====== Apache httpd server ======

  * ''[[https://developers.google.com/speed/pagespeed/mod|mod_pagespeed]]'' speeds up your site and reduces page load time.
  * [[habrahabr>267721|Apache vs Nginx: практический взгляд]]


===== Questions answered =====

=== How to enable [[wp>HTTP/2]]? ===

<note tip>
Apache v2.4.17 has [[wp>HTTP/2]] support via ''mod_http2'' module ([[http://www.apache.org/dist/httpd/Announcement2.4.html|see announcement]]).

To enable support of [[wp>SPDY]] on Apache:
  * [[github>eousphoros/mod-spdy|mod-ssl(NPN, OpenSSL 1.0.2) + mod-spdy]] for Apache v2.4.12 ([[https://plainsightro.wordpress.com/2014/09/28/mod_spdy-with-ubuntu-14-04-x64-and-apache-2-4/|build instructions]])
  * [[apachebztracker>52210|Add TLS Application-Layer Protocol Negotiation (ALPN) support to mod_ssl]] -- support was added to v2.5.
  * [[https://spdycheck.org/|SPDYCheck]] to verify that given site has [[wp>SPDY]] correctly enabled.

<note>[[https://developers.google.com/speed/spdy/mod_spdy/|official packages]] are [[googlecode>p/mod-spdy/issues/detail?id=65|for Apache 2.2 only]].</note>
<note>[[wp>SPDY]] [[http://blog.chromium.org/2015/02/hello-http2-goodbye-spdy-http-is_9.html|is deprecated]] in favour of [[wp>HTTP/2]] which is supported by Chrome from v40.</note>
<note>Note that ''mod_http2'' module [[https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config|has limitations]] with ''mod_mpm_prefork'' worker strategy ([[https://http2.pro/doc/Apache#prefork-http2|HTTP/2 is not supported in prefork from Apache v2.4.27]]), hence [[https://serverfault.com/a/904115/101556|switch Apache from prefork to event]].</note>
<note>Note that TLS should be at least v1.2 for HTTP/2 to function and there are cipher suite restrictions hence set ''SSLProtocol all -SSLv3 -TLSv1'' or stricter.</note>

See also:
  * [[habrahabr>278167|HTTP/2: готовимся к переходу]]
  * ''%%chrome://net-internals/#http2%%'' -- Chrome internal console to monitor HTTP/2 connections
  * [[tomcat#enabling_http2|HTTP/2 in Tomcat]]
</note>


=== [[stackoverflowa>31154944/267197|How to set umask for Apache daemon?]] ===

<note tip>
<code console>
# mkdir /etc/systemd/system/apache2.service.d
# cat > /etc/systemd/system/apache2.service.d/override.conf <<EOF
[Service]
UMask=0027
EOF
</code>
</note>


=== How to setup Apache custom error message ===

<note tip>
From [[http://trac.edgewall.org/ticket/2371|ErrorDocument]] (see also [[http://httpd.apache.org/docs/2.0/misc/custom_errordocs.html|International Customized Server Error Messages]]):

<code apache|httpd.conf>
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
Alias /error/ "/usr/share/apache2/error/"

<Directory "/usr/share/apache2/error">
	AllowOverride None
	Options IncludesNoExec
	AddOutputFilter Includes html
	AddHandler type-map var
	Order allow,deny
	Allow from all
	LanguagePriority en es de fr
	ForceLanguagePriority Prefer Fallback
</Directory>

ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
</code>
</note>


=== httpd reports ''attempt to invoke directory as script: /usr/lib/cgi-bin/'' to error log ===

<note tip>
From [[apache>httpd/DirectoryAsScript|this]] page: This problems occurs when you try to access a directory marked only for CGI script execution with ''ScriptAlias'' or ''SetHandler''. To overcome this use ''Alias'' + ''AddHandler'':
<code>
Alias /exe/ /usr/lib/cgi-bin/
AddHandler cgi-script .pl
</code>
</note>


=== How to properly configure SSL? ===

<note tip>
Follow the instructions here:
  * [[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet|Transport Layer Protection Cheat Sheet]]
  * [[mozilla>Security/Server_Side_TLS|Server Side TLS]]
</note>


