Re: [us...@httpd] php
Hi, Did you do a separate compile for each instance of apache? If so, that wasn't necessary. You can run as many sites as you want off one compiled copy and use calling parameters and globals to point each one to a different httpd.conf. But if they're all compiled the same way you should be able to just compile PHP once and copy the libphp5.so file to the modules directory in each instance of apache. In your startup file, set and export the PHPRC variable to the path to a separate php.ini file for each instance of apache. See http://www.php.net/manual/sl/configuration.php Sheryl > Hi > > I am using apache on solaris. > > I am not using vhosts. Each instance has a seperate httpd.conf > > Is there a way to avoid doing configure/make/make install? > should I do the work for each instance? > > thank you > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: backup & restore apache & mysql
> On 6-Aug-2009, at 10:22, Richard Peacock wrote:
>> What would be the best way to perform a full Apache backup and MySQL (I
>> know it's not exactly related and understand if you can't make any
suggestions for this)?
>
> /usr/local/bin/rsync -aCHh --stats --delete-after --delete-excluded \
> --exclude="/backup/" --exclude-from=/var/.rexcludes \
> --link-dest="${BAKLOC}.day.1" / ${BAKLOC}.day.0
>
> Backups my entire system.
Danger, Will Robinson!
Pardon me while I nag, but...
You have to be careful using filesystem copy commands with any database
management system because you can easily wind up with a corrupted backup.
That's particularly true if you can't control when writes happen to the
system. You might be able to get it in a usable state by doing some table
repairs, but then you might not. Also, if you should lose the box
completely and have to install to a slightly different configuration,
you're toast. MySQL files are not highly portable. So unless you're
absolutely sure the database isn't being written to, you go into the
database and flush the buffers, and you have a "hot spare" that is
identical hardware and software ready to spin up with the rsync output,
this approach may break your heart someday.
The bare-bones mysql backup solution is mysqldump. It locks the database
and dumps out a text file of SQL statements that are required to rebuild
the database. You can transfer the file to another version of MySQL and
load it up without much problem (although you should do a mysql upgrade if
going up a version and there are extra flags to put on the mysqldump
command if you want to be able to go to an older version. Mysqlhotcopy
can be used as well in some situations but I'd just stick to mysqldump
because it works for MyISAM and INNODB. Even better, get zrm backup
(zmanda.com -- there's a free "community" version). Zrm is basically a
wrapper for mysqldump/mysqlhotcopy. But it will autodetect when you are
trying to us mysqlhotcopy when you can only use mysqldump, and it will
"rotate out" backups for you (expire after a week, that sort of thing).
If you've got a few bucks, spring for the enterprise solution. It's a
pain to set up (I just did a couple of installations) because I had to
figure out host-based ssh configuration which I hadn't used before (I
always use public keys) but it has a GUI that's pretty sweet.
And if you have binary logging turned on in your database configuration so
that transactions are logged to disk, you can do "point in time" recovery
instead of just reverting to the last time you did a mysqldump. This is
true whether you do mysqldump manually or use zrm. You'll have to copy
the binary logs somewhere as well (zrm will do it automatically). A
"point in time" backup can be done with standard command line mysql tools,
but zrm makes it easier.
And for pity's sake, at minimum back up to a separate machine over the
network (you can use both mysqldump and rsync this way if the two machines
are configured for it), write to a DVD, etc. and keep off-site backups as
well. Plus, test your backup methods occasionally with a recovery to be
sure that you have it right and you don't have to figure out syntax under
pressure. Document with a cheat sheet.
The documentation on dev.mysql.com will tell you how to run mysqldump.
