HTTP Reverse Proxy
Application layer, cant present proxy destination certificate cause TLS handshake already being done at host
apache can only do HTTP reverse proxy
TCP/IP proxy pass
reverse proxy tcp packet, will present server certificate at destination instead of host,
Nginx can do it, go can do it
Nginx:
stream {
map $ssl_preread_server_name $target {
example.com 10.0.0.12:443; # Server B
default 10.0.0.11:443; # Server A
}
server {
listen 443;
proxy_pass $target;
ssl_preread on;
}
}
https://ubiq.co/tech-blog/enable-cors-apache-web-server/#:~:text=By%20default%2C%20cross%20domain%20requests,Origin%20Resource%20Sharing)%20in%20Apache.
sudo a2enmod headers
<VirtualHost *:443> ... Header add Access-Control-Allow-Origin "*" ... </VirtualHost>
https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work
// For sites need to specify ports
Access-Control-Allow-Origin: http://siteA.com
systemctl restart apache2.service
https://www.howtoforge.com/tutorial/subversion-svn-with-apache-and-letsencrypt-on-centos/
https://serverfault.com/questions/905170/does-root-write-the-logs-in-a-default-apache-installation
Apache2
In the default Apache installation, all log files in /var/log/apache2 are written by root user. This is a security measure as it protects anyone from writing or gain access to the directory. It is recommended to not change the owner to www-data.
The Apache process running as root is responsible for writing the logs.
https://dba.stackexchange.com/questions/121258/what-to-do-when-mysql-is-not-generating-any-logs-at-all-on-debian
Mysql
Thanks to commenters for their insights. The solutions was:
https://askubuntu.com/questions/1113629/apache2-service-failed-to-run-start-task-no-space-left-on-device
When Ubuntu is full, apache will fail to start.
Should delete content in /tmp and /var/log (tmp are removed after reboot)
https://askubuntu.com/questions/171678/can-i-delete-var-log-files-due-to-low-root-space
However, if you delete the /var/log subdirectories. I deleted all my log files and their directories (rm -r /var/log/*) and it broke my apache2 functionality. Apparently apache doesn't/can't recreate the log directories and therefore can't write log files and that apparently can cause it to fail.
I've heard before that deleting some log files can cause problems, though I don't have any first-hand experience to support it. But of course I didn't have any first-hand experience of directory deletion being a problem until a few days ago...
Fix:
Create sudo mkdir apache2 in /var/log
https://askubuntu.com/questions/64996/var-log-apache2-gets-deleted-on-restart-so-apache-doesnt-start-on-startup
MYSQL fail to start due to /var/log removal (AKA showing permission denied error on sudo service mysql start)
1) sudo service mysql status
2) sudo service mysql stop
3) sudo service mysql start
5) vim journalctl -xe to see log on why mysql failed
6) You should see cant access /var/log/mysql/error.log
7) sudo mkdir /var/log/mysql, sudo touch /var/log/mysql/error.log
8) ch
Error :
The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 for more information.
Solution :
sudo apt-get install --only-upgrade certbot
https://community.letsencrypt.org/t/the-server-experienced-an-internal-error-acmev1-brownout-in-progress/148357/7
By default, Ubuntu does not allow access through the web browser to any file apart of those located in /var/www, public_html directories (when enabled) and /usr/share (for web applications). If your site is using a web document root located elsewhere (such as in /srv) you may need to whitelist your document root directory in /etc/apache2/apache2.conf.
The default Ubuntu document root is /var/www/html. You can make your own virtual hosts under /var/www. This is different to previous releases which provides better security out of the box.
Allow more directory access :
vim /etc/apache2/apache2.conf.
Require all grant meaning allow access
Options FollowSymLinks means symbolic link can be established
| <Directory /> | |
| Options FollowSymLinks | |
| AllowOverride None | |
| Require all denied | |
| </Directory> | |
| <Directory /usr/share> | |
| AllowOverride None | |
| Require all granted | |
| </Directory> | |
| <Directory /var/www/> | |
| Options Indexes FollowSymLinks | |
| AllowOverride None | |
| Require all granted | |
| </Directory> |
wq!
sudo service apache2 restart
// If only want /var/www access , can set up folderA in /var/www for symlink access to other directory, need to
https://askubuntu.com/questions/843740/how-to-create-a-symbolic-link-in-a-linux-directory
ln -s /var/www/vhosts/ecash_cfe /var/www/vhosts/ecash-staging.com/ecash_root
-s stands for symbolic link
/var/www/vhosts/ecash_cfe is the source file
/var/www/vhosts/ecash-staging.com/ecash_root is the link name
Restart apache2<Directory /var/www/>Options Indexes FollowSymLinks
AllowOverride All // allow .htacess override
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{THE_REQUEST} /([^.]+)\.html [NC]
RewriteRule ^ /%1 [NC,L,R]
RewriteCond %{REQUEST_FILENAME}.html -f