Re: [users@httpd] Implementing REST API
On Mon, Aug 20, 2018, 03:21 Miles Fidelman wrote: > On 8/19/18 5:48 PM, Danesh Daroui wrote: > > > Hello all! > > > > I hope that I am posing my question to a relevant mailing list! > > > > I am looking for a solution to implement a RESTful API server. I have > > tested and examined a bunch of solution and now I think the best > > solution is to use a trustworthy, reliable, and robust implementation > > of HTTP protocol such as Apache httpd as HTTP server as base and then > > add my API handlers for REST commands. I am still looking at Apache > > httpd's source code and doesn't really know what is the best way to > > implement a RESTful API that would receive GET/POST/PUT/DELETE, etc. > > commands with appropriate parameters and then send the results. > > > > I am wondering if there is a standard way or similar project that > > somebody else has done? Have you checked https://swagger.io/ ? If not, what would be the best way to > > implement this? Should I add a new module that handles RESTful APIs or > > hack into the code and generate the response base on my API when a > > HTTP command is received and send it through httpd? > > > > > Generally, one would vector the URL to a script that would parse the > full set of HTTP headers, and act accordingly. Take a look at the > documentation for how Apache's CGI interface works. You might try > looking around for an apache-based implementation of the Atom Publishing > Protocol for an example. > > Miles Fidelman > > -- > In theory, there is no difference between theory and practice. > In practice, there is. Yogi Berra > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Problem setting up ssl
Hi Mahmood, On Mon, Aug 20, 2018 at 8:11 AM Mahmood Naderan wrote: > [mahmood@rocks7 ~]$ wget https://w.x.y.z > --2018-08-20 10:30:43-- https://w.x.y.z/ > Connecting to w.x.y.z:443... connected. > OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol > Unable to establish SSL connection. > [mahmood@rocks7 ~]$ wget http://w.x.y.z:443 > --2018-08-20 10:30:50-- http://w.x.y.z:443/ > Connecting to w.x.y.z:443... connected. > HTTP request sent, awaiting response... 200 OK > It's exactly as Jens already said, you have an HTTP listener on the HTTPS port. Enable SSL for that vhost configuration (SSLEngine on and configuration of certificate, key and cipher suites) and it'll probably be just fine. Regards, -- Riemer Palstra rie...@palstra.com
Re: [users@httpd] Problem setting up ssl
Quoting Mahmood Naderan (nt_mahm...@yahoo.com.INVALID):
> [mahmood@rocks7 ~]$ wget http://w.x.y.z:443
> Connecting to w.x.y.z:443... connected.
> HTTP request sent, awaiting response... 200 OK
> 2018-08-20 10:30:50 (1.95 MB/s) - ‘index.html.1’ saved [33229]
> Any thought?
Did you forget to put 'SSLEngine On' in your SSL-vhost definition?
The above quoted clearly shows your Apache is doing normal HTTP on port 443.
Also, SSL generally doesn't work well when connecting to just an IP-address.
SSL certs contain a domain name, it has to match or you'll get certificate
security warnings.
