AWS
Quick guide on aws for beginners Understanding network concepts in aws How to achieve CI/CD in aws CI/CD in aws managed resources with Jenkins Push Image to aws ECR Using GitHub Actions Setup an EventBridge Rule in aws How ECS & ECR works in aws EKS with Fargate Profile Launch EKS using eksctl in aws Container insight for EKS-Fargate in cloudwatch Deploy aws resources with CloudFormation AWS secrets scanning by GitHub Setup Site to Site VPN Connection in AWS
AZURE
Gateways in Azure Understanding network concepts in Azure Ingress in Azure Kubernetes Service
GCP
Architecting hybrid infrastructure with Anthos

ANSIBLE
Ansible a configuration management tool Runbook Automation tool for playbooks
DOCKER
Docker a containerization Tool Networking in Docker Multi-stage build in Docker what is docker-compose All about Docker swarm
GIT
CLI instruction to work with Git Integrating Jenkins with GitHub Secret detection in GitLab Push Image to ECR Using GitHub Actions
JENKINS
Jenkins a continuous integration tool Acheive CI/CD using Jenkins in AWS Configuring weblogic deployer plugin in Jenkins
KUBERNETES
Kubernetes an orchestration framework Launch kubernetes cluster in Different ways Debugging your kubernetes cluster Certificates renewal of kubernetes cluster Deploying application on Kubernetes cluster api versions to use in manifest file RBACs in Kubernetes Health check of containers in Kubernetes Rancher a cluster management platform Understanding ISTIO as a service mesh
TERRAFORM
Deploying IaC using Terraform Terraform module EKS cluster using Terraform

APACHE
Things to know in Apache How to Configure Apache-httpd Server Setup httpd as os-service on OL8 SiteMinder and its Integration with WebServer Apache SSL Installation Instructions NO_RESOURCES Errors in APACHE with WLS
WEBLOGIC
Installing WebLogic 12.1.3 without GUI WebLogic Server as a managed Azure service WLS domain extension to include JRF template All about OPatch in WLS How to define WorkManager in Weblogic Some known Weblogic exceptions Different OutOfMemory issues Some known Weblogic exceptions Play with WLST Persistent store in WLS Configuration of NodeManager

JAVA
JAVA_OPTIONS Study on JAVA_HEAP Native OOM in Java Heap Types of Threads Various Java-options to use in Java apps How to run Java Flight Recorder dbping a java-weblogic utility
SSL
When & why to use SSL certificates SSLv3 to TLS1.* SHA2 on Oracle https Server Weblogic SSL Renewal Steps
CHEATSHEETs
Linux Cheatsheet Linux Log parsing cheetsheet SSL Cheatsheet MySQL Cheatsheet PostgreSQL Cheatsheet WebLogic Cheatsheet Python Cheatsheet Kubernetes Cheatsheet Terraform Cheatsheet Hashicorp-vault Cheatsheet GCP Cheatsheet
OTHER
All about Messaging Queue small guide on Python WLSDM monitoring agent in WLS Register driver for MSSqlServer Understanding YAML Understanding Role of an API Gateway SonarQube code analysis

07 July 2020

Setup httpd as os-service on OL8.x

This article will help you to setup Apache httpd as an OS service on OL8.x releases

NOTE - should be run using sudo/root privileges.
STEP 1 - Verify Package 

before you install httpd as an OS service - confirm if it is already installed in your server by running any command as below
$ systemctl status httpd or ​​​​​​​rpm -qi httpd
​​​​​​​if the system is unable to find the service, proceed to the next step
  

STEP 2 - Install httpd

$ yum install httpd
this will install the latest package available from the server repository - at the time of writing this article 2.4.37 is the latest offering by Oracle in OL8.x

upon successful installation, you should able to see the httpd package available now.

STEP 3 - verify package post-installation 

$ systemctl status httpd
the above confirms the package is installed now, however at default the service is inctive and disabled

STEP 4 - Start the service

$ systemctl start httpd
$ systemctl status httpd
this shows apache is up and running now, check the process by running the regular ps command
$ ps -ef  | grep httpd
the conf file of this package can be found under - /etc/httpd/conf

verify the newly installed apache by running the following commands
$ httpd -v
$ rpm -qi httpd
Additionally, you can set this apache instance as an auto boot-up service post VM reboot by running the following command -
$ sudo chkconfig httpd on


