Difference between revisions of "Apache Webserver"

From wiki.linuxonlinehelp.eu
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
__FORCETOC__
 
__FORCETOC__
== Redirects for Browser with .htaccess ==
+
=== Redirects for Browser with .htaccess ===
  
=== Redirect Browser by Language to other Websites ===
+
==== Redirect Browser by Language to other Websites ====
 
Create a .htaccess at the Webspace and enter:
 
Create a .htaccess at the Webspace and enter:
 
<pre>
 
<pre>
Line 15: Line 15:
 
different Sites.
 
different Sites.
  
=== Block Access to Subfolders wp-includes of Wordpress ===
+
==== Block Access to Subfolders wp-includes of Wordpress ====
 
<pre>
 
<pre>
 
<IfModule mod_rewrite.c>
 
<IfModule mod_rewrite.c>
Line 26: Line 26:
 
RewriteRule ^wp-includes/theme-compat/ - [F,L]
 
RewriteRule ^wp-includes/theme-compat/ - [F,L]
 
</IfModule>
 
</IfModule>
 +
</pre>
 +
 +
=== Analyses and Diagnostics ===
 +
 +
==== Apache Log analyse on Console ====
 +
create a bash script called apache-analyse.sh
 +
enter:
 +
<pre>
 +
#!/bin/bash
 +
cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c
 +
exit 0
 +
</pre>
 +
System Echos like this:
 +
<pre>
 +
1573  www.domain2.de
 +
3568  www.domain3.de
 +
..
 +
</pre>
 +
 +
==== Analyse Spam Bots and block them ====
 +
get IP Adresses from Spambots (here xovibot) to update the Firewalls
 +
do:
 +
<pre>
 +
sudo cat /var/log/apache2/access.log|grep xovibot.net| awk '{ print $2 }' | sort | uniq -c | sort -n > x.log
 +
</pre>
 +
System Echos:
 +
<pre>
 +
    46 212.224.119.143
 +
    52 185.53.44.101
 +
    54 212.224.119.140
 +
    59 185.53.44.104
 +
    62 212.224.119.142
 +
    71 185.53.44.102
 +
    75 185.53.44.103
 +
    80 185.53.44.67
 +
    80 212.224.119.141
 +
    83 185.53.44.68
 +
    87 185.53.44.43
 +
    ...
 +
</pre>
 +
manual update to ufw firewall (can be done automatic too, but can take you offline for search engines if the do 404)
 +
do:
 +
<pre>
 +
$sudo ufw insert 1 deny from 185.53.44.0/24 to any      # insert rule
 +
$sudo service ufw force-reload                          # force update firewall
 +
$sudo ufw status numbered                                # test status
 +
</pre>
 +
 +
== Load Balancer for virtual hosts with https ==
 +
 +
* Enable apache24 proxy and ssl modules:
 +
<pre>
 +
$sudo a2enmod proxy proxy_balancer proxy_http ssl && service apache2 restart
 +
</pre>
 +
* Now create at /etc/apache2/sites-available
 +
 +
<pre>
 +
<VirtualHost *:80>
 +
ServerName linuxonlinehelp.de
 +
ServerAlias www.linuxonlinehelp.de
 +
RedirectPermanent / https://linuxonlinehelp.de/
 +
</VirtualHost>
 +
 +
<VirtualHost *:443>
 +
ProxyRequests off  #MAJOR!!
 +
ServerName linuxonlinehelp.de
 +
ServerAlias www.linuxonlinehelp.de
 +
 +
ProxyPreserveHost on
 +
ProxyPass / balancer://linuxblog:443/
 +
ProxyPassReverse / balancer://linuxblog:443/
 +
 +
<Proxy *>
 +
Require all granted
 +
</Proxy>
 +
 +
<Proxy balancer://linuxblog>
 +
                BalancerMember https://192.168.XXX.001
 +
                BalancerMember https://192.168.XXX.002
 +
                ProxySet lbmethod=byrequests
 +
</Proxy>
 +
SSLProxyEngine on
 +
SSLEngine on
 +
SSLCertificateFile    /etc/ssl/cert.pem
 +
SSLCertificateKeyFile  /etc/ssl/privkey.pem
 +
SSLCACertificateFile  /etc/ssl/fullchain.pem
 +
</VirtualHost>
 +
</pre>
 +
 +
* enable the Config with:
 +
<pre>
 +
$sudo a2ensite linuxblog.conf && service apache2 restart
 +
</pre>
 +
 +
Remark:
 +
* Disable ALWAYS!! the Balance Manager for Security Reasons over apache2.conf
 +
* Check ALWAYS the Apache Logs for Errors! on both Balance Member Servers!!
 +
 +
== Dump Dynamic Webpage to Static HTML Website for Embedded Webservers (Raspberry Pi without MYSQL) ==
 +
Drupal Dump to tmp (tmpfs Ramdisk) for lighttpd/apache2 serving /tmp/web on FAST I/O :
 +
<pre>
 +
cd /tmp/web
 +
wget -q --mirror -p --adjust-extension -e robots=off --base=./ -k -P ./ https://www.my-domain.org
 
