Hasaranga Prasad's Blog: apache 2

yum -y install mod_ssl

yum -y install openssl-devel (comes opnssl error when make httpd)

yum -y install libtoo*

yum -y install zlib-devel

yum -y install libpc*

yum -y install pcre*

yum -y install gcc* (pcre, pcre-static and pcre-devel will be installed)

reboot with

vim /etc/sysconfig/network, HOSTNAME=hasa.blog

--------------------------------------------------

1. To download apr;

http://apr.apache.org/download.cgi

wget http://mirror.reverse.net/pub/apache//apr/apr-1.5.1.tar.gz

apr;

./configure --prefix=/mysystem/apr146 –enable-threads

(if get error compile without –enable-threads)

( ignore this error -"rm: cannot remove `libtoolT': No such file or directory")

make

make test

make install

-------------------------------------------------

2. To Download aprutils;

http://mirror.metrocast.net/apache//apr/apr-util-1.5.4.tar.gz

./configure --prefix=/mysystem/aprutils152 --with-apr=/mysystem/apr146 --with-openssl

make

make install

( aprutils152 is just a folder name)

------------------------------------------------

3. To Download (apache) httpd;

http://httpd.apache.org/download.cgi#apache24

http://www.eng.lsu.edu/mirrors/apache//httpd/httpd-2.4.10.tar.gz

chmod 775 ./configure

./configure --with-mpm=prefork --with-apr=/mysystem/apr146 --with-apr-util=/mysystem/aprutils152 --enable-ssl --enable-static-htpasswd --enable-info --enable-cgi --enable-vhost-alias --enable-rewrite --enable-so --with-z --enable-ssl --prefix=/mysystem/apache2 --enable-proxy --enable-proxy-ajp --enable-proxy-balancer --enable-headers --enable-cache --enable-disk-cache --enable-mem-cache --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-deflate --enable-dav --enable-dav-fs --enable-mime-magic --enable-cgi --enable-expires --enable-usertrack --enable-version --enable-log-forensic --enable-example --enable-logio

make

make install

-----------------------------------------------

4. install mod_jk.so,

download "tomcat-connectors"

http://tomcat.apache.org/download-connectors.cgi

use this connector if get any errors when starting apache, ex:
httpd_2: Syntax error on line 495 of /mysystem/apache2/conf/httpd.conf: Cannot load modules/mod_jk.so into server: /mysystem/apache2/modules/mod_jk.so: undefined symbol: ap_log_error

https://helpx.adobe.com/coldfusion/kb/rhel-connector-configuration.html

alternative connectors

https://helpx.adobe.com/content/help/en/coldfusion/kb/rhel-connector-configuration/_jcr_content/main-pars/download/file.res/CF10-U18-Connector-source.zip

https://helpx.adobe.com/content/help/en/coldfusion/kb/rhel-connector-configuration/_jcr_content/main-pars/download_0/file.res/CF11-U7-Connector-source.zip

---------------------------------------------------------------------------------------------------

JK 1.2.37 Source Release tar.gz

yum install gcc* should be done before compiling

If u are getting the following error;

configure: error: C++ preprocessor "/lib/cpp" fails sanity check

See `config.log' for more details.

yum install gcc gcc-cpp gcc-c++
----------------------------------------------------------------------------------------------------
if get error with wrong httpd.conf loading by apachectl,
use this to start
/mysystem/apache2/bin/apachectl -k stop -f /mysystem/apache2/conf/httpd.conf
but this means wrong config, so reinstall(remove apache2 folder and reinstall) apache 2 and tomcat connector by extract tar folders again.

----------------------------------------------------------------------------------------------------

IMPORTANT - Once u issue the above start command, there is no any httpd connctions created (ps -e|grep http).

in error log "vim /mysystem/apache2_2.4.4/logs/error_log" followng error messages will display.

-----

[Tue Jun 04 10:40:12.109684 2013] [proxy_balancer:emerg] [pid 24138:tid 139637995566912] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded??