How to configure 2nd Instance of Apache in the same server

Copy the whole httpd configure directory "/etc/httpd" to "/etc/httpd1"
$ cp -fr /etc/httpd /etc/httpd1
Modify the httpd directives which may be a conflict if running multiple instances at the same time in file "/etc/httpd1/conf/httpd.conf"
ServerRoot
Listen
PidFile
ErrorLog
CustomLog

For example, we changed as following in "/etc/httpd1/conf/httpd.conf" for 2nd Instance

ServerRoot /etc/httpd1
Listen 8080
PidFile run/httpd1.pid
ErrorLog logs/httpd1_error_log
CustomLog logs/httpd1_access_log combined
Start Apaches
$ httpd -f /etc/httpd1/conf/httpd1.conf -k start
$ httpd -f /etc/httpd/conf/httpd1.conf -k start

How to configure SSL module

install the mod_ssl module by running the following command -

$ yum -y install mod_ssl
it will install the required module and place it under 
/usr/lib64/httpd/modules/mod_ssl.so
load this module in /etc/httpd/conf/httpd.conf as -
LoadModule ssl_module modules/mod_ssl.so
configuration requires certificates and start the httpd service as usual

How to install a Signed Certificate into Apache Instance

Generate CSR, that will generate server.key & server.csr
​​​​​​​
$ openssl req -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr
Get CSR signed by an authorized CA

Copy the server/end-entity certificate provided by CA into a server.crt file Update the certificate & key file into ssl.conf & comment the default self-signed certificate.
$ vi /etc/httpd/conf.d/ssl.conf

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile "/etc/httpd/ssl/server.crt"

#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificatekeyFile "/etc/httpd/ssl/server.key"
restart your httpd service

You should be able to access index.html on HTTPS now.


In case of a self-signed certificate

Configure the SSL module as mentioned above and add port 443 in the following lines in /etc/httpd/conf/httpd.conf and restart the Apache.

Listen 80
Listen 443

ServerName 10.20.30.40:80
ServerName 10.20.30.40:443

Please note that with the self-signed certificate, you will get a warning while testing on https://$hostname:443/ because self-signed certificate is the problem, the browser could not trust the server due to its certificate signed by itself but not by a trusted certificate authority (CA).​​​
​​​​
​​​​​​​Known Issue -

After enabling mod_wl_24.so for the WebLogic proxy you might see the following issue while starting the httpd service -

cannot load modules/mod_wl_24.so into server: libdms2.so: cannot open shared object file:

How to fix

Since systemctl by default does not load LD_LIBRARY_PATH so you need to manually configure it.
$ vi /usr/lib/systemd/system/httpd.service

Under [Service] add the following line -

LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib64

Reload system daemon

$ systemctl daemon-reload​​​​​​​

Now copy only the missing modules or libs from /usr/lib64/httpd/modules/ to /usr/lib64/

Ex -
cp -rp /usr/lib64/httpd/modules/libonssys.so  /usr/lib64/
cp -rp /usr/lib64/httpd/modules/libonsssl.so  /usr/lib64/
cp -rp /usr/lib64/httpd/modules/libdms2.so    /usr/lib64/

restart httpd
$ systemctl start httpd
No comments:
Labels:

08 September 2015

Things to know in Apache

Tomcat with Apache:

  • Apache needs to load a "adapter" module, which uses a certain protocol, such as Apache JServ Protocol (AJP), to communicate with the Tomcat, via another TCP port (port 8009 in the default configuration).
  • When Apache receives an HTTP request, it checks if the request belongs to Tomcat. If so, it lets the adapter takes the request and forwards it to Tomcat, as illustrated below




mod_jk.so

- Place the module mod_jk.so inside modules directory of Apache
- Load this module in httpd.conf with below parameters

LoadModule jk_module modules/mod_jk.so
JkWorkersFile /apps/apache/httpd-2.2.29/conf/workers.properties
|IfModule jk_module|
|Location /*/WEB-INF/*|
deny from all
|/Location|
JkMount /manager/* worker1 |/IfModule|

- Create workers.properties file inside apache/conf folder with below parameters

JkLogFile /apps/apache/httpd-2.2.29/logs/mod_jk.log
JkShmFile /apps/apache/httpd-2.2.29/logs/mod_jk.shm
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
JkMount /manager/ worker1
worker.list=worker1
#Set worker properties
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009

now just try hitting URL : http://localhost:ApachePort/TomcatApplicationContext 

which means you are hitting Apache Port & its redirecting to Tomcat app

mod_rewrite.so
 
- Load module in httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so

- Allow override in httpd.conf to all under below two parameters as
|Directory|
Options FollowSymLinks
AllowOverride all
Order allow,deny
allow from all
|/Directory|

|Directory "/apps/apache/httpd-2.2.29//htdocs|
AllowOverride all
Order allow,deny
Allow from all
|/Directory|