Use this config as a reference, assuming Apache 2.4+:
|
| ServerName www.example.com
| ServerAlias example.com
|
| DocumentRoot /var/vhosts/www.example.com/html
|
| RewriteEngine On
| RewriteCond %{REQUEST_URI} !^/.well-known/
| RewriteRule (.*) https://www.example.com$1 [R=301,L]
|
|
| ServerName www.example.com
| ServerAlias example.com
|
| AddDefaultCharset utf-8
|
| Header always add Strict-Transport-Security "max-age=15552000;
includeSubDomains"
| Header always add X-Content-Type-Options "nosniff"
| Header always add X-Frame-Options "SAMEORIGIN"
| Header always add X-XSS-Protection "1; mode=block"
|
| SSLEngine On
| SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
| SSLCipherSuite
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:!aNULL:!eNULL:!EXPORT:!RC4:!DES:!SSLv2:!MD5:!SSLV3:!3DES:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:KRB5-DES-CBC3-SHA:"
| SSLOpenSSLConfCmd ECDHParameters secp384r1
| SSLOpenSSLConfCmd Curves secp384r1
|
| SSLCertificateChainFile/etc/letsencrypt/manual/chain.pem
| SSLCertificateFile /etc/letsencrypt/manual/www.example.com.crt
| SSLCertificateKeyFile /etc/letsencrypt/manual/www.example.com.key
| SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/manual/www.example.com.dh
|
| ErrorLog /var/vhosts/www.example.com/logs/error.log
| CustomLog /var/vhosts/www.example.com/logs/access.log combined
|
| DocumentRoot /var/vhosts/www.example.com/html/
|
| Options -Indexes
| Require all granted
|
|
| RewriteEngine On
|
| RewriteCond %{HTTP_HOST} !^www.example.com
| RewriteRule (.*) https://www.example.com$1 [R=301,L]
|
--
| Dopeler effect: The tendency of stupid ideas to seem smarter when they
| come at you rapidly.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Implementing REST API
Thanks Alex! Yes I have done and still doing. :) Swagger generates code for you and I am not sure whether this is what I want. You apparently can design, test, and even build (?) your API but how to deploy it? This is something I don't know yet! I am still investigating this solution and hope that this would be something for us, if I will be able to integrate it with Apache. Regards, Danesh Daroui On Mon, Aug 20, 2018 at 9:13 AM Alex K wrote: > > > > On Mon, Aug 20, 2018, 03:21 Miles Fidelman wrote: >> >> On 8/19/18 5:48 PM, Danesh Daroui wrote: >> >> > Hello all! >> > >> > I hope that I am posing my question to a relevant mailing list! >> > >> > I am looking for a solution to implement a RESTful API server. I have >> > tested and examined a bunch of solution and now I think the best >> > solution is to use a trustworthy, reliable, and robust implementation >> > of HTTP protocol such as Apache httpd as HTTP server as base and then >> > add my API handlers for REST commands. I am still looking at Apache >> > httpd's source code and doesn't really know what is the best way to >> > implement a RESTful API that would receive GET/POST/PUT/DELETE, etc. >> > commands with appropriate parameters and then send the results. >> > >> > I am wondering if there is a standard way or similar project that >> > somebody else has done? > > Have you checked https://swagger.io/ ? > >> If not, what would be the best way to >> > implement this? Should I add a new module that handles RESTful APIs or >> > hack into the code and generate the response base on my API when a >> > HTTP command is received and send it through httpd? >> > >> > >> Generally, one would vector the URL to a script that would parse the >> full set of HTTP headers, and act accordingly. Take a look at the >> documentation for how Apache's CGI interface works. You might try >> looking around for an apache-based implementation of the Atom Publishing >> Protocol for an example. >> >> Miles Fidelman >> >> -- >> In theory, there is no difference between theory and practice. >> In practice, there is. Yogi Berra >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Implementing REST API
Thanks Miles! Well this is kind of hacking the code and implement something like CGI handlers in the HTTP server. This is completely fine and I am totally OK with that but I just don't want to re-invent the wheel and do something and then find out that there were a standard and known way to do that. Thanks for your tip! I am already looking in the code. :) On Mon, Aug 20, 2018 at 2:21 AM Miles Fidelman wrote: > > On 8/19/18 5:48 PM, Danesh Daroui wrote: > > > Hello all! > > > > I hope that I am posing my question to a relevant mailing list! > > > > I am looking for a solution to implement a RESTful API server. I have > > tested and examined a bunch of solution and now I think the best > > solution is to use a trustworthy, reliable, and robust implementation > > of HTTP protocol such as Apache httpd as HTTP server as base and then > > add my API handlers for REST commands. I am still looking at Apache > > httpd's source code and doesn't really know what is the best way to > > implement a RESTful API that would receive GET/POST/PUT/DELETE, etc. > > commands with appropriate parameters and then send the results. > > > > I am wondering if there is a standard way or similar project that > > somebody else has done? If not, what would be the best way to > > implement this? Should I add a new module that handles RESTful APIs or > > hack into the code and generate the response base on my API when a > > HTTP command is received and send it through httpd? > > > > > Generally, one would vector the URL to a script that would parse the > full set of HTTP headers, and act accordingly. Take a look at the > documentation for how Apache's CGI interface works. You might try > looking around for an apache-based implementation of the Atom Publishing > Protocol for an example. > > Miles Fidelman > > -- > In theory, there is no difference between theory and practice. > In practice, there is. Yogi Berra > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem setting up ssl
As I posted earlier, SSLEngine is on
$ cat /etc/apache2/sites-available/default-ssl.conf
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
LogLevel debug ssl:debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile
/home/mahmood/certi/certificate-standard_wildcard.scu.ac.ir.crt
SSLCertificateKeyFile
/home/mahmood/certi/certificate-standard_wildcard.scu.ac.ir.key
SSLCertificateChainFile /home/mahmood/certi/intermediate.crt
SSLEngine on
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
So, I really don't know why it listens to http!
