If you are getting errors like “DH key too small” you can avoid using DH ciphersuites on apache.
You can obtain that using Perfect forward secrecy, or disabling all DH ciphersuites like this:
You may need to convert URI levels to query string parameters, for example if want to be RESTful compliant with PHP.
Try this one:
RewriteEngine on RewriteRule ^/(\w+)/(\w+)$ /path_of_index.php?lev1=$1&lev2=$2 [QSA,L]
In this case the first URI level will be converted to a query string parameter called lev1, while the second will be converted to a query string parameter called lev2, each one with the respective values.
For example, the uri /user/list will be passed to index.php and will become index.php?lev1=user&lev2=list
An eventual query string will be passed, eventually overriding lev1 and lev2 parameters.
If you need to check which SSL/TLS protocol version is implemented by your webserver, you can issue the following command:
dino@dam2knb:~$ echo | openssl s_client -connect 10.38.46.137:8443 2>&1 | grep Protocol
Protocol : TLSv1.2
If you check your squid forward (transparent or not) proxy log files you may found errors like those:
WARNING: All url_rewriter processes are busy.
WARNING: up to 6 pending requests queued
This is true if you use the directive “url_rewrite_program”, for example with SquidGuard.
In this case, squid tells you that it cannot spawn more helper processes to externally scan your requests in parallel, so it’s queuing your requests.
This is not a great problem, but you may be annoyed to see this stuff in your log files, or there are cases in which the default may be too low!
You may raise this limit with the parameter called url_rewrite_children.
To solve, add something like this to your squid.conf configuration file, and restart squid:
If you want to create name based virtualhosts in apache with SSL Certificates, you need openssl with SNI and TLS support (0.9.8f or better) and good apache 2.2.X version.
It’s a simple task, after you’ve read this official article: https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
This is a very quick guide to get your feet wet with PHP 5.3 + PHP-FPM fastcgi support and apache webserver.
The PHP-FPM is basically a fastcgi compliant pool of PHP processes spawned on the system, ready to quickly accept connections, for example via TCP. It’s generally used to greatly improove PHP scalability, security and performance.
Start by installing apache, no matter if it’s a binary installation or if it’s compiled from source code (I assume this step is already done).
Once you have a valid apache installation, you need to compile the mod_fastcgi module.
NOTE: don’t use mod_fcgid or any other fastcgi provider but mod_fastcgi: it’s proved to be stable and to work well with PHP-FPM.
To install mod_fastcgi you have to:
Now, compile PHP with the fpm support, or install a already compiled PHP binary package.
Here I’ll cover how to compile it from source.
Start by downloading the latest php 5.3 version from http://www.php.net/downloads.php
When you have done, untar the PHP source package and enter into the extracted php-5.3.x directory.
Now create a file called conf.sh and put this stuff inside it:
–enable-xmlreader=shared –enable-xmlwriter=shared \
Your mileage may vary here, so please double check row by row if you need to modify something. The FPM part are the last 3 lines.
NOTE: you cannot compile PHP as FPM and SAPI at the same time.
Now, make the file executable with: chmod 755 conf.sh
and run the executable with: ./conf.sh
Wait that the configure script is done. If no errors are encountered you can proceed with make and make install as usual.
Remember to create the php.ini configuration file if you need it.
You should now end up with a fresh PHP installation into /usr/local/php53 (or any other path you given to the prefix configure attribute).
Ok, now it’s time to configure the php-fpm (change /usr/local/php53 with your path if it’s different):
cp php-fpm.conf.default php-fpm.conf
You generally don’t need to modify anything here, but if you want you can touch something.
Now start the php-fpm process pool by running this command by the root user: /usr/local/php53/sbin/php-fpm
If anything gone ok you should have some process up and running, something like this:
25976 ? Ss 0:00 php-fpm: master process (/usr/local/php53/etc/php-fpm.conf)
4945 ? S 0:00 \_ php-fpm: pool www
4946 ? S 0:00 \_ php-fpm: pool www
4947 ? S 0:00 \_ php-fpm: pool www
If you didn’t modify the php-fpm.conf, the process pool listen for fastcgi requests to TCP 127.0.0.1:9000.
It’s time to configure a apache virtualhost with PHP support using this brand new fpm.
Edit the httpd.conf apache configuration file (or another included file where you store the virtualhost) and append this stuff (I assume that apache is installed into /opt/apache2):
CustomLog “logs/your_servername-access_log” common
FastCgiExternalServer /opt/apache2/htdocs/php5.sock -host 127.0.0.1:9000
AddHandler php5-fcgi .php
Action php5-fcgi /tmp/php5.sock
Alias /tmp /opt/apache2/htdocs
Allow from all
Any file whose name ends for “.php” into your document root should now be associated to the PHP fastcgi handler and the requests should be routed to the php-fpm process pool. Each php-fpm process is reused according to the php-fpm.conf configuration file.
Restart apache and enjoy (any comment are welcome).