- add (define rewrite rule) in .htaccess which is hidden in Document Root /htdocs as
RewriteRule ^/?index.html$ index1.html [L]

- to test create another file index1.html as defined in the rule and try hitting the index.html, you will see the magic of rewrite module here as it shows the content of index1.html keeping the context URL as it is i.e index.html

Alias

it allows you to point your Web server to directories outside your document root,Once set up correctly, any URL ending in the alias will automatically resolve to the path set in the alias

- define Alias in httpd.conf as
Alias /webpath /full/filesystem/path

Things to know in Apache

1: mod_rewrite
mod_rewrite is the rule-based rewrite engine that allows Apache to rewrite requested URLs on the fly. This module basically catches incoming URL requests and rewrites them as needed. These rewrites can be according to the needs of a specific server application, the needs of a specific domain, or many other, varied requirements of a server, system, or company. This module also allows you to use more user-friendly URLs. So instead of having to type http://this.is.my.domain/this_is_my_address?=id.4567, your users could just type http://this.is.my.domain/address. This module is incredibly complex and should be well researched before implementing.
2: Alias
Alias is one of the must-use directives, as it allows you to point your Web server to directories outside your document root. Once set up correctly, any URL ending in the alias will automatically resolve to the path set in the alias. So you could take a folder, say, /home/sites/docs, which wouldn't normally be accessible by Apache, and make it such that a user could just go to http://this.is.my.domain/docs and see everything within that folder.
3: AddType
AddType can easily have you pulling out your hair. If you plan on serving up .php files, you'll need to add the MIME in your configuration file; otherwise, Apache will just display the code for .php files in the browser. Not an option. To get Apache to actually execute the files, the MIME type has to be set up — which is done with the help of the AddType directive.
4: AddHandler
Where AddType configures MIMEs, AddHandler configures extensions. This allows you to define .php, .phtml as both handlers for the php MIME. If you find out your server isn't executing .php files properly, make sure you have this directive set up in the form AddHandler application/x-httpd-php .php, along with the AddType directive and you should be good to go.
5: VirtualHost
VirtualHost allows you to create multiple virtual hosts on a single Apache server. This directive accepts most all other container directives. If you're using Apache2, these virtual hosts will be defined within the /etc/apache2/sites-available directory. You define each virtual host separately within that directory (using the VirtualHost directive) and then enable the site with the command a2ensite (if on Ubuntu).
6: DocumentRoot
DocumentRoot defines the document root of the server. Typically this will be /var/www on Apache2 on Ubuntu and some servers can be set to /etc/httpd. You can set this to whatever you like, but make sure the directory configured has the right permissions so that the Web server user has full permission to access the directory. Change this directive only if you know exactly what you're doing.
7: KeepAlive
KeepAlive is an important directive. It defines whether a server allows more than one request per connection. If used properly, KeepAlive can prevent any one client from consuming too much of a server's resources. By default, KeepAlive is set to off, which prevents the server from becoming too busy. If you do enable it, use the related KeepAliveTimeout directive and set it to a low number.
8: Listen
Listen is the directive used to define the port Apache listens on. By default, Apache listens on port 80, but you can define this to a nonstandard port if needed. There is one caveat to this. If you change the port to 1024, the Apache daemon can be started only by the root user. You can also use Listen to define specific addresses that the server will accept connections from.
9: LoadModule
LoadModule is the directive used to inform the Apache server of a module to be loaded. Tons of modules are included in a default Apache installation — and more can be found. But not all modules are loaded by default (nor would you want them to be). If you look in the Apache configuration directory, /etc/apache2, for example, you'll find a subfolder that contains all the available modules. It will probably require some Google time to determine exactly what each module does. Once you're sure you want to load a module, do so with the LoadModule directive.
10: Options
Options allows you to define specific options to be available for a defined directory. This is an incredibly handy directive to have at your fingertips, as it allows you to fine-tune on a per-directory basis. Some of the more useful options available are FollowSymLinks, Indexes, ExecCGI, and Includes. Now with Options you can use + to tell Apache to add the option or - to remove an option. You can also add the options without + or -, but you can't mix these two or Apache will get confused.


Br,
Punit
No comments:
Labels:

31 May 2015

How to Install | Compile | Configure Apache-http Server

Download the binnary from http://httpd.apache.org/download.cgi
at the time of writing this post 2.2.29 is most stable version of apache thus used in the example.