=== How to send reverse-proxy request via another forward-proxy? ===

<note question>
Suppose you want to redirect ''/external'' location of the service in Intranet to some external site. However external request should go via corporate proxy.
</note>

<note tip>
Solution:
<code|httpd.conf>
LoadModule proxy_module /usr/lib/apache2/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/mod_proxy_http.so

<VirtualHost 10.0.0.1>
	...
	RewriteEngine on
	# Requests should be processed by reverse proxy:
	RewriteRule /external/(.*) http://external.site.com/$1 [QSA,P]
	# Reverse proxy should use this forward proxy for external URLs:
	ProxyRemoteMatch "http://.*\.com.*" http://proxy:8080
</VirtualHost>
</code>
</note>


=== How to set and check the cookie with ''mod_rewrite''? ===

<note tip>
<code|httpd.conf>
# Set the cookie if URL parameter is given:
RewriteCond %{QUERY_STRING} (^|&)action=setmycookie($|&) [NC]
RewriteRule ^ - [L,PT,CO=mycookie:true:%{HTTP_HOST}]

# If cookie is set, do something:
RewriteCond %{HTTP_COOKIE} (^|;\s*)mycookie=true
RewriteRule ^ - [L,PT]
</code>
</note>


==== SVN ====

=== SVN HTTP repository error: asks to use another URL ===

<note question>When trying to checkout the project, the following error message appears: ''%%svn: Repository moved permanently to 'http://myhost.com/'; please relocate%%''</note>
<note tip>
From [[http://subversion.apache.org/faq.html#http-301-error|FAQ]]:
<note>Make sure your repository ''<Location>'' does not overlap or live within any areas already exported as e.g. ''DocumentRoot''.</note>
</note>


=== SVN HTTP repository: cannot open Berkeley DB ===

<note question>After recovering SVN database from backup the following error appears in Apache error log when trying to access the repository: ''(20014)Internal error: Berkeley DB error for filesystem '/var/lib/svn/public/db' while opening environment:\n'' or ''(20014)Internal error: Berkeley DB error for filesystem '/var/lib/svn/public/db' while opening 'nodes' table:\nInvalid argument''</note>
<note tip>
As to [[http://subversion.tigris.org/faq.html#bdb-recovery|Subversion FAQ]] run the following commands:
<code console>
db4.8_recover -c -v -h /var/lib/svn/public/db
svnadmin recover /var/lib/svn/public
cd /var/lib/svn/public && make proper
</code>
Run them when **Apache server is shut down**! If the repository continues to work until the next commit and then fails again, check the permissions (group should be writeable by Apache server).</note>


==== SquirrelMail ====

There are some issues with SquirrelMail on PHP 5.6. The unfortunate is that the project is abandoned, some PHP functions have changed the signature and some became deprecated, so it's getting hard to keep SquirrelMail working on latest PHP engines.

The package ''[[cloudmail>3CUh/BBWNzDMTe|squirrelmail_1.5.1-6_all.deb]]'' (check [[cloudmail>BPS2/GvqDEv4YQ|whole folder]] for sources) includes the following fixes:
  * Allows to specify ''localhost'' as IMAP/SMTP server, while SSL certificate is generated for FQDN (see [[stackoverflow>26810218|How to set 'verify_peer_name=false' SSL context option via php.ini in PHP 5.6]]).
  * Allows the SSL certificate to be self-signed.
  * Allows to specify the list of cyphers to e.g. disable SSLv3. See also: {{topic>POODLE}}
  * Fixes some PHP warnings (see below).

See also [[debiantracker>732210|SquirrelMail bug report]] and [[http://article.gmane.org/gmane.mail.squirrelmail.user/39936|my post to maillist]]. 


