I have an LAMP server for my Drupal 8 site.
I do not know what I can optimize to improve the performance of my site.
This is a dynamic site.
Should I use the htaccess files or disable them and put everything in vhost ?
Is the file below correct ?
What can I add ?
.htaccess :
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
</IfModule>
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Add correct encoding for SVGZ.
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
# Most of the following PHP settings cannot be changed at runtime. See
# sites/default/default.settings.php and
# Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
# changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_value assert.active 0
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
# PHP 5.6 has deprecated $HTTP_RAW_POST_DATA and produces warnings if this is
# not set.
php_value always_populate_raw_post_data -1
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive on
ExpiresDefault "access plus 30 seconds"
ExpiresByType text/html "access plus 15 days"
ExpiresByType image/gif "access plus 1 months"
ExpiresByType image/jpg "access plus 1 months"
ExpiresByType image/jpeg "access plus 1 months"
ExpiresByType image/png "access plus 1 months"
ExpiresByType text/js "access plus 1 months"
ExpiresByType text/javascript "access plus 1 months"
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Set a fallback resource if mod_rewrite is not enabled. This allows Drupal to
# work without clean URLs. This requires Apache version >= 2.2.16. If Drupal is
# not accessed by the top level URL (i.e.: http://example.com/drupal/ instead of
# http://example.com/), the path to index.php will need to be adjusted.
<IfModule !mod_rewrite.c>
FallbackResource /index.php
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "/\.|^\.(?!well-known/)" - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/foo will be redirected to http://www.example.com/foo)
# uncomment the following:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/foo will be redirected to http://example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Redirect common PHP files to their new locations.
RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
RewriteCond %{REQUEST_URI} !core
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
# Rewrite install.php during installation to see if mod_rewrite is working
RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
# Pass all requests not referring directly to files in the filesystem to
# index.php.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# For security reasons, deny access to other PHP files on public sites.
# Note: The following URI conditions are not anchored at the start (^),
# because Drupal may be located in a subdirectory. To further improve
# security, you can replace '!/' with '!^/'.
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
# Allow access shariff-backend-php.
RewriteCond %{REQUEST_URI} !/shariff-backend-php/
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
# Various header fixes.
<IfModule mod_headers.c>
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
# Disable Proxy header, since it's an attack vector.
RequestHeader unset Proxy
</IfModule>
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</IfModule>
/etc/apache2/sites-available/www-domaine-com-le-ssl.conf :
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin contact#domaine.com
ServerName domaine.com
ServerAlias www.domaine.com
Protocols h2 http/1.1
DocumentRoot /var/www/www-domaine-com/web/
<Directory /var/www/www-domaine-com/web>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
<Proxy "fcgi://localhost/" enablereuse=on flushpackets=on max=10>
</Proxy>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domaine.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domaine.com/privkey.pem
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Download-Options "noopen"
Header always set X-Permitted-Cross-Domain-Policies "none"
Header always set Content-Security-Policy "default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; base-uri 'self';"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</VirtualHost>
</IfModule>
Using dynamic configuration files (".htaccess") will definitely slow down your server. That is documented and actually easy to understand:
The static configuration is read exactly once at startup time. When dynamic configuration files are enabled, then the server has to check each physical folder from the root up to the requested object (if mapped to the file system) whether there are such configuration files (which can occur on every level of the file system). And if some are found then each has to be read and interpreted for every single request. All that is additional load.
These files are only supported for two typical situations:
when you have no access to the actual host configuration of the server (read: really cheap hosting providers)
for applications that insist on writing their own rewriting rules (which is an obvious security nightmare once you start thinking about it)
If none of the two situations apply to you, then the clear recommendation is to not use dynamic configuration files but use the static configuration instead. And possibly even to disable those files completely.
Take care however for the details. You cannot simply move the directives in all cases, sometimes you need to adapt them:
there are directives you cannot use in all locations (consult the http server documentation for details on that, it is of excellent quality and comes with great examples and details)
you may have to adjust a few details, for examples the matching pattern in RewriteRules which is applied to absolute paths in the static configuration but to relative paths in dynamic configuration files. Again this is clearly documented.
Related
Implement a redirect to HTTPS to website
Earlier we have a website with HTTP, and recently we have purchased in to HTTPS. Now I am tried to implement the redirect to HTTPS.
For this I tried below code in
<IfModule mod_rewrite.c>
## enable rewrites
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ www.example.com/$1 [R,L]
</IfModule>
When I uploaded the .htaccess file with above code. The website is not able to display.
And my entire .htaccess file as below.
