LAMPdocs: Linux, Apache, MySQL, PHP

If you are often working with PHP upgrades, you should do this automatically - you already know all the issues you might face. But if it’s done for the first time, it is quite hard to find your problem. I will tell you about the most common issue and about the applicable actions to fix this.

When you update your PHP installation via Directadmin build system or when you do this manually, new modules are added to httpd.cond, but the older ones are not deleted. This usually causes problems, as apache refuses to start after PHP upgrade, What do you need to do in order to tun apache again?

You need to edit your httpd.conf file (it is usually located at /etc/httpd/conf/httpd.conf). Open this file fith any editor you like and comment all strings that contain “php4″. The same directives for PHP5 are added automatically so you don’t have to worry about it. When you comment everything related to PHP4, you should save httpd.conf and try to reboot apache. If everything is OK, it should start, if not - you have to follow its logs or errors you receive at the command line window. Let me remind you that most useful way to restart apache is service httpd restart.

If you manage any script that creates files on the server, you might meet the prob;em that you cannot edit files created by this script. This is especially related to PHP scripts, that, for example, create some text files in a folder. When you try to open these files via your FTP client, you will most probably receive “Permission Denied” error when you try to save your changes.

When you run your PHP scripts, that are creating files, they almost in all cases are started by user Apache. This user has all the permissions on the created files. So we have Apache as an owner and Apache as the Group. That’s why we don’t have access to these files - we simply don’t own them.

I know two different solutions for this problem. The first one is quite intelligent - to use suphp. This is an Apache module, that allows to run php by the user that initially owns the executed file. That’s a great solution as it is done for entire server and all users’ scripts will be affected.

Another solution is not so beautiful, It’s a “patch” for scripts that are actually running. If you don’t have suphp installed or don’t want to install it for any reason, you can use root crontab to chown files created by your scripts. For example, we will recursively chown a folder where script generated files are located. Just add the following line to your root crontab:

*/10 * * * * chown user:user /folder_to_chown

This is not quite a good idea but I don’t know any other solutions at the moment.

Often when you’re using shared hosting, there are some problems with directory listing. Server administrators should avoid this as this represents a security hole. But what to do if you don’t have access to httpd conf and need to prevent directory listing? What to do if you have something like this:

A simple string in .htaccess file will save you. Here it is:

IndexIgnore *

In some cases the following string will also work:

Options -Indexes

One of these two solutions will lead you to showing 403 error to the user that tries to look what files are located in your directory. But let me repeat - this is a security hole and you should notify your system administrator about this issue. This is an emergency solution…

Today I’ll come with a small piece of code that will allow you to monitor the number af requests to Apache that are processed at the moment. This might help you to prevent server overload as you will always know what’s happening to your Apache. We’ll parse server-status page and will take the number of requests. Simple and fast< as usual.

<?

// Getting the page with server status

$sekas=file_get_contents(”http://localhost/server-status”);
// Locating the position of the number of requests displayed

$pos=strpos($sekas, “requests currently being processed”)-5;
// Creating regexp pattern for replacement
$pattern=”[^0-9]“;
// Replacing non-numeric symbols
$traseu=ereg_replace($pattern, “”, substr($sekas, $pos, 5));
echo $traseu;
?>

Hope this code will help you.

Sometimes it is necessary to disable http://ip/~username account access for any reason. Site can be unavailable or simply you don’t want users to access it in such a way. There is a simple directive in httpd.conf that will stop it. Just find the following lines and make them the same as below:

<IfModule mod_userdir.c>
#UserDir public_html
UserDir disabled
</IfModule>

Mod_userdir is active by default so you should pay attention to it if you don’t really want your site to be displayed with IP and username

This time I will tell you about the range of HTTP errors that are starting with 4. HTTP errors that start with 4 indicate there is a problem or error at the client or user agent end. Most common are:

400 Bad Request:
The request could not be understood by the server due to malformed syntax. Pay attenting to request string (usually GET)

401 Unauthorized:
The request requires user authorization (such as through htaccess) but the authorization codes sent were invalid or the user was not recognized in the system. This error is sent when the username sent is not recognized and when the username and password combination are incorrect.

403 Forbidden:
The server understood the request, but refuses to fullfill it. Often may appear when directory listing is denied.

404 Not Found:
This is the most easily recognized error message. It states that the URI requested does not exist on the server.

