[EMAIL PROTECTED] is the parent/child security present in win32 apache?

2005-07-24 Thread Joe A 
Does the Win32 version of Apache have a parent process that is running
on an administrator account and the children processes are guest
accounts and are the only ones sending/receiving to and from the
Internet?  
Thanks,
Joe

Re: [EMAIL PROTECTED] Apache 2.0.54 WIN32 compile error with OpenSSL 0.9.8

2005-07-24 Thread Joe A 
165 #ifndef 
PEM_F_DEF_CALLBACK166 #define 
PEM_F_DEF_CALLBACK PEM_F_DEF_CB167 #endif

http://lxr.webperf.org/source.cgi/modules/ssl/ssl_toolkit_compat.h#179On 7/24/05, 
hunter <[EMAIL PROTECTED]> wrote:
My WIN32 build of Apache 2.0.54 fails with the following error whilecompiling with OpenSSL 0.9.8mod_ssl.cssl_engine_config.cssl_engine_dh.cssl_engine_init.cssl_engine_io.cssl_engine_kernel.c
ssl_engine_log.cssl_engine_mutex.cssl_engine_pphrase.cssl_engine_pphrase.c(684) : error C2065: 'PEM_F_DEF_CALLBACK' :undeclared identifierssl_engine_rand.cssl_engine_vars.cssl_expr.cssl_expr_eval.c
ssl_expr_parse.cssl_expr_scan.cssl_scache.cssl_scache_dbm.cssl_scache_shmcb.cssl_scache_shmht.cssl_util.cGenerating Code...Compiling...ssl_util_ssl.cssl_util_table.cGenerating Code...
NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'Stop.NMAKE : fatal error U1077: 'C:\MVS\VC98\bin\NMAKE.EXE' : return code '0x2'Stop.NMAKE : fatal error U1077: 'C:\MVS\VC98\bin\NMAKE.EXE' : return code '0x2'
Stop.Any suggestions?Chris Lewis-The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]For additional commands, e-mail: 
[EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache2 on Win XP

2005-08-12 Thread Joe A 
Aaron, what are the two threads? I know the linux ver just has a parent
thread and then new children thread are created as needed or whatever,
how is the win version different?

The windows version also runs under just 2 threads.  All the responsesare under a single PID, which can be an issue a you get a 'zombie'
process you have to be the ole' Microsoft bounce of the service.I have been running a production box(win2k) for about 3 yrs onApache2.0.48 and it works.but we are in the process of moving to theLAMP platform.hooray..
Enjoy!!ThanxAaron N WagnerMonitoring Systems and Network ToolsCCO-Command Center Operations804.515.6298> -Original Message-> From: Robin Lynn Frank [mailto:
[EMAIL PROTECTED]]> Sent: Friday, August 12, 2005 3:16 PM> To: users@httpd.apache.org> Subject: [EMAIL PROTECTED] Apache2 on Win XP>> I have Apache2 running on several Linux boxes and have become
> comfortable> with security on those machines.  I'm forced to run Apache2> on a Windows XP> box and was wondering if anyone can point me to  Win> XP-specific security> issues that need to be addressed.
>-The official User-To-User support forum of the Apache HTTP Server Project.See 
http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]   "   from the digest: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] have to reload https page in win2k3 ie 6.0.3790

2005-09-16 Thread Joe A 
on win2k3 server ie 6.0.3790 only, when i try to click an https link
from our https page it hangs, but if i reload it it works. we are
using apache 2.0

i have this in the ssl conf but its not helping 

SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] apache2 timeout troubleshooting

2005-10-19 Thread Joe A 
What would cause apache2 to occasionally become unresponsive? SAR isn't
reporting any heavy load for the 10 minute period during which it
crashed... apparently when it was unresponsive there was "just one
single apache thread running"