[Tue Jun 04 10:40:12.109796 2013] [:emerg] [pid 24138:tid 139637995566912] AH00020: Configuration Failed, exiting

-----

vim /mysystem/apache2/conf/httpd.conf

Uncomment following line;

LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

--------------------------------------------------------------------------------------

Extract and go to native folder

./configure --with-apxs=/mysystem/apache2/bin/apxs --enable-api-compatibility

make

make install

libtool --finish /mysystem/apache2/modules

chmod 755 /mysystem/apache2/modules/mod_jk.so

To start;

/mysystem/apache2/bin/apachectl -k start

To stop;

/mysystem/apache2/bin/apachectl -k stop

----------------------------------------------

vim /mysystem/apache2/conf/httpd.conf
//add last
LoadModule jk_module modules/mod_jk.so

JkWorkersFile conf/workers.properties

JkLogFile logs/mod_jk.log
JkLogLevel emerg
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMount /webapp* balancer

JkMount /status stat

-------------------------------------------------------------
Use this but not necessary.

vim /mysystem/jboss/jboss_1/server/default/deploy/jbossweb-tomcat55.sar/META-INF/jboss-service.xml
<attribute name="UseJK">true</attribute>

vim /mysystem/jboss/jboss_1/server/default/deploy/jbossweb-tomcat55.sar/server.xml
<Engine jvmRoute="tomcat1" name="jboss.web" defaultHost="localhost">

do this to all jboss nodes

-------------------------------------------------------------
apache2 running
-------------------------
mod proxy config
-------------------------
vim /mysystem/apache2/conf/extra/httpd-info.conf
********************************
<Location /server-status>
    SetHandler server-status

    Require ip 192.168.0.95/32
Require ip 192.168.1.94/32
Require ip 127.0.0.1
</Location>

ExtendedStatus On

<Location /server-info>
    SetHandler server-info
Require ip 192.168.0.95/32
Require ip 192.168.1.94/32
Require ip 127.0.0.1
</Location>

<Location /balancer-manager>
SetHandler balancer-manager
Order Deny,Allow
Deny from all
Allow from 127.0.0.1/32
Allow from 192.168.1.0/23
Allow from 192.168.1.94/32
Allow from 192.168.0.95/32

</Location>

ProxyPreserveHost On
ProxyStatus Full
ProxyVia Full
ProxyRequests Off

************************************
vim /mysystem/apache2/conf/extra/httpd-vhosts.conf
************************************
all commented

************************************
vim /mysystem/apache2/conf/extra/httpd-default.conf
************************************
Timeout 5400
ProxyTimeout 5400
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Prod
TraceEnable off

<IfModule mod_headers.c>
Header unset Server
Header unset X-Powered-By
</IfModule>
FileETag None
ServerSignature Off
HostnameLookups Off
<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>

*************************************
vim /mysystem/apache2/conf/extra/httpd-balancer.conf
*************************************
<Proxy balancer://loadbalancer>
BalancerMember http://192.168.0.95:8080 route=tomcat1 loadfactor=100 timeout=120 retry=300 connectiontimeout=500ms disablereuse=On
    BalancerMember http://192.168.0.95:8180 route=tomcat2 loadfactor=100 timeout=120 retry=300 connectiontimeout=500ms disablereuse=On
    BalancerMember http://192.168.0.95:8280 route=tomcat3 loadfactor=100 timeout=120 retry=300 connectiontimeout=500ms disablereuse=On

ProxySet   lbmethod=bybusyness maxattempts=3 timeout=120 nonce=myapple failonstatus=502,503
    Order deny,allow
    Allow from all
    Deny from none
</Proxy>

<Proxy balancer://loadbalsave>

#   BalancerMember http://192.168.0.13:80    route=anothertomcat1 loadfactor=100   timeout=120 connectiontimeout=10 disablereuse=On

#   ProxySet   lbmethod=bybusyness timeout=120 nonce=myapple
Order deny,allow
   Allow from all
   Deny from none
</Proxy>

ProxyPassMatch /webapp/*       balancer://loadbalancer/
# ProxyPassMatch /webapp2/abc* balancer://loadbalsave/
# ProxyPassMatch /webapp2/def* balancer://loadbalancer/

    ProxyPassMatch ^/(.*\.gif)$       !
    ProxyPassMatch ^/(.*\.jpg)$       !
    ProxyPassMatch ^/(.*\.css)$       !
    ProxyPassMatch ^/(.*\.txt)$       !
    ProxyPassMatch ^/(.*\.png)$       !
    ProxyPassMatch ^/(.*\.js)$        !
    ProxyPassMatch ^/(.*\.cs)$        !
    ProxyPassMatch ^/(.*\.php)$       !
    ProxyPassMatch ^/(.*\.html)$      !

