I was interested in working with apache http server based on next parameters:
On a single server running listenin in one single port
Having condigured several Virtualhosts, one per domain
running each Virtualhost as an instance listening in por 80
been able to reload one domain configuration without having to restart the rest.
I have doubts about the memory consumption and if there's, how should i improve it.
I don't think that would be a memory problem (correct me if I'm wrong) as soon as there's only one http server running?
or maybe yes because each instance comsumes independent memory?
should be same memory compsumption as running all the VirtuallHosts on the main apache config file?
Many thanks, I mainly want to run one instance per domain because I want to be able to restart each VirtualHost configuration when is needed without having to restart the others.
Thanx
First I don't think you can run several apache instance if they are all listening to port 80. Only one process can bind the port.
Apache will have several child processes, all child of the process listenign on port 80, but each child process can be used for any VirtualHost.
You could achieve it by binding different IP on port 80, so having IP based VirtualHosts. Or by using one Apache as a proxy for other Apache instances binded on other ports.
But the restart problem is not a real problem. Apache can perform safe-restart (reload on some distributions) where each child process is reloaded after the end of his running job. So it's a transparent restart, without any HTTP request killed. Adding or removing a VirtualHost does not need a restart, a simple reload is enought.
I have to think there are ways of achieving what you want without individual instances. Seriously large virtual hosting companies use apache, I am hard pressed to believe your needs are more complex than theirs. Example: http://httpd.apache.org/docs/2.0/vhosts/mass.html
Maybe you should run two apache servers to do a rolling restart when it is really needed, which would prevent any individual site from being down as well.
Related
I've got an Apache that's proxying requests to an external entity:
ProxyPass /something https://external.example.com/somethingelse
This external site likes to switch the values of that domain based on where they want their traffic. Apache seemingly doesn't pick up the new value until it's restarted. Is there a way to force Apache to do new lookups based on certain amount of time? After some research and even looking at the code, I don't see an obvious answer. If that isn't an option, any other suggestions?
According to Apache documentation:
DNS resolution for origin domains DNS resolution happens when the
socket to the origin domain is created for the first time. When
connection reuse is enabled, each backend domain is resolved only once
per child process, and cached for all further connections until the
child is recycled.
There is ProxyPass key=value parameter to control this:
disablereuse Off This parameter should be used when you want to force
mod_proxy to immediately close a connection to the backend after being
used, and thus, disable its persistent connection and pool for that
backend. This helps in various situations where a firewall between
Apache httpd and the backend server (regardless of protocol) tends to
silently drop connections or when backends themselves may be under
round- robin DNS. When connection reuse is enabled each backend domain
is resolved (with a DNS query) only once per child process and cached
for all further connections until the child is recycled. To disable
connection reuse, set this property value to On.
I run a 2GB RAM Linode (Ubuntu) that hosts a few WordPress websites. Recently my server has been OOMing and crashing and I have been up all night trying to find out what's causing it. I have discovered there I get an enormous influx of traffic (a tiny DoS) that brings the whole thing down.
I have access logs setup across all of the virtual hosts and I am using tcptrack to monitor activity on the server.
The traffic appearing in my access logs does not account for the traffic I am seeing on tcptrack. i.e. there are a dozen i.p. addresses that are constantly opening and closing connections on the server, but are nowhere to be seen in the access logs for each virtual host.
Clearly it's because these i.ps are not hitting the virtual hosts, but I have tried to set up access logs to monitor server-wide traffic so that I can see what requests their making but I'm really struggling.
Can anyone please point me in the right direction, perhaps tcptrack is just too simplified to provide any meaningful insight?
Start using mod_security
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_Apache
Debian has it which means Ubuntu likely does as well. You should also make sure the kernel is setup properly, search google for SYN_COOKIES. Look into iptables/shorewall etc. Shorewall is a package that wraps iptables. Iptables can be configured for detect floods and start dropping packets.
We use Apache with Nginx(as reverse proxy) for more concurrency level because of the way that Nginx handles static contents and use fewer connections something that Apache lacks.
The question now is that is there any difference between the above scenario and using another server for serving static content (css,js,images,etc) with nginX and your primary server with Apache installed?
In my project there are millions of user with avatar,banner and ofcourse photo gallery. Project is nearly ready, and I want to make sure I'm on the right direction. Which scenario is the best?
EDIT:
What would happen if slow clients cause Apache to keep threads busy for longer than needed in the primary server?
One of the main purposes of nginx behind Apache is to handle slow clients to ensure that Apache doesn't have to keep its threads busy for this.
btw, I think it's relevant to the topic http://www.aosabook.org/en/nginx.html
I have installed Apache 2.2 (and PHP/MySQL) on my personal computer so I can run PHP scripts without needing to upload them every time to my server for testing.
The Apache is working on port 80, i.e. I can view my script by going to http://127.0.0.1:80/index.php .
My question is if there is any danger by using the Apache that way, in the sense that now port 80 is listening. Can anyone use this situation to attack my computer?
Thanks,
Joel
Only if it's bound to external addresses (usually any other than 127.0.0.1). Check the Listen directive in the configuration.
You're probably behind a router which blocks access to your computer.
So, no one can attack your computer using port 80 : Even if the port would be accessible from the internet, apache is a really sure software, if you don't run sensible code on it, you don't have to fear that some exploit a leak on it.
You should keep your firewall on so that people from the "outside world" can't connect to port 80 and see your files. That is the safest way of protecting yourself.
You can also block non-local traffic in you apache config file.
You could use this apache config option to make sure no-one else can connect to your server:
Listen 127.0.0.1:80
(You should already have a Listen 80 defined)
The best way is to have a good fire wall. Even though your router has a fire wall. Still you won't be 100% safe because even the White House computers got hacked once and same with Sony!
HUGE COMPANIES WITH EXPENSIVE FIREWALLS!!!!!
But IIS forbids acces to upper directories. Microsoft patched it so visitors can even get out of the SUBDOMAIN FILE IN THE WWWROOT FOLDER.
EX: WWWROOT/Subdomain/
^^^ == NO EXIT
I have two resin servers - r-server-a and r-server-b. I created two because both have web applications that need to be in the root context path '/' (and using same port '80').
However, both web applications need to see each other (i.e. access the other application's resources & pages). Which is why I thought I'd use an apache server to handle the two.
How do I do that?
What you need is mod_proxy in Apache, in the apache config (like the virtual host config) put:
ProxyPass / http://localhost:8080/<web-app context root>/
ProxyPassReverse / http://localhost:8080/<web-app context root>/
Both using same port means not the same IP. that might be same machine two instances each bound to one NIC or two separate machines. This is not that clear from the question, however, it does not matter for that much.
For several reasons I would pick NGINx as a reversed proxy (instead of apache) and configure it accordingly.
See at tornado's documentation how they do that for tornado (in that case, 4 instances on each server) and copy the concept to your location. Good luck.