Re: [EMAIL PROTECTED] apache2 timeout troubleshooting

2005-10-19 Thread Joe A 
joshua,

what do u mean by "shows a process on cpu"?On 10/19/05, Joshua Slive <[EMAIL PROTECTED]> wrote:
On 10/19/05, Joe A <[EMAIL PROTECTED]> wrote:
> What would cause apache2 to occasionally become unresponsive? SAR isn't> reporting any heavy load for the 10 minute period during which it crashed...> apparently when it was unresponsive there was "just one single apache thread
> running"Usually a buggy module.But you need to do a little more research.  See if top/ps shows aprocess on cpu.  If so, attach to it with a debugger and see what itis up to.Joshua.
-The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html
> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]   "   from the digest: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache2 timeout troubleshooting

2005-10-19 Thread Joe A 
oh ok, i guess you are talking about using top to find an httpd process with high cpu? then how do i attach a debugger to it?On 10/19/05, Joshua Slive <
[EMAIL PROTECTED]> wrote:On 10/19/05, Joe A <
[EMAIL PROTECTED]> wrote:> joshua,>>  what do u mean by "shows a process on cpu"?Something with high cpu usage.Joshua.-
The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: 
[EMAIL PROTECTED]   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache2 timeout troubleshooting

2005-10-20 Thread Joe A 
cool that's interesting i'll check it outOn 10/19/05, Joshua Slive <[EMAIL PROTECTED]> wrote:
On 10/19/05, Joe A <[EMAIL PROTECTED]> wrote:> oh ok, i guess you are talking about using top to find an httpd process with> high cpu? then how do i attach a debugger to it?
gdb /path/to/httpdattach pidwhere(replace pid with the process id obtained from top)http://httpd.apache.org/dev/debugging.html#backtrace
Joshua.-The official User-To-User support forum of the Apache HTTP Server Project.See 
http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]   "   from the digest: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] symbolic link question

2005-10-25 Thread Joe A 
if i want to make all apache requests that access
http://www.domain.com/folder/* to be redirected to
http://www.domain.com/someotherfolder/, is there a way i can do that
using symlinks and not have to edit apache.conf or make any .htaccess
files?

[EMAIL PROTECTED] [warn] (99)Cannot assign requested address: connect to listener on [::]:443

2005-10-26 Thread Joe A 
I noticed these entries in my Apache2 error_log file this
evening.  I would greatly appreciate it if someone could fill me
in as to what it means.


[Wed Oct 26 19:49:37 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443
[Wed Oct 26 21:02:36 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443
[Wed Oct 26 21:21:19 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443
[Wed Oct 26 22:29:14 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443
[Wed Oct 26 23:00:58 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443

-joe

[EMAIL PROTECTED] server health monitor web app?

2005-11-02 Thread Joe A 
anyone know of a good web app (open source preferably) that tells you
your server's vital signs and php execution time, mysql, etc ? 

[EMAIL PROTECTED] copy ssl cert from old machine to replacement machine?

2005-11-03 Thread Joe A 

i have a machine that has apache2 and ssl setup on domain.com

i
want to replace that machine with a new one ... do i have to request a
new certificate or is there an easy way to copy the certificate to the
new machine that will be replacing the old one as the server for
domain.com?

Re: [EMAIL PROTECTED] copy ssl cert from old machine to replacement machine?

2005-11-04 Thread Joe A 
it has a different ip right now, and the hostname is currently setup
as localhost.localdomain.

and after copying the files it says the site canot be trusted and it
says the certificate authority who issued the cert was
localhost.localdomain


so i guess i just need to change the ip and the hostname? i dont have
to do any kind of import procedure or anything?


