Apache Configuration and Troubleshooting

7/27/2019 Apache Configuration and Troubleshooting

1/55

Apache Configuration &Troubleshooting

Kenneth Power


2/55

All trademarks used herein are the soleproperty of their respective owners.


3/55

Topics

New Features in EasyApache 3

Configuration

Security

Troubleshooting


4/55

Easy Apache 3


5/55

Features in EA3

All Major Apache Versions

Build Profiles

3rd Party Integration

Simplified Troubleshooting

Improved support for 64 bit


6/55

Configuration

Build

Capabilities

Runtime

Behavior


7/55

Easyapache

Entry points:

/scripts/easyapache

WHM >>Software >> Apache Update


8/55

What is a Profile?


9/55

Profiles

cPanel ProfilesCustom Profiles


10/55

cPanel Profiles

Basic

PHP Encryption/E-Commerce

PHP Encryption and Image Manipulation

PHP Image Manipulation

PHP Security

No PHP


11/55

Refine your Options

Apache Version

PHP Major/Minor Version

Modules, Extensions, build options


12/55

Final Choices

Build without save?


13/55

Where is ...?


14/55

Customize Easyapache

1. Via environment variables2. Custom configure flags

3. /scripts/posteasyapache

http://www.cpanel.net/support/docs/easyapache.htm
http://www.cpanel.net/support/docs/easyapache.htmhttp://www.cpanel.net/support/docs/easyapache.htm


15/55

The power of EasyApache 3


16/55

EasyApache 3

--profile=profile_name

/var/cpanel/easy/apache/profile/custom


17/55

cpanel_default.yaml

cpanel_no_php.yaml

cpanel_php_enc.yaml

cpanel_php_enc_img.yaml

cpanel_php_img.yaml

cpanel_php_sec.yaml

Everything.yaml

/var/cpanel/easy/apache/profile/custom


18/55

/scripts/easyapache --profile=Everything

--build

EasyApache 3

/scripts/easyapache --profile=Everything --build


19/55

What does _____ do?


20/55

What does ___ do?

[?] Negotiation

http://httpd.apache.org/docs/2.0/mod/mod_negotiation.html
http://httpd.apache.org/docs/2.0/mod/mod_negotiation.htmlhttp://httpd.apache.org/docs/2.0/mod/mod_negotiation.html


21/55

Apache/PHP Resources

Apache 1.3 documentation http://httpd.apache.org/docs/1.3/



PHP Manual http://www.php.net/manual/en/
http://httpd.apache.org/docs/1.3/http://httpd.apache.org/docs/2.0/http://httpd.apache.org/docs/2.2/http://www.php.net/manual/en/http://www.php.net/manual/en/http://httpd.apache.org/docs/2.2/http://httpd.apache.org/docs/2.0/http://httpd.apache.org/docs/1.3/


22/55

Runtime Configuration


23/55

Runtime Config

/usr/local/apache/conf/httpd.conf

Global

VirtualHost

/usr/local/lib/php.ini


24/55

Gah! cPanel overwrote mychanges!!!!!!!!!


25/55

Integrating changes

/usr/local/cpanel/bin/apache_conf_distiller --update

--verbose

Failed to pass acceptance test: Disabling Order deny,allowDisabling Deny from allDisabling Order allow,denyDisabling Allow from allFailed to pass acceptance test:

....


26/55

Integrating Changes

--apache-conf=/path/to/conf


27/55

Integrating Changes

VirtualHost Templates

/usr/local/cpanel/src/templates

vhost.default

ssl_vhost.default


28/55

PHP Configuration



29/55

Security


30/55

Everyone's FavoritePHP


31/55

PHP Security

As User

Locking environmentLocking php.ini


32/55

PHP Security

PHP As User


33/55

PHP As User

PHPSuExec

http://httpd.apache.org/docs/1.3/suexec.html

suPHP

http://www.suphp.org/
http://httpd.apache.org/docs/1.3/suexec.htmlhttp://www.suphp.org/http://www.suphp.org/http://httpd.apache.org/docs/1.3/suexec.html


34/55

PHP As User

Runs via CGI

Conflicts with mod_php

php_value/php_admin flags won't work

Application incompatibility

suPHP Configurable at runtime


35/55

PHP Security

Locking Environment


36/55

Locking the Environment

disable_functions

dl

Program Execution Functions

http://us2.php.net/manual/en/ref.exec.php
http://us2.php.net/manual/en/ref.exec.phphttp://us2.php.net/manual/en/ref.exec.php


37/55

PHP Security

Locking php.ini


38/55

Locking php.ini

Safe PHP CGI



39/55

Know your .htaccess


40/55

.htaccess

AllowOverride Options

Allows user to configure modules


41/55

Modules & Tools


42/55

mod_security

http://www.modsecurity.org/
http://www.modsecurity.org/http://www.modsecurity.org/


43/55

mod_security

ModSecurity is an embeddable web applicationfirewall

Available for all 3 versions of Apache


44/55

mod_security example

SecRule ARGS delete[[:space:]]+from

SecRule ARGS insert[[:space:]]+into


45/55

mod_security

Core rules updated

http://www.modsecurity.org/download/index.html
http://www.modsecurity.org/download/index.htmlhttp://www.modsecurity.org/download/index.html


46/55

Others

mod_evasivehttp://www.zdziarski.com/projects/mod_evasive/

Scanning tools

http://sectools.org/
http://www.zdziarski.com/projects/mod_evasive/http://sectools.org/http://sectools.org/http://www.zdziarski.com/projects/mod_evasive/


47/55

Beware the compatibility!


48/55

Troubleshooting


49/55

New Build Behavior


50/55

New Build Behavior

Backup

/usr/local/apache.backup

Modules not restored


51/55

When Builds go Bad


52/55

Build Troubleshooting

EasyApache build log

/usr/local/cpanel/logs/easy/apache

Dependencies

'Cpanel::Easy::Apache::DAVFs' requires the option'Cpanel::Easy::Apache::Dav'to be on and not

"skipped".


53/55

Build Troubleshooting


54/55

Troubleshooting

Apache Configure test

/usr/local/apache/bin/httpd -t

/usr/local/apache/bin/httpd -t -f file

Apache Logs

/usr/local/apache/logs/error_log


55/55

Questions?

Documents

Apache Configuration and Troubleshooting