apache configuration and troubleshooting
TRANSCRIPT
-
7/27/2019 Apache Configuration and Troubleshooting
1/55
Apache Configuration &Troubleshooting
Kenneth Power
-
7/27/2019 Apache Configuration and Troubleshooting
2/55
All trademarks used herein are the soleproperty of their respective owners.
-
7/27/2019 Apache Configuration and Troubleshooting
3/55
Topics
New Features in EasyApache 3
Configuration
Security
Troubleshooting
-
7/27/2019 Apache Configuration and Troubleshooting
4/55
Easy Apache 3
-
7/27/2019 Apache Configuration and Troubleshooting
5/55
Features in EA3
All Major Apache Versions
Build Profiles
3rd Party Integration
Simplified Troubleshooting
Improved support for 64 bit
-
7/27/2019 Apache Configuration and Troubleshooting
6/55
Configuration
Build
Capabilities
Runtime
Behavior
-
7/27/2019 Apache Configuration and Troubleshooting
7/55
Easyapache
Entry points:
/scripts/easyapache
WHM >>Software >> Apache Update
-
7/27/2019 Apache Configuration and Troubleshooting
8/55
What is a Profile?
-
7/27/2019 Apache Configuration and Troubleshooting
9/55
Profiles
cPanel ProfilesCustom Profiles
-
7/27/2019 Apache Configuration and Troubleshooting
10/55
cPanel Profiles
Basic
PHP Encryption/E-Commerce
PHP Encryption and Image Manipulation
PHP Image Manipulation
PHP Security
No PHP
-
7/27/2019 Apache Configuration and Troubleshooting
11/55
Refine your Options
Apache Version
PHP Major/Minor Version
Modules, Extensions, build options
-
7/27/2019 Apache Configuration and Troubleshooting
12/55
Final Choices
Build without save?
-
7/27/2019 Apache Configuration and Troubleshooting
13/55
Where is ...?
-
7/27/2019 Apache Configuration and Troubleshooting
14/55
Customize Easyapache
1. Via environment variables2. Custom configure flags
3. /scripts/posteasyapache
http://www.cpanel.net/support/docs/easyapache.htm
http://www.cpanel.net/support/docs/easyapache.htmhttp://www.cpanel.net/support/docs/easyapache.htm -
7/27/2019 Apache Configuration and Troubleshooting
15/55
The power of EasyApache 3
-
7/27/2019 Apache Configuration and Troubleshooting
16/55
EasyApache 3
--profile=profile_name
/var/cpanel/easy/apache/profile/custom
-
7/27/2019 Apache Configuration and Troubleshooting
17/55
cpanel_default.yaml
cpanel_no_php.yaml
cpanel_php_enc.yaml
cpanel_php_enc_img.yaml
cpanel_php_img.yaml
cpanel_php_sec.yaml
Everything.yaml
/var/cpanel/easy/apache/profile/custom
-
7/27/2019 Apache Configuration and Troubleshooting
18/55
/scripts/easyapache --profile=Everything
--build
EasyApache 3
/scripts/easyapache --profile=Everything --build
-
7/27/2019 Apache Configuration and Troubleshooting
19/55
What does _____ do?
-
7/27/2019 Apache Configuration and Troubleshooting
20/55
What does ___ do?
[?] Negotiation
http://httpd.apache.org/docs/2.0/mod/mod_negotiation.html
http://httpd.apache.org/docs/2.0/mod/mod_negotiation.htmlhttp://httpd.apache.org/docs/2.0/mod/mod_negotiation.html -
7/27/2019 Apache Configuration and Troubleshooting
21/55
Apache/PHP Resources
Apache 1.3 documentation http://httpd.apache.org/docs/1.3/
Apache 2.0 documentation http://httpd.apache.org/docs/2.0/
Apache 2.2 documentation http://httpd.apache.org/docs/2.2/
PHP Manual http://www.php.net/manual/en/
http://httpd.apache.org/docs/1.3/http://httpd.apache.org/docs/2.0/http://httpd.apache.org/docs/2.2/http://www.php.net/manual/en/http://www.php.net/manual/en/http://httpd.apache.org/docs/2.2/http://httpd.apache.org/docs/2.0/http://httpd.apache.org/docs/1.3/ -
7/27/2019 Apache Configuration and Troubleshooting
22/55
Runtime Configuration
-
7/27/2019 Apache Configuration and Troubleshooting
23/55
Runtime Config
/usr/local/apache/conf/httpd.conf
Global
VirtualHost
/usr/local/lib/php.ini
-
7/27/2019 Apache Configuration and Troubleshooting
24/55
Gah! cPanel overwrote mychanges!!!!!!!!!
-
7/27/2019 Apache Configuration and Troubleshooting
25/55
Integrating changes
/usr/local/cpanel/bin/apache_conf_distiller --update
--verbose
Failed to pass acceptance test: Disabling Order deny,allowDisabling Deny from allDisabling Order allow,denyDisabling Allow from allFailed to pass acceptance test:
....