Regards,
Sheryl
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Re: backup & restore apache & mysql
> Sheryl > Many thanks for the comprehensive reply and information; I'll look at > zmanda now (I have looked at using the Amanda backup stuff once already > and thought it was very good). > > Would making a copy of the httpd.conf and conf.d folders be sufficient > for a good easily "restorable" Apache backup? > > Rich > Rich, Any time. And yes, I've heard very good things about amanda (now zmanda) although I've never used the main backup package on the job. Apache is going to be considerably more forgiving than mysql. As long as you don't change minor numbers (like 2.0 to 2.2) the httpd.conf should work on any hardware/OS you restore to as should the html. However, you need to make sure you get all of the bits and pieces. Better to back up too much than too little. And I also like to put configuration files under version control in subversion as well as back them up. In the past at our site, we had apache, php and mysql software installed in /opt, supporting small programs in /usr/local, perl modules in /usr/lib/perl5, cron jobs in /var/spool/cron, etc and sometimes had to scramble to reassemble them on a recovery machine. More recently we have been taking the hit on disk space and including everything the site needs in one tree. If we have a disaster we restore the whole tree to a clean install. If we need a development version we restore the whole tree to a clean install and just change a few lines in httpd.conf to get it to come up under the new name/IP. Of course we already compiled our own apache and php rather than using RPMs and we have a mysql support contract so we had to use mysql.com binaries instead of what came with RedHat (and wanted to use more current copies anyway). Regards, Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] ssl - apache - solaris
> Thanks for you replies guys : > > Loadfile before module works fine ;-) The only thing to watch out with on loadfile is that sometimes an upgrade will "disappear" the addtion and you'll have to put it back. I never had the problem on Solaris but I have seen that happen on RHEL. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] how to get multiple SSL with name based vhost ?
> Krist explained it very nicely... But maybe you still didn't get it: > Without SNI, there is NO WAY TO DO THIS. It is a fundamental limitation of > the HTTPS protocol with no production-grade work-around. SNI (server-name > indication) was specifically added to address this limitation. There is > simply NO ALTERNATIVE. To back up a moment, though -- another way to do this is to define multiple IPs on the network card and run multiple instances of apache, each with different config files. We run 20 or more on some of our production servers. > Having said that, if you have a research or academic environment and don't > care about browser warnings, you can just use the same cert for all sites. > You will get the encryption aspect of HTTPS but not the authentication > aspect. Some people get awfully upset when they see browser warnings, though. > Alternatively, if all sites have the same domain-name (eg, > sales.wibble.com, shop.wibble.com etc), you can get a wildcard cert that > certifies *.wibble.com. > > Aside from these special cases, there is NO WAY to have name-based SSL > VHs. But I wonder if name-based SSL VHs really are a necessity. The OP has a Linux box. If he has additional IPs the problem can be taken care of without virtual hosts. And, having done it both way in a group that supports multiple departments, it saves a lot of headaches trying to schedule upgrades, configuration changes, or even just restarts to clear a problem. But it all depends on the environment. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] how to get multiple SSL with name based vhost ?
> On Tue, Dec 1, 2009 at 3:48 PM, Sheryl wrote: > >> To back up a moment, though -- another way to do this is to define >> multiple IPs on the network card and run multiple instances of apache, >> each with different config files. We run 20 or more on some of our >> production servers. > > You could run one instance of apache and configure each VH to listen > in a different IP. At least that how I had it understood. Certainly. But whether or not that is desirable depends upon the environment. When I first started my current job we had a number of sites (in some cases 20 or more) running from one instance of apache. As I think I said elsewhere in the post you quoted, the problem with doing it that way is that you have to upgrade all sites at the same time, take down or restart all sites at one time when you have a configuration change for one site. If you're trying to run one instance of apache to serve several different organizations that can be a problem. One might resist change while another wants to be "bleeding edge". In the past couple of years we have separated each of our web sites into a separate "stack" with its own apache, mysql, tomcat, etc. Now if one customer organization wants a change we don't have to try and get 20 web site managers in 4 organizations to coordinate down time and acceptance testing. Having separate stacks also helps us prepare for making every site a VM eventually. Running everything from one instance uses a smaller footprint than running one instance per site, but "hardware is cheap" these days. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] how to get multiple SSL with name based vhost ?
