Apache

     

    How-To Guides

    Htaccess configuration

    PageSpeed module

     

     

    Quick reference card

      Cloud Servers Virtual Machines Native Installers
    Server document root /opt/bitnami/apache2/htdocs /opt/bitnami/apache2/htdocs install_dir/apache2/htdocs
    Directory for Web applications /opt/bitnami/apps/* /opt/bitnami/apps/* install_dir/apps/*
    Configuration file(s) /opt/bitnami/apache2/conf/* /opt/bitnami/apache2/conf/* install_dir/apache2/conf/*
    Log file(s) /opt/bitnami/apache2/logs/* /opt/bitnami/apache2/logs/* install_dir/apache2/logs/*
    Default port 80 80 80 (Windows)
    8080 (Linux and Mac OS X)
    System user account daemon daemon daemon
    Service control sudo /opt/bitnami/ctlscript.sh start|stop|restart apache sudo /opt/bitnami/ctlscript.sh start|stop|restart apache install_dir/ctlscript.sh start|stop|restart apache

    How to start/stop the Apache server?

    Graphical tool

    The native installers include a graphical tool to manage the servers easily. You can find the "manager-windows.exe", "manager-osx" or "manager-linux" tool in your installation directory. Using this tool, you can Start, Stop or Restart the servers and check the log files. You can click on the icon to start it.

    manager-servers.png

     

    manager-osx.png

     

     

     

     

     

     

     

     

     


    win_platform.png

    On Windows: You can also start the Manager tool from shortcuts: Start -> Program Files -> Bitnami Stack -> Manager tool

    Command line tool

    If you prefer, you can use the "ctlscript.sh" utility from the command line. This script is in the installation directory.

    linux_platform.png

    On Virtual Machines and Cloud images:

    $ sudo /opt/bitnami/ctlscript.sh start

    A native installer on Linux:

    $ cd ~/application-version
    $ ./ctlscript.sh start
    

    mac_platform.png

     

    On OS X: You can start the Manager tool from the installation directory or you can use the "ctlscript.sh" utility from a Terminal.

    host:~ user$ cd /Applications/application-version
    host:~ user$ ./ctlscript.sh start

    How to change the server startup type on Windows?

    win_platform.png

    By default, all Bitnami installers are configured to start required services automatically. If you wish to change this and start services manually, you will have to use the Microsoft Windows Services tool.

    Follow these steps:

    • Click "Start -> Run" or press Win+R to bring up the "Run" dialog box.
    • Type "services.msc" and click "OK".
    • In the resulting list of services, find the service which you wish to modify. Right-click the service name and select the "Properties" sub-menu.

      service-3.png

    • In the "Startup type" field, choose the value you prefer. For example, to configure a service so that it does not start automatically but must be manually started every time, select "Manual".

    service-4.png

    • If the service is currently running and you wish to terminate it immediately, click the "Stop" button in the "Service status" section. Or, if the service is currently stopped and you wish to start it, click the "Start" button.
    • Click "OK" to save your changes.

    The changes will come into effect after the system is restarted.

    Why I can't start the Apache server?

    Check the apache error file

    Check the apache error file for information about why the error ocurred. 

    You can find that file in installdir/apache2/logs/error_log on Unix platforms and in  installdir/apache2/logs/error.log on Windows.

    installdir is you installation directory. On Cloud Images and Virtual Machines it is /opt/bitnami.

    Check if another process is listening to that port

    If another process is using that address you'll get:

    (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:port_number
    no listening sockets available, shutting down

    To see which process is already using that port you can run the following from a command prompt:

    On Linux:

    sudo netstat -ltnp | grep :port_number
    

    In the last column you'll see: pid / process_name

    You can use later:

    ps aux | grep process_name
     
    look for pid in the second column and you'll get more info about that process.

    On  OSX:

    sudo netstat -ltnp TCP | grep :port_number
    

    On Windows:

    netstat -b -a -n
     
    In case that other process is using that port you should use another port or stop the that process.
     
    Check permissions and ownership

    Check if you have permissions to bind Apache to the requested port. To bind apache to privileged ports you have to start Apache as root.

