Never been to TextSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

« Newer Snippets
Older Snippets »
Showing 21-35 of 35 total

PHP on mod_fcgid with Apache2 and mod_suexec

This took a little doing and some major tweaking. Assuming you have the LoadModule line already...

  AddHandler fcgid-script .php

  <Directory /home/elitesys/elite-systems.org/html>
    FCGIWrapper /home/elitesys/elite-systems.org/html/php.fcgi .php
  Directory>

  IPCConnectTimeout 20
  IPCCommTimeout 300


Add the handler for php files, specify the wrapper (in this case the file in the root of the site) and setup connect and communication timeouts. The timeouts are in seconds and you need to set it like that or higher or else file uploads will timeout and I have heard of issues with Wordpress if you don't increase it.

And in php.fcgi...
#!/bin/sh
PHPRC="/usr/php4/etc"
export PHPRC
PHP_FCGI_CHILDREN=4
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS
exec /usr/php4/bin/php


This should look familiar to another post...

There isn't a definition for suexec in terms of executable location. There doesn't have to be. Apache will automatically wrap it properly. This configuration is far easier than mod_fastcgi and works just as well. Probably easily expanded to work with ruby on rails although I havn't tried yet...

A complete mod_deflate configuration

<IfModule mod_deflate.c>  
#General Configuration settings: use ratio method and highest compression
DeflateFilterNote ratio
DeflateCompressionLevel 9

#Approach 1: Implicit ("Set") compression
## There are potential issues with compressing everything 
## It will for example send xml compressed to web services or flash
#SetOutputFilter DEFLATE
#SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI \.avi$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI \.mov$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI \.mp3$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI \.mp4$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI \.rm$ no-gzip dont-vary

##Approach 2: Explicit ("Add") compression by mime-type

AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
AddOutputFilterByType DEFLATE text/html
# Or by extension
# AddOutputFilter DEFLATE html
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/x-javascript

# Implicit compression on the way in
SetInputFilter DEFLATE

# Explicit compression on the way in, there is no AddInputFilterByType
# AddInputFilter DEFLATE html

IfModule>

Beware the trailing slash in Proxy balancer

This is correct

ProxyPass / balancer://app                                                                                                                                                                                                         
<Proxy balancer://app>                                                                                                                                                                                                             
BalancerMember http://10.0.0.166:8181                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8182                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8183                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8184                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8185                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8186                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8187                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8188                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8189                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8190                                                                                                                                                                                                  
Proxy>  


This is not

ProxyPass / balancer://app                                                                                                                                                                                                         
<Proxy balancer://app>                                                                                                                                                                                                             
BalancerMember http://10.0.0.166:8181/                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8182/                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8183/                                                                                                                                                                                                
BalancerMember http://10.0.0.166:8184/                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8185/                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8186/                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8187/                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8188/                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8189/                                                                                                                                                                                                  
BalancerMember http://10.0.0.166:8190/                                                                                                                                                                                                  
Proxy>  


This is also not correct

ProxyPass / balancer://app/                                                                                                                                                                                                        
<Proxy balancer://app/>                                                                                                                                                                                                            
BalancerMember http://10.0.0.166:8181/                                                                                                                                                                                                 
BalancerMember http://10.0.0.166:8182/                                                                                                                                                                                                 
BalancerMember http://10.0.0.166:8183/                                                                                                                                                                                                 
BalancerMember http://10.0.0.166:8184/                                                                                                                                                                                                 
BalancerMember http://10.0.0.166:8185/                                                                                                                                                                                                 
Proxy> 

Block Blacklisted Bandwidth Thieves from Hotlinking Your Image Files

Code for an .htaccess file located in a directory containing images (or any other type of file for that matter) to which you want to block hotlinking from blacklisted websites.
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?evilwebsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://forum\.evilwebsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?bandwidththieves\.net [NC]
RewriteRule \.(jpeg|jpg|gif|bmp|png|JPEG|JPG|GIF|BMP|PNG)$ http://example.com/pwnt.gif [L]

example.com/pwnt.gif
is the location of the file you want to serve in place of the hotlinked image. Mine just says 'PWNT'.

