Category Archives: Apache

Apache – Configuring A Reverse Proxy

Apache – Configuring A Reverse Proxy

Introduction

A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. As with a standard proxy, a reverse proxy may serve to improve performance of the web by caching; this is a simple way to mirror a website.

But the most common reason to run a reverse proxy is to enable controlled access from the Web at large to servers behind a firewall.
Software Requirements

Pre-requisites

In order to install Tunez the following software is required :-

1. apache 2 (Including the development package httpd-devel)
2. libxml2 (Installed as standard with Fedora Core 8)
3. mod_proxy_html-2.5.2.so

Adding mod_proxy_html and libxml2

To perform proxying Apache requires the libxml2 package and the mod_proxy_html file adding.. Where as libxml2 is installed as standard with most Operating Systems (Including Fedora Core 8) the mod_proxy_html file requires downloading and adding to Apache.

To add the mod_proxy_html file and libxml2 package to the installation perform the following steps :-

1. Download mod_proxy_html from [[http://apache.webthing.com/mod_proxy_html/mod_proxy_html-2.5.2.c apache.webthing.com]]
2. At the command prompt run the command shown below :-

apxs -c -I/usr/include/libxml2 -i mod_proxy_html-2.5.2.c

Including The Apache Proxy Modules

In order to configure Apache as a Proxy server there are several Modules which need to be enabled on the server. To ensure that the required Modules are enabled for the Apache server follow the steps below :-

1. Edit the /etc/httpd/conf/httpd.conf file and search for the Dynamic Shared Object (DSO) Support section
2. Search through the !LoadModule statements in this section for each of the lines below and uncomment by removing the # symbol at the start of the line if necessary :-

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so

3. At the bottom of the !LoadModule lines add the two lines shown below to add mod_proxy_html and libxml2 :-

LoadFile /usr/lib64/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html-2.5.2.so

4. Save and close the httpd.conf file once the above modifications have been made

Disabling Proxy Requests

To ensure that the Proxy server is not used to route unsolicited traffic disable the Proxy Requests in Apache. To disable Proxy Requests in Apache perform the following steps :-

1. Search /etc/httpd/conf/httpd.conf for the line #ProxyRequests On in the httpd.conf file and change it to the line below :-

ProxyRequests Off

2. Save and close the httpd.conf file once the above modifications have been made

Configure Reverse Proxying

To configure Reverse Proxying for an internal web server perform the following steps :-

1. Edit /etc/httpd/conf/httpd.conf and and add the following lines to the bottom of the file, substituting {http://www.example.com/} with the required internal web-site you wish to proxy and {/example/} with the folder you wish to present it as on the proxy server:-

ProxyPass {/example/} {http://www.example.com/}
ProxyHTMLURLMap {http://www.example.com} {/example}

ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / {/example/}
RequestHeader unset Accept-Encoding

3. Save and close the httpd.conf file once the above modifications have been made

Refresh Apache’s Configuration

Once the modifications above have been made to the Apach config file either restart apache using service httpd restart or refresh its configuration using service httpd reload

Useful Links

http://www.apachetutor.org/admin/reverseproxies

Apache – Configuring a HA Cluster On Centos

Apache – Configuring a HA Cluster On Centos

Node Base Builds

The two nodes used in the cluster were buit using a text based install of Centos with the following Package Groups selected :-

Applications
Editors
Text Based Internet
Development
Development Libraries
Development Tools
Servers
Server Configuration Tools
Web Server
Windows File Server
Base Tools
Administation Tools
System Tools
Clustering
Clustering

Installing heartbeat

Prior to building the cluster install the heartbeat packages with yum by running the following command :-
yum install heartbeat

Creating the configuration files

Copying the example files below to the /etc/ha.d directory on the two nodes

/usr/share/doc/heartbeat-2.1.3/authkeys to /etc/ha.d
/usr/share/doc/heartbeat-2.1.3/ha.cf to /etc/ha.d
/usr/share/doc/heartbeat-2.1.3/haresources to /etc/ha.d

Editing the authkeys file

Edit the file /etc/ha.d/authkeys and add the following lines to the end of the file :-

auth 2
2 sha1 test-ha

Save and exit the file and then change the permissions so the root user only can read / write the file by running chmod 600 authkeys

Editing the ha.cf file

Edit the file /etc/ha.d/ha.cf and add the following lines to the end of the file :-

logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node {first cluster server node name}
node {second cluster server node name}

Save and exit the file
N.B. The two node names above can be found by running uname -n on both nodes

Editing the haresources file

Edit the file /etc/ha.d/haresources and add the following lines to the end of the file :-

{first cluster server node name} 172.16.4.82 httpd

Save and exit the file

Editing the httpd.conf file

Edit the file /etc/httpd/conf/httpd.conf and add the line below :-

Listen {Virtual IP Address to be used}:80

Save and exit the file
N.B. The IP address used in the Listen line is the virtual IP address which is to be used to access the clustered Apache web site and must NOT be one of the physical node addresses

Create a test index.html on each node

In order to test that heartbeat is configured correctly and working create a new index.html on each cluster node under the /var/www/html folder.

Ensure that the node name is referenced on the web page so that testing is easier to confirm by the name provided on the page.

Copying the configuration files to the second node

Once the files above have been created and modified copy the /etc/ha.d folder and it’s contents along with the /etc/httpd/conf/httpd.conf file to the second node.