=== SquirrelMail logs out very soon ===

<note tip>
Try to play with //Options -> Folders -> Automatic Refresh// or put the following to the ''.htaccess'' file in squirrel root directory (see [[http://bytes.com/forum/thread2477.html|here]]):

<code>
php_value session.gc_maxlifetime 7200
php_value session.cookie_lifetime 7200
</code>
</note>


=== SquirrelMail breaks with error ''%%Error connecting to IMAP server: tls://localhost.%%'' ===

<note question>
The error message reads:
<code>
Error connecting to IMAP server: tls://localhost.
0 : 
</code>
</note>

<note tip>
It seems that you're running SquirrelMail < v1.5. Upgrade to e.g. v1.5.1.
</note>


=== SquirrelMail breaks with error ''Call to undefined function session_unregister()'' ===

<note question>
The Apache error log reads:
<code>
PHP Fatal error:  Call to undefined function session_unregister() in /usr/share/squirrelmail/functions/global.php on line 111
</code>
</note>

<note tip>
Here comes the patch to fix it ([[svn>trunk/programming/patches/squirrelmail.global.php_session.patch|download]]):

<code diff>
--- /usr/share/squirrelmail/functions/global.php.orig	2006-07-08 21:01:27.000000000 +0200
+++ /usr/share/squirrelmail/functions/global.php	2012-12-19 22:27:47.433789672 +0100
@@ -92,9 +92,9 @@
 
     sqsession_is_active();
 
-    $_SESSION["$name"] = $var;
+    session_start();
 
-    session_register("$name");
+    $_SESSION["$name"] = $var;
 }
 
 /**
@@ -107,8 +107,6 @@
     sqsession_is_active();
 
     unset($_SESSION[$name]);
-
-    session_unregister("$name");
 }
 
 /**
</code>

See also [[debiantracker>732210|Some serious incompatibilities with wheezy php 5.4]].
</note>


=== SquirrelMail breaks with error ''PHP Fatal error:  Cannot redeclare hex2bin()'' ===

<note question>
The Apache error log reads:
<code>
PHP Fatal error:  Cannot redeclare hex2bin() in /usr/share/squirrelmail/plugins/mail_fetch/functions.php on line 309
</code>
</note>

<note tip>
Just remove this function ([[svn>trunk/programming/patches/squirrelmail.mail_fetch.functions.php_hex2bin.patch|download]])::

<code diff>
--- /usr/share/squirrelmail/plugins/mail_fetch/functions.php.orig	2006-07-08 21:09:31.000000000 +0200
+++ /usr/share/squirrelmail/plugins/mail_fetch/functions.php	2012-12-19 22:32:26.273782351 +0100
@@ -293,21 +293,6 @@
 }
 // end of hooked functions
 
-/**
- * hex2bin - document me
- */
-function hex2bin( $data ) {
-
-    /* Original code by josh@superfork.com */
-
-    $len = strlen($data);
-    $newdata = '';
-    for( $i=0; $i < $len; $i += 2 ) {
-        $newdata .= pack( "C", hexdec( substr( $data, $i, 2) ) );
-    }
-    return $newdata;
-}
-
 function mf_keyED( $txt ) {
 
     global $MF_TIT;
</code>
</note>


=== How to enable system aSpell dictionaries in SquirrelMail spellchecker? ===

<note tip>
Worth doing this just to support ancient browsers without build-in spell checker.

In Debian the utility ''/usr/sbin/update-dictcommon-aspell'' (check ''/usr/share/perl5/Debian/DictionariesCommon.pm'') updates the system-wide file ''/var/cache/dictionaries-common/sqspell.php''. To use this approach download latest stable version (e.g. v1.4.23) and take ''/etc/squirrelmail/sqspell_config.php'' from it.

Complete but outdated patch is [[svn>trunk/programming/patches/dictionaries-common-for-squirrel.patch|here]] (check also [[debiantracker>496675|aspell support for squirrelspell via dictionaries-common]]).
</note>


=== SquirrelMail shows deleted messages in the folder ===

<note tip>
From [[http://squirrelmail.5843.n7.nabble.com/Externally-deleted-mail-still-shows-up-in-Inbox-td25585.html|Externally deleted mail still shows up in Inbox]]:
<blockquote>
The problem is that SquirrelMail and Thunderbird are configured differently. Deleting a mail on an IMAP server is a two step process: marking the mail as deleted, and then expunge the mail marked as deleted. Apparently Thunderbird only does the first step which is why you see the mail as gray with an icon in SquirrelMail. Your SquirrelMail is likely to be configured to expunge automatically when doing a delete. You can set ''mail.imap.expunge_after_delete=true'' using Thunderbird's Config Editor.
</blockquote>
</note>

{{tag>SSL POODLE SquirrelMail}}