    If you don't have permissions to bind Apache to some port you'll see the next error:

    (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:port_number
    no listening sockets available, shutting down

    If Apache is unable to open the configuration or the log file check that the owner of those files is the same user that installed Apache and have write permissions on logs and read permissions on conf file. In that case you will see some of this errors:

    (13)Permission denied: AH00649: could not open transfer log file installdir/apache2/logs/access_log. 
    AH00015: Unable to open logs
    (13)Permission denied: AH00091: httpd: could not open error log file installdir/apache2/logs/error_log.
    AH00015: Unable to open logs
    
    httpd: Could not open configuration file installdir/apache2/conf/httpd.conf: Permission denied
    apache config test fails, aborting

    How to configure the Apache server?

    The main Apache configuration file is called httpd.conf and it is located at:

    BitNami Installers

    /installdir/apache2/conf/httpd.conf

    BitNami Cloud Hosting and Virtual Machines

    Ubuntu: /opt/bitnami/apache2/conf/httpd.conf

    Amazon Linux / Red Hat Enterprise:  /etc/httpd/conf/httpd.conf

    In recent versions of BitNami apps  the bitnami.conf file defines which configuration for each application should be loaded by the Apache server. This file is located in/installdir/apache2/conf/bitnami/bitnami.conf. Note that for Virtual Machines and Cloud Images installdir is /opt/bitnami.

    By default the BitNami applications are accessible in http://YOUR_IP/appname. The list of applications to load with this configuration is included in /installdir/apache2/conf/bitnami/bitnami-apps-prefix.conf.

    Those applications that need to be served in a different virtual host, should be included in the /installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file.

    Which is my Apache version?

    You can check it in the installer changelog. If you are using Bitnami Cloud Hosting, you can check your Base Image revision and look at this table to check the Apache Version.

    Finally you can also check it using the apachectl command. Remember that you need to execute it inside the Bitnami console

    apachectl -V
    

    How to configure your web application?

    Recent versions of Bitnami apps ship three configuration files in the "/installdir/apps/myapp/conf/" folder: httpd-app.conf, httpd-prefix.conf and httpd-vhosts.conf.

    - httpd-app.conf. This is the main configuration file for the application. It could be different depending on the application:

    <Directory "/installdir/apps/myapp/htdocs">
        Options +MultiViews
        AllowOverride None
        <IfVersion < 2.3 >
        Order allow,deny
        Allow from all
        </IfVersion>
        <IfVersion >= 2.3>
        Require all granted
        </IfVersion>
    </Directory>
    
    Include /installdir/apps/myapp/conf/htaccess.conf
    

    For security and performance reasons, it is advisable to not set "AllowOverride All" to anything other than "None". You can check the Apache note about this. BitNami applications have moved the configuration into the application ".htaccess" files to the "/installdir/apps/myapp/conf/htaccess.conf" file. You can find more info here.

    - httpd-prefix.conf. This file ships the default configuration for the applications in "prefix" mode (http://example.com/myapp).

    Alias /myapp/ "/installdir/apps/myapp/htdocs/"
    Alias /myapp "/installdir/apps/myapp/htdocs"
    
    Include "/installdir/apps/myapp/conf/httpd-app.conf"
    

    - httpd-vhosts.conf. This file contains the default configuration for virtual host (http://myapp.example.com) .

    <VirtualHost *:8080>
      ServerName myapp.example.com
      DocumentRoot "/installdir/apps/myapp/htdocs"
      Include "/installdir/apps/myapp/conf/httpd-app.conf"
    </VirtualHost>
    
    <VirtualHost *:8444>
      ServerName myapp.example.com
      DocumentRoot "/installdir/apps/myapp/htdocs"
      SSLEngine on
      SSLCertificateFile "/installdir/apps/myapp/conf/certs/server.crt"
      SSLCertificateKeyFile "/installdir/apps/myapp/conf/certs/server.key"
      Include "/installdir/apps/myapp/conf/httpd-app.conf"
    </VirtualHost>
    

    It is possible to configure your application to use Virtual Host instead of running in "/myapp" URL. The basic change is the following:

    Delete the following line in the /installdir/apache2/conf/bitnami/bitnami-apps-prefix.conf file:

    Include "/installdir/apps/myapp/conf/httpd-prefix.conf"
    

    And add a new link in the /installdir/apache2/conf/bitnami/bitnami-apps-vhosts.conf file:

    Include "/installdir/apps/myapp/conf/httpd-vhosts.conf"
    

    Some applications require changes in configuration files or in the database. Please check the exact changes in the Application itself page.

