Currently Viewing Posts Tagged Apache

Apache OpenOffice 4.1.3 Release

It is almost one year after Apache OpenOffice 4.1.2, which released in October 2015. Now I found 4.1.3 is released on October 12, 2016.

A lot of people said that Apache OpenOffice Project Could End. The main reasons are no enough developer, security vulnerabilities can not be fixed in reasonable time frame.

During past three years, Apache OpenOffice Project released only three maintenance version. The main competitor, LibreOffice has 14 releases in 2015.  Based on the requirement from ASF, at least one release per month is minimum.

I used Apache OpenOffice many years. I can not remember when I switch to LibreOffice. Maybe 2014.

Even I use  LibreOffice for two years. I still hope Apache OpenOffice can continue developing its new version. I believe competition makes a better world, including software we use.

apacheopenoffice413

New Apache OpenOffice can be download here. Release notes here.

Continue reading “Apache OpenOffice 4.1.3 Release”

SSL added

To provide higher security and better privacy protection, I added SSL certificate on my Blog, here.

When you enter the url of my blog: http:///www.yinfor.com/, it will redirect you to the SSL version, https://www.yinfor.com/

The certificate is purchased from gogetssl.com , three years certificate of Comodo PositiveSSL.

The latest price is $13.15/3years.

comodo_secure_100x85_white

Look at the comodo secure lock, it is a site seal.

Continue reading “SSL added”

The way to fix the problem when Upgrade phpBB 3.1.1

It is so fast, phpBB 3.1.1 released.

I did meet the problem when I tried to upgrade my phpBB 3.0.12 to 3.1.0 or 3.1.1. Same problem here.

One is mentioned in the previous post.

Request-URI Too Large when updating

I copied the URI when this error came. I found the URI is so long. More than 8190 characters.

So, I tried to change it to 11000. Restart the Apache server.

LimitRequestLine 11000

It works. And this error doesn’t come back.

 

Later, during the process of preparing the merged file, another error shown as below.

Bad Request 
Your browser sent a request that this server could not understand. 
Size of a request header field exceeds serv

I thought it is a simlar error as the first one. So I google it and add the limit .

LimitRequestFieldSize 16380

 

Continue reading “The way to fix the problem when Upgrade phpBB 3.1.1”

Disable SSLv2 and SSLv3 in Apache

As we always disable SSLv2 in Apache. Now it is SSLv3 turn. The recent news about the SSL 3 vulnerability is so important that I have to disable it as well.

So just modify the ssl.conf of Apache

[ssh]SSLProtocol All -SSLv2 -SSLv3[/ssh]

The web site still has TLS 1.0, TLS 1.1 and TLS 1.2. For most of the browser working on the users computer, TLS is good enough. The only exception is IE 6.0 on Windows XP.

I am not worrying about it. Just forget the users who are still using IE 6.

ie6-disable

Refer to Security Labs article.

 

Install Multiple Version of PHP on CentOS 6.5 as Fastcgi

It is a guide of how to install multiple version of PHP on CentOS 6.5 64bit. All different PHP as fastcgi.
It is works on Apache, one web server, each virtualhost has its own different php version support.

0) Prepare the testing environment

Disable SELinux and stop iptables. It is for testing environment. For production machine, you should implement firewall carefully.

setenforce 0
service iptables stop

1) Enable rpmforge and epel yum repository

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

2) Install required dev packages and Apache, mod_fcgid

yum install gcc libxml2-devel bzip2-devel zlib-devel \
    curl-devel libmcrypt-devel libjpeg-devel \
    libpng-devel gd-devel mysql-devel
yum install httpd mod_fcgid 

3) Create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on
/etc/init.d/httpd restart 

4) Compile and install php 5.5.12

wget http://us1.php.net/get/php-5.5.12.tar.gz/from/this/mirror
tar -xvzf mirror
cd php-5.5.12
./configure --prefix=/usr/local/php55 \
    --with-config-file-path=/etc/php55 \
    --with-config-file-scan-dir=/etc/php55/php.d \
    --with-libdir=lib64 \
    --with-mysql \
    --with-mysqli \
    --enable-mbstring \
    --disable-debug \
    --disable-rpath \
    --with-bz2 \
    --with-curl \
    --with-gettext \
    --with-iconv \
    --with-openssl \
    --with-gd \
    --with-mcrypt \
    --with-pcre-regex \
    --with-zlib \
    --enable-cgi
make 
make install
mkdir /etc/php55
cp php.ini-production /etc/php55/php.ini

Edit php.ini

vi /etc/php55/php.ini

Add the following in the end of the file

cgi.fix_pathinfo = 1

Restart Apache

service httpd restart

5) Creating Vhosts For web1.example.com

5.1) Create user and group

groupadd web1
useradd -s /bin/false -d /var/www/web1 -m -g web1 web1
chmod 755 /var/www/web1

5.2) Then we create the document roots and make them owned by the users/groups web1:

mkdir -p /var/www/web1/web
chown web1:web1 /var/www/web1/web

5.3) We will run PHP using suExec; suExec’s document root is /var/www, as the following command shows:

[root@localhost ~]# /usr/sbin/suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="apache"
 -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=500
 -D AP_USERDIR_SUFFIX="public_html"

5.4) create the wrapper scripts in subdirectories of /var/www/php-fcgi-scripts

mkdir -p /var/www/php-fcgi-scripts/web1
vi /var/www/php-fcgi-scripts/web1/php-fcgi-starter

Enter following into php-fcgi-starter

#!/bin/sh
PHPRC=/etc/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=8
exec /usr/local/php55/bin/php-cgi

