My Docker has the following in its vhost.conf
<VirtualHost *:80>
// ...(snipped)
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Viewing these via docker exec in /var/log/apache, doing ls -l shows:
access.log -> /dev/stdout
error.log -> /dev/stderr
What does this mean and is it possible to view their content?
docker logs on the container will show you this log output.
/dev/stdout and /dev/stderr are special "files" that actually point at the current process's standard output and error channels, respectively (they should themselves be symlinks to /proc/self/fd/1 and /proc/self/fd/2). Unless something causes them to get redirected somewhere else, this will become the main output of the container, and that gets captured by Docker's internal log subsystem.
If you wanted to capture these as concrete files on your local system, you could bind mount a local directory over /var/log/apache (with a docker run -v option or Docker Compose ports: option). This would cause an (initially empty) directory to hide the contents of that directory in the container, and when the HTTP daemon wrote out its logs, they'd appear as real files in a directory shared with the host.
You should not need docker exec in normal operation.
Related
I have a container with apache2 and modsecurity installed.
My question is: how to send the logs generated by apache and modsecurity (stored in /var/apache2/error.log) to the host?
I have syslog within the host that already collect locally and send the logs to a remote server; I'm able to send the logs from other containers correctly but not from the apache container.
I tried several ways but unfortunately i was not able to achieve this objective:
Piping with: ErrorLog "| :514"
ErrorLog /dev/stderr
TransferLog /dev/stdout
Within dockerfile: RUN ln -sf /proc/self/fd/1 /var/log/apache2/access.log &&
ln -sf /proc/self/fd/1 /var/log/apache2/error.log
This is my current configuration:
/etc/apache2/sites-available/000-default.conf
...
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SecRuleEngine On
...
There is a default modsecurity configuration for now.
Thank you.
I have been playing about with docker and apache recently neither of which I understand massively well.
I have a problem concerning communication between 2 docker containers on the same host.
One container is running apache with options -p 80:80.
Going to localhost:80 shows the default apache page
I have a second container running the rocker/rstudio image with option -p 8787:8787.
Going to localhost:8787 shows the rstudio log in page as expected.
I want to inside my apache container make it such that localhost/rstudio takes me to the login page for rstudio that is running in the rocker container.
As far as i understood the apache container should be able to see localhost:8787, under sites-available i have the following rstudio.conf file
<VirtualHost *:80>
<Proxy *>
Allow from localhost
</Proxy>
# Specify path for Logs
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Following lines should open rstudio directly from the url
# Map rstudio to rstudio/
RedirectMatch ^/rstudio$ /rstudio/
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /rstudio/(.*) ws://localhost:8787/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /rstudio/(.*) http://localhost:8787/$1 [P,L]
ProxyPass /rstudio/ http://localhost:8787/
ProxyPassReverse /rstudio/ http://localhost:8787/
ProxyRequests off
</VirtualHost>
as suggested by the rstudio server configuration docs. However localhost:80/rstudio returns a 404 and i don't understand why. Does anyone have any suggestions as to how to fix this?
The main reason I want to do this from inside the apache container rather than just install apache in the rocker container is such that the apache container can manage other connected containers too.
As far as i understood the apache container should be able to see localhost:8787, under sites-available i have the following rstudio.conf file
Almost. From inside the apache docker container, localhost is that container, not the host.
If you want to see what I'm talking about, go into your running apache container and curl localhost:8787. You will get a 404. Now add another vhost in the apache container for 8787 and enable it, then from inside the container curl localhost:8787 again, you'll get the new vhost's content.
The two most straightforward options to do what you're asking would be either a custom network or using docker-compose.
custom network
docker network create jamie-rowan-network
docker run -itd -p 80:80 --network jamie-rowan-network --name apache <image>
docker run -itd -p 8787:8787 --network jamie-rowan-network --name rstudio <image>
This creates a bridge network named jamie-rowan-network. When you run your containers, add them to this network. The embedded network DNS also has service discovery, so your containers will be able to resolve each other by the --name given in the run. (Suggested reading about that here.
Now you should be able to resolve your rstudio container from your apache container with curl rstudio:8787.
Important note: this behavior is a little bit different before and after Docker 1.10, definitely check the docs I linked above. I'm assuming you're on > 1.10.
docker-compose
docker-compose is a tool designed to make a container orchestration much simpler. In this case, it pretty much does all the lifting required for the custom network on it's own, with no work required on your part. I won't go in to how to write a docker-compose.yml, but any service listed in the docker-compose.yml is reachable by the other services by name.