    Please note that after modifying the Apache configuration files, you will need to restart  Apache to apply the changes.

    How to redirect www.myapp.example.com (or other domains) to my server?

    It is also possible that you want to add a "ServerAlias" in the VirtualHost configuration. You can add the following in the httpd-vhosts.conf file for your application. This option allows you to add alternate names for a host used when matching requests. For example www.myapp.example.com, myapp.example.org or myapp.example.uk.com. Note that you need to add this in all the

    <VirtualHost *:80>
    ServerName app.example.com
    ServerAlias www.app.example.com app.example.org www.app.example.uk.org
    ...
    
    <VirtualHost *:443>
    ServerName app.example.com
    ServerAlias www.app.example.com app.example.org www.app.example.uk.org
    

    Please note that after modifying the Apache configuration files, you will need to restart  Apache to apply the changes.

    How to redirect www.myapp.example.com to myapp.example.com?

    This redirection is a SEO good practice. You can add the following in the httpd-vhosts.conf file for you application

    <VirtualHost *:80>
    ServerName app.example.com
    ServerAlias www.app.example.com
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ http://%1$1 [R=permanent,L]
    ...
    
    <VirtualHost *:443>
    ServerName app.example.com
    ServerAlias www.app.example.com
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ https://%1$1 [R=permanent,L]
    ...
    

    Please note that after modifying the Apache configuration files, you will need to restart  Apache to apply the changes.

    How to redirect myapp.example.com to www.myapp.example.com?

    You can add the following code in the httpd-vhosts.conf file for your application "/opt/bitnami/apps/your_app/conf/httpd-vhosts.conf". If you want to apply this redirection by default for all applications installed, you can add it in the default VirtualHost in the "/opt/bitnami/apache2/conf/bitnami.conf" file.

    <VirtualHost *:80>
      ServerName app.example.com
      ServerAlias www.app.example.com
      RewriteEngine On
      RewriteCond %{HTTP_HOST} !^www\. [NC]
      RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
     ...
     
    <VirtualHost *:443>
      ServerName app.example.com
      ServerAlias www.app.example.com
      RewriteEngine On
      RewriteCond %{HTTP_HOST} !^www\. [NC]
      RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
     ...
     
    Please note that after modifying the Apache configuration files, you will need to restart  Apache to apply the changes.
    How to access to my application from only one domain?

    The default Bitnami server configuration allows you to access to the server from different methods: using the Amazon EC2 or Azure domain name (f.e. ec2-xx-yy-zz.amazonaws.com or xxxx.cloudapp.net), using the IP address directly or using the Bitnami Cloud Hosting domain (f.e. xxxx.bitnamiapp.com).

    If you want to redirect all these domains to your own domain, you can configure Apache server to redirect all these requests to the same domain.

    You can add the following configuration into the /opt/bitnami/apache2/conf/bitnami/bitnami.conf file. Note that you have to replace "example.com" with your own domain.

    <VirtualHost _default_:80>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^example.com$
    RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
    RewriteRule ^(.*)$ http://example.com$1 [R=permanent,L]
    ...
    
    <VirtualHost _default_:443>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^example.com$
    RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
    RewriteRule ^(.*)$ https://example.com$1 [R=permanent,L]
    ...
    

    Then restart the Apache server.

    How to force HTTPS redirection for my application?
    If you want to force redirection for all the requests in your whole server (all your applications) check our documentation for the Apache component.

    Add the following in the httpd-vhosts.conf (your_installation_directory/apps/your_application/conf/httpd-vhosts.conf) file inside the first <VirtualHost> directive (in the example below using port 80):

    <VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
    ...
    </VirtualHost>
    <VirtualHost *:443>
    ...
    </VirtualHost>
    

    Please note that after modifying the Apache configuration files, you will need to restart  Apache to apply the changes.

    How to change the apache port?

    With the default configuration, Apache will wait for requests in the port 8080. You can change that by editing the httpd.conf file and modifiying the value specified in the Port directive. On Linux and OS X platforms you should install the Stack as root user to select a port number under 1024.

    Listen 8080
    

    Then it is necessary to restart the Apache server.

    How to publish my web page?

    If you already have a web page and you want to serve its content with Apache, you can do so simply by copying your files to the default document root directory: /installdir/apache2/htdocs/.

