I am just poking around the latest LTS from Canonical. It looks like the Apache configs have a new directory hierarchy. There are now conf-available and conf-enabled directories. A small intellectual jump, before looking things up, led me to the command a2enconf. How nice! I wonder if this will complicate things…
New Relic Plugins
New Relic announced a new plugin framework for their excellent SaaS APM solution. I have installed both the Apache and Redis plugins. Now I have a central location where I can correlate events. The Apache plugin offers insight into counters like requests, worker processes, and cpu load. The Redis plugin offers insight into memory use, keys, and connections.
Both plugins require python, which should not be a problem on all modern distros. Installation was a snap. Simply install the application with pyton pip, move the config file and init file to their respective locations, modify the config to your environment, and start the service. You need to supply your New Relic key. Within minutes you will start seeing data in the dashboard.
Next, I will install the MySQL plugin (requires java).
See:
New Relic Platform
Apache logfile fun
I recently found out about this:
https://code.google.com/p/logstalgia/
an interesting program to visually display apache traffic in real time.
It reminds me of glTail:
another cool “toy”.
Apache2 on Solaris 10
The apache web server is included with Solaris 10. Follow these steps to enable it.
Step 1: Create a working default apache config file
The apache server config files are in /etc/apache2. To quickly get up and running, you can just use the sample config file by doing the following:
cd /etc/apache2 cp httpd.conf-example httpd.conf
Step 2: Enable the apache/httpd service
Check to see if apache is already running:
svcs -a | grep -i http
You will probably see the following, indicating that apache is NOT running: disabled Apr_20 svc:/network/http:apache2
Use the svcadm command to start the webserver. This will also make it automatically start if your machine reboots. svcadm -v enable /network/http:apache2
Use the following svcs command to make sure it worked: svcs -p /network/http:apache2 STATE STIME FMRI online 15:32:44 svc:/network/http:apache2
15:32:44 28711 httpd 15:32:45 28712 httpd 15:32:45 28713 httpd 15:32:45 28714 httpd 15:32:45 28715 httpd 15:32:45 28716 httpd
This is showing that the webserver is online and working.
Step 3: Add your web content
Put your html (IE: index.html) in the /var/apache2/htdocs directory. If everything went OK, you should have a functioning apache webserver.
Debugging / Troubleshooting
If the svcs -p command from the above step doesn’t show a STATE of online, do the followig: svcs -a | grep -i http
You’ll probably see that it’s in maintenance mode: maintenance 15:16:12 svc:/network/http:apache2
For more detailed info run: svcs -l http
OR svcs -x http svc:/network/http:apache2 (Apache 2 HTTP server)
State: maintenance since May 8, 2007 3:16:12 PM EDT
Reason: Start method failed repeatedly, last exited with status 1.
See: http://sun.com/msg/SMF-8000-KS See: httpd(8) See: /var/svc/log/network-http:apache2.log
Impact: This service is not running.
Note that the second to last line tells you where the log file is, so take a look at that. Once you’ve fixed the problem, you can restart apache with: svcadm restart /network/http:apache2
If for some reason you want to shut off apache, use this: svcadm disable /network/http:apache2
svcs -p /network/http:apache2 STATE STIME FMRI disabled 15:36:33 svc:/network/http:apache2
svcs -l http fmri svc:/network/http:apache2 name Apache 2 HTTP server enabled false state disabled next_state none state_time May 8, 2007 3:36:33 PM EDT logfile /var/svc/log/network-http:apache2.log restarter svc:/system/svc/restarter:default contract_id dependency require_all/error svc:/milestone/network:default (online) dependency require_all/none svc:/system/filesystem/local:default (online) dependency optional_all/error svc:/system/filesystem/autofs:default (online)
Deployment Script WIP
This is a work in progress…
DESTPATH=’/var/www/website/webroot’
DESTUSER=’deploy’
LOGFILE=’/var/log/website_rsync.log’
SUBJECT=”website.com Prod Updated:from MANAGE01SRV”
EMAIL=”me@me.com”
EMAILCC=”me@me.com“
if $SERVER = “web01” then NSSRV = “wb01”
else NSSRV = “wb02”
do
ssh nsroot@netscaler ‘disable server site01_$NSSRV’
ssh $DESTUSER@$SERVER service apache2 stop >> $LOGFILE
rsync -avc –delete –exclude=”.git” –exclude=”var/” –exclude=”.gitignore” –rsh=ssh $SOURCEPATH $DESTUSER@$SERVER:$DESTPATH 2>&1 >> $LOGFILE
ssh $DESTUSER@$SERVER rm -rf $DESTPATH/var/cache/*
ssh $DESTUSER@$SERVER /var/scripts/fixperms.sh >> $LOGFILE
ssh $DESTUSER@$SERVER service apache2 start >> $LOGFILE
ssh nsroot@netscaler ‘enable server site01_$NSSRV’
done
Installing mod_security
sudo aptitude install libapache2-modsecurity
sudo mkdir /etc/apache2/modsecurity
sudo vi /etc/apache2/conf.d/modsecurity.conf
## /etc/init.d/apache2/conf.d/modsecurity.conf
Include modsecurity/*.conf
cd /etc/apache2/modsecurity/
sudo cp -R /usr/share/modsecurity-crs/base_rules/* .
sudo vi /etc/apache2/modsecurity/modsecurity_crs_20_protocol_violations.conf
Replace this line:
SecRule REQBODY_ERROR “!@eq 0” \
with this one:
SecRule REQBODY_PROCESSOR_ERROR “!@eq 0” \
sudo service apache2 restart
cat /var/log/apache2/error.log | grep modsecurity
Fixing Permissions on a website
Directory Perms:
find /path/to/base/dir -type d -print0 | xargs -0 chmod 755
File Perms:
find /path/to/base/dir -type f -print0 | xargs -0 chmod 644
Analyzing Apache Log Files
List Client IP and Count Hits
awk -F'[ “]+’ ‘$7 == “/” { ipcount[$1]++ } END { for (i in ipcount) { printf “%15s – %d\n”, i, ipcount[i] } }’ access.log
List Client IP and RDNS
cat access.log | awk ‘{print $1}’ | logresolve
List loaded Apache modules
# apache2ctl -t -D DUMP_MODULES