Apache
Installation on Ubuntu
How To Set Up Apache Virtual Hosts on Ubuntu 14.04/16.04
- Install apache2 (sudo apt-get install apache2)
- Create the directory structure (sudo mkdir -p /var/www/example.com/public_html)
- Grant Permissions (sudo chown -R $USER:$USER /var/www/example.com/public_html)
- Create Demo Pages for Each Virtual Host (nano /var/www/example.com/public_html/index.html)
- Create a virtual host (sudo nano /etc/apache2/sites-available/example.com.conf)
- Enable a virtual host (sudo a2ensite example.com.conf)
Cloudflare
- SSH service and R Shiny service should use DNS only (no HTTP proxy).
- Remember on Ubuntu we should open the necessary port using ufw.
SSL certificate vs key
- https://superuser.com/questions/620121/what-is-the-difference-between-a-certificate-and-a-key-with-respect-to-ssl
- http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html
- https://en.wikipedia.org/wiki/Public_key_certificate
Disable SSL
- sudo nano /etc/apache2/sites-available/default-ssl.conf and change SSLEngine flag from on to off
- sudo nano /etc/apache2/ports.conf and comment out sections containing port 443
- sudo service apache2 restart
At this time, if I install Let's Encrypt I'll get an error message
$ sudo certbot --apache -d DOMAINAME Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for taichimd.us Waiting for verification... Cleaning up challenges Failed authorization procedure. DOMAINNAME (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XX.XX:443 for tls-sni-01 challenge Domain: DOMAINNAME Type: connection Detail: Failed to connect to XX.XXX.XX.XX:443 for tls-sni-01 challenge To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Let's Encrypt
- User Guide
- How it works
- Let's Encrypt DNS Challenge
- Cloudflare
- Install Apache2 HTTP Server on Ubuntu 18.04 LTS with Let’s Encrypt Free SSL/TLS Certificates (Step-by-step)
- Let’s Encrypt wildcard certificate with Certbot (Cover in more detail including setting up a TXT record at your DNS provider, virtualhost configuration, Configuring http to https redirect, acme-dns, and so on.
- Getting started with acme.sh Let's Encrypt SSL client
- How to manage Let's Encrypt SSL/TLS certificates with certbot
Apache with Let's Encrypt
It seems a real working domain is needed to install Let's Encrypt.
- Download the Let’s Encrypt Client
- Set Up the SSL Certificate
- Set Up Auto Renewal
To check the certificate expiration date, run sudo certbot certificates
For some reason (related to the Challenge type), my domain is verified by cloudflare instead of let's encrypt. I receive an email reminding the expiration before 20 days. I can manually run sudo certbot renew --dry-run --preferred-challenges http to renew my certificate (remove the option --dry-run to make the command effective).
Configuration file
/etc/letsencrypt/renewal/DOMAIN_NAME.conf
Nginx with Let's Encrypt
How to Install Nginx with Let's encrypt and get A+ from SSLLabs Test
Installing fail2ban
- https://www.raspberrypi.org/documentation/configuration/security.md
- http://linux-sys-adm.com/ubuntu-16.04-lts-how-to-configure-firewall-iptables-fail2ban/
- How To Protect SSH and Apache Using Fail2Ban on Ubuntu Linux. Note: the text is better viewed by using the "Kindle Preview & Send" extension. It also shows how to test Fail2Ban for failed Login Attempts and for Apache DOS Attack.
Secure an Ubuntu server
How to secure an Ubuntu 16.04 LTS server - Part 1 The Basics
Optimize Apache on Ubuntu
https://thishosting.rocks/how-to-install-optimize-apache-ubuntu/
- Check if Apache is running
systemctl status apache2
- check what version you’re using with
apachectl -V
- Update your firewall. To allow traffic through both the 80 (http) and 443 (https) ports.
