Tag Archives: apache

letsencrypt renew – 404 – Detail: Invalid response

So!,

letsencrypt renew output

Domain: www.domain.com
Type: unauthorized
Detail: Invalid response from
 http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6:

nginx error log

66.133.XXX.XXX - - [11/Feb/2017:09:33:20 +0100] "GET /.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6 HTTP/1.1" 404 247 "http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

“Somehow” my domain root has changed.
I had to take a look at¬†/etc/letsencrypt/renewal/domain.com.conf and fix some paths… ūüôā

 

Enabling cgi-bin on apache

I had to enable CGI on this new recent server

sudo a2enmod cgi
sudo service apache2 restart

Simple!,
But I was getting a error script not found or unable to stat

[Mon Nov 30 18:00:32.380748 2015] [cgi:error] [pid 18799] [client 84.91.XXX.XXX:62545] script not found or unable to stat: /usr/lib/cgi-bin/HiPGZ23est4

I had to edit the .conf file

nano /etc/apache2/sites-enabled/domain.com.conf

and add the following lines

ScriptAlias /cgi-bin/ /path_to_cgi_folder/cgi-bin/
<Directory "/path_to_cgi_folder/cgi-bin/">
 AllowOverride None
 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 Order allow,deny
 Allow from all
</Directory>

and then reload the apache configurations

service apache2 reload

Breaking the PageSpeed Barrier with Bootstrap

I recently had the pleasure to listen to Ilya Grigorik give a talk at Velocity in NYC on Breaking the 1000ms Mobile Barrier. During the talk, Ilya usedPageSpeed Insights to demonstrate that several high profile websites had overlooked some very simple and common optimizations and resulted in poor PageSpeed scores. For the unfamiliar, Pagespeed Insights is a web based tool created by Google that analyzes the content of a web page, then generates suggestions to make that page faster.

After Ilya’s talk ended, I started to think more about why performance always seems to be an afterthought with developers. As I pondered this thought, I kept coming back to the following question:

How hard is it to get a perfect PageSpeed Insights score?

 

How to generate a .htpasswd password with PHP?!

This worked for me.

$new_password = password_hash($old_password, PASSWORD_BCRYPT);

password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt().
Therefore, password hashes created by crypt() can be used with password_hash().

PASSWORD_BCRYPT – Use the CRYPT_BLOWFISH algorithm to create the hash.
This will produce a standard crypt() compatible hash using the “$2y$”¬†identifier. The result will always be a 60 character string, or FALSE¬†on failure. Supported Options:

http://php.net/manual/en/function.password-hash.php

Remove Apache 2.4 version signature @ Ubuntu 15.04

Forbidden

You don’t have permission to access /galleries/ on this server.

 

Ubuntu 15.04
Apache/2.4.10 (Ubuntu)

Remove Apache version signature
nano /etc/apache2/conf-enabled/security.conf

On ServerTokens uncomment the line with ServerTokens Prod or add it.
Uncomment the ServerSignature Off entry or add it.

Remove PHP version from headers

I guess that by default they are disabled, but in any case you can remove it by editing the php.ini and set expose_php to off.

sudo nano /etc/php5/apache2/php.ini

Apache – client denied by server configuration

So, on my recent DO droplet I had to install Apache (2.4.10) to run a web application for a client.

[email protected]:/home/webroot# apache2 -v
Server version: Apache/2.4.10 (Ubuntu)
Server built: Mar 9 2015 11:53:48

After configuring the subdomain/virtual host I was getting a 403 for it.
This was the error on the error.log…

[Thu Jul 16 21:00:28.919036 2015] [authz_core:error] [pid 17411] [client 84.XXX.XXX.XXX:53565] AH01630: client denied by server configuration: /home/webroot/www/public/index.php

So, this is my current snap of my domain.conf – working -.

 <Directory /home/webroot/www/public/>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride all
 #Order allow,deny
 #allow from all
 Require all granted
 </Directory>

 

GoAccess – analyzer and interactive viewer of apache or nginx logs

GoAccess is an open source real-time Apache log analyzer and interactive viewer that runs in a terminal in *nix systems. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly.

All credits go to http://www.ubuntugeek.com/goaccess-visual-apachenginx-log-analyzer.html

Continue reading GoAccess – analyzer and interactive viewer of apache or nginx logs