5.5) The php-fcgi-starter scripts must be executable, and they (and the directories they are in) must be owned by the web site’s user and group:

chmod 755 /var/www/php-fcgi-scripts/web1/php-fcgi-starter
chown -R web1:web1 /var/www/php-fcgi-scripts/web1

5.6) Create Vhost for web1.example.com

vi /etc/httpd/conf/httpd.conf
[...]
NameVirtualHost *:80

<VirtualHost *:80>
  ServerName web1.example.com
  DocumentRoot /var/www/web1/web/

  <IfModule mod_fcgid.c>
    SuexecUserGroup web1 web1
    <Directory /var/www/web1/web/>
      Options +ExecCGI
      AllowOverride All
      AddHandler fcgid-script .php
      FCGIWrapper /var/www/php-fcgi-scripts/web1/php-fcgi-starter .php
      Order allow,deny
      Allow from all
    </Directory>
  </IfModule>

  # ErrorLog /var/log/apache2/error.log
  # CustomLog /var/log/apache2/access.log combined
  ServerSignature Off

</VirtualHost>

Restart Apache

service httpd restart

5.7) Now we create a small PHP test file

vi /var/www/web1/web/info.php

Add following content into it.

<?php
phpinfo();
?>

6) In Browser, you can see following infomation page.
web1-php55-fastcgi

 

7) Compile and install php 5.4.28 and php 5.3.28

Repeat the step 4, 5, and 6. Just change something respect to php 5.4.28 and php5.3.28.

7.1) php 5.4.28

http://us1.php.net/get/php-5.4.28.tar.gz/from/this/mirror

web2.example.com

/usr/local/php54

/etc/php54

user web2

group web2

web2-php54-fastcgi

 

7.2) php 5.3.28

http://us1.php.net/get/php-5.3.28.tar.gz/from/this/mirror

web3.example.com

/usr/local/php53

/etc/php53

user web3

group web3

web3-php53-fastcgi

Then, I have three hosts on the same one Apache web server at CentOS 6.5 64bit server.

Each host has its own php version installed, from 5.3 to 5.5.

So, you can use the above as a template.

How to Disable ETags in Apache httpd.conf

What are ETags?

ETag is a standard used for determining whether the client (web browser) already has the latest version. If it has, it’s simply loaded from local cache. If not, the new version is requested.

An ETag is a hash generated based on either the inode number, the last modified time and / or the size (in bytes) of a file. The default behaviour in Apache webserver is to use all properties to generate the ETag.

 

What’s the problem with ETags?

Although etags do no harm in a single server set-up, it is harmful when you have multiple servers replication the served files. The problem is that the generated ETags most likely differ per server. So when the client re-requests an un-updated file on a different server than the last time the ETags do not much and a new version is requested, while this would not be necessary. This hurts performance (page load). You can find more information about this in the ‘Configure ETags‘ article on the Yahoo Developer Network.

How To Disable ETags in httpd.conf

To disable the use of ETags in the Apache webserver simply put the following FileETag directive in your httpd.conf:

FileETag none

This will disabled the use of ETags completely.

 

Webmin update to 1.64

Yesterday, when I sign in one of my VPS webmin control panel, it displayed an upgrade button. Look at the folowwing screen shot and just click the button underneath, Upgrade Webmin Now.
It is a update with new features and bug fixes. Worth to upgrade.
webmin.163
Then, I click Upgrade Webmin Now button to upgade Webmin from 1.630 to 1.640. see following release notes of this new version of Webmin.

Version 1.640 (13th August 2013)

  • Even more German translation updates thanks to Raymond Vetter, Norwegian updates thanks to Stein-Aksel Basma, Polish from Piotr Kozica, and Catalan from Jaume Badiella.
  • UI consistency improvements in the Linux Firewall and Xinetd modules.
  • Support for new Apache 2.4 features, such as IncludeOptional, the removal of NameVirtualHost and use of apachectl to get enabled modules.
  • Improved error detection and better handling of disks that don’t start on cylinder 1 in the Fdisk module.
  • Support for growing a logical volume to the maximum size possible in the LVM module.
  • Fixes for total and free memory detection under OpenVZ / Virtuozzo.
  • Mandriva Linux improvements in the Bootup and Shutdown and other modules.
  • Fix for a bug that could cause /etc/webmin to be deleted following a failed upgrade on Debian.
  • Improved support for FreeBSD 8, bringing it into sync with FreeBSD 9.

Continue reading “Webmin update to 1.64”

How to enable GBK encoding

The situation is WebPage was made by GBK encoding. GBK is one of the Chinese Encoding.
When the browser loading the page, it always return UTF-8.
It should be GBK.
I checked the head of the webpage.

content=”text/html; charset=gb2312″

Different browsers tested. All failed.
How to fix this problem and let the server feedback the GBK/GB2312 code?

Continue reading “How to enable GBK encoding”

Three steps to make your own VPS

It is not that easy for a newbie to make a workable VPS by himself.
I have three year experience on VPS. I can make it as simple as possible to show you how to do it in three steps.
0) THIS STEP IS NOT COUNTED.
You need a VPS at least. I recommend BurstNet. The price is good. The service is OK per price.
After you order your own VPS and paid the invoice, you probably get the email in 8 hours for your account information.
You have panel and ssh account.
Went to panel and rebuild your VPS by choosing Centos 5 minimum OS template.
Now it is my three steps
1) Step 1
SSH your VPS by root user. Enter following command to install httpd

yum install httpd-devel

2) Step 2
Install MySQL server, and start MySQL server.

yum install mysql mysql-server mysql-devel
/etc/init.d/mysqld start

3) Step 3

Continue reading “Three steps to make your own VPS”

  • Archives