On 11/4/05, Sean Brown <[EMAIL PROTECTED]> wrote:
> It's my understanding that the SSL Certificate is bound to the IP of
> the site, NOT the DNS name.  So if you're moving to a new machine AND
> changing the IP address, you may need to get your certificate
> recreated.  If you moving to a new machine, but keeping the IP
> address, you should be able to simply move the files as explained
> elsewhere in the thread.
>
>
> Sean
> '
>
> On 11/4/05, Boyle Owen <[EMAIL PROTECTED]> wrote:
> > Plain text please...
> >
> > The certificate is bound to the website - not the physical machine. The 
> > certificate is just a file like any other. You simply have to copy the file 
> > containing the certificate to the new machine.
> >
> > If you change the filestructure on the new machine, you need to define the 
> > path to the cert and key in the SSLCertificateFile and 
> > SSLCertificateKeyFile directives.
> >
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message may be ignored.
> >
> > -Original Message-
> > From: Joe A [mailto:[EMAIL PROTECTED]
> > Sent: Donnerstag, 3. November 2005 19:02
> > To: users@httpd.apache.org
> > Subject: [EMAIL PROTECTED] copy ssl cert from old machine to replacement 
> > machine?
> >
> >
> > i have a machine that has apache2 and ssl setup on domain.com
> >
> > i want to replace that machine with a new one ... do i have to request a 
> > new certificate or is there an easy way to copy the certificate to the new 
> > machine that will be replacing the old one as the server for domain.com?
> >
> > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
> > Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of 
> > a private and personal nature. It is not related to the exchange or 
> > business activities of the SWX Group. Le présent e-mail est un message 
> > privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
> >
> >
> > This message is for the named person's use only. It may contain 
> > confidential, proprietary or legally privileged information. No 
> > confidentiality or privilege is waived or lost by any mistransmission. If 
> > you receive this message in error, please notify the sender urgently and 
> > then immediately delete the message and any copies of it from your system. 
> > Please also immediately destroy any hardcopies of the message. You must 
> > not, directly or indirectly, use, disclose, distribute, print, or copy any 
> > part of this message if you are not the intended recipient. The sender's 
> > company reserves the right to monitor all e-mail communications through 
> > their networks. Any views expressed in this message are those of the 
> > individual sender, except where the message states otherwise and the sender 
> > is authorised to state them to be the views of the sender's company.
> >
> > -
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> >"   from the digest: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] copy ssl cert from old machine to replacement machine?

2005-11-06 Thread Joe A 
turns out apache was auto loading an ssl.conf from conf.d without me
knowing about it. im gona edit that file instead

-joe

On 11/4/05, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
> Sean Brown wrote:
> > It's my understanding that the SSL Certificate is bound to the IP of
> > the site, NOT the DNS name.
>
> Nonsense.  The certificate contains the DNS name in the X509 common-name
> field.  That's what must match.
>
> You might be thinking of ssh server keys?
>
> Bill
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Re: [warn] (99)Cannot assign requested address: connect to listener on [::]:443

2005-11-09 Thread Joe A 
noone has seen this before?On 10/26/05, Joe A <[EMAIL PROTECTED]> wrote:
I noticed these entries in my Apache2 error_log file this
evening.  I would greatly appreciate it if someone could fill me
in as to what it means.


[Wed Oct 26 19:49:37 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443
[Wed Oct 26 21:02:36 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443
[Wed Oct 26 21:21:19 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443
[Wed Oct 26 22:29:14 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443
[Wed Oct 26 23:00:58 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443

-joe

Re: [EMAIL PROTECTED] Re: [warn] (99)Cannot assign requested address: connect to listener on [::]:443

2005-11-09 Thread Joe A 
the parent process is running as root, the children are running as nobody.

how can i tell if i have IPv6 stack installed?  how can i tell if i have IPv6 apache? its 2.0.x

in phpinfo it says that openSSL is "OpenSSL/0.9.7a ipv6"
-joe
On 11/9/05, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
Are you starting as root? (it's a privilaged port).Do you have the IPv6 stack installed?  Is this an IPv6 build of httpd?Joe A wrote:> noone has seen this before?>> On 10/26/05, *Joe A* <
[EMAIL PROTECTED] [EMAIL PROTECTED]>> wrote:>> I noticed these entries in my Apache2 error_log file this evening.
> I would greatly appreciate it if someone could fill me in as to what> it means.>>> [Wed Oct 26 19:49:37 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443
> [Wed Oct 26 21:02:36 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443> [Wed Oct 26 21:21:19 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443
> [Wed Oct 26 22:29:14 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443> [Wed Oct 26 23:00:58 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443
>> -joe>>-The official User-To-User support forum of the Apache HTTP Server Project.See 
http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]   "   from the digest: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Re: [warn] (99)Cannot assign requested address: connect to listener on [::]:443