ufw allow 'Apache Full'
Install common Apache modules
- Speed up your website with the PageSpeed module
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb dpkg -i mod-pagespeed-stable_current_amd64.deb apt-get -f install systemctl restart apache2
- Mod_pagespeed: How to Install and Configure mod_pagespeed Module with Apache on Ubuntu 18.04 LTS
- Enable rewrites/redirects using the mod_rewrite module
a2enmod rewrite systemctl restart apache2
- Secure your Apache with the ModSecurity module
apt-get install libapache2-modsecurity systemctl restart apache2
- Block DDoS attacks using the mod_evasive module
apt-get install libapache2-mod-evasive nano /etc/apache2/mods-enabled/evasive.conf
Optimize Apache with the Apache2Buddy script
apt-get install curl curl -sL https://raw.githubusercontent.com/richardforth/apache2buddy/master/apache2buddy.pl | perl
CentOS
- Genome desktop + Development tools
- http://www.dataarchitect.cloud/how-to-install-apache-php-7-1-and-mysql-on-centos-7-3-lamp/
Apache2 Structure
/etc/apache2/ |-- apache2.conf |-- envvars |-- httpd.conf |-- magic |-- ports.conf |-- conf-enabled | `-- *.conf |-- mods-available | |-- *.load | `-- *.conf |-- mods-enabled | |-- *.load | `-- *.conf |-- sites-available | default, default-ssl |-- sites-enabled | |-- 000-default # points to ../sites-available/default | `-- default-ssl # points to ../sites-available/default-ssl |-- ssl | *.crt, *.key
- apache2.conf is the main configuration file. It puts the pieces together by including all remaining configuration files when starting up the web server.
- ports.conf is always included from the main configuration file. It is used to determine the listening ports for incoming connections, and this file can be customized anytime.
- Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ directories contain particular configuration snippets which manage modules, global configuration fragments, or virtual host configurations, respectively.
- They are activated by symlinking available configuration files from their respective *-available/ counterparts. These should be managed by using our helpers a2enmod, a2dismod, a2ensite, a2dissite, and a2enconf, a2disconf . See their respective man pages for detailed information.
- The binary is called apache2. Due to the use of environment variables, in the default configuration, apache2 needs to be started/stopped with /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not work with the default configuration.
Document Root
By default, Ubuntu does not allow access through the web browser to any file apart of those located in /var/www, public_html directories (when enabled) and /usr/share (for web applications). If your site is using a web document root located elsewhere (such as in /srv) you may need to whitelist your document root directory in /etc/apache2/apache2.conf.
The default Ubuntu document root is /var/www/html (Ubuntu 14.04) or /var/www (Ubuntu 12.04). You can make your own virtual hosts under /var/www. This is different to previous releases which provides better security out of the box. In my case, the document roots for http and https are specified in the files
Important files
- http://www.basicconfig.com/linuxnetwork/ubuntu_web_server_setup Good cover
- http://www.htpcbeginner.com/how-to-setup-apache-web-server-on-ubuntu/2/. It includes how to set up DNS, running multiple websites
- How To Set Up Apache Virtual Hosts on Ubuntu 12.04 LTS from digitalocean.com. It teaches how to create a new virtual host file (instead of using the default one).
/etc/apache2/apache2.conf (important)
Main configuration file
/etc/apache2/httpd.conf
By default, this file is empty
/etc/apache2/envvars
/etc/apache2/ports.conf (important)
NameVirtualHost *:80 Listen 80 <IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
/etc/apache2/mods-available/
Contains all the modules installed for your server.
/etc/apache2/mods-enabled/
Symbolic link in this directory that refers to the module file in /mods-available above to enable it.
/etc/apache2/sites-available/ (important)
Stores all the configuration files for the web sites serviced by Apache server. By default, only one file available, a default virtual host configuration file.
/etc/apache2/sites-available/default
This is the place to set up the document root for http port 80.
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName taichimd.us DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ... </VirtualHost>
/etc/apache2/sites-available/default-ssl
This is the place to set up the document root for https port 443.
