Upload
proxymo1
View
245
Download
0
Embed Size (px)
Citation preview
7/27/2019 Apache Configuration and Troubleshooting
1/55
Apache Configuration &Troubleshooting
Kenneth Power
7/27/2019 Apache Configuration and Troubleshooting
2/55
All trademarks used herein are the soleproperty of their respective owners.
7/27/2019 Apache Configuration and Troubleshooting
3/55
Topics
New Features in EasyApache 3
Configuration
Security
Troubleshooting
7/27/2019 Apache Configuration and Troubleshooting
4/55
Easy Apache 3
7/27/2019 Apache Configuration and Troubleshooting
5/55
Features in EA3
All Major Apache Versions
Build Profiles
3rd Party Integration
Simplified Troubleshooting
Improved support for 64 bit
7/27/2019 Apache Configuration and Troubleshooting
6/55
Configuration
Build
Capabilities
Runtime
Behavior
7/27/2019 Apache Configuration and Troubleshooting
7/55
Easyapache
Entry points:
/scripts/easyapache
WHM >>Software >> Apache Update
7/27/2019 Apache Configuration and Troubleshooting
8/55
What is a Profile?
7/27/2019 Apache Configuration and Troubleshooting
9/55
Profiles
cPanel ProfilesCustom Profiles
7/27/2019 Apache Configuration and Troubleshooting
10/55
cPanel Profiles
Basic
PHP Encryption/E-Commerce
PHP Encryption and Image Manipulation
PHP Image Manipulation
PHP Security
No PHP
7/27/2019 Apache Configuration and Troubleshooting
11/55
Refine your Options
Apache Version
PHP Major/Minor Version
Modules, Extensions, build options
7/27/2019 Apache Configuration and Troubleshooting
12/55
Final Choices
Build without save?
7/27/2019 Apache Configuration and Troubleshooting
13/55
Where is ...?
7/27/2019 Apache Configuration and Troubleshooting
14/55
Customize Easyapache
1. Via environment variables2. Custom configure flags
3. /scripts/posteasyapache
http://www.cpanel.net/support/docs/easyapache.htm
http://www.cpanel.net/support/docs/easyapache.htmhttp://www.cpanel.net/support/docs/easyapache.htm7/27/2019 Apache Configuration and Troubleshooting
15/55
The power of EasyApache 3
7/27/2019 Apache Configuration and Troubleshooting
16/55
EasyApache 3
--profile=profile_name
/var/cpanel/easy/apache/profile/custom
7/27/2019 Apache Configuration and Troubleshooting
17/55
cpanel_default.yaml
cpanel_no_php.yaml
cpanel_php_enc.yaml
cpanel_php_enc_img.yaml
cpanel_php_img.yaml
cpanel_php_sec.yaml
Everything.yaml
/var/cpanel/easy/apache/profile/custom
7/27/2019 Apache Configuration and Troubleshooting
18/55
/scripts/easyapache --profile=Everything
--build
EasyApache 3
/scripts/easyapache --profile=Everything --build
7/27/2019 Apache Configuration and Troubleshooting
19/55
What does _____ do?
7/27/2019 Apache Configuration and Troubleshooting
20/55
What does ___ do?
[?] Negotiation
http://httpd.apache.org/docs/2.0/mod/mod_negotiation.html
http://httpd.apache.org/docs/2.0/mod/mod_negotiation.htmlhttp://httpd.apache.org/docs/2.0/mod/mod_negotiation.html7/27/2019 Apache Configuration and Troubleshooting
21/55
Apache/PHP Resources
Apache 1.3 documentation http://httpd.apache.org/docs/1.3/
Apache 2.0 documentation http://httpd.apache.org/docs/2.0/
Apache 2.2 documentation http://httpd.apache.org/docs/2.2/
PHP Manual http://www.php.net/manual/en/
http://httpd.apache.org/docs/1.3/http://httpd.apache.org/docs/2.0/http://httpd.apache.org/docs/2.2/http://www.php.net/manual/en/http://www.php.net/manual/en/http://httpd.apache.org/docs/2.2/http://httpd.apache.org/docs/2.0/http://httpd.apache.org/docs/1.3/7/27/2019 Apache Configuration and Troubleshooting
22/55
Runtime Configuration
7/27/2019 Apache Configuration and Troubleshooting
23/55
Runtime Config
/usr/local/apache/conf/httpd.conf
Global
VirtualHost
/usr/local/lib/php.ini
7/27/2019 Apache Configuration and Troubleshooting
24/55
Gah! cPanel overwrote mychanges!!!!!!!!!
7/27/2019 Apache Configuration and Troubleshooting
25/55
Integrating changes
/usr/local/cpanel/bin/apache_conf_distiller --update
--verbose
Failed to pass acceptance test: Disabling Order deny,allowDisabling Deny from allDisabling Order allow,denyDisabling Allow from allFailed to pass acceptance test:
....