*******************************************************
vim /mysystem/apache2/conf/httpd.conf

*******************************************************
#User daemon
#Group daemon
#######
User apache
Group apache

LoadModule include_module modules/mod_include.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule negotiation_module modules/mod_negotiation.so

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so

Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-balancer.conf
Include conf/extra/httpd-info.conf
Include conf/extra/httpd-default.conf

########################
make a link

vim /mysystem/apache2/conf/extra/httpd-vhosts.conf
add alis and path
/mysystem/apache2/bin/apachectl -k graceful

if uname and pw requird
just go vim /mysystem/apache2/conf/extra/httpd-userdir.conf
check htpasswd link
(touch /mysystem/downloadratesaccess/htpasswd.hotelstaticdata)
htpasswd /mysystem/downloadratesaccess/htpasswd.hotelstaticdata UNAME

without password comment these in vim /mysystem/apache2/conf/extra/httpd-userdir.conf
Alias /Hotel_Static_Data /downloadrates/Hotel_Static_Data/
<Directory "/downloadrates/Hotel_Static_Data/">
#Options None
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
# AuthName "Download Rates File Access"
# AuthType Basic
# AuthUserFile /mysystem/downloadratesaccess/htpasswd.hotelstaticdata
# Require valid-user
</Directory>

with a password

Alias /Hotel_Static_Data /downloadrates/Hotel_Static_Data/
<Directory "/downloadrates/Hotel_Static_Data/">
#Options None
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
AuthName "Download Rates File Access"
AuthType Basic
AuthUserFile /mysystem/downloadratesaccess/htpasswd.hotelstaticdata
Require valid-user
</Directory>

##############################
https
##############################
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

#############commands in /mysystem/apache2/conf #########self signing#####
openssl genrsa -des3 -out hasa.blog.key 1024
openssl req -new -key hasa.blog.key -out hasa.blog.csr
openssl x509 -req -days 365 -in hasa.blog.csr -signkey hasa.blog.key -out hasa.blog.crt

vim httpd.conf
Include conf/extra/httpd-ssl.conf

vim extra/httpd-ssl.conf
<VirtualHost 192.168.0.95:443>

restart apache, if restart done and https://192.168.0.95/ working, goahead
-------------------------------------------------------------------------------------------

vim extra/httpd-ssl.conf

<VirtualHost 192.168.0.95:443>
ServerName one.hasa.com:443
ServerAdmin you@example.com
ErrorLog "/mysystem/apache2/logs/error_log"
TransferLog "/mysystem/apache2/logs/access_log"

DocumentRoot /mysystem/staticdata
SSLEngine on
SSLCertificateFile "/mysystem/apache2/conf/hasa.blog.crt"
SSLCertificateKeyFile "/mysystem/apache2/conf/hasa.blog.key"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/mysystem/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

JkMount /status* stat
        JkMount /*.jsp balancer
        JkMount /webapp* balancer
         JkMount /servlet/* balancer
         JkMount /*.do balancer

        JkUnMount /*/*.gif*      balancer
        JkUnMount /*/*.html      balancer
        JkUnMount /*/*.htm       balancer
        JkUnMount /*/*.php       balancer
        JkUnMount /*/*.jpg       balancer
        JkUnMount /*/*.png       balancer
        JkUnMount /*/*.css       balancer
        JkUnMount /*/*.cs        balancer
        JkUnMount /*/*.config    balancer
        JkUnMount /*/*.js        balancer
        JkUnMount /*/*.txt       balancer
        JkUnMount /*/*.pm        balancer
        JkUnMount /*/*.pl        balancer
Alias /webapp/img /mysystem/staticdata/img
        Alias /webapp/css /mysystem/staticdata/css
        Alias /webapp "/mysystem/jboss/jboss_1/server/default/deploy/webapp.war"
        CustomLog "logs/webapp" combined

BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog "/mysystem/apache2/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|
In advanced

Mod jk is advanced load balancer than mod_proxy

===========
ModPROXY
httpd-balancer.conf

ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/}
ProxyHCExpr ok2 {%{REQUEST_STATUS} =~ /^[2]/}
ProxyHCExpr gdown {%{REQUEST_STATUS} =~ /^[5]/}
#ProxyHCExpr in_maint {hc('body') !~ /Service unavailable!/}
ProxyHCExpr in_maint {hc('body') =~ /^Welcome:/}

