show all loaded modules
apache2ctl -M
show all vhosts
apache2ctl -S
run syntax check for config files
apache2ctl -t
References
http://csuca.org/manual/en/programs/apachectl.html
https://manpages.ubuntu.com/manpages/trusty/man8/apache2ctl.8.html
sudo a2enmod proxy_http sudo a2enmod proxy_fcgi sudo a2enmod proxy_wstunnel
# VirtualHost ms.example.net
<VirtualHost *:80>
ServerName ms.example.net
ProxyRequests Off
ProxyPreserveHost On
RemoteIPHeader X-Forwarded-For
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:14102/$1 [P,L]
ProxyPass /socket.io http://localhost:14102/socket.io
ProxyPassReverse /socket.io http://localhost:14102/socket.io
</VirtualHost>
<VirtualHost *:443>
ServerName ms.example.net
ProxyRequests Off
ProxyPreserveHost On
RemoteIPHeader X-Forwarded-For
RewriteEngine on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.net/privkey.pem
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:14102/$1 [P,L]
ProxyPass /socket.io http://localhost:14102/socket.io
ProxyPassReverse /socket.io http://localhost:14102/socket.io
</VirtualHost>
Use a secure URL for your initial connection, i.e. instead of “http://” use “https://”. If the WebSocket transport is chosen, then Socket.IO should automatically use “wss://” (SSL) for the WebSocket connection too.
var socket = io.connect('https://localhost', {secure: true});
References
http://xpo6.com/socket-io-via-apache-reverse-proxy/
https://stackoverflow.com/questions/36472920/apache-proxy-configuration-for-socket-io-project-not-in-root
https://gist.github.com/iacchus/954e0787d6893c5ab8e1
https://stackoverflow.com/questions/6599470/node-js-socket-io-with-ssl
sudo certbot --apache -d example.com -d www.example.com
Installing Certbot
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache
Set Up the SSL Certificate
Certbot needs to be able to find the correct virtual host in your Apache configuration for it to automatically configure SSL. Specifically, it does this by looking for a
ServerNamedirective that matches the domain you request a certificate for.
Obtaining an SSL Certificate
sudo certbot --apache -d example.com -d www.example.com
This runs
certbotwith the--apacheplugin, using-dto specify the names you’d like the certificate to be valid for.
Verifying Certbot Auto-Renewal
sudo certbot renew --dry-run
Go to /etc/apache2/conf-available/javascript-common.conf, you will find this:
Alias /javascript /usr/share/javascript/
<Directory "/usr/share/javascript/">
Options FollowSymLinks MultiViews
</Directory>
So you just have to comment this lines (with the # char) (is not recommend to edit directly the file in conf-enabled) to avoid the forbidden error. After that, do this:
a2disconf javascript-common a2enconf javascript-common
References
https://serverfault.com/questions/274254/cannot-access-javascript-folder
/etc/init.d/apache2 stop
sudo /etc/init.d/apache2 stop
sudo service apache2 stop
systemctl stop apache2.service
References
https://www.cyberciti.biz/faq/star-stop-restart-apache2-webserver/
NameVirtualHost *:80 <VirtualHost *:80> ServerName mysite.example.com DocumentRoot /usr/local/apache2/htdocs Redirect /secure https://mysite.example.com/secure </VirtualHost> <VirtualHost _default_:443> ServerName mysite.example.com DocumentRoot /usr/local/apache2/htdocs SSLEngine On # etc... </VirtualHost>
When redirecting everything you don’t even need a DocumentRoot:
NameVirtualHost *:80 <VirtualHost *:80> ServerName www.example.com Redirect / https://secure.example.com/ </VirtualHost> <VirtualHost _default_:443> ServerName secure.example.com DocumentRoot /usr/local/apache2/htdocs SSLEngine On # etc... </VirtualHost>
Note: Once the configuration is working as intended, a permanent redirection can be considered. This avoids caching issues by most browsers while testing. The directive would then become:
Redirect permanent / https://secure.example.com/
—————
<Directory /topsecret> SSLRequireSSL </Directory>
References
https://wiki.apache.org/httpd/RedirectSSL