Regards,Mahmood
Re: [users@httpd] Apache HTTPD not responding after running for several days
On Mon, Aug 20, 2018 at 1:56 AM Eric . wrote: > > Hi Yann and all, > > Understood that Apr-1.6.3 had a bug in Solaris, I compiled Apache 2.4.34 with > apr-1.6.2 and apr-util-1.6.0 , but the problem still occurred. > I don't think the bug was introduced in 1.6.3. That's just where it was reported. You need the patch. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem setting up ssl
Hello Mahmood,
Please forgive me if you have already tried this, but have you read the
man pages on HTTPD as there are some very useful command flags which can point
out configuration settings. You could take a look at settings for ‘Redirects'
in the Apache2 online docs too. I’m sorry if you have already tried all of this…
Regards,
Angel aka Rammsteinium.
> On 20 Aug 2018, at 12:18, Mahmood Naderan
> wrote:
>
> As I posted earlier, SSLEngine is on
>
> $ cat /etc/apache2/sites-available/default-ssl.conf
>
>
> ServerAdmin webmaster@localhost
>
> DocumentRoot /var/www/html
>
> Options FollowSymLinks
> AllowOverride All
> Order allow,deny
> allow from all
>
> LogLevel debug ssl:debug
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> SSLCertificateFile
> /home/mahmood/certi/certificate-standard_wildcard.scu.ac.ir.crt
> SSLCertificateKeyFile
> /home/mahmood/certi/certificate-standard_wildcard.scu.ac.ir.key
> SSLCertificateChainFile /home/mahmood/certi/intermediate.crt
>
> SSLEngine on
>
>
> SSLOptions +StdEnvVars
>
>
> SSLOptions +StdEnvVars
>
>
>
>
>
>
> So, I really don't know why it listens to http!
>
>
>
> Regards,
> Mahmood
>
>
Re: [users@httpd] Problem setting up ssl
Quoting Mahmood Naderan (nt_mahm...@yahoo.com.INVALID): > As I posted earlier, SSLEngine is on > $ cat /etc/apache2/sites-available/default-ssl.conf > > So, I really don't know why it listens to http! Is mod_ssl actually loaded/enabled? Try removing the lines and check your httpd config syntax (apache2ctl -S) -- | Age is a very high price to pay for maturity. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem setting up ssl
>Is mod_ssl actually loaded/enabled? >Try removing the lines and check your >httpd config syntax (apache2ctl -S) root@webshub:~# grep IfModule /etc/apache2/sites-available/default-ssl.conf # # root@webshub:~# apachectl -S AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message VirtualHost configuration: *:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default Mutex mpm-accept: using_defaults Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33 # apachectl -M | grep ssl_module AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message ssl_module (shared) >You could take a look at settings for ‘Redirects' in the Apache2 online docs >too Do you mean https://httpd.apache.org/docs/2.4/rewrite/remapping.html ? Regards, Mahmood
Re: [users@httpd] Problem setting up ssl
> root@webshub:~# grep IfModule /etc/apache2/sites-available/default-ssl.conf > # > # > root@webshub:~# apachectl -S > AH00558: apache2: Could not reliably determine the server's fully qualified > domain name, using 127.0.1.1. Set the 'ServerName' directive globally to > suppress this message > VirtualHost configuration: > *:80 127.0.1.1 > (/etc/apache2/sites-enabled/000-default.conf:1) > ServerRoot: "/etc/apache2" Is default-ssl site "enabled" via the debian/ubuntu tools e.g. a2ensite? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem setting up ssl
>Is default-ssl site "enabled" via the debian/ubuntu tools e.g. a2ensite? # a2enmod ssl Considering dependency setenvif for ssl: Module setenvif already enabled Considering dependency mime for ssl: Module mime already enabled Considering dependency socache_shmcb for ssl: Module socache_shmcb already enabled Module ssl already enabled # a2ensite default-ssl Enabling site default-ssl. To activate the new configuration, you need to run: systemctl reload apache2 # # service apache2 restart # systemctl reload apache2 # Now, when I open https://w.x.y.z in firefox, I get Your connection is not secure The owner of 5.57.36.104 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. So, I have to click on advanced and then "add exception".Is that related to apache configuration? By proceeding to visit the website, I think it switches to https again. In Edge, I get The hostname in the website’s security certificate differs from the website you are trying to visit. Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID Since I am using IP address and the certificate is registered with a domain, I think that is the root of the problem. Am I right? Regards, Mahmood
[users@httpd] Apache configuration for reverse proxy to nextcloud fcgi
Hi everybody,
I'm trying to set up a nextcloud:fpm docker container, exposing it via
apache in the host. I think I am making a mistake with my configuration,
because one accessing https://myserver.org/, I got redirected to
https://myserver.org/index.php/login, and then I get a "The page isn’t
redirecting properly" screen in firefox. As I am getting up to "/login" I
understand that a) the docker container is working as expected (or to be proven
wrong, let's say...) and b) that the request from the host is forwarded to the
container but... then everything is a mistery to me.
