[users@httpd] Re: Using MD for letsencrypt cert rotation

On Fri, Jun 16, 2023 at 13:07 Tom Browder wrote: > Is Debian's certbot package required for MD use? Or does it interfere with > it? > > I suspect the latter. > Suspicion confirmed. -Tom

[users@httpd] Using MD for letsencrypt cert rotation

Is Debian's certbot package required for MD use? Or does it interfere with it? I suspect the latter. Thanks. -Tom

Re: [users@httpd] Re: Cron job for Apache managed Letsencrypt TLS certs

On Fri, Mar 24, 2023 at 20:26 Ruben Safir wrote: > On 3/24/23 20:53, Sean Conner wrote: > > /usr/local/apache2/bin/apachectl graceful > > that might not work if systemd is superving What would you recommend? -Tom

[users@httpd] Re: Cron job for Apache managed Letsencrypt TLS certs

On Fri, Mar 24, 2023 at 12:23 Tom Browder wrote: > I have all my websites using Apache's managed certs. Up to now I have been > restarting them periodically manually as root executing "apachectl > graceful" and then checking to see if the update happened. I have for a >

[users@httpd] Cron job for Apache managed Letsencrypt TLS certs

I have all my websites using Apache's managed certs. Up to now I have been restarting them periodically manually as root executing "apachectl graceful" and then checking to see if the update happened. I have for a long time been meaning to do that as a cron job, but haven't set one up in a great wh

[users@httpd] [SOLVED] Re: Online page not affected by css

On Thu, Jun 16, 2022 at 08:03 Tom Browder wrote: > I have a website whose home page appearance online is as expected. The > site has a subpage using css (in a separate file linked into the head > element) to form a modern, simple grid layout for testing. Both pages look > as expected

Re: [users@httpd] Online page not affected by css

On Thu, Jun 16, 2022 at 11:44 Deepak Goel wrote: > Try giving the full path (https://gbumc.church/css/css.photo) instead of > ( ../css/css.photo.) > Thank you Deepak. Best regards, -Tom

Re: [users@httpd] Online page not affected by css

On Thu, Jun 16, 2022 at 10:32 Konstantin Kolinko wrote: … > Rename your stylesheet file to "photo.css" > so that (thanks to conf/mime.types configuration file) it will be > served with the correct Content-Type of "text/css". > As of now the server does not recognise what type of file it is. Tha

[users@httpd] Online page not affected by css

I have a website whose home page appearance online is as expected. The site has a subpage using css (in a separate file linked into the head element) to form a modern, simple grid layout for testing. Both pages look as expected when I view them on my local host using Firefox. However, when I view t

Re: [users@httpd] Pages are cached too long, why?

On Tue, Jun 14, 2022 at 07:21 Tom Browder wrote: > On Tue, Jun 14, 2022 at 07:15 Eric Covener wrote: > Use developer tools in the browser or a command-line client to look at >> the response headers. Share them here. > > Will a curl response be useful? Or do I need wireshark? -Tom

Re: [users@httpd] Pages are cached too long, why?

On Tue, Jun 14, 2022 at 07:15 Eric Covener wrote: > > I have noticed the long page delays for seeing refreshed paged for my > sites for some time in all browsers and on all OSs. Any suggestions? > > Use developer tools in the browser or a command-line client to look at > the response headers. Sh

[users@httpd] Pages are cached too long, why?

I am using a long ssl session cache settings in my httpd.conf file. Will that delay viewing a refreshed page during a session? I have noticed the long page delays for seeing refreshed paged for my sites for some time in all browsers and on all OSs. Any suggestions? Thanks. -Tom

Re: [users@httpd] Apache website conversion from alias to virtualhost

On Tue, Jun 14, 2022 at 02:24 Thomas WILLIAMSON < t-william...@eauxdevienne.fr> wrote: > @Tom Browder: it seems to be a Symfony and SSO issue. Our developers team > is facing issues when accessing simultaneously to different applications > hosted on the server (in different t

[users@httpd] [SOLVED] Re: [users@httpd] Managed domains: how do I get from staging to a real letsencrypt cert?