Brian wrote: >> To back up a moment, though -- another way to do this is to define >> multiple IPs on the network card and run multiple instances of apache, >> each with different config files. > [snip] > > That's only if he has multiple IP addresses available on the network, > right? If we assume this is a public sever, that means he needs > multiple public IP addresses from his ISP that route to this server. > That's certainly a possibility, in general, but I want to make sure > I'm not missing something awesome. Yes, it certainly depends upon his environment. If he's doing this on the job, it's likely that multiple IPs are available. If he's on an economy hosting service he probably only has one IP and no way to get another. There are some hosting services that will give you more than one IP for a fee. Probably could work up something slick with NAT'd VMware instances on a linux box that would only use one IP but that assumes he's using a box in his home or at a colocated site where he has admin access (and if it's a co-lo, probably would be able to get additional IPs I would think). >From the posting, it wasn't clear what kind of environment he was dealing with. There are drawbacks to any potential solution that I know of. Some places won't allow wild card DNS for security reasons (both my current job and my previous job are such places). SNI is cool but it isn't really released yet, is it? I thought that was coming in version 2.4. it's going to prevent people using old browsers from seeing the site judging by the discussion here. If he's trying to use the sites for e-commerce he may not want to alienate potential customers or use a release that hasn't "burned in" yet. And of course the multiple-IPs-on-linux approach won't work if he only has one IP available to him. I don't consider myself an apache expert, but I've been using it for a while (started as a web admin back in the NCSA days). I don't see a "one-size-fits-all" solution here, it seems just to be a case of which tradeoff will work best for a given environment -- at least until some time has passed and SNI support is ubiquitous. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Can I have 2 httpd servers running on 2 different ports?
bob wrote: > Just give the servers different names. apache2 and > apache2-different_port. Means you have to compile each server with that > name and your server with the not 80 address will have a different > Listen port in the httpd.conf file. Compiling individually is not necessary. We run dozens of servers off one compile. Instead, just have a different directory for each instance. For instance /usr/local/apache -- where you install your software /opt/server1 -- first server bin, build, error, icons, include, lib, man, manual, modules, mime-types, magic are links to equivalent in /usr/local/apache cgi-bin, conf, htdocs, logs are directories; conf should be a copy of /usr/local/apache/conf /opt/server2 -- set up the same way Edit /opt/servername/conf/httpd.conf and replace all occurrences of /usr/local/apache with /opt/servername/apache Then when you start up use -d /opt/servername/apache -f /opt/servername/apache/conf in addition to any other flags you'd pass apachectl. Sheryl > Start the server with > /usr/local/apache2-different_port/bin/apachectl start. The nice thing > about doing this is that you can put different things in different > servers - say a light server with not much added and then a server with > php and mod-perl to do other things. > > bob > > Aruna Gummalla wrote: >> Hi, >> >> Can I have 2 httpd servers running on 2 different ports? If so, what >> is the configuration change that i need to do. >> >> I tried running apachectl start with different port numbers in >> httpd.conf. But it says httpd already running. >> >> Please let me know. Thanks in advance. >> >> Thanks & Regards, >> Aruna. >> > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Can I have 2 httpd servers running on 2 different ports?
>> What benefit does this give you over running VirtualHost? >> > > (I wouldn't set up a second instance like suggested, but..) Curious about why not... BTW, my example was a little simplified. In practice we actually make a link "base" which points to the apache directory and the link bin to base/bin, etc. That way, when we compile a new version we put it in its own directory and change the link. Easy to upgrade, easy to back off if it doesn't work. More recently we have been moving toward multiple compiles because we're trying to put everything in its own stack in preparation for moving to VMs. But we still do the linking in order to make upgrades easier. > 1) You can load different modules in different instances > 2) Separation of concerns > 3) Different global configuration options > 4) Different compile time options All of those apply, but most of it has to do with what I assume you mean by (2). We have several different customer groups and many applications. Although we do run VirtualHost, each instance of apache belongs to one organizational entity. That way, two groups with different missions don't have to agree on a restart for changing a paramter (and for that matter don't have to agree to the change, which relates to (3) above). Also, easier to co-ordinate software upgrades. > For instance, on our reverse proxies, we run two instances of apache, > one handles SSL and runs prefork MPM, and one handles regular HTTP and > runs the event MPM. > > Cheers > > Tom > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Can I have 2 httpd servers running on 2 different ports?