This is how I have configured the virtualhost can, please, somebody
help me debug this issue?
CustomLog ${APACHE_LOG_DIR}/nextcloud.log vhost_ssl
Redirect 301 /.well-known/carddav /remote.php/dav
Redirect 301 /.well-known/caldav /remote.php/dav
Require all granted
Options +FollowSymLinks
SetEnv MOD_X_SENDFILE_ENABLED 1
XSendFile On
ProxyPass fcgi://127.0.0.1:9000/var/www/html/$1
Thank you!
Felix
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: Special characters in password for mod_dbd
Hi, This seems to be mysql APR driver specific. For some reasons, in APR, in function dbd_mysql_open(), fields are split according to delimiters in: static const char *const delims = " \r\n\t;|,"; See Remarks about MySQL at: http://apr.apache.org/docs/apr-util/1.6/group___a_p_r___util___d_b_d.html#gabddb1fdcb2f8a5f5b83127485c78e8ae According to the code, there is no way to avoid the "incorrect" split of the DBDParams parameter. I guess that your best option is to modify the password. CJ Le 19/08/2018 à 19:29, Mimiko a écrit : Hello. I have special characters in the password to connect to database from httpd basic authentication using mod_dbd in version 2.4. I use: DBDriver mysql DBDParams host=some_ip,dbname=schema,user=user_name,pass=password_with_special_chars.:)]|&; But httpd does not read it correctly so could not authenticate to mysql. The user and password is correct. How to escape special characters for the password? On httpd 2.2 using DBDriver odbc the same password is interpreted correctly. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] problem when move https site to 2.4 from 2.2 Apache
With that amount of information there isn't much I can say about your loop issues. El sáb., 18 ago. 2018 a las 18:49, Rose, John B () escribió: > > For each Wordpress site ... > > > Wordpress Address (URL) > > Site Address (URL) > > > contain "https" addresses > > > within Apache each of the sites has a virtual host config, which are > basically identical except for the naming differences for the sites. > > > The 2.4 Apache config was built basically identical to 2.2 except for using > php-fpm instead of mod_php, and "event" MPM instead of "prefork", Require > instead of Allow/Deny, etc. > > > No redirecting within Apache except for the sites that my have done it > themselves within htaccess. > > > From: Daniel > Sent: Saturday, August 18, 2018 11:51:30 AM > To: > Subject: Re: [users@httpd] problem when move https site to 2.4 from 2.2 Apache > > depends entirely in the config and context,making assumptions and speculate > based on generalizations will take you nowhere. > > So you should start sharing the relevant bits of config and the queries and > responses, including headers etc. > > El vie., 17 ago. 2018 17:28, Rose, John B escribió: > > Encountered problems moving web sites from Apache 2.2 to 2.4 for https > > When moving web sites from an Apache 2.2 environment to to 2.4 the ones that > are .html and self written .php seem to work fine via both http and https > > When moving Wordpress sites to 2.4, they work fine via http, but go into > endless redirects when accessed via https > > Has anyone encountered this problem? > > Have done some googling, switched back and forth between php-fpm and mod_php, > removed .htaccess redirects, turned off plugins, etc. Nothing seems to remedy > it so far. > > Thanks > > -- Daniel Ferradal IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
