Microsoft technologies

Posts Tagged Apache

Setting up PHP, MySQL, Apache with most up-to-date WAMP Package

Jan 17

Posted by Dharmavirsinh Jhala in PHP | 2 Comments

WAMP Packages

WAMP Packages

Availability of WAMP packages is not a new story, they are here since the beginning of last decade now. EasyPHP, Wamp, XAMPP and dozens of them. Find comparison of WAMP packages on Wikipedia here.

We are here not to discuss all of them, just top 3 to 5 which are active and we can use them reliably for development or optionally for production purpose or both.

Having WAMP stake up-to-date on production environment is important as we are using open-source technologies and there are few to hundreds of critical to non-critical bugs are being fixed with every new release of the software, and if it's development environment we would like to test new features when they're hot.!

Zend Server, Zend Server Cluster Manager and Zend Server Community Edition:

Zend Server (CE)

Zend Server (CE)

All 3 editions are highly reliable and ready for production usage. I have tried both Zend Server and ZS-Community Edition, Zend Server - Commercial version is pre-tweaked for performance on production environment and Community Edition do not have some of the goodies. But that does not stop you or me from using Zend Server - CE on production. Zend Server comes with beautiful web-panel to administer, control and configure server from the browser itself. We can change PHP and Apache parameters, check server status and even restart service from within browser itself, this feature makes it good choice for remote server administration.

Zend Server - CE is as good for development as it is for production. It comes as Apache and PHP package where MySQL is an optional download during the installation wizard.

The Uniform Server:

The Uniform Server

The Uniform Server

Uniform Server is comparatively new kid on the floor and highly configurable for both development and production use. It comes with system tray using which we can switch Apache and PHP configuration files from development to production or back and forth.

It comes in both VC6 and VC9 binaries for Windows and I must say it's most up-to-date WAMP package so far (I mean next or equal to Zend). Rest of all WAMP packages take week to months to bundle latest version of Apache, PHP or MySQL but I have observed Uniform Server very quick with that. This is main benefit if you are really looking for such option to use on production server.

Installation is simplest - extract and done. Comes with minimum, no big bucket (just 11-13MB in size).

Comes with some handy plug-ins for FTP, Resin, Tomcat etc. It has e-Accelerator packed with it is recommended for production use.

Read the rest of this entry »

Tags: , , , ,

mod_proxy & mod_vhost_alias to host multiple domains on Web-Server and running Apache+IIS together

Apr 4

Posted by Dharmavirsinh Jhala in Apache | 1 Comment

mod_proxy and mod_vhost_alias are two very important extensions/modules for Apache web-server. When it comes to hosting multiple websites on same Web-Server using Apache or requirement to run Apache and IIS together then mod_proxy and mod_vhost_alias are key to succeed.

Here is summary of definition for both modules from Apache docs.

mod_proxy:

This module implements a proxy/gateway for Apache. It implements proxying capability for FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and HTTP/1.1. The module can be configured to connect to other proxy modules for these and other protocols.

Apache's proxy features are divided into several modules in addition to mod_proxy: mod_proxy_http, mod_proxy_ftp and mod_proxy_connect. Thus, if you want to use one or more of the particular proxy functions, load mod_proxy and the appropriate module(s) into the server (either statically at compile-time or dynamically via the LoadModule directive).

In addition, extended features are provided by other modules. Caching is provided by mod_cache and related modules. The ability to contact remote servers using the SSL/TLS protocol is provided by the SSLProxy* directives of mod_ssl. These additional modules will need to be loaded and configured to take advantage of these features.

mode_vhost_alias:

This module creates dynamically configured virtual hosts, by allowing the IP address and/or the Host: header of the HTTP request to be used as part of the pathname to determine what files to serve. This allows for easy use of a huge number of virtual hosts with similar configurations.

How to host multiple domains/sub-domains on a web-server using Apache Virtual-Hosting (mod_vhost_alias)?

Read the rest of this entry »

Tags: , ,

Installing Apache on Windows 2008

Dec 6

Posted by Dharmavirsinh Jhala in Apache | No Comments

I would like to share my experiences with Apache installation on Windows 2008 Server.
It's not a easy drive when you are installing deploying your open-source application on Microsoft Windows 2008 Server. There was a nasty UAC - User Account Control which makes it difficult to configure Apache if we don't know about UAC on Windows 2008.

So if we are installing Apache on Windows 2008 then first thing to take care is go to Control Panel > User Accounts > Enable or Disable UAC. Un-check the checkbox and Finish wizard. It will require a reboot. Once it is done Apache should be able to start without any problem. If you don't do that it gives really wired error which is "Unable to open logs" which really does not make any sense that why this is happening.

Tags: ,

Generating 2048-bit CSR with OpenSSL

Dec 6

Posted by Dharmavirsinh Jhala in OpenSSL | 1 Comment

As computer processing power is increasing everyday, so breaking 1024-bit private key algorithms will be possible by 2011. So we will need to generate minimum 2048-bit RSA Private Keys for new SSL Certificates or renewals.