</pre>
 
</pre>

Latest revision as of 07:11, 24 October 2017

Redirects for Browser with .htaccess

Redirect Browser by Language to other Websites

Create a .htaccess at the Webspace and enter:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Accept-Language} ^de [NC]
RewriteRule ^$ /linux-support-deutsch [L,R=301]
RewriteRule ^$ /linux-support-english [L,R=301]
</IfModule>

This will redir German and International Users to two different Sites.

Block Access to Subfolders wp-includes of Wordpress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

Analyses and Diagnostics

Apache Log analyse on Console

create a bash script called apache-analyse.sh enter:

#!/bin/bash
cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c
exit 0

System Echos like this:

1573  www.domain2.de
3568  www.domain3.de
..

Analyse Spam Bots and block them

get IP Adresses from Spambots (here xovibot) to update the Firewalls do:

sudo cat /var/log/apache2/access.log|grep xovibot.net| awk '{ print $2 }' | sort | uniq -c | sort -n > x.log

System Echos:

     46 212.224.119.143
     52 185.53.44.101
     54 212.224.119.140
     59 185.53.44.104
     62 212.224.119.142
     71 185.53.44.102
     75 185.53.44.103
     80 185.53.44.67
     80 212.224.119.141
     83 185.53.44.68
     87 185.53.44.43
     ...

manual update to ufw firewall (can be done automatic too, but can take you offline for search engines if the do 404) do:

$sudo ufw insert 1 deny from 185.53.44.0/24 to any       # insert rule
$sudo service ufw force-reload                           # force update firewall
$sudo ufw status numbered                                # test status

Load Balancer for virtual hosts with https

  • Enable apache24 proxy and ssl modules:
$sudo a2enmod proxy proxy_balancer proxy_http ssl && service apache2 restart
  • Now create at /etc/apache2/sites-available
<VirtualHost *:80>
ServerName linuxonlinehelp.de
ServerAlias www.linuxonlinehelp.de
RedirectPermanent / https://linuxonlinehelp.de/
</VirtualHost>

<VirtualHost *:443>
ProxyRequests off  #MAJOR!!
ServerName linuxonlinehelp.de
ServerAlias www.linuxonlinehelp.de

ProxyPreserveHost on
ProxyPass / balancer://linuxblog:443/
ProxyPassReverse / balancer://linuxblog:443/

<Proxy *>
Require all granted
</Proxy>

<Proxy balancer://linuxblog>
                BalancerMember https://192.168.XXX.001 
                BalancerMember https://192.168.XXX.002 
                ProxySet lbmethod=byrequests
</Proxy>
SSLProxyEngine on
SSLEngine on
SSLCertificateFile     /etc/ssl/cert.pem
SSLCertificateKeyFile  /etc/ssl/privkey.pem
SSLCACertificateFile   /etc/ssl/fullchain.pem
</VirtualHost>
  • enable the Config with:
$sudo a2ensite linuxblog.conf && service apache2 restart

Remark:

  • Disable ALWAYS!! the Balance Manager for Security Reasons over apache2.conf
  • Check ALWAYS the Apache Logs for Errors! on both Balance Member Servers!!

Dump Dynamic Webpage to Static HTML Website for Embedded Webservers (Raspberry Pi without MYSQL)

Drupal Dump to tmp (tmpfs Ramdisk) for lighttpd/apache2 serving /tmp/web on FAST I/O :

cd /tmp/web
wget -q --mirror -p --adjust-extension -e robots=off --base=./ -k -P ./ https://www.my-domain.org