Example:
version: '3'
services:
apache:
image: <image>
ports:
- 80:80
rstudio:
image: <image>
ports:
- 8787:8787
This would accomplish the same as the custom network; rstudio would be reachable from the apache container with curl rstudio:8787 and going the other way, apache would be reachable from rstudio with curl apache:80
ok guys, im stumped. I install centos 7.2 on a vm, installed httpd, enabled it as a service, then started it
then created and edited a config file as follows
<VirtualHost *:80>
ServerAdmin admin#mydomain.com
ServerName www.mydomain.com
ServerAlias mydomain.com
DocumentRoot /var/www/mydomain.com/public_html
#ErrorLog /var/www/mydomain.com/error.log
#CustomLog /var/www/mydomain.com/requests.log combined
</VirtualHost>
So.. When I uncomment the "ErrorLog", which I believe is correct, and there is a file called error.log in directory "/var/www/mydomain.com/"
Httpd.service doesn't want to start, with the error:
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mydomain.com/error.log.
AH00015: Unable to open logs
I tried doing chown on the error.log file, to apache:apache, and root:root, and the user for the site, but that didn't work.
I also made sure to 755 the directory for www, so the error.log file should be able to be opened by that. Help me out please
Turns out that the error and access logs needed to be placed in /var/log/httpd/ instead of where they were.
All the directories in the path leading up to the error.log must have the executable and readable bit set for the apache user or group, in order for apache to be able to write to the log file.
In order to debug the permissions, you could su to the apache user, and try touching the file:
sudo -u apache touch /var/www/mydomain.com/error.log
I set up Apache 2.4 yesterday, and it is working with the htdocs folder I set up in my home directory. However, I do not want to use htdocs, I want to use a folder in my ~/Documents/web/<project> directory. I have tried altering /etc/apache2/httpd.conf and /etc/apache2/users/<username>.conf to no avail. Does anyone have any ideas?
FOR WINDOWS:
please try to modify <your-apache-dir>\conf\http.conf.
Open http.conf in the above directory
Search for DocumentRoot
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "c:/Apache24/htdocs"
Modify the above bolded path.
Restart your apache.
(Note: Restarting apache is important. Any changes you made in apache and php, you have to restart the apache.)
FOR OSX:
Other than modifying the /etc/apache2/httpd.conf and /etc/apache2/users/<username>.conf,
you need to do one more change, otherwise the WebSharing won't be able to turn on again. (according to David_Wang)
Open your httpd.config (Probably need to do this if you haven't change the permission access to this file)
sudo chmod 666 httpd.conf
Open httpd.config, and start editing.
sudo chmod 644 httpd.conf, when it's finished, proceed to step 2 (change it back to original permisson access)
Find DocumentRoot "/Library/WebServer/Documents", and change it to DocumentRoot "/Users/leiwang/Sites" or any other folders you want to.
One important thing is, you need to give the Read/Write permission to the folder you specified.
sudo chmod -R 747 foldername
(ref: change web root apache mac OS X)
You need to add a <Directory> section (with Requrie all granted) each time you add a new DocumentRoot if it's not within the original document root.
I can't start wamp server on win7. I'm using vhosts, everything was fine untill I restart wamp server.
httpd-vhost.conf:
<VirtualHost *:80>
ServerAdmin *.*#*.com
DocumentRoot "C:\Users\Rossko\Documents\PHP\wamp\www\***.local"
ServerName ***.local
ErrorLog "C:\Users\Rossko\Documents\PHP\wamp\apache\apache2.4.9\logs\***.local-error.log"
CustomLog "C:\Users\Rossko\Documents\PHP\wamp\apache\apache2.4.9\logs\***.local-access.log" common
in Apache error log is nothing and port 80 is empty. Why is still orange and failed to start? Any idea? I have more virtual hosts in httpd-vhost.conf than projects in www/ folder (not enough time for copy) Is it possible that the error is coused by this?
First, if Apache fails to start, look at the Windows Event Log under
Event Viewer -> Windows Logs -> Application
And then look for Errors report from a Source of Apache
If Apache fails before it can open its error log, errors are written to the Event log.
Second a good way to test your http.conf file and any files that are included within httpd.conf is to do this :-
Launch a command window (Dos Box)
C:
CD \Users\Rossko\Documents\PHP\wamp\apache\apache2.4.9\bin
httpd -t
This should validate the httpd.conf file and all included files, if there are errors they will be reported with a filename and a line number.
Fix the error and then try the httpd -t command again until it responds with an OK message.
If you have defined more Virtual Hosts than you have actually created DocumetRoot folders for, it should just report a cannot find file type message in the Apache error log on startup. It should not actually stop Apache from starting.