Linux TCP/IP, GreenIT and more…
A little trick to simplify your apache virtual hosts configuration, instead of full paths you can use some predefined variables like the directory of apache logs or the configuration directory.
${APACHE_LOG_DIR} is for /var/log/apache2
1 2 | ErrorLog ${APACHE_LOG_DIR}/access.log CustomLog ${APACHE_LOG_DIR}/error.log |
$APACHE_CONFDIR is for /etc/apache2
1 | $APACHE_CONFDIR/mods-available |
PHP-FPM (FastCGI Process Manager) is a great alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.
1 | vim /etc/apt/sources.list |
Add source for php5-fpm:
1 2 | # PHP-FPM deb http://packages.dotdeb.org stable all |
Nginx and Apache2 are running great but there is only one tiny problem with the visitors ip’s.
Normaly I let my nginx instance do the logging job, but if you let your Apache do it you will get some problems. Apache will see all incoming requests as coming from localhost (127.0.0.1). Right they are all from nginx.
Continue reading ‘Nginx + apache2 = real-ip’
I decided to put a nginX (pronounced as ‘Engine X’) as my primary webserver to reduce the server load and improve performance.
Nginx can only handle static content (CSS, simple HTML, and static files) l have to proxy incoming dynamic requests to another server, in my case Apache2 with PHP5 as suExec/ Fcgid.
By default apache shows on each directory listing, error or non existing page etc. apache version, OS Version and some apache modules in the bottom of your site.
Attackers can use this information to their advantage when performing an attack.
I describe a little bit how to secure apache2, to prevent the showing of apache version and server strings.
1 | vim /etc/apache2/conf.d/security |
Configuration should be:
2 3 4 | ServerTokens Prod ServerSignature Off TraceEnable Off |
Restart apache:
1 | /etc/init.d/apache2 restart |