-
7/27/2019 Apache Configuration and Troubleshooting
26/55
Integrating Changes
--apache-conf=/path/to/conf
-
7/27/2019 Apache Configuration and Troubleshooting
27/55
Integrating Changes
VirtualHost Templates
/usr/local/cpanel/src/templates
vhost.default
ssl_vhost.default
-
7/27/2019 Apache Configuration and Troubleshooting
28/55
PHP Configuration
/usr/local/lib/php.ini
-
7/27/2019 Apache Configuration and Troubleshooting
29/55
Security
-
7/27/2019 Apache Configuration and Troubleshooting
30/55
Everyone's FavoritePHP
-
7/27/2019 Apache Configuration and Troubleshooting
31/55
PHP Security
As User
Locking environmentLocking php.ini
-
7/27/2019 Apache Configuration and Troubleshooting
32/55
PHP Security
PHP As User
-
7/27/2019 Apache Configuration and Troubleshooting
33/55
PHP As User
PHPSuExec
http://httpd.apache.org/docs/1.3/suexec.html
suPHP
http://www.suphp.org/
http://httpd.apache.org/docs/1.3/suexec.htmlhttp://www.suphp.org/http://www.suphp.org/http://httpd.apache.org/docs/1.3/suexec.html -
7/27/2019 Apache Configuration and Troubleshooting
34/55
PHP As User
Runs via CGI
Conflicts with mod_php
php_value/php_admin flags won't work
Application incompatibility
suPHP Configurable at runtime
-
7/27/2019 Apache Configuration and Troubleshooting
35/55
PHP Security
Locking Environment
-
7/27/2019 Apache Configuration and Troubleshooting
36/55
Locking the Environment
disable_functions
dl
Program Execution Functions
http://us2.php.net/manual/en/ref.exec.php
http://us2.php.net/manual/en/ref.exec.phphttp://us2.php.net/manual/en/ref.exec.php -
7/27/2019 Apache Configuration and Troubleshooting
37/55
PHP Security
Locking php.ini
-
7/27/2019 Apache Configuration and Troubleshooting
38/55
Locking php.ini
Safe PHP CGI
/usr/local/lib/php.ini
-
7/27/2019 Apache Configuration and Troubleshooting
39/55
Know your .htaccess
-
7/27/2019 Apache Configuration and Troubleshooting
40/55
.htaccess
AllowOverride Options
Allows user to configure modules
-
7/27/2019 Apache Configuration and Troubleshooting
41/55
Modules & Tools
-
7/27/2019 Apache Configuration and Troubleshooting
42/55
mod_security
http://www.modsecurity.org/
http://www.modsecurity.org/http://www.modsecurity.org/ -
7/27/2019 Apache Configuration and Troubleshooting
43/55
mod_security
ModSecurity is an embeddable web applicationfirewall
Available for all 3 versions of Apache
-
7/27/2019 Apache Configuration and Troubleshooting
44/55
mod_security example
SecRule ARGS delete[[:space:]]+from
SecRule ARGS insert[[:space:]]+into
-
7/27/2019 Apache Configuration and Troubleshooting
45/55
mod_security
Core rules updated
http://www.modsecurity.org/download/index.html
http://www.modsecurity.org/download/index.htmlhttp://www.modsecurity.org/download/index.html -
7/27/2019 Apache Configuration and Troubleshooting
46/55
Others
mod_evasivehttp://www.zdziarski.com/projects/mod_evasive/
Scanning tools
http://sectools.org/
http://www.zdziarski.com/projects/mod_evasive/http://sectools.org/http://sectools.org/http://www.zdziarski.com/projects/mod_evasive/ -
7/27/2019 Apache Configuration and Troubleshooting
47/55
Beware the compatibility!
-
7/27/2019 Apache Configuration and Troubleshooting
48/55
Troubleshooting
-
7/27/2019 Apache Configuration and Troubleshooting
49/55
New Build Behavior
-
7/27/2019 Apache Configuration and Troubleshooting
50/55
New Build Behavior
Backup
/usr/local/apache.backup
Modules not restored
-
7/27/2019 Apache Configuration and Troubleshooting
51/55
When Builds go Bad
-
7/27/2019 Apache Configuration and Troubleshooting
52/55
Build Troubleshooting
EasyApache build log
/usr/local/cpanel/logs/easy/apache
Dependencies
'Cpanel::Easy::Apache::DAVFs' requires the option'Cpanel::Easy::Apache::Dav'to be on and not
"skipped".
-
7/27/2019 Apache Configuration and Troubleshooting
53/55
Build Troubleshooting
-
7/27/2019 Apache Configuration and Troubleshooting
54/55
Troubleshooting
Apache Configure test
/usr/local/apache/bin/httpd -t
/usr/local/apache/bin/httpd -t -f file
Apache Logs
/usr/local/apache/logs/error_log
-
7/27/2019 Apache Configuration and Troubleshooting
55/55
Questions?