Apache procedures

Introduction

This page lists various small procedures for Apache.

Regenerating snake oil certificates

If the webserver is a clone, which obviously has a different hostname from the host it was cloned from, then the snake oil certificate is based on the old hostname.

1. Run:

   make-ssl-cert generate-default-snakeoil --force-overwrite
   c_rehash

Configure logging of client IPs on backend vhosts

Normally the frontend vhosts log the client IPs and the backend vhosts log the frontend IPs. This procedure makes the backend vhosts log the client IPs.

1. On the backend server run:

   a2enmod remoteip
   echo 'RemoteIPHeader X-Forwarded-For' \
           > /etc/apache2/conf-available/remoteip.conf
   a2enconf remoteip
   perl -pi -e 's/LogFormat "%h/LogFormat "%a/' \
           /etc/apache2/apache2.conf
   systemctl reload apache2

2. Inspect the access.log log file to check it the change worked.

Sending most visitors the old version of website but some visitors to the new version of a website

This procedure assumes that a frontend webserver is proxying traffic to a backend webserver (e.g. my WordPress configuration, my CheckMK configuration).

1. Verify that the frontend webserver contains a stanza something like this one:

   SSLProxyEngine off
   ProxyPass / http://trenne.pasta.net:5000/
   ProxyPassReverse http://trenne.pasta.net:5000/ /

2. Replace it with the equivalent using mod_rewrite:

   SSLProxyEngine off
   RewriteEngine On
   RewriteRule ^/(.*) http://trenne.pasta.net:5000/$1 [P]
   ProxyPassReverse http://trenne.pasta.net:5000/ /

   (Note that the ProxyPassReverse and SSLProxyEngine directives are the same in both cases.)

3. Run:

   systemctl reload apache2

   and verify that everything still works.

4. Now duplicate the stanza, add a condition to each with one condition matching particular IP addresses and the other condition not matching those same IP addresses, and modify the target of the RewriteRule directive in one of them:

   SSLProxyEngine off
   RewriteEngine On
   RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.4$
   RewriteRule ^/(.*) http://trenne.pasta.net:5000/$1 [P]
   ProxyPassReverse http://trenne.pasta.net:5000/ /
   
   RewriteCond %{REMOTE_ADDR} ^1\.2\.3\.4$
   RewriteRule ^/(.*) http://penne.pasta.net:5000/$1 [P]
   ProxyPassReverse http://penne.pasta.net:5000/ /
   

   (Note that the RewriteEngine and SSLProxyEngine directives do not need to be duplicated since they are the same in both cases, but that the ProxyPassReverse directive does need to be duplicated.)

5. Run:

   systemctl reload apache2

   and verify that everything still works.

See also

• Computing