2005-11-09 Thread Joe A 
i did 
test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"and it printed out the text fine
On 11/9/05, Joe A <[EMAIL PROTECTED]> wrote:
the parent process is running as root, the children are running as nobody.

how can i tell if i have IPv6 stack installed?  how can i tell if i have IPv6 apache? its 2.0.x

in phpinfo it says that openSSL is "OpenSSL/0.9.7a ipv6"
-joe
On 11/9/05, William A. Rowe, Jr. <[EMAIL PROTECTED]
> wrote:
Are you starting as root? (it's a privilaged port).Do you have the IPv6 stack installed?  Is this an IPv6 build of httpd?Joe A wrote:> noone has seen this before?>> On 10/26/05, *Joe A* <
[EMAIL PROTECTED] 
[EMAIL PROTECTED]>> wrote:>> I noticed these entries in my Apache2 error_log file this evening.
> I would greatly appreciate it if someone could fill me in as to what> it means.>>> [Wed Oct 26 19:49:37 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443
> [Wed Oct 26 21:02:36 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443> [Wed Oct 26 21:21:19 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443
> [Wed Oct 26 22:29:14 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443> [Wed Oct 26 23:00:58 2005] [warn] (99)Cannot assign requested> address: connect to listener on [::]:443
>> -joe>>-The official User-To-User support forum of the Apache HTTP Server Project.See 

http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]

[users@httpd] Forwarding question.

2024-02-05 Thread joe a 
In a case where there is only one available incoming IP, is there a way, 
within apache, to host different domains, each on its own internal 
server, without requiring the external "calling browser" being any the 
wiser?  That is, without requiring the browser to "ask again" in a 
different manner?


Want to host a low volume (and low cost) family oriented site (not 
apache) without having to resort to additional static IP or move to an 
off site "hosted" service.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Forwarding question.

2024-02-05 Thread joe a 

On 2/5/2024 11:58:55, Frank Gingras wrote:



On Mon, Feb 5, 2024 at 11:55 AM joe a <mailto:joea-li...@j4computers.com>> wrote:


In a case where there is only one available incoming IP, is there a
way,
within apache, to host different domains, each on its own internal
server, without requiring the external "calling browser" being any the
wiser?  That is, without requiring the browser to "ask again" in a
different manner?

Want to host a low volume (and low cost) family oriented site (not
apache) without having to resort to additional static IP or move to an
off site "hosted" service.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>


All you need here is name-based vhosts, and reverse proxy to the 
internal server when needed.




Since I am not that experienced in apache configuation, I may have some 
simple questions.


In the modern scheme, should the modules required be specified in 
httpd.conf or in loadmodule.conf?   Does it really matter other than for 
consistency?


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Forwarding question.

2024-02-05 Thread joe a 

On 2/5/2024 13:24:22, Frank Gingras wrote:



On Mon, Feb 5, 2024 at 1:20 PM joe a <mailto:joea-li...@j4computers.com>> wrote:


On 2/5/2024 11:58:55, Frank Gingras wrote:
 >
 >
 > On Mon, Feb 5, 2024 at 11:55 AM joe a mailto:joea-li...@j4computers.com>
 > <mailto:joea-li...@j4computers.com
<mailto:joea-li...@j4computers.com>>> wrote:
 >
 >     In a case where there is only one available incoming IP, is
there a
 >     way,
 >     within apache, to host different domains, each on its own
internal
 >     server, without requiring the external "calling browser"
being any the
 >     wiser?  That is, without requiring the browser to "ask again"
in a
 >     different manner?
 >
 >     Want to host a low volume (and low cost) family oriented site
(not
 >     apache) without having to resort to additional static IP or
move to an
 >     off site "hosted" service.
 >
 >
 >   
  -

 >     To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
 >     <mailto:users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>>
 >     For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>
 >     <mailto:users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>>
 >
 >
 > All you need here is name-based vhosts, and reverse proxy to the
 > internal server when needed.
 >

Since I am not that experienced in apache configuation, I may have some
simple questions.