On Sun, Jun 12, 2022 at 12:26 Frank Gingras wrote: > Can we see the apachectl -S output (you can munge to example.tld if > needed)? > Frank, I was able to get all working by removing the md directory, updating the httpd.conf file to use the real v2 URL instead of the staging area, doing a hard r

Re: [users@httpd] Managed domains: how do I get from staging to a real letsencrypt cert?

On Sun, Jun 12, 2022 at 09:12 Tom Browder wrote: > On Sun, Jun 12, 2022 at 08:09 Frank Gingras wrote: > >> Changing certificates means that you have to issue a full restart, and >> not graceful. >> > > Thanks, Frank. I tried stop then start, then restart, but no ch

Re: [users@httpd] Managed domains: how do I get from staging to a real letsencrypt cert?

On Sun, Jun 12, 2022 at 08:09 Frank Gingras wrote: > Changing certificates means that you have to issue a full restart, and not > graceful. > Thanks, Frank. I tried stop then start, then restart, but no change. I also checked Qualys again--still a staging cert. (And I have checked the httpd.con

[users@httpd] Managed domains: how do I get from staging to a real letsencrypt cert?

I got a test cert installed, and Qualys SSL Labs show it. I have changed my httpd.conf line back to the actual staging site, did a graceful restart, but nothing has changed. I have inspected the md directory and don't see any issues recognizable to me. I have another server, with different vhosts,

Re: [users@httpd] Apache website conversion from alias to virtualhost

On Wed, Jun 8, 2022 at 07:12 Thomas WILLIAMSON wrote: > Hello, > > I have to take over an internal Web server that has been configured by a > colleague who is no longer there. Our developers team asks me to convert > applications URLs from an *Alias* to a *Virtualhosts* (subdomain naming) > syste

Re: [users@httpd] Re: Deprecated warnings with v2.4.53

On Fri, May 27, 2022 at 01:31 Deepak Goel wrote: > Please post the config & warnings... > I am still fiddling with openssl config options based on Ivan Ristic's suggestions, but I will post the config and warnings when I get a stable set of options for that and Apache. Thanks, Deepak. Best reg

[users@httpd] Re: Deprecated warnings with v2.4.53

On Sat, May 14, 2022 at 18:20 Tom Browder wrote: > I have tried to move from openssl 1.1.1o to 3.0.3 and am getting lots of > deprecated warnings during the httpd build. I also tried when attempting > http 2.4.52 and didn't complete iththen either because of the same warnings.

Re: [users@httpd] Re: Multi-domain with SSL - Virtualhost all need IPs?

On Fri, May 20, 2022 at 12:09 Yehuda Katz wrote: > That is not correct. That causes httpd to try to look up the matching IP > address using DNS. Use only IP addresses or wildcards. > You should try the Apache Macro to see if it might help. I have used for years for over a dozen virtual hosts d

[users@httpd] Re: Deprecated warnings with v2.4.53

On Sat, May 14, 2022 at 18:20 Tom Browder wrote: > I have tried to move from openssl 1.1.1o to 3.0.3 and am getting lots of > deprecated warnings during the httpd build. I also tried when Looking more closely at the build, the warnings *are* coming from the httpd code.Since they are wa

[users@httpd] Deprecated warnings with v2.4.53

I have tried to move from openssl 1.1.1o to 3.0.3 and am getting lots of deprecated warnings during the httpd build. I also tried when attempting http 2.4.52 and didn't complete iththen either because of the same warnings. Note I have not changed my configuration settings (except the openssl versi

Re: [users@httpd] Is a home directory for the httpd user safe?

On Sun, Feb 27, 2022 at 3:24 PM Stormy wrote: > > On 2022-02-27 10:31 a.m., Tom Browder wrote: > > On Sun, Feb 27, 2022 at 09:11 Jeroen Verhoeckx > > wrote: > > > >> Why do you need a predefined user with a writeable home directory? ... Sorry, I was not very c

Re: [users@httpd] Is a home directory for the httpd user safe?

On Sun, Feb 27, 2022 at 09:11 Jeroen Verhoeckx wrote: > Why do you need a predefined user with a writeable home directory? Because that user executes the server loop behind the reverse proxy. The program running that server uses the Raku programming language which needs some default settings to

[users@httpd] Is a home directory for the httpd user safe?

