Notes apache

Version
apachectl -v
 
Server MPM Mode
apachectl -V
 
Loaded Modules
apachectl -M
 
Compiled in modules
apachectl -l
 
Test Syntax
apachectl -t
 
Liste des vhosts
apache2ctl -S

Contexte variable environnent Apache.

grep -Pa -o 'TNS_ADMIN=[^\x00]*\x00' /proc/$(pgrep -o apache)/environ |sed -e 's/[^[:print:]]//g'

Exemple de conf

RewriteCond %{HTTP_HOST} =plop.acme.fr [NC,OR]
RewriteCond %{HTTP_HOST} =www.plop.acme.fr [NC]
RewriteRule .* https://acme.fr/plop [L,R=301]
 
 
### GARBAGE COLLECTOR ###
RewriteRule .* https://r.acme.fr/error_unavailable [L]

Voir :

• Configuration d'Apache pour des performances maximales

Mem par process

ps -ylC httpd --sort:rss 

2.2 configuration:

Order allow,deny
Allow from all

2.4 configuration:

Require all granted
# Require all denied

Liens :

• https://httpd.apache.org/docs/2.4/fr/misc/security_tips.html
• https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html

/etc/apache2/conf.d/nofavicon.conf

Redirect 404 /favicon.ico
<Location /favicon.ico>
ErrorDocument 404 "No favicon"
</Location>

Source : https://www.alouit-multimedia.com/02-assistance-informatique/tutoriaux/apache-en-finir-avec-les-erreurs-error-file-does-not-exist-favicon-ico/

2017-06-16T10:58:25.485 PCWEB1 err apache2[3253]: [fastcgi:error] [pid 3253:tid 140133122676480] [client 192.168.115.153:62059] FastCGI: comm with server "/PhpFpmVirtuel" aborted: idle timeout (30 sec)
2017-06-16T10:58:25.485 PCWEB1 err apache2[3253]: [fastcgi:error] [pid 3253:tid 140133122676480] [client 192.168.115.153:62059] FastCGI: incomplete headers (0 bytes) received from server "/PhpFpmVirtuel"

Si on n'y regarde de plus prêt, on voit dans le access.log, avant l'erreur :

2017-06-16T10:58:25.485 PCWEB1 debug access[3234]: 192.168.115.153 10:57:55.456 duration=30028931 (us) rec=893 (bytes) "POST /site/plop.php HTTP/1.1" 500 sent=763 (bytes)

Le pb vient que le script PHP /site/plop.php tombe en timeout : On constate que si la durée est inférieur à 30 secondes, c'est OK ⇒ ( 200 ). Si plus de 30s ⇒ erreur ( 500 )

grep plop.php /var/log/apache/access.log | sed -e 's/^.*duration=//' |sort -n |tail

 14777626 (us) rec=895 (bytes) "POST /site/plop.php HTTP/1.1" 200 sent=240 (bytes)
 15397927 (us) rec=892 (bytes) "POST /site/plop.php HTTP/1.1" 200 sent=240 (bytes)
 15993455 (us) rec=895 (bytes) "POST /site/plop.php HTTP/1.1" 200 sent=240 (bytes)
 17382090 (us) rec=892 (bytes) "POST /site/plop.php HTTP/1.1" 200 sent=240 (bytes)
 17850899 (us) rec=893 (bytes) "POST /site/plop.php HTTP/1.1" 200 sent=240 (bytes)
 30026574 (us) rec=898 (bytes) "POST /site/plop.php HTTP/1.1" 500 sent=763 (bytes)
 30027079 (us) rec=892 (bytes) "POST /site/plop.php HTTP/1.1" 500 sent=763 (bytes)
 30028931 (us) rec=893 (bytes) "POST /site/plop.php HTTP/1.1" 500 sent=763 (bytes)
 30029299 (us) rec=895 (bytes) "POST /site/plop.php HTTP/1.1" 500 sent=763 (bytes)
 30029900 (us) rec=898 (bytes) "POST /site/plop.php HTTP/1.1" 500 sent=763 (bytes)

# apachectl -t
[Mon Sep 14 14:31:10 2020] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Ajouter NameVirtualHost *:443

/etc/apache2/ports.conf

<IfModule mod_ssl.c>
    NameVirtualHost *:443
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>