In the modern scheme, should the modules required be specified in
httpd.conf or in loadmodule.conf?   Does it really matter other than
for
consistency?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>


The config file name(s) do not matter, as long as you know what you 
added and where, and it makes sense for you.


Make sure additional config files are included with the Include 
directive, if you're creating a new file.


Woo Hoo!  Even I managed it.  And, as a bonus, the originally served 
stuff still works.  Well . . . so far.


Thanks much.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Forwarding question.

2024-02-08 Thread joe a 

On 2/5/2024 14:19:24, joe a wrote:

On 2/5/2024 13:24:22, Frank Gingras wrote:



On Mon, Feb 5, 2024 at 1:20 PM joe a <mailto:joea-li...@j4computers.com>> wrote:


    On 2/5/2024 11:58:55, Frank Gingras wrote:
 >
 >
 > On Mon, Feb 5, 2024 at 11:55 AM joe a mailto:joea-li...@j4computers.com>
 > <mailto:joea-li...@j4computers.com
    <mailto:joea-li...@j4computers.com>>> wrote:
 >
 >     In a case where there is only one available incoming IP, is
    there a
 >     way,
 >     within apache, to host different domains, each on its own
    internal
 >     server, without requiring the external "calling browser"
    being any the
 >     wiser?  That is, without requiring the browser to "ask again"
    in a
 >     different manner?
 >
 >     Want to host a low volume (and low cost) family oriented site
    (not
 >     apache) without having to resort to additional static IP or
    move to an
 >     off site "hosted" service.
 >
 >
 >  
 -

 >     To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
    <mailto:users-unsubscr...@httpd.apache.org>
 >     <mailto:users-unsubscr...@httpd.apache.org
    <mailto:users-unsubscr...@httpd.apache.org>>
 >     For additional commands, e-mail: users-h...@httpd.apache.org
    <mailto:users-h...@httpd.apache.org>
 >     <mailto:users-h...@httpd.apache.org
    <mailto:users-h...@httpd.apache.org>>
 >
 >
 > All you need here is name-based vhosts, and reverse proxy to the
 > internal server when needed.
 >

    Since I am not that experienced in apache configuation, I may have 
some

    simple questions.

    In the modern scheme, should the modules required be specified in
    httpd.conf or in loadmodule.conf?   Does it really matter other than
    for
    consistency?

    -
    To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
    <mailto:users-unsubscr...@httpd.apache.org>
    For additional commands, e-mail: users-h...@httpd.apache.org
    <mailto:users-h...@httpd.apache.org>


The config file name(s) do not matter, as long as you know what you 
added and where, and it makes sense for you.


Make sure additional config files are included with the Include 
directive, if you're creating a new file.


Woo Hoo!  Even I managed it.  And, as a bonus, the originally served 
stuff still works.  Well . . . so far.


Thanks much.




There are some issues accessing from off premises, that is, when 
requests are entering via the internet facing router.  Like 301 and 400 
errors.


Configuration is like this:

Internet router-> 
server-with-apache-redirect-to->server-eith-docker-nginx-reverse-proxy-acme-custom-app. 
The domain names are the same on each server.  Currently believe they 
must be for certificate generation and use.


The virtual host on apache is configured thusly:


 ServerName www.my-domain.com
 ServerAlias www.my-domain.org my-domain.com my-domain.org
 ProxyPass "/"  "http://www.my-domain.com/";
 ProxyPassReverse "/"  "http://my-domain.com/";


# SSLEngine ON
 ServerName www.my-domain.com
 ServerAlias www.my-domain.org my-domain.com my-domain.org
 ProxyPass "/"  "https://www.my-domain.com/";
 ProxyPassReverse "/"  "https://www.my-domain.com/";


On the apache server the hosts files is used to resolve the host names 
to the target server.


