Difference between revisions of "Apache Webserver"
Jump to navigation
Jump to search
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | __FORCETOC__ | |
+ | === Redirects for Browser with .htaccess === | ||
− | [[ Block Access to Subfolders wp-includes of Wordpress]] | + | ==== Redirect Browser by Language to other Websites ==== |
+ | Create a .htaccess at the Webspace and enter: | ||
+ | <pre> | ||
+ | <IfModule mod_rewrite.c> | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{HTTP:Accept-Language} ^de [NC] | ||
+ | RewriteRule ^$ /linux-support-deutsch [L,R=301] | ||
+ | RewriteRule ^$ /linux-support-english [L,R=301] | ||
+ | </IfModule> | ||
+ | </pre> | ||
+ | This will redir German and International Users to two | ||
+ | different Sites. | ||
+ | |||
+ | ==== Block Access to Subfolders wp-includes of Wordpress ==== | ||
+ | <pre> | ||
+ | <IfModule mod_rewrite.c> | ||
+ | RewriteEngine On | ||
+ | RewriteBase / | ||
+ | RewriteRule ^wp-admin/includes/ - [F,L] | ||
+ | RewriteRule !^wp-includes/ - [S=3] | ||
+ | RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | ||
+ | RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | ||
+ | RewriteRule ^wp-includes/theme-compat/ - [F,L] | ||
+ | </IfModule> | ||
+ | </pre> | ||
+ | |||
+ | === Analyses and Diagnostics === | ||
+ | |||
+ | ==== Apache Log analyse on Console ==== | ||
+ | create a bash script called apache-analyse.sh | ||
+ | enter: | ||
+ | <pre> | ||
+ | #!/bin/bash | ||
+ | cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c | ||
+ | exit 0 | ||
+ | </pre> | ||
+ | System Echos like this: | ||
+ | <pre> | ||
+ | 1573 www.domain2.de | ||
+ | 3568 www.domain3.de | ||
+ | .. | ||
+ | </pre> | ||
+ | |||
+ | ==== Analyse Spam Bots and block them ==== | ||
+ | get IP Adresses from Spambots (here xovibot) to update the Firewalls | ||
+ | do: | ||
+ | <pre> | ||
+ | sudo cat /var/log/apache2/access.log|grep xovibot.net| awk '{ print $2 }' | sort | uniq -c | sort -n > x.log | ||
+ | </pre> | ||
+ | System Echos: | ||
+ | <pre> | ||
+ | 46 212.224.119.143 | ||
+ | 52 185.53.44.101 | ||
+ | 54 212.224.119.140 | ||
+ | 59 185.53.44.104 | ||
+ | 62 212.224.119.142 | ||
+ | 71 185.53.44.102 | ||
+ | 75 185.53.44.103 | ||
+ | 80 185.53.44.67 | ||
+ | 80 212.224.119.141 | ||
+ | 83 185.53.44.68 | ||
+ | 87 185.53.44.43 | ||
+ | ... | ||
+ | </pre> | ||
+ | manual update to ufw firewall (can be done automatic too, but can take you offline for search engines if the do 404) | ||
+ | do: | ||
+ | <pre> | ||
+ | $sudo ufw insert 1 deny from 185.53.44.0/24 to any # insert rule | ||
+ | $sudo service ufw force-reload # force update firewall | ||
+ | $sudo ufw status numbered # test status | ||
+ | </pre> | ||
+ | |||
+ | == Load Balancer for virtual hosts with https == | ||
+ | |||
+ | * Enable apache24 proxy and ssl modules: | ||
+ | <pre> | ||
+ | $sudo a2enmod proxy proxy_balancer proxy_http ssl && service apache2 restart | ||
+ | </pre> | ||
+ | * Now create at /etc/apache2/sites-available | ||
+ | |||
+ | <pre> | ||
+ | <VirtualHost *:80> | ||
+ | ServerName linuxonlinehelp.de | ||
+ | ServerAlias www.linuxonlinehelp.de | ||
+ | RedirectPermanent / https://linuxonlinehelp.de/ | ||
+ | </VirtualHost> | ||
+ | |||
+ | <VirtualHost *:443> | ||
+ | ProxyRequests off #MAJOR!! | ||
+ | ServerName linuxonlinehelp.de | ||
+ | ServerAlias www.linuxonlinehelp.de | ||
+ | |||
+ | ProxyPreserveHost on | ||
+ | ProxyPass / balancer://linuxblog:443/ | ||
+ | ProxyPassReverse / balancer://linuxblog:443/ | ||
+ | |||
+ | <Proxy *> | ||
+ | Require all granted | ||
+ | </Proxy> | ||
+ | |||
+ | <Proxy balancer://linuxblog> | ||
+ | BalancerMember https://192.168.XXX.001 | ||
+ | BalancerMember https://192.168.XXX.002 | ||
+ | ProxySet lbmethod=byrequests | ||
+ | </Proxy> | ||
+ | SSLProxyEngine on | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/ssl/cert.pem | ||