#DirectoryIndex index.html
#AddType application/x-httpd-php5 .html .htm
#AddType application/x-httpd-php .html .htm
#RemoveHandler .html .htm
#AddType application/x-httpd-php .html .htm
#RewriteRule ^/?inscription/map\.html$ - [F,L]
<FilesMatch "\.html$" >
#ForceType application/x-httpd-php
</FilesMatch>
#Canonicalization issue
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ www.example.com/$1 [L,R=301]
#Google Caching Issue
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ www.example.com/$1 [R,L]
<IfModule mod_rewrite.c>
## enable rewrites
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ www.example.com/$1 [R,L]
#Redirect from http to https
#RewriteCond %{HTTP:X-Forwarded-Proto} !https
#RewriteCond %{HTTPS} off
#RewriteRule ^ www.example.com/ [L,R=301]
ErrorDocument 404 www.example.com
</IfModule>
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 1 month"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
</IfModule>
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>
<Files "phpinfo.php">
Order Allow,Deny
Deny from all
</Files>
#<Files >
#AddType application/x-httpd-php .html .htm
#</Files>
Options -Indexes
Can you please help on this. to implement the redirection from http to https.
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ www.example.com/$1 [R,L]
You need to include the scheme, ie. https in the substitution string. For example:
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
The same applies to all the other redirects in your .htaccess file.
If you don't explicitly include the HTTPS scheme in a HTTP to HTTPS redirect then it's never going to redirect to HTTPS. However, a relative path substitution (ie. one that does not start with a scheme or slash) is seen as relative to the current directory (unless RewriteBase is defined). So, a substitution string like www.example.com will effectively be treated as a subdirectory from the current directory (document root) and attempting to convert this into an external redirect will result in a malformed redirect like http://www.example.com/path/to/public_html/www.example.com/<foo>.
ErrorDocument 404 www.example.com
You have a similar issue with your ErrorDocument directive. However, you should not be "redirecting" to the custom error document (which is what will happen if you specify an absolute URL here). You should define a custom error document. eg. /errors/my404.html and state this in the ErrorDocument directive:
ErrorDocument 404 /errors/my404.html
The custom error document is then served using an internal subrequest. There is no "external redirect" here.
UPDATE#1:
Can you please edit above .htaccess file and post here?
I've removed all the commented-out code sections - so add those back as appropriate. Although several of the mod_rewrite sections that were commented out I assume are just earlier/incorrect attempts. I've also reordered some bits (eg. it is more logical to define Options and ErrorDocument directives early in the file - you certainly shouldn't split these up). I've omitted the mod_expires and mod_deflate sections for brevity.
I've also updated the deprecated mod_access_compat (Order, Deny, etc.) directives for Apache 2.4 Require all denied.
I'm also assuming the www subdomain is canonical and you have no other subdomains.
# Allow FollowSymlinks (required for mod_rewrite)
# and prevent directory listings (mod_autoindex)
Options +FollowSymlinks -Indexes
# Define custom error documents
ErrorDocument 404 /errors/my404.html
# Block access to specific files
<Files "phpinfo.php">
Require all denied
</Files>
# Enable mod_rewrite rewrite engine
RewriteEngine On
# Canonical redirect: non-www to www (and HTTPS)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.%{HTTP_HOST}/$1 [R=301,L]
# Canonical redirect: HTTP to HTTPS
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
# mod_expires directives go here...
# mod_deflate directives go here...
Clear your browser cache before testing and test first with 302 (temporary) redirects to avoid potential caching issues.
Note I assume you have already tested the SERVER_PORT 80 check and this works as intended on your server*1. I notice in your commented-out code you are also checking the X-Forwarded-Proto HTTP request header - this is only required if your application server is behind a front-end proxy that manages the HTTPS connection. If this is the case then checking SERVER_PORT (or HTTPS) may fail.
*1 UPDATE#2: It seems this is not the case and you are having to implement a non-standard check for %{ENV:HTTPS} instead of checking the SERVER_PORT, which is resulting in a redirect loop. This implies that your webhost (a shared hosting platform I assume) is using some kind of front-end proxy to manage the SSL connection and your application server is actually communicating over plain HTTP to the front-end proxy.
# Force from http to https
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Solved with below code.
#Force from http to https
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have a DigitalOcean droplet running Ubuntu.
On it, I host three sites using Apache. I am trying to add a fourth, "newsite.com", swapping from another host. This fourth site is live on another environment with SSL enabled.
The existing three sites run fine. They have SSL enabled using LetsEncrypt and I use virtual hosts to set up multiple domains with the same IP. However, for the fourth one, the new site, if I try to view the site (by editing my Win10 hosts file to point at the server IP) I see one of the other three sites, "oldsite1.com", which is the highest in the list sorted alphabetically. I understand Apache works its way down the list of enabled sites to select one. The new site does not have SSL enabled as I cannot run LetsEncrypt until the DNS has been changed.