Where have I gone wrong?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Forwarding question.

2024-02-09 Thread joe a 

On 2/8/2024 23:58:07, Frank Gingras wrote:
. . .


There are some issues accessing from off premises, that is, when
requests are entering via the internet facing router.  Like 301 and 400
errors.

Configuration is like this:

Internet router->

server-with-apache-redirect-to->server-eith-docker-nginx-reverse-proxy-acme-custom-app.
The domain names are the same on each server.  Currently believe they
must be for certificate generation and use.

The virtual host on apache is configured thusly:


       ServerName www.my-domain.com 
       ServerAlias www.my-domain.org 
my-domain.com  my-domain.org

       ProxyPass "/"  "http://www.my-domain.com/
"
       ProxyPassReverse "/"  "http://my-domain.com/
"


#     SSLEngine ON
       ServerName www.my-domain.com 
       ServerAlias www.my-domain.org 
my-domain.com  my-domain.org

       ProxyPass "/"  "https://www.my-domain.com/
"
       ProxyPassReverse "/"  "https://www.my-domain.com/
"


On the apache server the hosts files is used to resolve the host names
to the target server.

Where have I gone wrong?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org

For additional commands, e-mail: users-h...@httpd.apache.org



Why are you using nginx at all in this set up?


The application, a FOSS project, provided a docker image to ease setup 
for internet access, that includes the app, nginx and an 
"acme-companion" for certificate generation.


I can add that the certificate, via the app and Lets Encrypt, seems to 
have generated and installed properly, which suggests the basic 
forwarding worked.


Also, if I hack the local dns to resolve to the nginx box rather than 
the apache box (avoiding the forward) things work fine.  Only when it 
resolves to the apache box, as would access via the internet router 
(which of course involves an IP forward) does the problem surface.





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] apache SSL cache?

2024-02-09 Thread joe a 

I have apache configured as a reverse SSL proxy.

Users connecting to the back end service are warned about the 
certificate, which, when installed shows the cert has the domains of the 
apache hosted site, not the proxy site. The apache hosted site/domains 
names have their own valid certificates.


It's LetsEncrypt via acme-companion (dockerized) and checking the status 
via the acme service shows the correct domain names.   I suspect the 
initial certificate was generated when I had some misconfiguration


Is apache caching the older cert or perhaps serving up it's own certificate?


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Forwarding question.

2024-02-09 Thread joe a 

On 2/8/2024 22:52:59, joe a wrote:

On 2/5/2024 14:19:24, joe a wrote:

On 2/5/2024 13:24:22, Frank Gingras wrote:



On Mon, Feb 5, 2024 at 1:20 PM joe a <mailto:joea-li...@j4computers.com>> wrote:


    On 2/5/2024 11:58:55, Frank Gingras wrote:
 >
 >
 > On Mon, Feb 5, 2024 at 11:55 AM joe a mailto:joea-li...@j4computers.com>
 > <mailto:joea-li...@j4computers.com
    <mailto:joea-li...@j4computers.com>>> wrote:
 >
 >     In a case where there is only one available incoming IP, is
    there a
 >     way,
 >     within apache, to host different domains, each on its own
    internal
 >     server, without requiring the external "calling browser"
    being any the
 >     wiser?  That is, without requiring the browser to "ask again"
    in a
 >     different manner?
 >
 >     Want to host a low volume (and low cost) family oriented site
    (not
 >     apache) without having to resort to additional static IP or
    move to an
 >     off site "hosted" service.
 >
 >
 > 
 -

 >     To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
    <mailto:users-unsubscr...@httpd.apache.org>
 >     <mailto:users-unsubscr...@httpd.apache.org
    <mailto:users-unsubscr...@httpd.apache.org>>
 >     For additional commands, e-mail: users-h...@httpd.apache.org
    <mailto:users-h...@httpd.apache.org>
 >     <mailto:users-h...@httpd.apache.org
    <mailto:users-h...@httpd.apache.org>>
 >
 >
 > All you need here is name-based vhosts, and reverse proxy to the
 > internal server when needed.
 >

    Since I am not that experienced in apache configuation, I may 
have some

    simple questions.