> When a developers needs an apache instance to play with, they would > typically just do something like this: > '/usr/local/sbin/httpd -f /home/foo/proj/conf/httpd.conf'. The only > things they need in conf are the httpd.conf, mime.types and magic. > Typically, they'll declare a server root in the conf file, with a logs > folder below server root. That's pretty muc hall that is needed. Developer playgrounds are something else, and they run them as they please on their workstations. I was describing what we do for shared servers with dev/qa/production workflow stacks. Per security policy, nobody is allowed to run a site out of their home directory (or even have a login on QA or production), and we don't have any of the stack software in /usr/local even on sites which haven't been merged into an /opt/site/sitename stack so they can easily be copied from machine to machine. As with anything else, YMMV with your environment. I probably would consider your setup a little crazy with the kind of superficial exposure we get here, starting with running httpd out of /usr/local (assuming you'll ever want to compile a second version for any reason). > However, we don't do this so much anymore. Now typically, we will > configure a separate freebsd jail for each service. I'd like to be doing something like that, or VMs, but unfortunately those methods have not been so easy to get approved. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [EMAIL PROTECTED] mod_auth_ldap
>> Are you aware that there is no such module in 2.2.x? Most of the auth >> modules were renamed. You probably want to load mod_ldap and >> mod_authnz_ldap. >> > No I was not aware. Thank you. However I am still out of luck as there > is no module with "*ldap*" in the name. :( Did you add the flags --enable-ldap --enable-authnz-ldap --with-ldap to your configure? Something that is poorly documented is that apr/apr-util can require flags that apache itself doesn't. You might need the following if the configure process can't find ldap. --with-ldap-include=path path to ldap include files with trailing slash --with-ldap-lib=pathpath to ldap lib file --with-ldap=library ldap library to use Also, check the output to see if configure is finding your ldap libraries. To get back basics even more, you need to be sure that you have the ldap headers and libraries installed. On linux RPM systems, there's usually an ldap-devel package you have to install in addition to ldap so you can compile programs to use the libraries. Good luck, Sheryl > > Thanks, > > Drew > > -- > Be a Great Magician! > Visit The Alchemist's Warehouse > > http://www.alchemistswarehouse.com > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] good book about apache 2.2
Alain wrote: > > I'm quite a rookie under apache 2.2, however i've noticed some changes > between apache 2.0 and apache 2.2 that are from my point of view quite > important. > Therefore, I would like to know if it exits some good books on apache 2.2 > ? > I've apache 2 bible but i've seen that modules management is different > under > v2.2. It's not an entire book, but O'Reilly publishes a "Short Cuts" document called "What's New in Apache Web Server 2.2?" for $10. See oreilly.com. It's also available on safari.informit.com. Some local libraries have subscriptions, so you might be able to take a look at it before you buy. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] apache2.2 + mod_authnz_ldap + openldap (all win32 native binaries)
> hello all, > for two days i've tried to google solution for my problem. > > i'm using apache2.2 win32 binaries from apache.org > and openldap win32 binaries from > http://download.bergmans.us/openldap/openldap-2.2.29/ > > i have running openldap service, when searching directory, i'll get, at > least, two entries. > i tested all (ldap filter, etc) in java, perl, and softerra ldap browser. > but when i enter, e.g. userid jkjr (see log bellow) i'll get error 500. > when i went through logs, i think that no ldap query is passed to ldap > server by apache... > i don't know, what is going wrong :( > thanks for any 'working' advice :) Don't know if this is the answer, but I do have a working ldap/subversion setup. For some reason I needed AuthUserFile /dev/null after my "AuthBasicProvider ldap" line. I think I had beaten my head against a wall trying to upgrade my 2.0.x setup to 2.2.x and found that line after a google search. You also seem to have some SSL issue but not sure if it's affecting the problem since you don't seem to be using ldaps: to access ldap. I do, and believe it's always a good idea to encrypt password traffic. Good luck, Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_ldap.so won't load
