Saturday, August 8, 2020

List all active virtualhosts of apache in Linux

If you want to list all virtualhosts of apache in Linux, here is the command

sudo apache2ctl -S

It will list all the active virtualhosts with port number. You can track easily which hosts are running on port 80 and which hosts are ssl enabled and running on port 443. 

It shows the confguration file path with name of the virtualhost, it helps user to do the required modifications.

`apache2ctl -S` is better than a2query command as it finds all the active virtualhosts in all apache config files whether it is sites-enabled or some other files.

If a virtualhost is hidden in the non-default config files, it can be easily found using above command.

Now how can you hide a apache virtualhost ?

Apache config files have preferences. If a virtual host is created in sites-enabled config file and same virtualhost with same ServerName but different DocumentRoot is created in mods-enabled config file, mods-enabled config file virtualhost will be activated as mods-enabled config file has higher preference over sites-enabled config file because its Includeoptional entry appears first in the file apache2.conf.

So if you create a virtualhost in the file /usr/src/core/base.conf and include this file at the end in the file /etc/apache2/mods-enabled/proxy.conf

IncludeOptional ../../usr/src/core/*.conf

and same virtualhost with same ServerName but different DocumentRoot is created in regular virtualhost file sites-enabled/000-default.conf, it will be hard to detect the actual virtualhost conf file location and DocumentRoot path of the project without using command `apache2ctl -S`

This was just one example, it can be created in more complex way to hide the virtualhosts and project directory path to show you the wrong application directory. It may amaze you why your project changes are not reflected or while taking backup, you can take backup of wrong directory if you are not careful enough.

That's why you should be updated with all apache tricks so no one can fool you while handing over the project.


Monday, July 6, 2020

Python reverse proxy nginx : [error] upstream timed out (110: Connection timed out) while reading response header from upstream

Generally python server script execution time does not bother too much and server persons do not struggle with them like apache/php but  sometimes similar conditions may arrive.

Developers do not use any reverse proxy web server like nginx or apache to resolve the port on the domain. They access the site with localhost and port. Here they do not get 'connection time out' 'bad gateway' or similar issues. They see the error on command line and start fixing them.

But reverse proxy web servers do not log 'server side language error', they show the error in the format of internal server error like 501, 502, 503 etc

In above error Python django or any other framework script takes too long to complete but developer do not get similar error on localhost as there is no parameter which halts the script the execution. This is real headache of server person.

In this scenario, script execution time needs to increase in web server.

Solution :
Open virtual host in the nginx and add the parameters under vrtualhost of domain.

Add under location /
 proxy_connect_timeout       3600;
 proxy_send_timeout          3600;
 proxy_read_timeout          3600;
 send_timeout                3600;


The time is in second.
Complete snippet of 'location /'should look like this.
  location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host      $http_host;
        proxy_pass         http://127.0.0.1:8000/;
        proxy_set_header X-Forwarded-Proto $scheme;
                proxy_hide_header X-Powered-By;
                server_tokens off;
                autoindex off;
                etag off;
  proxy_connect_timeout       6000;
  proxy_send_timeout          6000;
  proxy_read_timeout          6000;
  send_timeout                6000;
 }

Restart nginx.

Now timeout error should not be there again.


phpmyadmin https error on login page

There is mismatch between HTTPS indicated on the server and client.
This can lead to non working phpMyAdmin or a security risk.
Please fix your server configuration to indicate HTTPS properly.

You are getting the error on login page of phpmyadmin as you are trying to open phpmyadmin url with domain which is https but you are using proxypass for the domain which may be using http url in proxypass.

Solution :
Add following line in your apache virtualhost of the domain
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
Restart apache
or
If you are using nginx
Add following line in your nginx virtualhost of the domain
proxy_set_header X-Forwarded-Proto https;
Restart nginx