Depends on the Apache version, what version do you have 2.2 or 2.4?

@Pete-S said in Apache installation - file owner & permissions?:

I was wondering what permission and owner should files like html, php etc have?

Normally you just do...

chown www-data:www-data -R /var/www/html

@JaredBusch said in httpd dead but pid file exists:

In fact, I would rename anything in conf.d first, and restart.

You could do something like this...

mv conf.d conf.d.orig
mkdir conf.d

That way you have an empty folder, but can replace it with the old one in a snap all at once.

Thanks btw @coliver. Appreciate the help.

@IRJ said in Massive speed increase when switching WordPress from apache to nginx:

I really wanted to do everything server side and be as lean as possible. I wanted zero plugins related to performance on my WP site.

Lean WP, that's an oxymoron if anything 🙂

I've heard before that some sites are slower with cloudflare CDN compared to going straight to the site. Are you using http/2 as well?

Most likely in this case, the switch to nginx from apache itself didn't make anything noticeably faster but the caching and compression did.

We got it. Had to open the Nginx logs and noticed too many "posts" in the error log. Dug in and it was three ranges overseas all hitting with a "post timeout attack." It was a light DDoS where sessions were being opened and held causing nginx to wait on a timeout. This caused Apache to just increment forever. Once we blocked those ranges, the Apache thread count started to drop for the first time, and memory started to release. And the continuous flood of nginx error logs ceased.

If you are looking at nginx error logs, this is what you look for: upstream timed out (110: Connection timed out) while reading response header from upstream, client:

You can use this command to collect the offending IP addresses:

grep "upstream timed out" error.log | cut -d' ' -f20

Then use your firewall to shut them down. We are all good now! Woot.

Well let's talk about fedora and updating killing a laptop lol....

Worth noting that the issue comes back when you upgrade to Fedora 31 as well. Same fix still applies.

FLAMP >

@JaredBusch said in WordPress admin page redirecting to IP:

Is the site URL correct in the settings

Been there many times :angry_face:

@scottalanmiller said in NGINX vs Apache:

@wrx7m said in NGINX vs Apache:

Does Apache have a paid version? I know that nginx reverse proxy is free, but the web server (at least used to be) a paid product.

Apache is totally free. Nginx is free for all normal purposes, it is advanced features that I've never even thought of wanting that are paid.

Ahh. Ok. I misconstrued those features as being the entire product.

@dafyre said in Fedora 29 Apache HTTPD Keeps Adding ssl.conf:

Have you tried creating a blank ssl.conf file and then chmod +i ssl.conf ?

I've not, but that's such a hockie way of doing it, I was hoping not to.

@coliver said in CentOS7 Server Apache Disable old TLS for higher versions:

@jaredbusch said in CentOS7 Server Apache Disable old TLS for higher versions:

@coliver said in CentOS7 Server Apache Disable old TLS for higher versions:

@DustinB3403 I really like this site for information on securing various web servers.

https://cipherli.st/

I just implemented their Nginx setting but getting back that TLSv1 was accepted?

https://www.ssllabs.com/ssltest/analyze.html?d=naggaroth.daerma.com

First line should read TLS1.2 if you don't have a version of Nginx that supports 1.3.

Correct. That is the only change I made to their config. I even reran dhparam

@scottalanmiller Yeah both of my webservers use mariadb for example

@jaredbusch said in Fedora Update Breaks httpd:

So, if you followed the original instructions, you can use this to fix it.

sed -i "s/access\.log/httpd\/access_log/" /etc/httpd/conf.d/bookstack.conf

Then start apache.

systemctl start httpd

As always, thanks @JaredBusch that fixed it for me as well.

@jaredbusch said in Apache Struts - Critical Security Flaw:

Was the Eqifax breech because of the march strus flaw or a more recent one?

Just making sure the actual facts are known.

The one from March.

@zachary715 said in Certbot Apache plugin broken in Fedora 26:

@scottalanmiller said in Certbot Apache plugin broken in Fedora 26:

I ran into this issue, forgot about this thread, went through LetsEncrypt's threads and their solution for this problem led me... here! Very nice.

Just did the exact same thing. Let'sEncrypt forum had the link which led me here right about the time @JaredBusch was responding in my other thread.

It has been posted on here more than one time. I should probably find one of those posts and make @scottalanmiller tag it appropriately.

Edit: Or too slow..