405 Method Not Allowed:
The method specified is not allowed for the resource requested. Check your GET and POST variables.

406 Not Acceptable:
The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.

407 Proxy Authentication Required:

This is similar to 401, but the client must first authenticate with a proxy.

408 Request Timeout:
The client did not produce a request within the time that the server was prepared to wait.

410 Gone:
The resource requested was once on this server but is no longer here and there is no redirect in place for it.

411 Length Required:
The server requires a content-length sent with the request.

414 Request-URI Too Long:
The server has a limit as to the size of a URI.

415 Unsupported Media Type:
The entity of the request is a format not supported by the requested resource.

These are most popular status codes, that I’ve seen while testing my scripts and looking at my servers. Check W3C for the complete list if you need. Wish you to see these errors more rarely!

Sometimes you need to deny directory listing on user input. For example, you don’t want your blog to be accessed at http://yoursite.com/blog, using only http://yoursite.com/blog/. This slash is added by mod_dir, that allows automatic adding of trailing slashes. A “trailing slash” redirect is issued when the server receives a request for a URL http://servername/foo/dirname where dirname is a directory. Directories require a trailing slash, so mod_dir issues a redirect to http://servername/foo/dirname/.

In order to deny directory listing for any reason, you need to add the following code:

<Location /some/path>
DirectorySlash Off
SetHandler some-handler
</Location>

Make sure to read the following warning (Taken from Apache web site )

Security Warning:

Turning off the trailing slash redirect may result in an information disclosure. Consider a situation where mod_autoindex is active (Options +Indexes) and DirectoryIndex is set to a valid resource (say, index.html) and there’s no other special handler defined for that URL. In this case a request with a trailing slash would show the index.html file. But a request without trailing slash would list the directory contents.

You can read more about this module at http://httpd.apache.org/docs/2.0/mod/mod_dir.html

On busy servers you might need to take off everything that is not used. If Apache logs are neither watched nor analyzed, you should simply turn them off. How to do it? Simply, as usual: open httpd.conf and unload

#LoadModule log_config_module modules/mod_log_config.so

by commenting this line. You should also search for various log strings that should be found below.

CookieLog
CustomLog
LogFormat
TransferLog

You should comment all of them to turn logging feature off. If everything is OK, Apache restart will produce no errors. Else you will face Syntax Error, that would mean you have forgotten to comment some strings related to logging. Do it and have fun!

It is not recommended to turn logging feature off, but sometimes it allows to save RAM and server time in order to load pages faster. Hope this helps you to save time searching for Logrotate, etc

Sometimes you need to have a look at Apache status, especially, if your server serves many users and if often busy. You should monitor you server’s CPU load, and view other Apache performance information.

There is a simple solution in httpd.conf, that allows you to do this directly from your browser. All you need is just to add some lines to your configuration file. First of all, you should have the following sting, that makes this possible:
LoadModule status_module modules/mod_status.so

Usually at the bottom of the httpd.conf you can find some lines about server status. Let’s take the comments off.
ExtendedStatus On

This will show you more information, it’s what you exactly need. You don’t have to make this information public, but it will be very informative and useful for you. Then go down and add these lines:
<Location /server-status>
SetHandler server-status
</Location>

This URL will be relative to your Servername, so make sure you have set it up. You also should protect this location  just as shown in the sample httpd.conf:

#    Order deny,allow
#    Deny from all
#    Allow from .example.com

Just add your own limits and have fun! Apache visualization is done!

If your server does not have any kind of graphic interface (Directadmin, Cpanel, etc…), you’ll have to create Apache Virtualhosts manually. You will need a working Virtualhost template for this. Using Apache example will guide you to problems with .htaccess files, therefore it will work too. I will show you a working example for Apache 2. Here it is:

<VirtualHost localhost.com:80>

ServerName www.localhost.com
ServerAlias www.localhost.com localhost.com
ServerAdmin webmaster@localhost.com
DocumentRoot /var/www/html/localhost.com/
UseCanonicalName OFF

<Directory /var/www/html/localhost.com>

Options +Includes -Indexes
Allowoverride All

</Directory>

</VirtualHost>

In this sample your user files are located at /var/www/html/localhost.com. It will also deny directory listing (make sure to take a look at DirectoryIndex directive and add all the necessary index types in httpd.conf). Have fun as everything you need is to change localhost.com to your domain name.