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost ServerName taichimd.us DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ... # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /FullPathTo/CAName.crt SSLCertificateKeyFile /FullPathTo/KeyName.key SSLCACertificateFile "/FullPathTo/bundle.crt" ... </VirtualHost>
/etc/apache2/sites-enabled/
Create a symbolic link to enable sites in /etc/apache2/sites-available.
udooer@udoo:~$ ls -l /etc/apache2/sites-enabled/ total 0 lrwxrwxrwx 1 root root 35 Dec 24 13:44 000-default.conf -> ../sites-available/000-default.conf
/etc/apache2/conf-available/, /etc/apache2/conf-enabled/
In UDOO, the dashboard webpage is pre-installed and the directory /var/www/html is empty. In Beaglebone, the apache is pre-installed (http://localhost/bone101/Support/bone101/) and /var/www/html is empty.
These directories have the same relationship as the sites-available and sites-enabled directories, but are used to store configuration fragments that do not belong in a Virtual Host. Files in the conf-available directory can be enabled with the a2enconf command and disabled with the a2disconf command.
udooer@udoo:~$ ls -lah /etc/apache2/conf-enabled/ total 8.0K drwxr-xr-x 2 root root 4.0K Dec 25 08:15 . drwxr-xr-x 8 root root 4.0K Dec 24 13:44 .. lrwxrwxrwx 1 root root 30 Dec 24 13:44 charset.conf -> ../conf-available/charset.conf lrwxrwxrwx 1 root root 40 Dec 25 08:13 javascript-common.conf -> ../conf-available/javascript-common.conf lrwxrwxrwx 1 root root 44 Dec 24 13:44 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf lrwxrwxrwx 1 root root 46 Dec 24 13:44 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf lrwxrwxrwx 1 root root 33 Dec 25 08:15 phpmyadmin.conf -> ../conf-available/phpmyadmin.conf lrwxrwxrwx 1 root root 31 Dec 24 13:44 security.conf -> ../conf-available/security.conf lrwxrwxrwx 1 root root 36 Dec 24 13:44 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
See
- How To Install the Apache Web Server on Ubuntu 16.04
- conf-available vs sites-available. Both folders are loaded at startup of your apache. So you can place settings in both folders. The sites-enabled folder is more for Virtual-Host settings (subdomains, http/https) and the config-folder is for module configuration (can be as well webservices like owncloud or phpmyadmin that are available on a subfolder.
Commands
- Cheat-sheet for Apache2 commands Linux Mint / Ubuntu / Debian
- Simple commands to manage apache2 sites and Modules (a2ensite, a2dissite, a2enmod, a2dismod)
- Ubuntu httpd (Apache2 Web Server)
sudo a2ensite default # activate the default site /etc/apache2/sites-available/default sudo a2ensite domain2.com # activate each virtual host sudo service apache2 reload service apache2 status # check if apache2 is running sudo service apache2 start # run this if apache2 is not running
Register a new domain
List of Internet top-level domains
Free dynamic dns/domain name
- http://www.makeuseof.com/tag/5-best-dynamic-dns-providers-can-lookup-free-today/
- https://freedns.afraid.org/
- https://www.noip.com/
- http://www.dot.tk/en/index.html?lang=en
Some free domain service provided by dot.tk
- .cf
- .ga
- .gq
- .ma
- .ml
- .nr
- .tk
Verify your domain
How to Verify Your Domain on Google Search Console
Multiple websites
Overview: Four steps
- Create "site1.conf" and "site2.conf" under /etc/apache2/sites-available
- sudo a2ensite site1.conf; sudo a2ensite site2.conf
- sudo service apache2 reload
- Modify DNS or change /etc/hosts to see the effect locally
Optionally use sudo apache2ctl -S to see a list of virtual hosts
How To Enable And Run Multiple Websites Using Apache2 & /etc/hosts
The examples here assume you have multiple domain names pointing to 1 server with one IP. The end result is you can use different domain names to access websites hosted on the same server using the default port 80. Hint: you can change /etc/hosts file if you just want to do testing.
If we use nginx as a reverse proxy, we can even use the same domain name to have multiple applications running with different ports.