7/27/2019 Apache Configuration and Troubleshooting
26/55
Integrating Changes
--apache-conf=/path/to/conf
7/27/2019 Apache Configuration and Troubleshooting
27/55
Integrating Changes
VirtualHost Templates
/usr/local/cpanel/src/templates
vhost.default
ssl_vhost.default
7/27/2019 Apache Configuration and Troubleshooting
28/55
PHP Configuration
/usr/local/lib/php.ini
7/27/2019 Apache Configuration and Troubleshooting
29/55
Security
7/27/2019 Apache Configuration and Troubleshooting
30/55
Everyone's FavoritePHP
7/27/2019 Apache Configuration and Troubleshooting
31/55
PHP Security
As User
Locking environmentLocking php.ini
7/27/2019 Apache Configuration and Troubleshooting
32/55
PHP Security
PHP As User
7/27/2019 Apache Configuration and Troubleshooting
33/55
PHP As User
PHPSuExec
http://httpd.apache.org/docs/1.3/suexec.html
suPHP
http://www.suphp.org/
http://httpd.apache.org/docs/1.3/suexec.htmlhttp://www.suphp.org/http://www.suphp.org/http://httpd.apache.org/docs/1.3/suexec.html7/27/2019 Apache Configuration and Troubleshooting
34/55
PHP As User
Runs via CGI
Conflicts with mod_php
php_value/php_admin flags won't work
Application incompatibility
suPHP Configurable at runtime
7/27/2019 Apache Configuration and Troubleshooting
35/55
PHP Security
Locking Environment
7/27/2019 Apache Configuration and Troubleshooting
36/55
Locking the Environment
disable_functions
dl
Program Execution Functions
http://us2.php.net/manual/en/ref.exec.php
http://us2.php.net/manual/en/ref.exec.phphttp://us2.php.net/manual/en/ref.exec.php7/27/2019 Apache Configuration and Troubleshooting
37/55
PHP Security
Locking php.ini
7/27/2019 Apache Configuration and Troubleshooting
38/55
Locking php.ini
Safe PHP CGI
/usr/local/lib/php.ini
7/27/2019 Apache Configuration and Troubleshooting
39/55
Know your .htaccess
7/27/2019 Apache Configuration and Troubleshooting
40/55
.htaccess
AllowOverride Options
Allows user to configure modules
7/27/2019 Apache Configuration and Troubleshooting
41/55
Modules & Tools
7/27/2019 Apache Configuration and Troubleshooting
42/55
mod_security
http://www.modsecurity.org/
http://www.modsecurity.org/http://www.modsecurity.org/7/27/2019 Apache Configuration and Troubleshooting
43/55
mod_security
ModSecurity is an embeddable web applicationfirewall
Available for all 3 versions of Apache
7/27/2019 Apache Configuration and Troubleshooting
44/55
mod_security example
SecRule ARGS delete[[:space:]]+from
SecRule ARGS insert[[:space:]]+into
7/27/2019 Apache Configuration and Troubleshooting
45/55
mod_security
Core rules updated
http://www.modsecurity.org/download/index.html
http://www.modsecurity.org/download/index.htmlhttp://www.modsecurity.org/download/index.html7/27/2019 Apache Configuration and Troubleshooting
46/55
Others
mod_evasivehttp://www.zdziarski.com/projects/mod_evasive/
Scanning tools
http://sectools.org/
http://www.zdziarski.com/projects/mod_evasive/http://sectools.org/http://sectools.org/http://www.zdziarski.com/projects/mod_evasive/7/27/2019 Apache Configuration and Troubleshooting
47/55
Beware the compatibility!
7/27/2019 Apache Configuration and Troubleshooting
48/55
Troubleshooting
7/27/2019 Apache Configuration and Troubleshooting
49/55
New Build Behavior
7/27/2019 Apache Configuration and Troubleshooting
50/55
New Build Behavior
Backup
/usr/local/apache.backup
Modules not restored
7/27/2019 Apache Configuration and Troubleshooting
51/55
When Builds go Bad
7/27/2019 Apache Configuration and Troubleshooting
52/55
Build Troubleshooting
EasyApache build log
/usr/local/cpanel/logs/easy/apache
Dependencies
'Cpanel::Easy::Apache::DAVFs' requires the option'Cpanel::Easy::Apache::Dav'to be on and not
"skipped".
7/27/2019 Apache Configuration and Troubleshooting
53/55
Build Troubleshooting
7/27/2019 Apache Configuration and Troubleshooting
54/55
Troubleshooting
Apache Configure test
/usr/local/apache/bin/httpd -t
/usr/local/apache/bin/httpd -t -f file
Apache Logs
/usr/local/apache/logs/error_log
7/27/2019 Apache Configuration and Troubleshooting
55/55
Questions?