    How to create a password to protect access to apache?

    To request a username and a password when accessing your application, follow these steps:

    linux_platform.png

    mac_platform.png

    On Linux and OS X: Open the console that you can find in the installation directory and type the following.

     

    $ cd your_installation_directory
    $ apache2/bin/htpasswd -cb apache2/yourapplicationname_users username password
    

    win_platform.png On Windows: Open a console from the Start Menu shortcuts and type the following commands:

     

    > cd your_installation_directory
    > apache2\bin\htpasswd -cb apache2\yourapplicationname_users username password
    


    Then it is necessary to add the following in the Apache configuration file. BitNami applications have their own configuration file that you can find at "installdir/apps/app_name/conf/httpd-app.conf". Don't forget to comment the "Require all granted" line.

    <Directory "/installdir/apps/my_application/htdocs">
    ...
      AuthType Basic
      AuthName MyAuthName
      AuthUserFile "/installdir/apache2/yourapplicationname_users"
      Require valid-user
    ...  
    
    <IfVersion >= 2.3>
    # Require all granted
    </IfVersion>
    ...
    </Directory>
    

     

     

    Restart the Apache server:

    $ sudo /installdir/ctlscript.sh restart apache
    
     
    If you want to change the password, run the htpasswd utility without the -c switch. Like this:
    $ sudo /installdir/apache2/bin/htpasswd /installdir/apache2/yourapplicationname_users username
    

    How to enable HTTPS support with SSL certificates

    NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

    Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

    Once you obtain the certificate and certificate key files, you will need to update your server to use them. To understand the process, first choose your environment from the options below.

    Bitnami Hosting

    Choose which of the two scenarios more closely matches your intended use.

    SCENARIO 1. You have configured your application in the Bitnami Cloud Hosting dashboard such that it is hosted at the root of your custom domain name eg. a Wordpress blog hosted at https://my-domain.com/.

    SCENARIO 2. You have configured your application in the Bitnami Cloud Hosting dashboard such that it is hosted at a sub-path of your custom domain name (also called "prefix mode") eg. a WordPress blog hosted at https://my-domain.com/wordpress

    IMPORTANT: In both scenarios, the application itself is always located in the /opt/bitnami/apps/[app] directory of the server. In this example, we assume that the application is WordPress and located in the /opt/bitnami/apps/wordpress directory. This path is used in the examples below. Remember to replace this with the correct path for your application when following the steps below.

    Depending on your selected scenario, follow these steps to activate SSL support:

    1. Use the table below to identify the correct locations for your certificate and configuration files.
     

     

    Scenario 1: Application at domain root

    Scenario 2: Application at domain sub-path

    Current application URL

    https://[custom-domain]/
    Example: https://my-domain.com

    https://[custom-domain]/[app]
    Example: https://my-domain.com/wordpress/

    Apache configuration file

    /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf

    /opt/bitnami/apache2/conf/bitnami/bitnami.conf
    Certificate file /opt/bitnami/apps/wordpress/conf/certs/server.crt /opt/bitnami/apache2/conf/server.crt
    Certificate key file /opt/bitnami/apps/wordpress/conf/certs/server.key /opt/bitnami/apache2/conf/server.key
    CA certificate bundle file (if present) /opt/bitnami/apps/wordpress/conf/certs/server-ca.crt /opt/bitnami/apache2/conf/server-ca.crt


    2. Copy your SSL certificate and certificate key file to the specified locations, depending on where your application is hosted. Find out more about uploading and editing files.

    NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.

    3. If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table. Then, modify the Apache configuration file to include the following line below the SSLCertificateKeyFile directive. Choose the correct directive based on your scenario and Apache version:
     

     

    Scenario 1: Application at domain root

    Scenario 2: Application at domain sub-path

    Apache configuration file

    /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf

    /opt/bitnami/apache2/conf/bitnami/bitnami.conf

    Directive to include (Apache v2.4.8+)

    SSLCACertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server-ca.crt"

    SSLCACertificateFile “/opt/bitnami/apache2/conf/server-ca.crt”

    Directive to include (Apache < v2.4.8)

    SSLCACertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server-ca.crt"

    SSLCertificateChainFile “/opt/bitnami/apache2/conf/server-ca.crt”


    NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.