In order to run a service behind my reverse proxy I need to have a defined user with some kind of writeable home directory. The easy choice to get started is to create a /home/apache directory for my apache user. Is that safe or should I do something else? I do have my systemd service file worki

Re: [users@httpd] Re: Reverse proxy for TLS connections

On Wed, Feb 23, 2022 at 16:04 Eric Covener wrote: ... > It could be, the full unredacted error_log entries might have more details. > I would test with curl/wget on the proxy and make sure the backend is > reachable. If curl/wget don't work, the proxy server isn't going to > work. SOLVED The r

Re: [users@httpd] Re: Reverse proxy for TLS connections

On Wed, Feb 23, 2022 at 06:03 Tom Browder wrote: … > I seem to be making some progress. I can get an A from SSL Labs, but I'm > getting a 503 response when I try to go to the website directly ( > https://gbumc.church). > I turned on DumpIO input and output and see the following

Re: [users@httpd] Re: Reverse proxy for TLS connections

On Tue, Feb 22, 2022 at 12:16 Tom Browder wrote: > On Tue, Feb 22, 2022 at 11:59 Eric Covener wrote: > ... > >> The server decrypts incoming requests the same way regardless of how >> it will later handle the request (static file, CGI, proxy). > > > Okay, thanks. I

Re: [users@httpd] Re: Reverse proxy for TLS connections

On Tue, Feb 22, 2022 at 11:59 Eric Covener wrote: ... > The server decrypts incoming requests the same way regardless of how > it will later handle the request (static file, CGI, proxy). Okay, thanks. I'll head in that direction and see if I can get it all to work. Thank you very much, Eric, f

Re: [users@httpd] Re: Reverse proxy for TLS connections

On Tue, Feb 22, 2022 at 09:50 Eric Covener wrote: > On Tue, Feb 22, 2022 at 10:44 AM Tom Browder > wrote: > > > > On Mon, Feb 21, 2022 at 13:34 Tom Browder wrote: > >> > >> On Mon, Feb 21, 2022 at 10:16 Eric Covener wrote: > > > > >

Re: [users@httpd] Re: Reverse proxy for TLS connections

On Mon, Feb 21, 2022 at 13:34 Tom Browder wrote: > On Mon, Feb 21, 2022 at 10:16 Eric Covener wrote: Let me try to rephrase the situation and question: If I use a reverse proxy as in the basic example in the docs, does that handle https traffic also? Or does the the "http://www.exa

Re: [users@httpd] Re: Reverse proxy for TLS connections

On Mon, Feb 21, 2022 at 10:16 Eric Covener wrote: ... > > I think I see that can be done using RewriteCond and friends somehow. > > It is not clear what you're asking about. Can you describe the > topology in more detail and clarify what "input" (a header? a request > body?) you need and where if

[users@httpd] Re: Reverse proxy for TLS connections

On Sun, Feb 20, 2022 at 06:30 Tom Browder wrote: > I am trying to integrate some Raku (formerly Perl 6) code to handle post > TLS inputs (decrypted dat) to one of my websites. How can I get access to > the decrypted input via a reverse proxy? I think I see that can be done using Re

[users@httpd] Reverse proxy for TLS connections

I am trying to integrate some Raku (formerly Perl 6) code to handle post TLS inputs (decrypted dat) to one of my websites. How can I get access to the decrypted input via a reverse proxy? I am using macros and have successfully use CGI in multiple sites. Are CGI variables the answer instead of a r

Re: [users@httpd] Re: Latest version: should I use openssl 3+

On Sat, Feb 5, 2022 at 12:42 PM Christophe JAILLET wrote: > >> I am upgrading from Apache 2.4.43 to 2.4.52 and using openssl from > >> source. I currently use 1.1.1.k and would normally go to the latest > >> LTS version1.1.1.m; however, would it be better to move to version > > Well, the obvious

[users@httpd] Re: Latest version: should I use openssl 3+

On Tue, Feb 1, 2022 at 11:06 AM Tom Browder wrote: > I am upgrading from Apache 2.4.43 to 2.4.52 and using openssl from > source. I currently use 1.1.1.k and would normally go to the latest > LTS version1.1.1.m; however, would it be better to move to version > 3+ now? Well, the ob

[users@httpd] Latest version: should I use openssl 3+

I am upgrading from Apache 2.4.43 to 2.4.52 and using openssl from source. I currently use 1.1.1.k and would normally go to the latest LTS version1.1.1.m; however, would it be better to move to version 3+ now? Thanks. -Tom - To

Re: [users@httpd] RE: [EXTERNAL] [users@httpd] Feasible to use both password TLS cert access on same directory?