<Proxy balancer://loadbalancer_one>

BalancerMember http://10.x.x.x:8080 route=node1 loadfactor=100 timeout=65 retry=20 connectiontimeout=500ms hcmethod=HEAD hcexpr=ok234 hcuri=/app1/LoginPage.do hcinterval=5 hcpasses=1 hcfails=1
BalancerMember http://10.x.x.x:8080 route=node2 loadfactor=100 timeout=65 retry=20 connectiontimeout=500ms hcmethod=HEAD hcexpr=ok234 hcuri=/app1/LoginPage.do hcinterval=5 hcpasses=1 hcfails=1
BalancerMember http://10.x.x.x:8080 route=node3 loadfactor=100 timeout=65 retry=20 connectiontimeout=500ms hcmethod=HEAD hcexpr=ok234 hcuri=/app1/LoginPage.do hcinterval=5 hcpasses=1 hcfails=1
BalancerMember http://10.x.x.x:8080 route=node4 loadfactor=100 timeout=65 retry=20 connectiontimeout=500ms hcmethod=HEAD hcexpr=ok234 hcuri=/app1/LoginPage.do hcinterval=5 hcpasses=1 hcfails=1
BalancerMember http://10.x.x.x:8080 route=node5 loadfactor=100 timeout=65 retry=20 connectiontimeout=500ms hcmethod=HEAD hcexpr=ok234 hcuri=/app1/LoginPage.do hcinterval=5 hcpasses=1 hcfails=1
BalancerMember http://10.x.x.x:8080 route=node6 loadfactor=100 timeout=65 retry=20 connectiontimeout=500ms hcmethod=HEAD hcexpr=ok234 hcuri=/app1/LoginPage.do hcinterval=5 hcpasses=1 hcfails=1

ProxySet lbmethod=bytraffic
ProxySet stickysession=JSESSIONID

   ProxySet   maxattempts=3 timeout=65 nonce=rezapple failonstatus=502,503
   Order deny,allow
   Allow from all
   Deny from none
</Proxy>

<Proxy balancer://loadbalancer_two>

BalancerMember http://10.x.x.x:8080 route=node7 loadfactor=100 timeout=65 retry=20 connectiontimeout=500ms hcmethod=HEAD hcexpr=ok234 hcuri=/app1/LoginPage.do hcinterval=5 hcpasses=1 hcfails=1

ProxySet lbmethod=bytraffic
ProxySet stickysession=JSESSIONID

   ProxySet   maxattempts=3 timeout=65 nonce=rezapple failonstatus=502,503
   Order deny,allow
   Allow from all
   Deny from none
</Proxy>

httpd-vhosts.conf

<VirtualHost *:80>
ServerName onelb1.my.com
DocumentRoot /mycsystem/portal_static_data
Alias /myapps /mycsystem/EAR_COMMON/myhotels.ear/myapps.war

    ProxyPassMatch ^/(.*\.gif)$       !
    ProxyPassMatch ^/(.*\.jpg)$       !
    ProxyPassMatch ^/(.*\.css)$       !
    ProxyPassMatch ^/(.*\.txt)$       !
    ProxyPassMatch ^/(.*\.png)$       !
    ProxyPassMatch ^/(.*\.js)$        !
    ProxyPassMatch ^/(.*\.cs)$        !
    ProxyPassMatch ^/(.*\.php)$       !
    ProxyPassMatch ^/(.*\.html)$      !
    ProxyPassMatch ^/(.*\.htm)$       !

ProxyPassMatch /myhotels/*    balancer://loadbalancer_one/
ProxyPassMatch /servlet/*          balancer://loadbalancer_one/
ProxyPassMatch /*.jsp              balancer://loadbalancer_one/
ProxyPassMatch /myapps/*      balancer://loadbalancer_one/
ProxyPassMatch /*.do               balancer://loadbalancer_one/
CustomLog logs/one_request_log \
          "%t %h \"%r\" %b"

ErrorLog logs/one_error_log
TransferLog logs/one_access_log

</VirtualHost>

<VirtualHost *:81>
ServerName web1.my.com
DocumentRoot /mycsystem/portal_static_data
Alias /myapps /mycsystem/EAR_COMMON/myhotels.ear/myapps.war
Alias /static /mycsystem/portal_static_data

ProxyPassMatch /myhotels/*    balancer://loadbalancer_two/
ProxyPassMatch /servlet/*          balancer://loadbalancer_two/
ProxyPassMatch /*.jsp              balancer://loadbalancer_two/
ProxyPassMatch /myapps/*      balancer://loadbalancer_two/
ProxyPassMatch /*.do               balancer://loadbalancer_two/

</VirtualHost>

Note: when you get permission denied even you allow for balancer manager, its a issue with 2.4. so do as follows.
=====httpd.conf================
<Location /balancer-manager>
SetHandler balancer-manager
Order deny,allow
Deny from all
Allow from <apache server ip>/32
</Location>

=======vhosts============
<Directory "/var/www/html">
AllowOverride None
Require ip <apache server ip>

</Directory>

Hasaranga Prasad's Blog

apache 2

No comments:

Post a Comment