    4. Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

     

     

    Scenario 1: Application at domain root

    Scenario 2: Application at domain sub-path

    Commands

    sudo chown root:root /opt/bitnami/apps/wordpress/conf/certs/server*

    sudo chmod 600 /opt/bitnami/apps/wordpress/conf/certs/server*

    sudo chown root:root /opt/bitnami/apache2/conf/server*

    sudo chmod 600 /opt/bitnami/apache2/conf/server*


    5. Restart the Apache server.

    sudo /opt/bitnami/ctlscript.sh restart apache
    

    You should now be able to access your application using an HTTPS URL.

    Cloud Image

    By default, your application is hosted at the root of your custom domain name eg. a Wordpress blog hosted at https://my-domain.com/


    Follow these steps to activate SSL support:

    1. Use the table below to identify the correct locations for your certificate and configuration files.
     

    Current application URL

    https://[custom-domain]/
    Example: https://my-domain.com/

    Apache configuration file

    /opt/bitnami/apache2/conf/bitnami/bitnami.conf
    Certificate file /opt/bitnami/apache2/conf/server.crt
    Certificate key file /opt/bitnami/apache2/conf/server.key
    CA certificate bundle file (if present) /opt/bitnami/apache2/conf/server-ca.crt


    2. Copy your SSL certificate and certificate key file to the specified locations. Find out more about uploading and editing files.

    NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.

    3. If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table. Then, modify the Apache configuration file to include the following line below the SSLCertificateKeyFile directive. Choose the correct directive based on your scenario and Apache version:
     

    Apache configuration file

    /opt/bitnami/apache2/conf/bitnami/bitnami.conf

    Directive to include (Apache v2.4.8+)

    SSLCACertificateFile “/opt/bitnami/apache2/conf/server-ca.crt”

    Directive to include (Apache < v2.4.8)

    SSLCertificateChainFile “/opt/bitnami/apache2/conf/server-ca.crt”


    NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.

    4. Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

    sudo chown root:root /opt/bitnami/apache2/conf/server*
    
    sudo chmod 600 /opt/bitnami/apache2/conf/server*
    


    5. Restart the Apache server.

    sudo /opt/bitnami/ctlscript.sh restart apache
    

    You should now be able to access your application using an HTTPS URL.

    Virtual Machine

    Follow these steps to activate SSL support:

    1. Use the table below to identify the correct locations for your certificate and configuration files.
     

    Current application URL

    https://[domain-or-IP-address]
    Example: https://192.168.1.20/ or https://192.168.1.20/wordpress/

    Apache configuration file

    /opt/bitnami/apache2/conf/bitnami/bitnami.conf
    Certificate file /opt/bitnami/apache2/conf/server.crt
    Certificate key file /opt/bitnami/apache2/conf/server.key
    CA certificate bundle file (if present) /opt/bitnami/apache2/conf/server-ca.crt


    2. Copy your SSL certificate and certificate key file to the specified locations. Find out more about uploading and editing files.

    NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.

    3. If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table. Then, modify the Apache configuration file to include the following line below the SSLCertificateKeyFile directive. Choose the correct directive based on your scenario and Apache version:
     

    Apache configuration file

    /opt/bitnami/apache2/conf/bitnami/bitnami.conf

    Directive to include (Apache v2.4.8+)

    SSLCACertificateFile “/opt/bitnami/apache2/conf/server-ca.crt”

    Directive to include (Apache < v2.4.8)

    SSLCertificateChainFile “/opt/bitnami/apache2/conf/server-ca.crt”


    NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.

    4. Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

    sudo chown root:root /opt/bitnami/apache2/conf/server*
    
    sudo chmod 600 /opt/bitnami/apache2/conf/server*
    

    5. Restart the Apache server.

    sudo /opt/bitnami/ctlscript.sh restart apache
    

    You should now be able to access your application using an HTTPS URL.

    NOTE: For Amazon instances, remember to add port 443 to your security groups.

    Tabs end

    IMPORTANT: In all cases, you should update your Apache configuration file and in the default VirtualHost block for the SSL host, ensure that the ServerName directive is set to your custom domain name.

    How to create a SSL certificate?