We’re going to be using example.com and myexample.com domain names on a single Ubuntu server. See here.
sudo apt-get install apache2 sudo mkdir -p /var/www/html/example.com/public_html sudo mkdir -p /var/www/html/myexample.com/public_html sudo nano /var/www/html/example.com/public_html/index.html cat /var/www/html/example.com/public_html/index.html <html> <head> <title>Welcome to Example.com!</title> </head> <body> <h1>Success! The example.com virtual host is working!</h1> </body> </html> sudo nano /var/www/html/myexample.com/public_html/index.html sudo chown www-data:www-data /var/www/html sudo chmod -R 755 /var/www/html sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myexample.com.conf # Change ServerName, ServerAlias and DocumentRoot entries sudo nano /etc/apache2/sites-available/example.com.conf cat /etc/apache2/sites-available/example.com.conf <VirtualHost *:80> ServerAdmin [email protected] ServerName example.com ServerAlias www.example.com DocumentRoot /var/www/example.com/public_html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> sudo nano /etc/apache2/sites-available/myexample.com.conf sudo a2dissite 000-default.conf sudo a2ensite example.com.conf sudo a2ensite myexample.com.conf sudo service apache2 restart sudo apache2ctl -S # Get a list of all virtual hosts which are defined in all apache configuration files ls -l /etc/apache2/sites-enabled/ sudo nano /etc/hosts # 127.0.0.1 example.com # 127.0.0.1 myexample.com
How to create multiple virtual hosts
- It is OK to listen on the same port for different domains on the same server (tested)
- https://opensource.com/article/18/3/configuring-multiple-web-sites-apache. Only one httpd.conf was used. Multiple stanza can be put into this file.
- http://codingpad.maryspad.com/2012/03/14/how-to-create-multiple-virtual-hosts-in-ubuntu/
- http://httpd.apache.org/docs/2.2/vhosts/examples.html Virtual host examples for different scenarios
- http://www.tecmint.com/apache-ip-based-and-name-based-virtual-hosting/
- https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-wordpress-sites-on-a-single-ubuntu-vps
- http://www.unixmen.com/setup-virtual-hosts-apache-ubuntu-14-04-lts/
One IP two websites, Two IPs and two websites
Apache Web Server Complete Guide Dedoimedo
Misc
Add a User To Group www-data
Add a User To Group www-data. We can add an existing user or a new user to the www-data group.
Restrict Apache Information Leakage
https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics
How to Check Which Apache Modules are Enabled/Loaded in Linux
http://www.tecmint.com/check-apache-modules-enabled/
Running different sites on different ports
http://httpd.apache.org/docs/2.2/vhosts/examples.html#port
.htaccess file
- https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file
- See the example of Shorten the mediawiki URL.
Set Up Mod_Rewrite
- https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_rewrite-page-2 It contains an example to add www to a url.
- http://xmodulo.com/how-to-enable-mod_rewrite-in-apache2-on-debian-ubuntu.html
Forbidden You don't have permission to access /xxx/yyy on this server.
When I add a symbolic link file in /var/www/html to link to a sub-directory /home/$USER/Downloads/xxx, it does not work.
The detail error can be found in /var/log/apache2/error.log
Error: Symbolic link not allowed or link target not accessible
This post gives an explanation.
The solution in this case is to run
chmod 755 ~/Downloads
The problem seems to be specific to the attribute of the Downloads folder. If we untar/unzip to the $HOME folder, it does not have this problem because the attribute is already 755. The default attribute of Downloads in my Debian 8.4 is 700.
Error. Could not determine the server’s fully qualified domain name
http://tuxtweaks.com/2009/07/how-to-configure-apache-linux/
echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn sudo service apache2 reload
How to set up a secure Apache webserver on Ubuntu
http://xmodulo.com/secure-apache-webserver-ubuntu.html
- Update TimeZone and Check Correct Time
- Disable AppArmor Conflicts
- Stop DDoS Attacks
- Stop Slowloris Attacks
- Stop DNS Injection Attacks
- Turn off Server Signature
Redirecting entire website to https
http://www.tecmint.com/apache-htaccess-tricks/4/
HSTS vs https
What Is HSTS and How Does It Protect HTTPS From Hackers?
sites-enabled vs sites-available directory
What is the difference between sites-enabled and sites-available directory?
