by ·0 Comments

After an update to Apache 2.4, my Chiliproject (served by Phusion Passenger) instance did not run anymore. The problem was twofold:

Firstly, I used passenger 3.0.19, which is not compatible with Apache 2.4:

apache2: Syntax error on line 140 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/passenger.load: Cannot load /home/roland/.rvm/gems/ruby-1.9.3-p392/gems/passenger-3.0.19/ext/apache2/mod_passenger.so into server: /home/roland/.rvm/gems/ruby-1.9.3-p392/gems/passenger-3.0.19/ext/apache2/mod_passenger.so: undefined symbol: unixd_config

This happens because Apache 2.4 has changed the symbol unixd_config to ap_unixd_config. The issue can quickly be solved by installing a more recent version of passenger:

gem install passenger –version 4.0.20

Afterwards, we need to cd to ~/.rvm/gems/ruby-1.9.3-p392/gems/passenger-4.0.20  and execute:

and follow the instructions. You may consider to specify a user and group under which Passenger will run. This is useful, if you have an rvm in your home directory. In my case these lines look like:

After this, Apache starts again without problems (sudo service apache2 restart), but instead of the web application we see the raw directory contents. This is because the access control mechanism blocks an execution of Passenger.
Open up the sites configuration (default: /etc/apache2/sites-available/www.conf) and add the following line to the <Directory> section that applies to your Chiliproject:

Afterwards, restart Apache once more.

References

  • [1] New API for Apache 2.4

by ·0 Comments

Simple-to-configure and -use access control is a very versatile feature of the Apache webserver. This article summarizes the basic steps for securing your website with such a login facility. Access control is enabled in the .htaccess file contained in the topmost folder to which it shall be applied (typically the root of your site). All directory levels below this will inherit the settings from this file (as explained here). Add the following lines to your .htaccess file:

In order to test your access control settings, create an index.html in your site’s root directory:

In the same directory, create an .htpasswd file with initial user horst:

You may add more users as follows:

Each line of .htpasswd contains a user name, followed by his/her MD5-encrypted password. If you see the passwords in plain text, delete .htpasswd and re-issue all of the above commands with option -m.

A number of online tools for generating .htpasswd and the directives in .htaccess exit, such as that on dynamicdrive.com.

Links

  • [1] htaccess documentation
  • [2] Online htaccess and htpasswd generator (one in a “million”)

by ·0 Comments

Currently (July 2013) 1 &1 uses PHP version 4.4.9 as default PHP version on its shared hosted servers as can be tested with php -v. Many content management systems like Joomla or Drupal need more advanced PHP versions. In order for those platforms to run/install, add this to your .htaccess:

These directives tell the webserver to use the newer PHP version – php6 -v yields 5.4.17 – for processing php files.

by ·0 Comments

The Apache Webserver is normally clever enough to tell which PHP/HTML/… file to use as the landing page of an URL. For instance, if you type http://blog.roland-kluge.de in your URL bar, the Webserver knows that you actually want to see http://blog.roland-kluge.de/index.php. Default files to redirect to are index.html, index.php and some more. However, sometimes the webserver may be hindered from finding the correct redirect and produces an appropriate HTML error code.

You may tell Apache which file to redirect to with the following directive in the web site’s root .htaccess:

You may even specify multiple sites which will be probed in the given sequence:

Links

  • [1] mod_dir reference providing the DirectoryIndex directive