On Sat, Sep 4, 2021 at 08:44 Rob wrote: > Correct me if I'm wrong but I believe what you're looking for is basically > in the FAQ: > http://httpd.apache.org/docs/current/ssl/ssl_howto.html#intranet > Thanks, Ron. I agree think seems to have the right settings combination if I back out the intrane

Re: [users@httpd] RE: [EXTERNAL] [users@httpd] Feasible to use both password TLS cert access on same directory?

On Fri, Sep 3, 2021 at 16:21 Orendt, John wrote: > Hi Tom > ... > These two techniques can be used separately or together. > When both password and client cert are used it could be called two factor > authentication. > > Any of the above combinations are supported by httpd. > Thanks, John. But ca

[users@httpd] Feasible to use both password TLS cert access on same directory?

I have a website that has been using private website user TLS certs successfully for over 10 years. Now I am investigating providing user name and password access to it as well. (I have that implemented on another site and it has worked satisfactorily for a couple of years.) My question is: can I

Re: [users@httpd] Different security warnings for a site with Chrome on Linux, Windows, and iOS

On Mon, Aug 9, 2021 at 11:21 AM Dino Ciuffetti wrote: ... > Richard is right. > It's this image in your HTML that is loading via HTTP instead of HTTPS: Thanks, Dino. -Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache

Re: [users@httpd] Different security warnings for a site with Chrome on Linux, Windows, and iOS

On Mon, Aug 9, 2021 at 10:21 Richard wrote: > > Date: Monday, August 09, 2021 09:51:39 -0500 > > From: Tom Browder ... > > I have a site, <https://nwflug.org>, that shows secure (black lock ... > Firefox on linux indicates that "Parts of this page are not secure&q

[users@httpd] Different security warnings for a site with Chrome on Linux, Windows, and iOS

I have a site, , that shows secure (black lock icon) with the Chrome browser on Linux and Windows 10. However, it shows the black triangle with the white exclamation point with the Chrome browser on iOS (iPad and iPhone). I get A+ on the site with the SSL Labs security check.

Re: [users@httpd] To Gzip or not?

On Sat, Oct 10, 2020 at 15:01 Antony Stone < antony.st...@apache.open.source.it> wrote: > On Saturday 10 October 2020 at 20:23:46, Tom Browder wrote: ... > > > I've been looking at ways to speed up my web services using > > https://webpagetest.org for analysis. One

Re: [users@httpd] To Gzip or not?

On Sun, Nov 22, 2020 at 09:41 Yves Goergen wrote: > I've recently learned about these issues, too. Thanks, Yves, I've delayed answering because I was collecting various pieces of references and got lost trying to put it all together. I hope all are well and wish you all a Merry Christmas. -To

[users@httpd] To Gzip or not?

I've been looking at ways to speed up my web services using < https://webpagetest.org> for analysis. One thing I've been reading about is using mod_deflate to compress certain files but keep seeing the warnings about using compression with https due to certain known threats. In my searches so far

Re: [users@httpd] Alternatives to SSI (server side includes)?

On Sun, Oct 4, 2020 at 17:49 James Moe wrote: ... > Aren't cookies good for this type of tracking? I don't think data from cookies would be as reliable. Anyway, I just haven't dealt with cookies up till now and probably won't any time soon. Thanks. -Tom

Re: [users@httpd] Re: Alternatives to SSI (server side includes)?

On Sun, Oct 4, 2020 at 13:05 Scott A. Wozny wrote: > IMHO, Web Sockets aren't going to get you any real benefit here. The > primary > Thanks, Scott. I do intend to look into the timing. BTW, this website takes over eight seconds to load, and it uses the same CGI setup as my other sites: h

Re: [users@httpd] Re: Alternatives to SSI (server side includes)?