> [snip]Anyway, I added > with-ldap=/usr/local/OpenLDAP.2.3 and enable-ldap=shared to the config. > It had some issues locating the openssl libraries, but I managed to band > aid that and get it all compiled. [snip] Attempting to start httpd > with this config file, however, results in this error: > > Cannot load /opt/apache2/modules/mod_ldap.so into server: Unresolved > external > > Which is frustratingly vague. In fact, if I attempt to start the httpd > on my test, parallel installation (the one I compiled myself), I get the > same error. Is there any way to get this to tell me WHAT it can't seem > to find so I can start to figure out why? You have your OpenLDAP directory in a non-standard place and I would guess the same is true of the openssl libraries. You need to add the full path to the library directories to LD_LIBRARY_PATH bin/envvars which you can find in your apache directory. The technical reason for this is that specifying the library path with config options just adds a -L to the link step. It doesn't cause an rpath to be added to the binary so it can find the library again when it runs. So if your library is not in a standard directory or in your local LD_LIBRARY_PATH httpd can't find it. The envvars file is the method by which you get around that problem. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Configuring multiple instances of apache on the same machine
Joshua wrote: > It's relatively trivial if you do it in the simplest way: > Configure/compile/install with different --prefix's each time (meaning > one instance lives entirely under /usr/local/apache2a, another under > /usr/local/apache2b, etc). Then the only thing you need to do is > adjust the Listen directive to tell the correct IP-address/port. To each his own. Multiple compile and install doesn't seem like a simple way to me. What we do at my job is one installation of the software, say in /opt/httpd-2.2.4. The in /opt/data we make a separate directory for each instance. Like /opt/data/foo1, /opt/data/foo2 where foo1.my.company and foo2.my.company are virtual hosts set up via ifconfig on redhat. In /opt/data/whatever there's an apache directory, a php directory, a mysql directory, etc. The php directory is for setting PHPRC so you can have different php.ini files for the various installations. The apache directory has a link "base" which points to /opt/httpd-2.2.4 (or whatever install directory). Links like base/bin, base/lib, base/icons, etc. point to directories in /opt/httpd-2.2.4 which can safely be shared. The htdocs, conf, cgi-bin and logs subdirectories are not links. The httpd.conf is changed so DocRoot and other variables point to the instance directory rather than the software installation directory. We use Named Virtual Hosts for the actual host setup. That's probably not absolutely necessary, but it makes it easy if we decide to run another name on the same IP later or put the HTTP and HTTPS sides in different docroots. In /etc/init.d we have a script which loops through the host names and starts each one. We set global variables to plug into the startup command so that the right files are picked up for each instance. It probably sounds a little complicated, but the brilliance of it is that if you install a new version of apache you may be able to just change the base pointer and go if the software doesn't change very much. And no compilation is required if you want to make a new instance. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache Modules and Libraries
> When apache loads a module, does it use any environment variables to > locate it's libraries? If so..what? I have an install of apache 2.0.55 > on HP-UX 11.11. It was compiled with mod_ldap.so and mod_auth_ldap.so. > The OpenSSL libraries that were used during the compile of apr, > apr-util, and httpd have a funky link in them that starts with a "./". > If you start httpd, it says it can't find the SSL library. Setting the > SHLIB_PATH environment fixes that, but then it throws this error: > > > > Syntax error on line 191 of /opt/apache3/conf/httpd.conf: > > Cannot load /opt/apache3/modules/mod_ldap.so into server: Unresolved > external > > > > I'm thinking they're related as the mod_auth_ldap.so uses SSL so it's > probably trying to find the SSL libraries somehow. I just need to > figure out how to tell it where they are. I haven't used HPUX in a while, but if it has the ldd command you should be able to find out which library is causing the problem. Then you can add the directory where the library resides to /apache-install-directory/bin/envvars in the LD_LIBRARY_PATH variable. Or you can compile in an RPATH which may have a slight security benefit. Depending upon the OS, you may be able to do that by exporting LDFLAGS='-L/path/to/lib -R/path/to/lib' or you may have to do something like export LDFLAGS="-L/path/to/lib -Wl,--rpath -Wl,/path/to/lib" Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] httpd 2.2.6: DBD: No driver for mysql
