Apache - How to ... ?

mail

How to get the SSL/TLS Session Cache Status: report from mod_status via CLI ?

Situation :

While configuring SSLSessionCache, you may be interested in detailed information to make sure everything is going extremely well. To do so, mod_status can display a report about the SSL/TLS cache :

Details :

I don't know whether this is a bug / limitation / feature / PEBKAC, but I've not been able to get the SSL/TLS Session Cache Status: report when querying with curl : everything else looks fine, this section is just missing ().

Solution :

Command

Here's my quick-n-dirty solution that parses HTML with Bash :
  • one-shot :
    curl http://$(hostname -i)/server-status | awk 'BEGIN {found=0} /Session Cache Status/ {found=1} {if (found==1) {print}}' | sed -r 's/<br>/\n/g; s/<[^>]+>//g'
  • re-run command every 10 seconds :
    watch -n 10 -d "curl http://$(hostname -i)/server-status | awk 'BEGIN {found=0} /Session Cache Status/ {found=1} {if (found==1) {print}}' | sed -r 's/<br>/\n/g; s/<[^>]+>//g'"

Output

with an empty cache

SSL/TLS Session Cache Status:

cache type: SHMCB, shared memory: 512000 bytes, current entries: 0
subcaches: 32, indexes per subcache: 88
index usage: 0%, cache usage: 0%
total entries stored since starting: 0
total entries replaced since starting: 0
total entries expired since starting: 0
total (pre-expiry) entries scrolled out of the cache: 0
total retrieves since starting: 0 hit, 0 miss
total removes since starting: 0 hit, 0 miss

with some cached data

SSL/TLS Session Cache Status:

cache type: SHMCB, shared memory: 512000 bytes, current entries: 2
subcaches: 32, indexes per subcache: 88
time left on oldest entries' objects: avg: 237 seconds, (range: 217...257)
index usage: 0%, cache usage: 0%
total entries stored since starting: 2
total entries replaced since starting: 0
total entries expired since starting: 0
total (pre-expiry) entries scrolled out of the cache: 0
total retrieves since starting: 0 hit, 1 miss
total removes since starting: 0 hit, 0 miss
mail

How to reload the configuration without restarting Apache ?

Situation :

You have edited the configuration and now want to apply it without actually doing a stop + start of Apache, which would interrupt user sessions.

Details :

Solution :

Now it's up to you :
mail

How to check Apache configuration ?

mail

How to list the loaded modules ?

This is for Apache2.x.
mail

How to create a new web site on a virtual host ?

On the web server :

  1. make available the new website :
    1. cp /etc/apache2/sites-available/default /etc/apache2/sites-available/myNewWebSite
    2. edit /etc/apache2/sites-available/myNewWebSite and set values :
      • ServerName myNewWebsite (3rd line)
      • DocumentRoot /path/to/myNewWebsite/files
      • <Directory /path/to/myNewWebsite/files>
  2. enable the new website :
    1. cd /etc/apache2/sites-enabled
    2. ln -s ../sites-available/myNewWebSite
    3. apache2ctl restart

On the client :

  1. add a new entry to /etc/hosts such as : 12.34.56.78 myNewWebSite
  2. open your web browser at : http://myNewWebSite
mail

How to specify cache headers in the VirtualHost configuration ?

With mod_expires :

	<IfModule mod_expires.c>
		ExpiresActive On
		ExpiresDefault "access plus 1 month"

		ExpiresByType text/html "access plus 5 minutes"
		ExpiresByType text/css "access plus 10 minutes"
		ExpiresByType image/* "access plus 3 minutes"
	</IfModule>

With mod_headers :

Looks like using <IfModule headers_module> or <IfModule mod_headers.c> makes no difference.
	<IfModule headers_module>
		Header set Cache-Control "max-age=123456, public"
	</IfModule>

It is possible to mimic the ExpiresByType behavior by setting headers based on the file extension. file extension != content-type :

	<IfModule mod_headers.c>
		(other settings)

		<FilesMatch "\.(jpg|jpeg|png|gif)$">
			Header set Cache-Control "max-age=42, public"
		</FilesMatch>
		<FilesMatch "\.(js|css)$">
			Header set Cache-Control "max-age=96, public"
		</FilesMatch>
	</IfModule>

mail

Protect an Apache directory with an .htaccess

Generic situation :

  1. In the Virtual Host definition or in the directory to restrict, create a .htaccess file and fill in the directives (source) :
    AuthType Basic
    AuthName "[your prompt here]"
    AuthUserFile /path/to/.htpasswd
    Require valid-user
  2. Create the /path/to/.htpasswd file and populate it as shown below.

For Free.fr :

  1. In the directory to restrict, create a .htaccess file such as :
    PerlSetVar AuthFile /path/to/.htpasswd
    AuthName "Explicit Grant Required"
    AuthType Basic
    Require valid-user
  2. Then, create a .htpasswd file like :
    user1:password1
    user2:password2
    To do so :
    1. create a new .htpasswd file : htpasswd -c /path/to/.htpasswd userName. This will prompt for a password.
    2. add a new user to an existing .htpasswd file : htpasswd /path/to/.htpasswd userName
  3. There is some special stuff for Free.fr servers (sources : 1, 2) :
    • about the .htpasswd path : use the PerlSetVar AuthFile directive instead of AuthUserFile. Give it a path relative to the root of the virtualhost.
    • Don't crypt passwords