On Sun, Oct 4, 2020 at 04:38 Rob De Langhe wrote: > I simply use (or dynamically construct) a page with iframes, in which each > iframe gets loaded by a separate CGI results; > Hm, I've always thought that iframes were frowned upon in modern practice. I'll have to read up on them Thanks, Rob. C

Re: [users@httpd] Re: Alternatives to SSI (server side includes)?

On Sat, Oct 3, 2020 at 13:46 Scott A. Wozny wrote: > Sounds like a job for AJAX, but before throwing out the baby with the bath > water I'd seriously consider turning up logging with timestamps on your > existing CGI and > That's a good idea, Scott, I've just been too lazy and debugging CGI is s

[users@httpd] Re: Alternatives to SSI (server side includes)?

On Sat, Oct 3, 2020 at 12:18 Tom Browder wrote: > I have been using server side includes since I started my websites on Apache ... > Any suggestions for SSI replacement with a more asynchronous method? Let me be more specific about the data flow I'm using with the landing (home)

[users@httpd] Alternatives to SSI (server side includes)?

I have been using server side includes since I started my websites on Apache about 10 years ago. The performance hit I'm getting is too high and I would like to get the same utility with something more modern and appropriate. What I have been doing with SSI is executing some fairly involved db pro

Re: [users@httpd] Base server versus virtual servers

On Fri, Sep 4, 2020 at 04:07 @lbutlr wrote: > ... The name I define in https.conf as ServerName is the rDNS for the machine. > This domain has no pages associated with it, though it does have an info > page under a sub directory, and is only there for the base config. > That is interesting and

[users@httpd] Base server versus virtual servers

I am fine-tuning a single physical server running multiple virtual hosts defined by a macro and using SNI for access to each. The apache version is 2.4.43 and OpenSSL is 1.1.1g. OS is Debian 10 Buster. In looking at the docs about OCSP it mentions possible problems with restarts when the cert prov

Re: [users@httpd] Debugging a reverse proxy using TLS

On Tue, Sep 1, 2020 at 10:18 Eric Covener wrote: > On Tue, Sep 1, 2020 at 10:58 AM Tom Browder wrote: > > Is there any way with the Apache logs to see (and capture) the raw data > being received on the backside of a reverse proxy using TLS? > > I assume https://httpd.apach

[users@httpd] Debugging a reverse proxy using TLS

Is there any way with the Apache logs to see (and capture) the raw data being received on the backside of a reverse proxy using TLS? If so, is there any way to unenccode the data offline with OpenSSL if one has the public and private keys? Thanks so much. Best regards, -Tom

Re: [users@httpd] TLS handling with reverse proxy

On Mon, Aug 31, 2020 at 14:18 Yuma Technical Inc. wrote: > Don’t forget the “:” between host and port. If you want, even * > So I guess ${DOMAIN}.${TLD}:${PORT} > That is part of the macro definition. The vhost details come after that and its format is correct as you showed it. I think I'm get

Re: [users@httpd] TLS handling with reverse proxy

On Mon, Aug 31, 2020 at 07:10 Tom Browder wrote: > On Sun, Aug 30, 2020 at 11:12 Tom Browder wrote: > >> On Sun, Aug 30, 2020 at 10:37 Yuma Technical Inc. < >> yumatechni...@gmail.com> wrote: >> >>> I may be using the setup you describe. I have Webmin t

Re: [users@httpd] TLS handling with reverse proxy

On Sun, Aug 30, 2020 at 11:12 Tom Browder wrote: > On Sun, Aug 30, 2020 at 10:37 Yuma Technical Inc. > wrote: > >> I may be using the setup you describe. I have Webmin to manage services >> > ... > Can you tell me how the _default_ works with SNI virtual hosts? -Tom

Re: [users@httpd] TLS handling with reverse proxy

On Sun, Aug 30, 2020 at 10:37 Yuma Technical Inc. wrote: > I may be using the setup you describe. I have Webmin to manage services > ... Thanks, that helps. My data flow is a bit different, but every little piece of a working solution is a step in the right direction! Best regards: -Tom

[users@httpd] Re: TLS handling with reverse proxy

On Sun, Aug 30, 2020 at 06:58 Tom Browder wrote: > I have a successful non-apache reverse proxy server working behind a > non-tls public-facing apache server. What do I have to do to use TLS with > Let's Encrypt certs managed certificates? I'll be showing the virtual host

