Apache2 on Ubuntu 14.04 LTS

I am just poking around the latest LTS from Canonical. It looks like the Apache configs have a new directory hierarchy. There are now conf-available and conf-enabled directories. A small intellectual jump, before looking things up, led me to the command a2enconf. How nice! I wonder if this will complicate things…

New Relic Plugins

New Relic announced a new plugin framework for their excellent SaaS APM solution. I have installed both the Apache and Redis plugins. Now I have a central location where I can correlate events. The Apache plugin offers insight into counters like requests, worker processes, and cpu load. The Redis plugin offers insight into memory use, keys, and connections.

Both plugins require python, which should not be a problem on all modern distros. Installation was a snap. Simply install the application with pyton pip, move the config file and init file to their respective locations, modify the config to your environment, and start the service. You need to supply your New Relic key. Within minutes you will start seeing data in the dashboard.

Next, I will install the MySQL plugin (requires java).

New Relic Platform

Change the Envelope From Header for apache, php

On an Ubuntu installation, the php sendmail function will send out email as the apache user www-data@servername.domain. This can make the email flag as spam on some mail servers. To get around this edit your php.ini and restart apache.

Edit the php.ini

sudo vi /etc/php5/apache2/php.ini

Edit the following string:

sendmail_path = '/usr/sbin/sendmail -t -i -fno-reply@yourdomain.com -Fno-reply'

Now restart apache:

sudo service apache2 restart

Apache2 on Solaris 10

The apache web server is included with Solaris 10. Follow these steps to enable it.
Step 1: Create a working default apache config file

The apache server config files are in /etc/apache2. To quickly get up and running, you can just use the sample config file by doing the following:

cd /etc/apache2 cp httpd.conf-example httpd.conf


Step 2: Enable the apache/httpd service

Check to see if apache is already running:

svcs -a | grep -i http

You will probably see the following, indicating that apache is NOT running: disabled Apr_20 svc:/network/http:apache2
Use the svcadm command to start the webserver. This will also make it automatically start if your machine reboots. svcadm -v enable /network/http:apache2

Use the following svcs command to make sure it worked: svcs -p /network/http:apache2 STATE STIME FMRI online 15:32:44 svc:/network/http:apache2

              15:32:44    28711 httpd
              15:32:45    28712 httpd
              15:32:45    28713 httpd
              15:32:45    28714 httpd
              15:32:45    28715 httpd
              15:32:45    28716 httpd

This is showing that the webserver is online and working.


Step 3: Add your web content

Put your html (IE: index.html) in the /var/apache2/htdocs directory. If everything went OK, you should have a functioning apache webserver.
Debugging / Troubleshooting

If the svcs -p command from the above step doesn’t show a STATE of online, do the followig: svcs -a | grep -i http

You’ll probably see that it’s in maintenance mode: maintenance 15:16:12 svc:/network/http:apache2

For more detailed info run: svcs -l http

OR svcs -x http svc:/network/http:apache2 (Apache 2 HTTP server)

State: maintenance since May  8, 2007  3:16:12 PM EDT

Reason: Start method failed repeatedly, last exited with status 1.

  See: http://sun.com/msg/SMF-8000-KS
  See: httpd(8)
  See: /var/svc/log/network-http:apache2.log

Impact: This service is not running.

Note that the second to last line tells you where the log file is, so take a look at that. Once you’ve fixed the problem, you can restart apache with: svcadm restart /network/http:apache2

If for some reason you want to shut off apache, use this: svcadm disable /network/http:apache2

svcs -p /network/http:apache2 STATE STIME FMRI disabled 15:36:33 svc:/network/http:apache2


svcs -l http fmri svc:/network/http:apache2 name Apache 2 HTTP server enabled false state disabled next_state none state_time May 8, 2007 3:36:33 PM EDT logfile /var/svc/log/network-http:apache2.log restarter svc:/system/svc/restarter:default contract_id dependency require_all/error svc:/milestone/network:default (online) dependency require_all/none svc:/system/filesystem/local:default (online) dependency optional_all/error svc:/system/filesystem/autofs:default (online)

Deployment Script WIP

This is a work in progress…

SUBJECT=”website.com  Prod Updated:from MANAGE01SRV”
echo “Job started at: `/bin/date`” > $LOGFILE
for SERVER in web01 web02 web03 web04
if $SERVER = “web01” then NSSRV = “wb01”
else NSSRV = “wb02”
ssh nsroot@netscaler ‘disable server site01_$NSSRV’
ssh $DESTUSER@$SERVER service apache2 stop >> $LOGFILE
rsync -avc –delete –exclude=”.git” –exclude=”var/” –exclude=”.gitignore” –rsh=ssh $SOURCEPATH $DESTUSER@$SERVER:$DESTPATH 2>&1 >> $LOGFILE
ssh $DESTUSER@$SERVER rm -rf $DESTPATH/var/cache/*
ssh $DESTUSER@$SERVER /var/scripts/fixperms.sh >> $LOGFILE
ssh $DESTUSER@$SERVER service apache2 start >> $LOGFILE
ssh nsroot@netscaler ‘enable server site01_$NSSRV’
echo “Job completed at: `/bin/date`” >> $LOGFILE
/usr/bin/mail -s “$SUBJECT” “$EMAIL” < $LOGFILE

Installing mod_security

sudo aptitude install libapache2-modsecurity

sudo mkdir /etc/apache2/modsecurity

sudo vi /etc/apache2/conf.d/modsecurity.conf

## /etc/init.d/apache2/conf.d/modsecurity.conf
Include modsecurity/*.conf

cd /etc/apache2/modsecurity/

sudo cp -R /usr/share/modsecurity-crs/base_rules/* .

sudo vi /etc/apache2/modsecurity/modsecurity_crs_20_protocol_violations.conf

Replace this line:

SecRule REQBODY_ERROR “!@eq 0” \

with this one:


sudo service apache2 restart

cat /var/log/apache2/error.log | grep modsecurity

Analyzing Apache Log Files

List Client IP and Count Hits

awk -F'[ “]+’ ‘$7 == “/” { ipcount[$1]++ } END { for (i in ipcount) { printf “%15s – %d\n”, i, ipcount[i] } }’ access.log


List Client IP and RDNS

cat access.log | awk ‘{print $1}’ | logresolve