The difference is that virtual sites listed in the sites-enabled directory are served by apache. In the sites-available directory there are the virtual sites that exist on your server but people can't access them because they are not enabled yet.
- sites-available: this directory has configuration files for Apache2 Virtual Hosts. Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations.
- sites-enabled: like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory.
A custom redirection example
http://www.tecmint.com/apache-htaccess-tricks/4/
How to Redirect Users to Maintenance Page
http://www.tecmint.com/apache-htaccess-tricks/4/
How to Perform Internal Redirection with mod_rewrite in Apache
http://www.tecmint.com/redirection-with-mod_rewrite-in-apache/
Redirect a Website URL from One Server to Different Server in Apache
http://www.tecmint.com/redirect-website-url-from-one-server-to-different-server/
Apache Virtual Hosting: IP Based and Name Based Virtual Hosts in RHEL/CentOS/Fedora
http://www.tecmint.com/apache-ip-based-and-name-based-virtual-hosting/
Virtual host file
- AllowOverride directive from the core module.
Forward proxy vs reverse proxy
Difference between proxy server and reverse proxy server
Proxy and reverse proxy
ProxyPass directive from the proxy module.
- Running multiple web applications on a Docker host with Apache
- Configure Apache as a Reverse Proxy Using mod_proxy on Ubuntu
25 Apache Interview Questions for Beginners and Intermediates
http://www.tecmint.com/apache-interview-questions/
Redirecting a non-www URL to a www URL
http://www.tecmint.com/apache-htaccess-tricks/3/
Add www to your domain name for your website
- https://www.linux.com/learn/tutorials/464510:weekend-project-create-virtual-hosts-with-apache Using ServerAlias or creating multiple virtualhost.
- https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04
Disable directory browsing
Remove word Indexes from the following line in the file </etc/apache2/sites-available/default> & </etc/apache2/sites-available/default-ssl>
Options Includes Indexes FollowSymLinks MultiViews
Or try the following commands
sudo a2dismod autoindex sudo service apache2 restart
List of all virtual hosts
sudo apache2ctl -S
Diable a website through virtual host
sudo a2dissite 000-default
Show all loaded modules
$ sudo apache2ctl -M /usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted) Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_prefork_module (static) http_module (static) so_module (static) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) mime_module (shared) negotiation_module (shared) php5_module (shared) reqtimeout_module (shared) setenvif_module (shared) ssl_module (shared) status_module (shared) Syntax OK
favicon.ico
For some reason, if I just rename an animated gif file to <favicon.ico>, the file can be viewed locally and works when I put it on /var/www (http). For https, the default favicon does not show up and I have to manually put the favicon in the index.html file (good if you wish your pages to use different favicon sets).
<head> ... <link rel="icon" href="yinyang_rot.gif" type="image/x-icon"> </head>
For mediawiki, I don't need to rename to <favicon.ico>.
See also Create an animated gif file on how I create an animated gif file from a single png file.
Note that chrome browser does not support animated gif favicons. IE does not support either. Firefox does support animated gif favicons.
Password Authentication
- Set Apache Password Protected Directories With .htaccess File (2015, Old)
- Make sure Apache is configured to use .htaccess file. Modify httpd.conf
- Create a password file with the htpasswd command and make the password file readable by Apache web server.
- Create .htaccess file under the directory where we want it to be protected. The username and the password file are specified here.
- Test it
- How To Set Up Password Authentication with Apache on Ubuntu 16.04
- Installing the Apache Utilities Package (apache2-utils)
- Creating the Password File using the htpasswd command
- Configuring Apache Password Authentication. Authentication is done on a per-directory basis.