[users@httpd] TLS handling with reverse proxy

I have a successful non-apache reverse proxy server working behind a non-tls public-facing apache server. What do I have to do to use TLS with Let's Encrypt certs managed certificates? I have "normal" managed TLS servers working fine, but the reverse proxy TLS settings are a mystery to me. Thank

Re: [users@httpd] Apache 2.2 and tls 1.2

On Thu, Jul 23, 2020 at 12:51 Tom Jubb wrote: > Understood. Just trying to exhaust all possible solutions before doing an OS > upgrade. FYI, I recently completed a local src build of Apache 2.4.43 (and APR and APR-UTIL), and OpenSSL 1.1.1g on Debian 10 Buster. I have documented the process on m

Re: [users@httpd] mod_md: is a restart always require for auto updates?

On Tue, Jul 14, 2020 at 02:01 Stefan Eissing wrote: > > 1. For an auto renewal for the current managed domain, will I have to > > manually restart each time? > Clarification: only a reload (graceful) is necessary, not stop+start. Good point, thanks. Since the renewal is done usually a month in

[users@httpd] mod_md: is a restart always require for auto updates?

I'm running Apache 2.4.43 and just added my first managed virtual host with mod_md and all worked fine. Now I want to move all my other virtual host to the same process but I have a few questions first: 1. For an auto renewal for the current managed domain, will I have to manually restart each tim

[users@httpd] Testing a server locally before remote deployment

My current setup is designed to run on a remote server with its static IP assigned to my domains registered with Namecheap and served by their DNS servers. All my virtual hosts are name-based, https-only, and have individual TLS certs from Letsencrypt. Is there any simple way to run my local serv

[users@httpd] Re: Getting "DSO" failed to load when trying to access a DBM password file

On Sun, Jun 28, 2020 at 18:19 Tom Browder wrote: > I'm using locally built Apache 2.4.43 with Apr 1.7.0 and Apr-util 1.6.1 on > Debian Buster. I'm trying to use DBM password files I built with an earlier > version (approx 2.4.30ish) which worked fine. > ... PROBLEM SOLVED

[users@httpd] Getting "DSO" failed to load when trying to access a DBM password file

I'm using locally built Apache 2.4.43 with Apr 1.7.0 and Apr-util 1.6.1 on Debian Buster. I'm trying to use DBM password files I built with an earlier version (approx 2.4.30ish) which worked fine. I got a complaint from a user he couldn't log in and I saw in the error logs that the password file c

Re: [users@httpd] Apache and systemd

On Thu, Jun 18, 2020 at 07:48 David Copeland wrote: > Hi Tom, > > To have Apache start on boot do: *systemctl enable apache2* > David, thanks so much! So should a person installing Apache from source with "--enable-systemd" expect the service to be enabled during the installation, i.e., this is

Re: [users@httpd] Apache and systemd

On Thu, Jun 18, 2020 at 07:24 David Copeland wrote: > On OpenSuse, I use > > systemctl apache2 > > where is start, stop, status, reload, or whatever (do a "man > systemctl") > Thanks, Dave. But do you add the appropriate systemd files to enable auto start and shutdown of httpd upon reboot? M

Re: [users@httpd] Let's Encrypt (LE) and port 80

On Wed, Jun 17, 2020 at 18:11 @lbutlr wrote: > On 17 Jun 2020, at 16:37, Tom Browder wrote: > > Thanks for the info--but all I'm only running a dozen or so hosts on a > single ... > Zero maintenance. Set it up once and forget it. It is all automated. I wish I could use

Re: [users@httpd] Let's Encrypt (LE) and port 80

On Wed, Jun 17, 2020 at 11:50 dmallor wrote: > I have never used that module and always preferred to keep 80 open purely > for redirects (and LE) > ... Thanks, Danny. -Tom

Re: [users@httpd] Let's Encrypt (LE) and port 80

On Wed, Jun 17, 2020 at 11:47 @lbutlr wrote: > On 17 Jun 2020, at 07:05, Tom Browder wrote: ... > Most of the automation scripts for LE pretty much walk your through > setting this up. ... > Not making a suggestion, as this is harder to setup, but it is something > to think

