Apache Invalid command AuthGroupFile

On Plesk server, i get following error on error_log for a site

This is because authz_groupfile apache module was not loaded. To load this, run

To verify the module is loaded, run

Apache Limit access to a url

I want to limit access to admin login url of a web application to specified IP address.

The web site had admin login in following URL

https://domain.com/login

To limit IP address, i edited Apache VirtualHost configuration for this web site, added

Restart apache

Or

Now only IP listed on the Allow from directive are allowed to access the /login URL.

NOTE: this won’t work in .htaccess file. You need to add it in Apache VirtualHost.

wordpress

Ubuntu Apache Setup for WordPress

On a Fresh Ubuntu 18.04 server, run following commands to setup Apache, PHP and MySQL needed for WordPress installation.

You can go to each file and manually run the commands if you want to see what commands are executed.

At this stage, you have LAMP server setup and ready to go.

To get your domain work with Apache, first you need to point your domain to server IP. This can be done by editing DNS records with your domain registrar or DNS provider.

In commands below, replace

DOMAIN.COM = replace with your actual domain name
USERNAME = you can use any username you wnat, first 8 chars of domain name for example

Create SFTP User

Set a password for the user. This will be used to login to SFTP

You will be asked to enter password 2 times.

Configure Apache

First lets make Apache run as the user, this will make WordPress upgrade easier.

Create Apache VirtualHost entry

Add

To activate the web site, run

Create document root and set permission

Restart Apache

Create MySQL Database

Login to mysql, on ubuntu, as user root, run

Now you will be in MySQL command promt, run following 2 commands to create a Database and User.

Replace MYSQL_PASSWORD with your own MySQL password. DB_NAME with name of database you need. DB_USER with username for the db.

You will need these when installing WordPress.

Installing LetsEncrypt

First install letsEncrypt with

To get SSL for your domain, run

Replace [email protected] with your actual email address.

Installing WordPress

You can now SFTP/SSH into the server. Upload WordPress into html folder. Make sure you use the newly created USER to do this, if you do it as user root, you will get permission error. Visit the web site, you wil get WordPress install wizzard. Just fill the form to do the install. You will need to enter MySQL login details you created before.

Install WordPress using SSH

First login with SSH user you created with command

You will be asked to enter password. Enter password you created before.

Download wordpress

Extract wordpress files with

This will create a folder “wordpress” with the files.

To make the site live, we need to replace folder html with this new wordpress folder

Now you can go to the site, you will see wordpress install screen.

Cpanel ReverseProxy Traffic to Docker Container

On a cpanel server, i need to run a web application using docker container.

Application running side docker container listening on port 8000 on localhost.

For a web site to serve traffic from this docker container, we can use Apache mod_proxy, this is enabled by default on cpanel servers.

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

You can verify it at

Apache mod_proxy

For the site, you need to create reverse proxy, create a folder.

NOTE: Replace CPANEL_USER and DOMAIN with your actual cpanel user name and domain name. You can find/verify this path by looking virtual host entry for your domain name in /etc/apache2/conf/httpd.conf file. By default this “Include” line will be commented. Once you put a file and rebuildhttpdconf, this line get uncommented.

Now create a file

Add following.

Now rebuild Apache config.

Now if you check Apache config file (/etc/apache2/conf/httpd.conf), you will see included in Apache virtual host entry.

Restart Apache

Now if you visit the site, you will see the web application running on http://localhost:8000/

See Reverse proxy, Cpanel Server, Apache

Disable PHP on a folder

A web site had vlunerability, all allowed hacker to upload backdoor script to “uploads” folder used by the script.

As a quick fix, i disabled PHP execution from “uploads” folder. Doing this for any site is a good dea when if your site is not vlunerable at the moment.

Method 1

To disable PHP execution, create a file with name .htaccess

Add

Method 2

In .htacess, add

See htaccess

Limit Access Using htaccess

To limit access to a folder using .htaccess, create .htacess file with following content.

YOUR_IP_HERE = Replace it with your actual IP.

You can white list IP range by entering CIDR notation for the IP range.

Here is .htacess i use on one of my web sites admin folder.

If your server is behind a reverse proxy server, you may need to use

Show X-Forwarded-For IP in Apache

When apache is running behing proxy server it shows IP of proxy server as visitor IP. To fix this, you need to enable Apache module remoteip.

https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

On Ubuntu/Debian, this can be enabled with command

Now create file

Add

IP_OF_YOUR_PROXY_SERVER_HERE = repace with your proxy server. This can be any proxy server like haproxy, nginx, etc..

Enable config with

To get Apache Logs show real Visitor IP, replace %h with %a in LogFormat.

On Ubuntu

Find

Replace with

Restart Apache with

Now apache/php will show proper visitor IP instead of proxy server IP.

Run .htm files as PHP in Apache

On Ubuntu, to execute .htm files as PHP, create file

Add following content

This is similar code from your PHP configuration. In this case, it is from /etc/apache2/mods-available/php5.6.conf

Now restart apache

Apache | PHP