I have recently faced similar case while I had given older CSR which I gave last year for the renewal to GoDaddy and it didn't worked due to security reasons.

We need to simply regenerate Private Key and CSR with the help of following OpenSSL command:

 openssl req -nodes -newkey rsa:2048 -keyout new-digitss.key -out new-digitss.csr

This will generate 2048-bit key file and after that it will ask few basic information about the entity being certified. Private Key file generated with above command won't have secret pass-phrase so it won't be a problem deploying them on Windows based Apache server setups or either on Linux platforms. But if you really want to have pass-phrase then please refer to a previous post and replace it with 2048 or 4096 instead of 1024 which is being used in commands or just remove the "-nodes" from the above command which will ask for a pass-phrase.

Removing the "-nodes" option from the above mentioned openssl command will ask for a pass-phrase and encrypt the private key. This can increase security, but please note that the pass-phrase will be required each time Apache is started. In that case you need to get a un-secure private key for your Windows based Apache setup. It is as simple as writing following line of command on OpenSSL.

 rsa -in digitss.key -out unsecured.digitss.key

Above OpenSSL command will give unsecured private key which will have pass-phrase removed and so can be used with Windows based Apache setups.

More References:

For more detailed information on CSR generation please refer following post: (Just use 2048 or 4096 instead of 1024 to make it work)
http://blogs.digitss.com/apache/how-to-generate-certificate-signing-request-csr-file-with-apache-openssl/

See GoDaddy Help for detailed reason on: Why does my CSR need to be 2048 bit length?

CSR Generation Instructions for Rest of the Web-Servers: Certificate Signing Request (CSR) Generation Instructions

Tags: , ,

Faster Page Loads with Apache mod_deflate output filtering

Aug 23

Posted by Dharmavirsinh Jhala in Apache | 3 Comments

Apache 2.x is having module mod_deflate (mod_deflate.so) which can compress output irrespective of what scripting language you are using or even if you are serving a static but rich content website. If you are using PHP then there are ways available which can compress the output with buffering help but in that you need to write some code to make it happen but here we just need to enable mod_deflate module and add some configuration parameter and output compression will be taken care of by this module based on configuration provided.

Output compression is effective way of serving faster web-pages when you have content rich website with loads of html data, css and javascript assets in your web-site or web-application. It would help in saving bandwidth and data transfer over the wire (Internet) will be faster for users too. Though it will have impact on server's CPU utilization due to compression but this compression will be on the fly and level of compression will depend on server's load.

Still good practice is to use gzipped javascript assets as they will not be changed dynamically most of the time and we can save server's CPU utilization by not asking Apache to compress javascript files on each request.

To enable Apache > mod_deflate module, make sure you enable module by un-commenting it from httpd.conf file.

LoadModule deflate_module modules/mod_deflate.so

Then change <Directory ...> sections for Document Root in httpd.conf file as following: Read the rest of this entry »

Tags:

RSA server certificate CommonName (CN) does NOT match server name!?

Jun 13

Posted by Dharmavirsinh Jhala in OpenSSL | 1 Comment

Problem installing SSL certificate: SSL Library Error: 185073780 error:0B080074:x509 certificate

While configuring SSL for one of my Client I got this error and it took me little while to figure it out that what went wrong with the configuration. Initially I thought that there must be something wrong with the generated certificate as I have generated CSR myself and given it to client and client gave back me Certificate files.

But I was wrong as I was using LogMeIn to connect to the client's Windows 2003 Web-Server and using remote clipboard (Copy+Paste). Something went wrong while pasting that file on the remote Web server. So I transferred files directly and then it worked well without any problem.

[Mon Jun 01 03:22:49 2009] [warn] RSA server certificate CommonName (CN) `portal.client.com' does NOT match server name!?
[Mon Jun 01 03:22:49 2009] [error] Unable to configure RSA server private key
[Mon Jun 01 03:22:49 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Reference URL that helped me find the answer is below:

http://www.howtoforge.com/forums/showthread.php?t=22493

Tags: ,

Allow only HTTPS access with .htaccess

Apr 26

Posted by Dharmavirsinh Jhala in Apache | No Comments

If you want any of your web-directory to be accessed only via Secure HTTP (HTTPS) protocol then placing following code in ".htaccess" will make sure that any URL or Web-address will be converted from Http to Https.

IndexIgnore *
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

It will rewrite all URLs with HTTPS instead of HTTP. This may be helpful in case while you want only specific directory to be accessed via Secure HTTP or you want your users to redirect to correct address/protocol when they type in http:// by mistake and port 80 is not accessible.

It is also possible to do same with PHP or any other scripting language we use, but then it depends on the application and approach we choose.

Tags: , ,

Paying the bills.!