Re: [users@httpd] Apache and systemd

On Wed, Jun 17, 2020 at 15:46 Richard wrote: ... > > If I build a new server using --enable-systemd how does that affect > > using apachectl? ... > You would use "systemctl" to start/stop/reload/... the server, e.g., > >systemctl start httpd.service Thanks, Richard. Hm, that doesn't work

Re: [users@httpd] Let's Encrypt (LE) and port 80

pOn Wed, Jun 17, 2020 at 09:55 dmallor wrote: You can just setup a global redirect on your 80 listener but exclude LE > root path > ... > Thanks, Danny. I've never used rewrites before, but that looks like a good idea. But which of the two solutions would you prefer? What is the downside of bl

Re: [users@httpd] Let's Encrypt (LE) and port 80

On Wed, Jun 17, 2020 at 08:11 Stefan Eissing wrote: > There is a module called "mod_md" which gets and renews certificates from > LE. It's part of 2.4.43. > ... > You do not need to have port 80 open to use it. It also works with port > 443 alone. > Stefan, thanks. I've read a bit about mod_md b

[users@httpd] Let's Encrypt (LE) and port 80

Before LE came along, I tightened my single server down to redirect http to https. With LE I've been using the cert generation method where I stop Apache, create the required certs with a Raku program, and restart Apache. Now with my new Apache 2.4.43 I'm ready to automate the process. Is there an

[users@httpd] Apache and systemd

If I build a new server using --enable-systemd how does that affect using apachectl? Can I still apachectl for interactive start/stop while systemd takes care of reboots? Thanks. Best regards, -Tom

Re: [users@httpd] Configuration question

On Thu, Jan 30, 2020 at 09:31 o1bigtenor wrote: > On Wed, Jan 29, 2020 at 5:28 PM Tom Browder wrote: ... > > > > > But I'm in the process of putting most of the config online. I'll put > > > > my main macro first. > > > > And for the whole c

Re: [users@httpd] Configuration question

On Wed, Jan 29, 2020 at 3:34 PM Tom Browder wrote: > On Wed, Jan 29, 2020 at 11:47 AM Tom Browder wrote: > > > >... > > But I'm in the process of putting most of the config online. I'll put > > my main macro first. And for the whole conf directory see this:

Re: [users@httpd] Re: Virtual host macros and reverse proxy

apache-httpd-tidbits/blob/master/conf/vhost-proxy.macro.conf -Tom > On Wed, Jan 29, 2020 at 4:05 PM Tom Browder wrote: >> >> On Wed, Jan 29, 2020 at 08:36 Gillis J. de Nijs >> wrote: >> > >> > There's mod_macro that might be useful. I don't th

Re: [users@httpd] Configuration question

On Wed, Jan 29, 2020 at 11:47 AM Tom Browder wrote: > > >... > But I'm in the process of putting most of the config online. I'll put > my main macro first. See the following for my main vhost macro: https://github.com/tbrowder/apache-httpd-tidbits/bl

Re: [users@httpd] Configuration question

On Wed, Jan 29, 2020 at 9:20 AM o1bigtenor wrote: > On Wed, Jan 29, 2020 at 7:14 AM Tom Browder wrote: > > https://www.ssllabs.com/ssltest/ > > > > Check one of my sites and see for yourself: > > > > https://freestatesofamerica.org > > > (Grin) Didn&

Re: [users@httpd] Re: Virtual host macros and reverse proxy

On Wed, Jan 29, 2020 at 08:36 Gillis J. de Nijs wrote: > > There's mod_macro that might be useful. I don't think it does calculations, > though, so you might need to do some things yourself. Maybe you could indeed > generate the conf files yourself and use Include or IncludeOptional. ... Tha

Re: [users@httpd] Configuration question

On Tue, Jan 28, 2020 at 13:07 o1bigtenor wrote: > On Tue, Jan 28, 2020 at 9:49 AM Eric Covener wrote: > > > How can I have different document roots for various applications on the > > > same server? > > virtual hosts. > > Thanking you for your assistance. To those others that had also responded >

[users@httpd] Can one use both certificate and password access to the same resource?