Start heartbeat on each node

Once the files have been copied to the second node start the heartbeat service on the first node by running the command below :-

service heartbeat start

To check that heartbeat has also brought up httpd by going to the virtual IP address and confirming that you’re test web page is opened from the first node.

Next run the same command to start heartbeat on the second node and then stop the service on the first node by running the command below :-

service heartbeat stop

Refresh the web page and confirm that the web page has changed to the second nodes test page.

If both nodes deliver their web pages correctly restart the heartbeat service on the first node and confirm that the web page swaps back to the first node test page after a few minutes.

Apache – Clustering On Centos

Apache – Clustering On Centos

Introduction

This article provides details on how to implement Apache on to a Centos cluster to provide HA capability.

The infrastructure used for this article was two virtual machines running Centos 5.3 with clustering configured running on a Fedora Core 8 64-bit host running VMWare Server 1.0.8.

Pre-requisites

Centos Cluster configured
Shared disk resources

Adding an Apache Clustered Service

Editing the httpd.conf file

Edit the file /etc/httpd/conf/httpd.conf file, find the Listen line and change it to the virtual IP address to be used as shown below :-

Listen {virtual ip address}:80

Next find the DocumentRoot line and change it to the location on the shared storage to be used as shown below :-

DocumentRoot “/{shared disk resource mount/http-cluster/html”

Next find each instance of /var/www in the file and change them to point to /{shared disk resource mount/http-cluster/folder as shown in the examples below :-

Alias /icons/ “/{shared disk resource mount/http-cluster/icons/”

Save and exit the file once it has been modified
Copy the /etc/httpd/conf/httpd.conf file to the second node in the cluster

N.B. There are several references to /var/www in the file for icons, error, cgi-bin, etc which require changing

Create the contents on the shared disk

On the shared disk create the http-cluster folder as shown below where clusdisk is used as an example for the mount point for the shared disk :-

mkdir /clusdisk/http-cluster

Next copy the contents of the /var/www folder to the newly created folder by running the command shown below using clusdisk as an example for the mount point for the shared disk :-

cp -rv /var/www /clusdisk/http-cluster

Confirm that the http-cluster folder now contains the folders html, icons, error, cgi-bin, etc and their contents
Modify the permissions for the files in the folder by running the following commands where clusdisk is used as an example for the mount point for the shared disk :-

chown -R apache /clusdisk/http-cluster

chgrp -R apache /clusdisk/http-cluster

Add the new resources to the cluster

Open the cluster configuration tool on the first node by running system-config-cluster

Highlight the Resources branch in the left hand pane and then click on the Create a resource button at the bottom of the right hand pane.
Select IP Address from the drop down box
Configure the same IP address as configured in the httpd.conf file Listen line
Click on OK to create the resource

Add the apache script resource

Highlight the Resources branch in the left hand pane and then click on the Create a resource button at the bottom of the right hand pane.

Select Script from the drop down box
Give the resource a name for example Clustered-Apache
Set the File (with path) to /etc/rc.d/init.d/httpd
Click on OK to create the resource

Add the apache cluster service

Highlight the Services branch in the left hand pane and then click on the Create a service button at the bottom of the right hand pane.

When prompted enter the name for the service for example Apache-Cluster and then click on the OK button.

Select the Failover Domain configured from the Failover domains drop down box.
Next click on the Add a Shared Resource to the service button.
Select the File system resource being used to host the web site when prompted and click on OK to add it to the service
Add the IP Address and the script resources created above to the service and the click on Close to create the service.

Propagate the configuration to the other node

Once the new Clustered Apache service has been configured click on the File, Save button to save it locally

Next click on the Send to cluster button to synchronise the changes to the other node.

Start the service

Click on the Cluster Management tab
Highlight the new service in the bottom section of the tab and click on the Enable button

Nagios CentOS 2 – Configuring The Nagios Apache File

Nagios CentOS 2 – Configuring The Nagios Apache File

The next part of the installation is to edit the nagios.conf file for Apache on the server.

The modifications below are to lock down access to Nagios as the default configuration is to allow from all.  If you are not worried about locking down access to the Nagios web-site to only specified subnets then skip this section.

To edit the nagios.conf file on the server perform the following steps :-

Edit the file /etc/httpd/conf.d/nagios.conf

  • Locate the section <Directory “/usr/lib/nagios/cgi”>
  • Search for the line below and comment out using a # (Hash) sign at the start of the line :-

Allow from all

E.G. – #Allow from all

  • Next find the line below and uncomment the line by removed the # (Hash) sign at the start of the line :-

#Allow from 127.0.0.1

E.G. – Allow from 127.0.0.1

  • Next change the local host IP address 127.0.0.1 to the IP subnet you wish to allow access to Nagios from

Allow from 127.0.0.1

E.G. – Allow from 10.20.30

  • Next locat the section <Directory “/usr/share/nagios”>
  • Search for the line below and comment out using a # (Hash) sign at the start of the line :-

Allow from all

E.G. – #Allow from all

  • Next find the line below and uncomment the line by removed the # (Hash) sign at the start of the line :-

#Allow from 127.0.0.1

E.G. – Allow from 127.0.0.1

  • Next change the local host IP address 127.0.0.1 to the IP subnet you wish to allow access to Nagios from

#Allow from 127.0.0.1

E.G. – Allow from 10.20.30

  • Save and exit the file

Reloading The Apache Configuration

Once the nagios.conf has been modified Apache will need to be reloaded.  To reload the Apache configuration perform the following steps :-

  • In the command line execute the following command :-

service httpd reload