If you are using Linux dist. you should download one which is in format of tar.gz like : httpd-2.2.29.tar.gz


 # extract it
 $ tar -xzf httpd-2.2.29.tar.gz

 $ rpm -qa | grep gcc
      usually it will show this two packages
        libgcc-4.4.7-4.1.el6_5.i686
        libgcc-4.4.7-4.1.el6_5.x86_64

 # install gcc, a mandate package to run apache on Linux dis.
 $ sudo yum install gcc
    gcc-4.4.7-4.1.el6_5.x86_64

 # switch to installer directory and run following commands
 $ ./configure -prefix=/setups/apache/http-2.2.29 // defining
        the installaition Location
 $ make  // this command will compile the Apache
 $ make install // this command will configure the Apache
 $ cd /bin
 $ ./apachectl -k start


access the url
http://localhost:80/

if everything goes well it will display
It works!
No comments:
Labels:

25 November 2014

Apache SSL Installation Instructions

Save the primary and intermediate certificates to a folder on the server with the private key.

Open the Apache configuration file in a text editor httpd.conf In most cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in a separate file in a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf

If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and change the port from port 80 to 443.

& add below lines as

 <VirtualHost 192.168.0.1:443>

 DocumentRoot "/var/www/htdocs"
 ServerName www.domain.com
 SSLEngine on
 SSLCertificateFile "/etc/ssl/crt/primary.crt"
 SSLCertificateKeyFile "/etc/ssl/crt/private.key"
 SSLCACertificateFile "/etc/ssl/crt/intermediate.crt"
 </VirtualHost>


2.     Change the names of the files and paths to match with your certificate files:
SSLCertificateFile should be your primary certificate file for your domain name.
SSLCertificateKeyFile should be the key file generated when you created the CSR.
SSLCertificateChainFile should be the intermediate certificate file (if any) that was supplied by your certificate authority
(The first directive tells Apache how to find the server certificate file, the second one where the private key is located, and the third line the location of the Trust CA Bundle.)

Save the changes and exit the text editor.
After making changes to your config file it is good practice to check the file for syntax errors using apachectl configtest. The command will return Syntax OK if there are no errors.
Restart your Apache web server using one of the following commands:

 $ /bin/apachectl startssl && /bin/apachectl restart


Note: make sure to un comment mod_ssl.so from httpd.conf

 Additionally you can generate your apache self signed certificate

 Once you have OpenSSL installed, just run this one command to create an Apache self signed certificate:

 $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ 
   -keyout mysitename.key -out mysitename.crt

You will be prompted to enter your organizational information and a common name. The common name should be the fully qualified domain name for the site you are securing (www.mydomain.com). You can leave the email address, challenge password, and optional company name blank. 
When the command is finished running, it will create two files: 
mysitename.key 
mysitename.crt self signed certificate file which is valid for 365 days.

 Br,
Punit
2 comments:
Labels: ,

08 June 2014

NO_RESOURCES Errors in APACHE when WLS at Backend

At times you will see, apache throws no resources error when you have weblogic in backend.
    

a snippet of error as below:   

weblogic: *******Exception type [NO_RESOURCES] (apr_socket_connect call failed with error=70007, host=xx.xx.xx.xx, port=xxxx) raised at line xxxx of URL.cpp

ex:
[DATE TIME] [error] [client X.X.X.X] ap_proxy: trying POST /xxx/xxxx/xx at backend host 'X.X.X.X/xxxx; got exception 'NO_RESOURCES: [os error=115, line 1602 of URL.cpp]: apr_socket_connect call failed with error=70007, host=X.X.X.X, port=xxxx ', referer: http://xxxx.x.xxx/xx.html#

This usually occurs when WLS server is too busy to respond to the connect request from the WebLogic Proxy Plug-In.
This can be resolved by setting WLSocketTimeoutSecs to a higher value where the default value is 2. This allows the WebLogic Proxy Plug-In to wait longer for the connect request to be responded by the WLS server.

try adding below configuration in http.conf under the location tab of Virtual host:

DEBUG OFF
ConnectTimeoutSecs 50 (default is 10)
ConnectRetrySecs 5 (default is 2)
WLSocketTimeoutSecs 10 (default is 2)
WLIOTimeoutSecs 1800 (default is 300)
Idempotent OFF (default is ON)

In weblogic nodes

domain --> environment --> servers --> click on the required server --> tuning--> Accept Backlog:  --> default value is 300. Made it 375.
 
restart weblogic nodes and apache , this should fix your no resource issue.

Br
Punit
No comments:
Labels: , , ,