The .conf file for the new site looks like this:
<VirtualHost *:80>
ServerAdmin webmaster#newsite.com
ServerName newsite.com
ServerAlias www.newsite.com
DocumentRoot /var/www/newsite.com/public_html
<Directory /var/www/newsite.com/public_html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =newsite.com [OR]
RewriteCond %{SERVER_NAME} =www.newsite.com
RewriteRule ^ http://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
This matches the .conf files of the other sites.
My newsite .htaccess file:
#Force SSL
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://newsite.com/$1 [R=301,L]
# Prevent Directory listing
Options -Indexes
#Whitelist IP
#RewriteEngine On
#RewriteCond %{REMOTE_ADDR} [removed]
#RewriteCond %{DOCUMENT_ROOT}/error.html -f
#RewriteCond %{DOCUMENT_ROOT}/error.enable -f
#RewriteCond %{SCRIPT_FILENAME} !error.html
#RewriteRule ^.*$ /error.html [R=503,L]
#ErrorDocument 503 /error.html
#Header Set Cache-Control "max-age=0, no-store"
# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
### Additional Settings that may need to be enabled for some servers
### Uncomment the commands by removing the # sign in front of it.
### If you get an "Internal Server Error 500" after enabling any of the following settings, restore the # as this means your host doesn't allow that.
# 1. If your cart only allows you to add one item at a time, it is possible register_globals is on. This may work to disable it:
# php_flag register_globals off
# 2. If your cart has magic quotes enabled, This may work to disable it:
# php_flag magic_quotes_gpc Off
# 3. Set max upload file size. Most hosts will limit this and not allow it to be overridden but you can try
# php_value upload_max_filesize 999M
# 4. set max post size. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value post_max_size 999M
# 5. set max time script can take. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_execution_time 200
# 6. set max time for input to be recieved. Uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_input_time 200
# 7. disable open_basedir limitations
# php_admin_value open_basedir none
###Compression stuff###
# Enable Gzip Compression
AddOutputFilterByType DEFLATE text/text
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
# Leverage Browser Caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 1 month"
</IfModule>
# Remove Browser Bugs
#BrowserMatch ^Mozilla/4 gzip-only-text/html
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
#Header append Vary User-Agent
Running sudo apache2ctl -S returns:
VirtualHost configuration:
*:443 is a NameVirtualHost
default server oldsite1.com (/etc/apache2/sites-enabled/oldsite1.com-le-ssl.conf:2)
port 443 namevhost oldsite1.com (/etc/apache2/sites-enabled/oldsite1.com-le-ssl.conf:2)
alias www.oldsite1.com
port 443 namevhost oldsite2.com (/etc/apache2/sites-enabled/oldsite2.com-le-ssl.conf:2)
alias www.oldsite2.com
port 443 namevhost oldsite3.com (/etc/apache2/sites-enabled/oldsite3.com-le-ssl.conf:2)
alias www.oldsite3.com
*:80 is a NameVirtualHost
default server 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost oldsite1.com (/etc/apache2/sites-enabled/oldsite1.com.conf:1)
alias www.oldsite1.com
port 80 namevhost oldsite2.com (/etc/apache2/sites-enabled/oldsite2.com.conf:1)
alias www.oldsite2.com
port 80 namevhost oldsite3.com (/etc/apache2/sites-enabled/oldsite3.com.conf:1)
alias www.oldsite3.com
port 80 namevhost newsite.com (/etc/apache2/sites-enabled/newsite.com.conf:1)
alias www.newsite.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
I have tried emptying the newsite .htaccess and restarted apache multiple times but I am always shown oldsite1.com when I try to view newsite.com.
Assuming there is nothing wrong with my .conf or .htaccess, why is Apache preferring the vhost of the first site in the list?
You are forcing ssl. The moment you load http://newsite.com you are being redirected to https://newsite.com.
You only have a vhost for newsite.com on port 80 and not on port 443.
Since there is no vhost for the requested domain on port 443 you will be served the default site.
You will get your site as expected if you comment out this part:
#Force SSL
RewriteEngine On
#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://newsite.com/$1 [R=301,L]
I have a static web page and want to improve the loading performance by providing gzip-versions of all available files. The page is running on an apache server mod_gzip and I can't change any configuration except the .htaccess file.
Thus I create gzip files during the build process and want to rewrite the incoming requests to the .gz files.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
ReWriteCond %{HTTP:accept-encoding} gzip
ReWriteCond %{REQUEST_FILENAME} !.+\.gz$
RewriteCond %{REQUEST_FILENAME}.gz -f
RewriteRule (.+) $1.gz [L]
</IfModule>
The rewriting works perfectly, but unfotunately the server also changes the Content-Type of the response to application/x-gzip which makes the browser downloading the file and not rendering it. Is there a way to prevent the apache server from changing the content type and to render the page instead of downloading the gz?