+ | SSLCertificateKeyFile /etc/ssl/privkey.pem | ||
+ | SSLCACertificateFile /etc/ssl/fullchain.pem | ||
+ | </VirtualHost> | ||
+ | </pre> | ||
+ | |||
+ | * enable the Config with: | ||
+ | <pre> | ||
+ | $sudo a2ensite linuxblog.conf && service apache2 restart | ||
+ | </pre> | ||
+ | |||
+ | Remark: | ||
+ | * Disable ALWAYS!! the Balance Manager for Security Reasons over apache2.conf | ||
+ | * Check ALWAYS the Apache Logs for Errors! on both Balance Member Servers!! | ||
+ | |||
+ | == Dump Dynamic Webpage to Static HTML Website for Embedded Webservers (Raspberry Pi without MYSQL) == | ||
+ | Drupal Dump to tmp (tmpfs Ramdisk) for lighttpd/apache2 serving /tmp/web on FAST I/O : | ||
+ | <pre> | ||
+ | cd /tmp/web | ||
+ | wget -q --mirror -p --adjust-extension -e robots=off --base=./ -k -P ./ https://www.my-domain.org | ||
+ | </pre> |
Latest revision as of 07:11, 24 October 2017
Redirects for Browser with .htaccess
Redirect Browser by Language to other Websites
Create a .htaccess at the Webspace and enter:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP:Accept-Language} ^de [NC] RewriteRule ^$ /linux-support-deutsch [L,R=301] RewriteRule ^$ /linux-support-english [L,R=301] </IfModule>
This will redir German and International Users to two different Sites.
Block Access to Subfolders wp-includes of Wordpress
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule>
Analyses and Diagnostics
Apache Log analyse on Console
create a bash script called apache-analyse.sh enter:
#!/bin/bash cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c exit 0
System Echos like this:
1573 www.domain2.de 3568 www.domain3.de ..
Analyse Spam Bots and block them
get IP Adresses from Spambots (here xovibot) to update the Firewalls do:
sudo cat /var/log/apache2/access.log|grep xovibot.net| awk '{ print $2 }' | sort | uniq -c | sort -n > x.log
System Echos:
46 212.224.119.143 52 185.53.44.101 54 212.224.119.140 59 185.53.44.104 62 212.224.119.142 71 185.53.44.102 75 185.53.44.103 80 185.53.44.67 80 212.224.119.141 83 185.53.44.68 87 185.53.44.43 ...
manual update to ufw firewall (can be done automatic too, but can take you offline for search engines if the do 404) do:
$sudo ufw insert 1 deny from 185.53.44.0/24 to any # insert rule $sudo service ufw force-reload # force update firewall $sudo ufw status numbered # test status
Load Balancer for virtual hosts with https
- Enable apache24 proxy and ssl modules:
$sudo a2enmod proxy proxy_balancer proxy_http ssl && service apache2 restart
- Now create at /etc/apache2/sites-available
<VirtualHost *:80> ServerName linuxonlinehelp.de ServerAlias www.linuxonlinehelp.de RedirectPermanent / https://linuxonlinehelp.de/ </VirtualHost> <VirtualHost *:443> ProxyRequests off #MAJOR!! ServerName linuxonlinehelp.de ServerAlias www.linuxonlinehelp.de ProxyPreserveHost on ProxyPass / balancer://linuxblog:443/ ProxyPassReverse / balancer://linuxblog:443/ <Proxy *> Require all granted </Proxy> <Proxy balancer://linuxblog> BalancerMember https://192.168.XXX.001 BalancerMember https://192.168.XXX.002 ProxySet lbmethod=byrequests </Proxy> SSLProxyEngine on SSLEngine on SSLCertificateFile /etc/ssl/cert.pem SSLCertificateKeyFile /etc/ssl/privkey.pem SSLCACertificateFile /etc/ssl/fullchain.pem </VirtualHost>
- enable the Config with:
$sudo a2ensite linuxblog.conf && service apache2 restart
Remark:
- Disable ALWAYS!! the Balance Manager for Security Reasons over apache2.conf
- Check ALWAYS the Apache Logs for Errors! on both Balance Member Servers!!
Dump Dynamic Webpage to Static HTML Website for Embedded Webservers (Raspberry Pi without MYSQL)
Drupal Dump to tmp (tmpfs Ramdisk) for lighttpd/apache2 serving /tmp/web on FAST I/O :
cd /tmp/web wget -q --mirror -p --adjust-extension -e robots=off --base=./ -k -P ./ https://www.my-domain.org