    In the modern scheme, should the modules required be specified in
    httpd.conf or in loadmodule.conf?   Does it really matter other than
    for
    consistency?


-

    To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
    <mailto:users-unsubscr...@httpd.apache.org>
    For additional commands, e-mail: users-h...@httpd.apache.org
    <mailto:users-h...@httpd.apache.org>


The config file name(s) do not matter, as long as you know what you 
added and where, and it makes sense for you.


Make sure additional config files are included with the Include 
directive, if you're creating a new file.


Woo Hoo!  Even I managed it.  And, as a bonus, the originally served 
stuff still works.  Well . . . so far.


Thanks much.




There are some issues accessing from off premises, that is, when 
requests are entering via the internet facing router.  Like 301 and 400 
errors.


Configuration is like this:

Internet router-> 
server-with-apache-redirect-to->server-eith-docker-nginx-reverse-proxy-acme-custom-app. The domain names are the same on each server.  Currently believe they must be for certificate generation and use.


The virtual host on apache is configured thusly:


  ServerName www.my-domain.com
  ServerAlias www.my-domain.org my-domain.com my-domain.org
  ProxyPass "/"  "http://www.my-domain.com/";
  ProxyPassReverse "/"  "http://my-domain.com/";


# SSLEngine ON
  ServerName www.my-domain.com
  ServerAlias www.my-domain.org my-domain.com my-domain.org
  ProxyPass "/"  "https://www.my-domain.com/";
  ProxyPassReverse "/"  "https://www.my-domain.com/";


On the apache server the hosts files is used to resolve the host names 
to the target server.


Where have I gone wrong?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


--

Adding "SSLProxyEngine on" to the vhost config seems to have been the issue.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] apache SSL cache?

2024-02-09 Thread joe a 

On 2/9/2024 12:58:15, joe a wrote:

I have apache configured as a reverse SSL proxy.

Users connecting to the back end service are warned about the 
certificate, which, when installed shows the cert has the domains of the 
apache hosted site, not the proxy site. The apache hosted site/domains 
names have their own valid certificates.


It's LetsEncrypt via acme-companion (dockerized) and checking the status 
via the acme service shows the correct domain names.   I suspect the 
initial certificate was generated when I had some misconfiguration


Is apache caching the older cert or perhaps serving up it's own 
certificate?



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



The "solution" seems to be to copy the cert files from the docker 
container, to the apache host and adjust the virtual host config to 
define and use them.


That is add:

SSLCertificateFile /some/local/dir.d/cert.file
SSLCertificateKeyFile /some/local/dir.d/key.file

That would not be an issue, but, every 90 days, give or take, this has 
to be done again.


Is there no better way?


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] certbot no longer working?

2025-02-18 Thread joe a 
Got an email this morning from LEt's Encrypt (perhaps their last?) that 
certs were to expire soon.


Checking logs, etc. seems like certbot was working fine for quite a 
while, with the last renew bring in December.  Expires in March.


No problems reported by apachectl configtest  or  apach2ectl configtest,

But /var/log/letsencyrpt.log shows, in part

. . .
2025-02-18 14:33:05,837:ERROR:certbot.util:Error while running apachectl 
configtest.


crypto/fips/fips.c:161: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
/usr/sbin/apachectl: line 83: 23935 Aborted (core 
dumped) $HTTPD -t


2025-02-18 
14:33:05,837:DEBUG:certbot._internal.plugins.disco:Misconfigured 
PluginEntryPoint#apache: Error while running apachectl configtest.


crypto/fips/fips.c:161: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
/usr/sbin/apachectl: line 83: 23935 Aborted (core 
dumped) $HTTPD -t

 . . .

I think these entries may be due to attempting to run certbot --apache 
from command line.  running certbot alone yells at me saying it could 
not configure the webserver.


Some place to start?  Obvious cause?

I configured this some time ago and, disuse and aging brain, leave me 
without a clue, currently.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org