Introduction
This page lists various small procedures for Apache.
Regenerating snake oil certificates
If the webserver is a clone, which obviously has a different hostname from the host it was cloned from, then the snake oil certificate is based on the old hostname.
- Run:
make-ssl-cert generate-default-snakeoil --force-overwrite c_rehash
Configure logging of client IPs on backend vhosts
Normally the frontend vhosts log the client IPs and the backend vhosts log the frontend IPs. This procedure makes the backend vhosts log the client IPs.
- On the backend server run:
a2enmod remoteip echo 'RemoteIPHeader X-Forwarded-For' \ > /etc/apache2/conf-available/remoteip.conf a2enconf remoteip perl -pi -e 's/LogFormat "%h/LogFormat "%a/' \ /etc/apache2/apache2.conf systemctl reload apache2
- Inspect the access.log log file to check it the change worked.
Sending most visitors the old version of website but some visitors to the new version of a website
This procedure assumes that a frontend webserver is proxying traffic to a backend webserver (e.g. my WordPress configuration, my CheckMK configuration).
- Verify that the frontend webserver contains a stanza something like this one:
SSLProxyEngine off ProxyPass / http://trenne.pasta.net:5000/ ProxyPassReverse http://trenne.pasta.net:5000/ /
- Replace it with the equivalent using mod_rewrite:
SSLProxyEngine off RewriteEngine On RewriteRule ^/(.*) http://trenne.pasta.net:5000/$1 [P] ProxyPassReverse http://trenne.pasta.net:5000/ /
(Note that the
ProxyPassReverse
andSSLProxyEngine
directives are the same in both cases.) - Run:
systemctl reload apache2
and verify that everything still works.
- Now duplicate the stanza, add a condition to each with one condition matching particular IP addresses and the other condition not matching those same IP addresses, and modify the target of the RewriteRule directive in one of them:
SSLProxyEngine off RewriteEngine On RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.4$ RewriteRule ^/(.*) http://trenne.pasta.net:5000/$1 [P] ProxyPassReverse http://trenne.pasta.net:5000/ / RewriteCond %{REMOTE_ADDR} ^1\.2\.3\.4$ RewriteRule ^/(.*) http://penne.pasta.net:5000/$1 [P] ProxyPassReverse http://penne.pasta.net:5000/ /
(Note that the
RewriteEngine
andSSLProxyEngine
directives do not need to be duplicated since they are the same in both cases, but that theProxyPassReverse
directive does need to be duplicated.) - Run:
systemctl reload apache2
and verify that everything still works.