I have a working website with part of it restricted to users with private TLS certificates installed. I would like to add the option for some users to access the same area with the form-based user name and password scheme. Can that be done? Thanks. -Tom

[users@httpd] Re: Virtual host macros and reverse proxy

On Fri, Jan 24, 2020 at 12:06 Tom Browder wrote: > I have multiple virtual hosts for which I would like to use a reverse > proxy to a dynamic application running constantly on my server. > ... Ping

[users@httpd] Virtual host macros and reverse proxy

I have multiple virtual hosts for which I would like to use a reverse proxy to a dynamic application running constantly on my server. I would like to use a macro to do something like this pseudo code: $port = 16000 for each domain.tld map domain.tld to localhost:$port $por

Re: [users@httpd] Reverse proxy: how to map a domain.tld to a local host port

On Wed, Oct 16, 2019 at 01:15 wrote: > Is there any way to map each unique domain.tld to a different app at a > unique port just for that domain.tld? > > Why not just using virtualhosts also on your backend > (tomcat,wildfly,jetty,etc)? Also, if you want to use port based VH on your > backend wit

[users@httpd] Reverse proxy: how to map a domain.tld to a local host port

I want to map multiple virtual hosts (https://domain.tld) to a backend server app. All the recipes I see do something like this: ProxyPreserveHost On ProxyPass "/""http://localhost:8000"; ProxyPassReverse "/""http://localhost:8000"; Does that mean the single app

[users@httpd] SSI and CGI execution

I am successfully using CGI progs (written in the Perl and Raku programming languages), but they are standalone and execute their tasks when called in either of these ways: 1. as an SSI program in the section of an .shtml page: 2. as an href link in the section of an .html or .shtml page:

[users@httpd] Re: Using mod_macro reverse proxy named virtual hosts with TLS

On Fri, Dec 14, 2018 at 10:22 Tom Browder wrote: > Can anyone point to an example of a conf file with a macro defining a > named virtual host with both the following attributes: > ... Ping. Anyone? How about an example with TLS and two separate name-based virtual servers, each using

[users@httpd] Using mod_macro reverse proxy named virtual hosts with TLS

Can anyone point to an example of a conf file with a macro defining a named virtual host with both the following attributes: + TLS + reverse proxy I can find good examples of macros with either attribute, but none with both. I currently have a single server running 10+ named virtual hosts using

[users@httpd] Re: Are passwords with embedded spaces allowed using htdbm?

On Sat, Jun 9, 2018 at 09:00 Tom Browder wrote: > I can get htdbm to accept a cleartext password with spaces when using the > mode where I enter the password at the command line, e.g > ... I’m sorry for the wasted bandwidth, but I proved myself wrong! I used a bash script sussessfu

[users@httpd] Are passwords with embedded spaces allowed using htdbm?

I can get htdbm to accept a cleartext password with spaces when using the mode where I enter the password at the command line, e.g., htdbm -cB dbmfilename user and the password is validated ok using htdbm -vB dbmfilename user but I can’t get it to work using the batch mode: htdbm -cbB db

Re: [users@httpd] 2.4.27 installed, no con fig change, but web site down!

On Wed, Jul 19, 2017 at 02:20 Luca Toscano wrote: > Hi Tom, > > 2017-07-19 3:33 GMT+02:00 Tom Browder : > >> I installed 2.4.27, along with the latest openssl. no config was changed, >> but my server isn't serving. >> > Thanks, I know that I didn't give

[users@httpd] 2.4.27 installed, no con fig change, but web site down!

I installed 2.4.27, along with the latest openssl. no config was changed, but my server isn't serving. I show no errors in the error log. I will try to go back to previous versions to see if I can recover, but wonder if anyone can guess what has happened. Thanks. -Tom

[users@httpd] Automatic session expiration with auth_form

Is there any way to cause an auth_form session to expire automatically? Thanks. Best regards, -Tom

Re: [users@httpd] Re: Error trying to use 'mod_auth_form' and 'mod_dbd' with sqlite3

On Wed, Apr 26, 2017 at 05:06 Tom Browder wrote: > On Wed, Apr 26, 2017 at 04:04 Luca Toscano wrote: > >> > I think I just discovered I what the problem is: I'm using harp.js to >>> > build my site and the is compiling incorrectly. >>> >>> W

  1   2   3   >