Alternate last line to simply block the images from being hotlinked instead of serving a replacement image:
RewriteRule \.(jpeg|jpg|gif|bmp|png|JPEG|JPG|GIF|BMP|PNG)$ - [F]

Parse .html files as PHP

To parse files with a .html extension as PHP, add this line to httpd.conf, your VirtualHost container, or .htaccess:
AddHandler application/x-httpd-php .html

You can substitute your own arbitrary file extensions for .html if you want to use, for example, filename.foo on your site.

Disallow serving of PHP pages if mod_php is not loaded

If mod_php doesn't load for some reason, your PHP files may be served unparsed, as plain text. This presents the possibility that your database passwords or other senstive information may be visible. Adding the following to your httpd.conf, VirtualHost container, or .htaccess file will deny access to any PHP files if the PHP module is not loaded.

<IfModule !mod_php4.c>
    <FilesMatch "\.php$">
        Order allow,deny
        Deny from all
        Allow from none
    FilesMatch>
</IfModule>

cannot "apply changes" to restart Apache post-setup of proxy

Failed to apply changes :
[Fri Nov 18 05:06:50 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/local/sbin/suexec)
[Fri Nov 18 05:06:52 2005] [notice] FastCGI: wrapper mechanism enabled (wrapper: /usr/local/sbin/suexec)
[Fri Nov 18 05:06:52 2005] [notice] FastCGI: process manager initialized (pid 77504)
[Fri Nov 18 05:06:52 2005] [notice] Digest: generating secret for digest authentication ...
[Fri Nov 18 05:06:52 2005] [notice] Digest: done

Turn off (mostly) useless apache modules

When I first ported my old Php app to Textdrive, I got all manners of weird errors. Many of these were from weird Apache modules that are enabled by default here.

My solution was to turn off most of these things in my .htaccess file. Here it goes:

# let Apache recognize the ".php" extension
AddType application/x-httpd-php .php
DefaultType application/x-httpd-php

# make php use this very uncool default charset I had been using for years
php_value default_charset iso-8859-1

# make php define old style global variables
php_flag register_long_arrays On

# stop Apache from spewing "Charset: utf-8"
AddDefaultCharset Off

# stop Apache from silently mangling urls
CheckSpelling Off

# stop Apache from denying perfectly legitimate requests
SecFilterEngine Off

Real user directories for virtual hosts

The default TXD Apache setup gives you user directory URLs like

http://domain/~user-domain/


If you need real user directories, set the 'User WWW Directory' of your virtual host in Webmin to something like

/home/mylogin/domains/mydomain/homes/*/web/public


to get URLs like

http://domain/~user/

mod_rewrite rules to serve application/xhtml+xml

The following mod_rewrite rules will serve HTML files as application/xhtml+xml to supporting browsers.

RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_ACCEPT} application/xhtml\+xml
RewriteCond %{HTTP_ACCEPT} !application/xhtml\+xml\s*;\s*q=0
RewriteCond %{REQUEST_URI} \.html$
RewriteCond %{THE_REQUEST} HTTP/1\.1
RewriteRule .* - [T=application/xhtml+xml]


Source: Mark Pilgrim, The Road to XHTML 2.0: MIME Types.

A simple WebDAV repository with user directories

The following snippet goes into the main Apache config (or a VirtualHost config). It allows you to create a simple repository access by WebDAV, with distinct logins for your users. All users must authenticate to access the /webstore directory, they can browse and see all subdirectories, but they can only upload into their own /webstore/user directory, or into any directory which may be created under /webstore, but not mentioned in the config.

