Tag Archives: apache

google pagespeed – centos installation


Let’s edit/create google-mod-pagespeed.repo

vi /etc/yum.repos.d/google-mod-pagespeed.repo

and add

Let’s install it with yum!
yum install mod-pagespeed
Then we need to restart apache!
service httpd restart


This is how we test it…

curl -D- http://localhost/ | head -10


[root@sd-hooray webroot]# curl -D- http://localhost/ | head -10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4328 100 4328 0 0 27929 0 –:–:– –:–:– –:–:– 28103
HTTP/1.1 200 OK
Date: Wed, 12 Sep 2018 15:52:41 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.6.38
X-Powered-By: PHP/5.6.38
Vary: Accept-Encoding
Cache-Control: max-age=0, no-cache, s-maxage=10
Content-Length: 4328
Content-Type: text/html; charset=iso-8859-1



letsencrypt – Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

letsencrypt topic about this issue: https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983/2

This is due to a security incident with LetsEncrypt

Incident Status Security Issue
Components acme-v01.api.letsencrypt.org (Production), acme-staging.api.letsencrypt.org (Staging), acme-staging-v02.api.letsencrypt.org (Staging)
Locations High Assurance Datacenter 1, High Assurance Datacenter 2

letsencrypt renew – 404 – Detail: Invalid response


letsencrypt renew output

Domain: www.domain.com
Type: unauthorized
Detail: Invalid response from

nginx error log

66.133.XXX.XXX - - [11/Feb/2017:09:33:20 +0100] "GET /.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6 HTTP/1.1" 404 247 "http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

“Somehow” my domain root has changed.
I had to take a look at /etc/letsencrypt/renewal/domain.com.conf and fix some paths… 🙂


Enabling cgi-bin on apache

I had to enable CGI on this new recent server

sudo a2enmod cgi
sudo service apache2 restart

But I was getting a error script not found or unable to stat

[Mon Nov 30 18:00:32.380748 2015] [cgi:error] [pid 18799] [client 84.91.XXX.XXX:62545] script not found or unable to stat: /usr/lib/cgi-bin/HiPGZ23est4

I had to edit the .conf file

nano /etc/apache2/sites-enabled/domain.com.conf

and add the following lines

ScriptAlias /cgi-bin/ /path_to_cgi_folder/cgi-bin/
<Directory "/path_to_cgi_folder/cgi-bin/">
 AllowOverride None
 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 Order allow,deny
 Allow from all

and then reload the apache configurations

service apache2 reload

Breaking the PageSpeed Barrier with Bootstrap

I recently had the pleasure to listen to Ilya Grigorik give a talk at Velocity in NYC on Breaking the 1000ms Mobile Barrier. During the talk, Ilya usedPageSpeed Insights to demonstrate that several high profile websites had overlooked some very simple and common optimizations and resulted in poor PageSpeed scores. For the unfamiliar, Pagespeed Insights is a web based tool created by Google that analyzes the content of a web page, then generates suggestions to make that page faster.

After Ilya’s talk ended, I started to think more about why performance always seems to be an afterthought with developers. As I pondered this thought, I kept coming back to the following question:

How hard is it to get a perfect PageSpeed Insights score?


How to generate a .htpasswd password with PHP?!

This worked for me.

$new_password = password_hash($old_password, PASSWORD_BCRYPT);

password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt().
Therefore, password hashes created by crypt() can be used with password_hash().

PASSWORD_BCRYPT – Use the CRYPT_BLOWFISH algorithm to create the hash.
This will produce a standard crypt() compatible hash using the “$2y$” identifier. The result will always be a 60 character string, or FALSE on failure. Supported Options:


Remove Apache 2.4 version signature @ Ubuntu 15.04


You don’t have permission to access /galleries/ on this server.


Ubuntu 15.04
Apache/2.4.10 (Ubuntu)

Remove Apache version signature
nano /etc/apache2/conf-enabled/security.conf

On ServerTokens uncomment the line with ServerTokens Prod or add it.
Uncomment the ServerSignature Off entry or add it.

Remove PHP version from headers

I guess that by default they are disabled, but in any case you can remove it by editing the php.ini and set expose_php to off.

sudo nano /etc/php5/apache2/php.ini

Apache – client denied by server configuration

So, on my recent DO droplet I had to install Apache (2.4.10) to run a web application for a client.

root@digitalwhores:/home/webroot# apache2 -v
Server version: Apache/2.4.10 (Ubuntu)
Server built: Mar 9 2015 11:53:48

After configuring the subdomain/virtual host I was getting a 403 for it.
This was the error on the error.log…

[Thu Jul 16 21:00:28.919036 2015] [authz_core:error] [pid 17411] [client 84.XXX.XXX.XXX:53565] AH01630: client denied by server configuration: /home/webroot/www/public/index.php

So, this is my current snap of my domain.conf – working -.

 <Directory /home/webroot/www/public/>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride all
 #Order allow,deny
 #allow from all
 Require all granted