Greetings, I just tried to compile apache 2.2.6 using the same configuration options I used on apache 2.2.4. But when I try to start it up I get this error DBD: No driver for mysql The line it's complaining about in the conf file is DBDriver mysql When I look in srclib/apr-util/dbd I see these files in 2.2.6 apr_dbd.c apr_dbd_sqlite3.c NWGNUdbdsqli2 apr_dbd_pgsql.cNWGNUdbdmysql NWGNUdbdsqli3 apr_dbd_sqlite2.c NWGNUdbdpgsql NWGNUmakefile and these files in 2.2.4 apr_dbd.c apr_dbd_mysql.o apr_dbd_pgsql.o apr_dbd_sqlite3.c apr_dbd.loapr_dbd.o apr_dbd_sqlite2.c apr_dbd_sqlite3.lo apr_dbd_mysql.c apr_dbd_pgsql.c apr_dbd_sqlite2.lo apr_dbd_sqlite3.o apr_dbd_mysql.lo apr_dbd_pgsql.lo apr_dbd_sqlite2.o I don't know what these NWGNU files are in 2.2.6. Can anyone shed any light on what's going on? I've looked in bug reports and searched this lists's archives with no success. Thanks, Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] httpd 2.2.6: DBD: No driver for mysql
Max Dittrich wrote: > The support for MySQL (apr_dbd_mysql.c) isn't included in the current > release of apr-util. To build with MySQL-support you have to follow the > instructions given in "srclib/apr-util/INSTALL.MySQL". Ack. I completely missed that file in the directory above, expecting to see something in the dbd subdirectory. Thanks, Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] httpd 2.0.53 mod_auth and virtual host problem
Hi, I hope someone can help me with this, Someone else set up a site a few years ago and it's only used once a year. It worked in previous years and presumably hasn't changed, but now it's not working. The person who set it up has taken another job and probably wouldn't remember anything anyway. The site is set up so that if people come in from one of the allowed IPs they don't have to log in. Anybody else has to log in with the usual mod_auth stuff. The site structure is set up like this htdocs/main directory |__ site1 |__ site2 |__ site3 |__ main site |__ site5 Users start by trying to access the "main site" URL. If they come in on an IP which is not in an Allow statement they are prompted for a login and get in to "main site". The page comes up just fine. Then they click on a link that takes them to one of the other sites. Their browser just sits there indefinitely, spinning. In the logs for "site2" I see an access_log entry for their IP but "-" instead of the login ID and 401 401 (Not Authorized) in the return codes. The main directory's Directory directive and virtual host definitions are outlined below. Any help appreciated. I've read all the mod_auth and mod_access stuff on the Apache site, wasn't able to figure out how to formulate a search for the archives. Thanks, Sheryl Options -Indexes FollowSymLinks MultiViews AllowOverride AuthConfig AuthType Basic AuthName "Authorized User" AuthUserFile /path/to/htpasswd_file Require valid-user Order Allow,Deny # Allow from IP1 Allow from IP2 (and so forth) # Satisfy any NameVirtualHost IP.number:80 ServerName, ServerAlias, log directives, etc (no authentication info in the virtualhost directives) repeat VirtualHost block for each host. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [us...@httpd] httpd vhost centralized logging
Have you looked at syslog-ng? Also might want to take a look at loganalysis.org. They have some resources which may (or may not) be of some help. Sheryl > We wanted to use syslog too, but it's very rigid (only 8 localX facility > for custom logs) so we discarded this solution. > > We heard of scribe, the logs aggregator Facebook uses; it seems very > flexible, and since FB is using it for his web servers, it's probably > doing its job quite well. Sitll, we didn't have time to pilot it. > > Sandro > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] AllowOverride: Pros and Cons
> Hi All, > > I would like to hear your idea's of what are the pros and cons if I will > set > a specific directive-type for AllowOverride like AuthConfig, > FileInfo,Indexes, Limit, and Options? Most security guidelines say no to Indexes. It's tolerable to do allow overrides an most things for a development box for developer convenience, but by the time a site gets to production (particularly outside-facing) pretty much anything worked out in .htaccess should be rolled into the httpd.conf. > I am just concern about security matters that will produce if I will give > the user full access on .htaccess (AllowOverride All) on their webroot? I would resist, or at minimum get support for not allowing it in QA and production. Something you can use for support is the CISecurity Apache Benchmark. It's downloadable for free from cisecurity.org. I just took a quick look and they recommend "AllowOverride None". Sheryl > > Thanks. > James > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] AllowOverride: Pros and Cons