You still need to have the mod_dav module installed and loaded, and to actually add all users into the dav.digest.passwd file using the htdigest command:

htdigest dav.digest.htpasswd foobar.com foo


The +Indexes option also makes it to possible to browse the repository using a regular web browser (with no upload rights, of course).

<Location /webstore>
  DAV On
  Options +Indexes
  AuthType Digest
  AuthName foobar.com
  AuthDigestFile /home/foobar/etc/dav.digest.passwd
  Require valid-user
  ForceType text/plain
Location>
/webstore/foo">
  Require valid-user
  
    Require user foo
  

"/webstore/bar">
  Require valid-user
  
    Require user bar
  

Getting a copy of a x509 certificate

If you need to easily retrieve a x509 certificate from a remote webserver, the easiest method is:

openssl s_client -showcerts -connect www.example.com:443


Which you can then go and copy from the line starting with '-----BEGIN CERTIFICATE-----' to '-----END CERTIFICATE-----' into the www.example.com.crt file.

Serve XHTML 1.1 Properly

Place this in a .htaccess file or your Apache configuration. Note that this will redirect noncompliant users to a chosen URL. All XHTML 1.1 pages must be saved with the .xhtml extension.

AddType application/xhtml+xml .xhtml

<IfModule mod_security.c>
    SecFilterEngine On
    SecFilterScanOutput On
    SecFilterOutputMimeTypes "application/xhtml+xml"
    SecFilterDefaultAction "pass"
    SecFilterSelective "HTTP_ACCEPT" "!application/xhtml\+xml" "redirect:http://www.webstandards.org/upgrade/"
IfModule>

Mixed example of mod_deflate configuration for httpd.conf

<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
SetInputFilter DEFLATE
#the two above compress everything unless excluded below
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary              
SetEnvIfNoCase Request_URI \.avi$ no-gzip dont-vary             
SetEnvIfNoCase Request_URI \.mov$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.mp3$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.mp4$ no-gzip dont-vary     
SetEnvIfNoCase Request_URI \.rm$ no-gzip dont-vary      
SetEnvIfNoCase Request_URI \.plist$ no-gzip dont-vary   
# Below is an example where you get rid of what's above and you explicity compress
AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp application/x-httpd-eruby text/html 
DeflateFilterNote ratio
DeflateCompressionLevel 9
IfModule>

Suexec'ed PHP-FastCGI on Apache2

A PHP cgi binary compiled with fcgi support

> /usr/local/www/cgi-bin/php5-fcgi -v
PHP 5.0.3 (cgi-fcgi) (built: Dec 30 2004 22:44:32)


Central config in httpd.conf

<IfModule mod_fastcgi.c>
FastCgiIpcDir /usr/local/www/fcgi_ipc/tmp
AddHandler fastcgi-script .fcgi
FastCgiSuexec /usr/local/sbin/suexec
FastCgiConfig -singleThreshold 100 -killInterval 300 -autoUpdate -idle-timeout 240 -pass-header HTTP_AUTHORIZATION
IfModule>
/php-fastcgi/>
Options ExecCGI        
SetHandler fastcgi-script
Location>


In a virtual host

SuexecUserGroup ${USER} ${GROUP}
ScriptAlias /php-fastcgi/ ${HOME}/php-fastcgi/ 
AddType application/x-httpd-fastphp .php
Action application/x-httpd-fastphp /php-fastcgi/php5-fcgi


And then the ${HOME}/php-fastcgi/php5-fcgi wrapper

#!/bin/sh 
PHPRC="/usr/local/etc" 
export PHPRC 
PHP_FCGI_CHILDREN=8 
export PHP_FCGI_CHILDREN 
PHP_FCGI_MAX_REQUESTS=5000 
export PHP_FCGI_MAX_REQUESTS 
exec /usr/local/www/cgi-bin/php5-fcgi 


The PHPRC environment sets the directory where php.ini is to be found
« Newer Snippets
Older Snippets »
Showing 21-35 of 35 total