https://serverfault.com/questions/429634/restrict-apache-to-only-allow-access-using-ssl-for-some-directories
https://www.tecmint.com/redirect-http-to-https-on-apache/
sudo apt-get install python-letsencrypt-apache
letsencrypt --apache
nano /etc/apache2/apache2.conf
<VirtualHost *:443>
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/dl.mhdr.ir/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/dl.mhdr.ir/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/dl.mhdr.ir/chain.pem
DocumentRoot "/var/www/html/dl"
ServerName dl.mhdr.ir
</VirtualHost>
service apache2 restart
PPA
$ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
note : only the last VitualHost will be detected by letsencrypt
References
https://certbot.eff.org/#ubuntuxenial-apache
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
https://letsencrypt.org/
Apache
a2enmod proxy a2enmod ssl a2enmod proxy_http a2enmod proxy_ajp a2enmod rewrite a2enmod deflate a2enmod headers a2enmod proxy_balancer a2enmod proxy_connect a2enmod proxy_html sudo a2enmod remoteip sudo service apache2 restart
<VirtualHost *:80>
ServerName iterator.ir
ProxyRequests Off
ProxyPreserveHost On
RemoteIPHeader X-Forwarded-For
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:13602/
ProxyPassReverse / http://localhost:13602/
</VirtualHost>
<VirtualHost *:443> SSLEngine on RewriteEngine on SSLCertificateKeyFile /etc/letsencrypt/live/lastlab.pupli.net/privkey.pem SSLCertificateFile /etc/letsencrypt/live/lastlab.pupli.net/cert.pem SSLCertificateChainFile /etc/letsencrypt/live/lastlab.pupli.net/chain.pem ServerName lastlab.pupli.net ProxyRequests Off ProxyPreserveHost On RemoteIPHeader X-Forwarded-For <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:14001/ ProxyPassReverse / http://localhost:14001/ </VirtualHost>
Spring Boot
set server.use-forward-headers to server.use-forward-headers in Spring Boot application.properties
Java
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
References
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-servlet-containers.html#howto-use-tomcat-behind-a-proxy-server
https://www.mkyong.com/java/how-to-get-client-ip-address-in-java/
http://serverfault.com/questions/130925/passing-ip-address-with-mod-proxy
https://www.leaseweb.com/labs/2014/12/tutorial-apache-2-4-transparent-reverse-proxy/
http://www.thegeekstuff.com/2011/07/Apache-Virtual-Host/
https://devops.profitbricks.com/tutorials/configure-apache-as-a-reverse-proxy-using-mod_proxy-on-ubuntu/
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
Install Apache
sudo apt-get install apache2
Install MySQL
sudo apt-get install mysql-server php5-mysql
Install PHP
sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt php5-curl sudo apt-get install php5-cli
Create a MySQL Database and User for WordPress
mysql -u root -p create database wordpressdb; create user wordpressuser@localhost identified by 'pass1234'; grant all privileges on wordpressdb.* to wordpressuser@localhost; FLUSH PRIVILEGES; exit
Download WordPress
wget http://wordpress.org/latest.tar.gz
or
sudo apt-get install wordpress
sudo apt-get install php5-gd libssh2-php
The group ownership we will give to our web server process, which is www-data. This will allow Apache to interact with the content as necessary.
sudo chown -R :www-data /var/www/html/wordpress
MySQL Error: : ‘Access denied for user ‘root’@’localhost’
/etc/my.cnf or /etc/mysql/my.cnf, depending on your distro.skip-grant-tables under [mysqld]mysql -u root -pmysql> flush privileges;ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewPassword';mysql -u root -pRefernces :
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-ubuntu-14-04
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-14-04
https://kyup.com/tutorials/install-wordpress/
https://help.ubuntu.com/community/WordPress
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lamp-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-16-04
https://stackoverflow.com/questions/41645309/mysql-error-access-denied-for-user-rootlocalhost