Hi Sheryl, > > Thanks for your reply. > > I'm not sure how can I give users a better solution as they need .htaccess > files on their webroot. Sorry about the delay in replying. I didn't have time to read the list last week. As I think I said, it all depends upon the circumstances. If you're doing web hosting for a few thousand users who are independent of each other, I'm not sure what you could do better either because I haven't tried to work out anything for that situation except .htaccess (that was in a university setting so we were pretty open). If, however, you've got a few developers working toward eventual deployment of a corporate site to production, you should be able to tighten controls and eliminate .htaccess files while moving from development to QA and then production. Hard to say much more without knowing more about your environment, and even then I might not have that much to add if I haven't worked on a solution for an environment similar to yours before. Regards, Sheryl > > Regards, > James > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache2, MySQL and mod_dbd
Niklas wrote: > I want to use Apache2's built in functionality to authenticate and > authorize user for accessing certain pages, mod_dbd. I want to store the > users in MySQL. > > How should I set up this? I have tried a lot of things and it seems to be > really hard getting it to work. As I understand, there is no support for > this by default in Apache but I have to compile Apache in order to > "include" the mysql driver. Today I get the "Invalid command 'DBDriver'" > when starting httpd. I have done this fairly recently. Rather than go through it all here, I'll refer you to http://www.apachefriends.org/f/viewtopic.php?p=93012 which I think is the article I found with google to figure out how to get things working. Essentially you need to install a third-party module to take care of the logins. There are a couple of them out there, none of them updated for apache 2.2.x, but mysql-3.0.0 is close and a patch is available from another source which will bring it the rest of the way. Good luck, Sheryl > I am using > OSX 10.6.4 (I guess one can solve it as you would do in linux) > Apache 2.2.17 > MySQL 5.1 > > I really need to solve this and hope someone knows how to do this! > > Thanks in advance! > > Regards, > Niklas > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Clarification on Apache timouts
Greetings, I have a situation in which a PHP script is getting hung on a socket call and never exiting. Also never getting to the point of sending back any output to the client in the form of HTML. Before you tell me to ask the PHP list though, the language of the script is really irrelevant (and I have already posted on a PHP list concerning the call that is hanging). The point is, my reading of the docs on the various timeouts in apache leads me to think that unless there is something on the way to/from the client none of the timeouts apply. I don't see a way to limit the time that something is *preparing* to send back a response. Certainly Timeout at the default setting has no effect, and I don't see any other directive that looks promising. Am I missing something? Thanks, Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Clarification on Apache timeouts
J. Lance Wilkinson wrote: > I have had some locally build PHP scripts that run a very long time (doing > database lookups and so forth) before outputting the desired content. These > would time out like that. > Of course, a user would sit around waiting for a result and give up as well. > So I resolved both of these by putting a progress bar out in the output to > start with: [snip] Thanks. Interesting. Unfortunately it's a socket call that is hanging and never coming back. Since the call goes out into space and never completes there's no way for us to implement a progress bar. The whole thing has to do with socket connections to an authentication server. pass/fail works ok but users' accounts can get into states the code doesn't handle. The users do get impatient, as you say, and hit reload over and over and hit the max number of http connections periodically. The developers say they can't fix the code and are taking the "apache is broken or it would solve this for us" tack. That's why I'm trying to find out more how the apache timeouts work. Sheryl - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Clarification on Apache timeouts
Nick Kew wrote: On Fri, 09 Dec 2011 14:36:02 -0500 (EST) "Sheryl " wrote: > The developers say they can't fix the code and are taking the "apache is > broken or it would solve this for us" tack. That's why I'm trying to find > out more how the apache timeouts work. > Apache timeouts don't affect connections made from PHP. That's the > business of PHP, or the scripts concerned and their configuration. Thanks. What I wanted was a sanity check. > If you run PHP as CGI you could set a timeout after which to give > up waiting and return an error to the client. man ulimit! We don't run PHP as CGI. I've been working with various *NIX since 1988 and did think to review the ulimit page before I posted because I considered trying it apache itself (briefly). Ulimit is fine if you have a process chewing CPU or grabbing memory. Fortunately or not, that isn't the case here. The timeout I need is on wall clock time, not CPU cycles. AFAICT from the man page ulimit doesn't have that option. Sheryl -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