This requires you to have 2 versions of the file in the following format. For instance:
index.html
index.html.gz
styles.css
styles.css.gz
scripts.js
scripts.js.gz
This htaccess will rewrite the request to send the gz version to the browser but also maintain the type of the original file. You have to force the type of the file you want to send. Otherwise it will use the application/x-gzip and the browser will download the file.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json application/javascript application/vnd.ms-fontobject application/font-ttf application/font-woff application/font-otf image/svg+xml
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{REQUEST_FILENAME}.gz -f
RewriteRule (.*\.(html|css|js|eot|ttf|woff|otf|svg))$ $1.gz [L]
</IfModule>
AddEncoding x-gzip .gz
<FilesMatch .*\.html.gz>
ForceType text/html
</FilesMatch>
<FilesMatch .*\.css.gz>
ForceType text/css
</FilesMatch>
<FilesMatch .*\.js.gz>
ForceType application/javascript
</FilesMatch>
<FilesMatch .*\.eot.gz>
ForceType application/vnd.ms-fontobject
</FilesMatch>
<FilesMatch .*\.ttf.gz>
ForceType application/font-ttf
</FilesMatch>
<FilesMatch .*\.woff.gz>
ForceType application/font-woff
</FilesMatch>
<FilesMatch .*\.otf.gz>
ForceType application/font-otf
</FilesMatch>
<FilesMatch .*\.svg.gz>
ForceType image/svg+xml
</FilesMatch>
I'm running nette framework at localhost using XAMPP. When I go to index page everything is fine but when I click to URL for some sub page I get 404 error.
I set in apache (httpd-vhosts.conf) alias to my documents folder:
Alias /documents "C:/Users/username/Documents"
<Directory "C:/Users/username/Documents">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
When I go to index page using URL http://localhost/documents/git/projectXY/www/ everything is ok
But when I click on Sing in button with URL http://localhost/documents/git/projectXY/www/customer/sign/in I get 404 error
in www folder I have htaccess:
# Apache configuration file (see httpd.apache.org/docs/current/mod/quickreference.html)
# disable directory listing
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
# enable cool URL
<IfModule mod_rewrite.c>
RewriteEngine On
# RewriteBase /
# prevents files starting with dot to be viewed by browser
RewriteRule /\.|^\. - [F]
# front controller
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !\.(pdf|js|ico|gif|jpg|png|css|rar|zip|tar\.gz|map)$ index.php [L]
</IfModule>
# enable gzip compression
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/json application/xml image/svg+xml
</IfModule>
</IfModule>
Any idea what am I doing wrong?
SOLUTION:
Problem was in .htaccess because of server alias.
I've just changed
# RewriteBase /
to
RewriteBase /documents/git/projectXY/www/
When running the assets:precompile rake task, gzipped versions of your app's assets are created. According to the Rails guide for the asset pipeline, you can configure your web server (in my case Apache 2.2) to serve these precompressed files instead of having the web server do the work.
What I can't figure out is how to get mod_deflate configured so that these files are served instead of being double-compressed and then served?
I have mod_deflate enabled via httpd.conf:
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
And I've converted the code on the rails guide to go into the .htaccess in public/assets:
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
Header unset Last-Modified
Header unset ETag
FileETag None
# RFC says only cache for 1 year
ExpiresActive On
ExpiresDefault "access plus 1 year"
# Serve gzipped versions instead of requiring Apache to do the work
RewriteEngine on
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz [L]
# without it, Content-Type will be "application/x-gzip"
<FilesMatch .*\.css.gz>
ForceType text/css
</FilesMatch>
<FilesMatch .*\.js.gz>
ForceType text/javascript
</FilesMatch>
Any ideas how to set this up properly?
First, you don't want mod_deflate to operate here. So in your assets .htaccess file add:
SetEnv no-gzip
This should turn off mod_deflate for your assets.
Second, I hate to disagree with the rails folks, but I think there are a couple deficiencies in their assets .htaccess recipe. The top part is fine but for RewriteEngine and beyond I'd have:
RewriteEngine on
# Make sure the browser supports gzip encoding before we send it
RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b
RewriteCond %{REQUEST_URI} .*\.(css|js)
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz [L]
# without it, Content-Type will be "application/x-gzip"
# also add a content-encoding header to tell the browser to decompress
<FilesMatch \.css\.gz$>
ForceType text/css
Header set Content-Encoding gzip
</FilesMatch>
<FilesMatch \.js\.gz$>
ForceType application/javascript
Header set Content-Encoding gzip
</FilesMatch>