- Option 1: Configuring Access Control within the Virtual Host Definition 000-default.conf (Preferred)
- Option 2: Configuring Access Control with .htaccess Files
- Restart apache2 and test it
Monitor Apache
- 3 Ways to Check Apache Server Status and Uptime in Linux
- Apachectl Utilities (Works, based on mod_status module which was enabled by default in Ubuntu, show server uptime and server load and how many requests currently being processed). Command line method (need to install lynx first): apachectl status. GUI method: http://localhost/server-status
- Systemctl Utility (systemctl is not in Ubuntu 14.04 by default)
- ps Utility (not useful)
- How to Monitor Apache Web Server Load and Page Statistics: mod_status module
- https://blog.serverdensity.com/monitor-apache/. The apache-top utility is cool! It can display the requested IP and the website. Use 'q' and wait 1-2 seconds for it to quit. (Don't use the one installed through apt-get)
wget https://raw.githubusercontent.com/fr3nd/apache-top/master/apache-top.py python apache-top.py -u http://192.168.X.XXX/server-status
- Monitoring Apache with mod_status
- AWStats. AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically.
- How to Set Up AWStats On Ubuntu Server
- How to install AWStats on Ubuntu Linux. It includes a basic apache auth to AWStats using Apache's htpasswd.
- Generating Web Site Statistics With AWStats & JAWStats On Debian Lenny & How To Install, Secure, And Automate AWStats (CentOS/RHEL)
- 7 Free Tools for Live Website Visitor Tracking (Mar 2019)
- How to analyze log data with Python and Apache Spark
Reverse proxy
- The goal is to use http://addressA instead of http://addressB:port where machine A and machine B can be the same or different.
(Excerpt from thegeekstuff) For example, let us say we have an enterprise application that is running on Apache and PHP on app.thegeekstuff.com, and we also have Nginx running on example.com.
In this example scenario, when someone goes to example.com, we can setup Nginx as a reverse proxy so that it will serve the enterprise apache/php application that is running on app.thegeekstuff.com.
But, for the end-user, they’ll only see example.com, they won’t even know anything about app.thegeekstuff.com. End-user will think the whole apache/php application is getting served directly from example.com.
Nginx
Use proxy_pass in /etc/nginx/sites-available/default and a symbolic link is created under /etc/nginx/sites-enabled.
- Quickly getting started with a reverse proxy setup
- Video. Users do not need to specify a non-default port and the apps can be running on any ports on the same machine. In the videos, node.js was used to run http web servers.
- One domain. Application is running on a different port. https://youtu.be/311DvLh8ems .
- One domain and different directories to access different applications running on different ports. https://youtu.be/PTmFbYG0hK4
- Multiple domains. Note: /etc/hosts was changed to mimic we have own different domains. https://youtu.be/tO2N0LLVZjI. See also Is it possible for two hostnames share the same IP address?.
- Multiple websites on the same host/a single system
- https://www.techandme.se/set-up-nginx-reverse-proxy/
- https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet (it includes how to Blocking Direct Access to Apache)
- Create a portable battery and solar powered Raspberry Pi Zero web server, especially step 3 for accessing the monitoring page without an ugly port number.
- https://www.howtoforge.com/tutorial/how-to-install-nginx-as-reverse-proxy-for-apache-on-ubuntu-15-10/.
- http://deanattali.com/2015/05/09/setup-rstudio-shiny-server-digital-ocean/
- How to Install Airsonic Media Server on Ubuntu 18.04 LTS (Letsencrypt is included!)
Run both Nginx and Apache at the same time
- How can i run both nginx and apache together on Ubuntu? Go to /etc/nginx/sites-available then modify the host file which should listen to a different port (if you didn't change anything here you will find a default file, enter to change it. In the file change listen: 80 to the port you want to listen to. Don't forget to reload the service: service nginx reload
- How To Configure Nginx as a Web Server and Reverse Proxy for Apache on One Ubuntu 16.04 Server. Here we assume there are two websites w/ different servernames hosted by Apache using port 8080. We want to use Nginx as a reverse proxy using the default port 80.
- Install Apache
- Change Apache to use port 81 (/etc/apache2/ports.conf & /etc/apache2/sites-available/000-default.conf files)
- (optional) Create two document root directories & two virtual host files (port 81 for both, different servername)
- (optional) Reload apache2 (sudo service apache2 restart)
- Check open ports (sudo apt install net-tools; sudo netstat -tlpn)
- Install nginx
- Remove the default virtual host's symlink (/etc/nginx/sites-enabled/default)
- (optional) Create virtual hosts for Nginx using the same procedure we used for Apache
- (optional) Create a virtual host file for the domain example.com (/etc/nginx/sites-available/example.com & nano /etc/nginx/sites-available/sample.org)
- (optional) creating symbolic links to the sites-enabled directory
- (optional) Do an Nginx configuration test (sudo nginx -t) & reload Nginx (sudo service nginx restart)
- Create apache's virtual host (/etc/nginx/sites-available/apache)
- Create a symbolic link (/etc/nginx/sites-enabled/apache)
- Do an Nginx configuration test (sudo nginx -t) & reload Nginx (sudo service nginx restart)
- Open a browser and go to http://localhost or http://localhost/subdir to test
server { listen 80; location / { proxy_pass http://127.0.0.1:81; } # location /shiny { # proxy_pass http://127.0.0.1:3838; # } # location /rstudio { # proxy_pass http://127.0.0.1:8787; # } }
Apache: ProxyPass & ProxyPassReverse to hide the right port
Use ProxyPass and ProxyPassReverse in /etc/apache2/sites-available/default
- Apache redirect to another port After you make these changes, add the needed modules and restart apache
sudo a2enmod proxy && sudo a2enmod proxy_http && sudo service apache2 restart
- https://serverfault.com/questions/472482/proxypass-redirect-directory-url-to-non-standard-port. The URL can be http://sub.mydomain.com or http://mydomain.com/app1.
- hide port from URL of Rails server?
- VirtualHost Examples. The URL in the example looks like http://sub.mydomain.com
- Apache Module mod_proxy
- How To Use Apache HTTP Server As Reverse-Proxy Using mod_proxy Extension/module
- Simple Apache reverse proxy example
Varnish Reverse Proxy
How to Install Varnish Reverse Proxy with Nginx on Ubuntu 16.04 LTS
Shorten URL
phpMyAdmin
How To Install and Secure phpMyAdmin on Ubuntu 18.04 LTS
Make your website load faster
7 Ways to Make Your Website or Blog Load Faster for Visitors
Nginx
- How To Install Nginx on Ubuntu 16.04
- Nginx Secure Web Server with HTTP, HTTPS SSL and Reverse Proxy Examples
Default root directory
nginx -V
Look up the --prefix value. On Ubuntu 16.04, it is /usr/share/nginx.
Virtual host file
- Understanding Nginx Server and Location Block Selection Algorithms.
- location directive
- Nginx Location Directive Explained
- 13 Nginx Location Directive Examples including Regular Expression Modifiers from thegeekstuff.com (good explanation)
- If a tilde modifier (~) is present, this location will be interpreted as a case-sensitive regular expression match.
- Nginx location match tester
- rewrite directive
- 7 Nginx Rewrite Rule Examples with Reg-Ex and Flags from thegeekstuff.com
- rewrite ^/shiny(.*) $1 break; is required for regular shiny server (no forward slash after ^/shiny)
- rewrite ^/shiny/(.*)$ /$1 break; is required for docker shiny server
Others
Secure Your Nginx Web Server
Tips and Tricks to Secure Your Nginx Web Server
How to Enable HTTP/2 in Nginx
https://www.howtoforge.com/how-to-enable-http-2-in-nginx/
Pitfalls and common mistakes
Reverse proxy
A Guide to running a Reverse proxy for HTTP(S), SSH and MySQL/MariaDB using NGINX
Books
- Nginx HTTP Server - Third Edition by Clement Nedelcu
PHP-FPM
- https://en.wikipedia.org/wiki/PHP#PHPFPM
- PHP-FPM: Multiple Resource Pools (Video)
- Differences and dis/advanages between: Fast-CGI, CGI, Mod-PHP, SuPHP, PHP-FPM
- https://arstechnica.com/information-technology/2012/12/web-served-part-3-bolting-on-php-with-php-fpm/
Exploring Nginx workers load arbitration using R/Shiny
Exploring Nginx workers load arbitration
Quick HTTP server using command line
- How To Quickly Serve Files And Folders Over HTTP In Linux. Python, Ruby, NodeJS, Rust. Miniserve (Rust) also supports username/password.
- R