    You can create your own SSL certificate with the OpenSSL binary. A certificate request can then be sent to a certificate authority to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or if you need a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

    VMware and Cloud

    First create your private key  (if you haven't created it already):

    $ sudo /opt/bitnami/common/bin/openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048
    

    The certificate request is created like this:

    $ sudo /opt/bitnami/common/bin/openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr

    Important: You should enter the server domain when the above command asks for the "Common Name"

    Now, cert.csr can be sent to the certificate authority. When the certificate authority has then done the checks they need to do (and probably gotten payment from you), they will hand over your new certificate to you.

    In the meantime, until you get your certificate, you will need to create a temporary self-signed certificate:

    $ sudo /opt/bitnami/common/bin/openssl x509 -in /opt/bitnami/apache2/conf/cert.csr -out /opt/bitnami/apache2/conf/server.crt -req -signkey /opt/bitnami/apache2/conf/server.key -days 365
    
     
    If you want to back up your private key in a safe location, you may generate a password protected version as follows:
    $ sudo /opt/bitnami/common/bin/openssl rsa -des3 -in /opt/bitnami/apache2/conf/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the Apache configuration you will need to enter the password manually on every Apache startup. You can regenerate the key without password protection from this file as follows:

    $ sudo /opt/bitnami/common/bin/openssl rsa -in privkey.pem -out /opt/bitnami/apache2/conf/server.key
    

    Note:  If you are using Amazon Linux or RedHat Enterprise you should replace "/opt/bitnami/common/bin/openssl" with "openssl" in the commands above.

     

    Native Installer

    First create your private key (if you haven't created it already):

    $ /installdir/common/bin/openssl genrsa -out /installdir/apache2/conf/server.key 2048 
    

    The certificate request is created like this:

    $ /installdir/common/bin/openssl req -new -key /installdir/apache2/conf/server.key -out /installdir/apache2/conf/cert.csr
    

    Important: You should enter the server domain when the above command asks for the "Common Name"

    Now, cert.csr can be sent to the certificate authority. When the certificate authority has then done the checks they need to do (and probably gotten payment from you), they will hand over your new certificate to you.

    In the meantime, until you get your certificate, you will need to create a temporary self-signed certificate:

    $ /installdir/common/bin/openssl x509 -in /installdir/apache2/conf/cert.csr -out /installdir/apache2/conf/server.crt -req -signkey /installdir/apache2/conf/server.key -days 365
    
     
    If you want to back up your private key in a safe location, you may generate a password protected version as follows: (Note that if you use this encrypted key in the Apache onfiguration you will need to enter the password manually on every Apache startup)
    $ /installdir/common/bin/openssl rsa -des3 -in /installdir/apache2/conf/server.key -out privkey.pem
     

    Tabs end

    You can find more info about certificates at http://www.openssl.org.

    How to check your certificate and key?

    If you get a similar error like this in your Apache error log file, it seems you are not using the correct certificate or key.

    [Mon May 12 15:37:46.891294 201X] [ssl:emerg] [pid 15450] AH02565: Certificate and private key example.com:443:0 from /opt/bitnami/apps/your_app/conf/certs/server.crt and /opt/bitnami/apps/your_app/conf/certs/server.key do not match

    You can verify that the current key matches the cert file with the following commands. The "Modulus" portion in the key and cert should must match:

    openssl x509 -noout -text -in server.crt -modulus | grep Modulus
    Modulus=D6E23C2E6140707EA63F3250...

    Then check your key:

    openssl rsa -noout -text -in server.key -modulus | grep Modulus
    Modulus=D6E23C2E6140707EA63F3250...

    If they are not the same, you are using a wrong key for the certificate so Apache could not be started until you fixed this issue.

    How to force HTTPS access?

    If you only want to force this redirection for one of your applications (such as Wordpress) then you will need to add this in the application configuration file for Apache.

    It depends on your current Apache configuration but in most cases it should be enough to add the following lines in the default Apache virtual host configuration file. Edit the"/opt/bitnami/apache2/conf/bitnami/bitnami.conf" file and add the following recode into the <VirtualHost _default_:80> section:

    <VirtualHost _default_:80>
      DocumentRoot "/opt/bitnami/apache2/htdocs"
      RewriteEngine On
      RewriteCond %{HTTPS} !=on
      RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
      ...
    

    Then restart the Apache web server.

    How to configure multiple SSL domains on the same IP address?

    There is an extension to the SSL protocol called "Server Name Indication". It allows you to use only one IP address for several SSL-protected sites. The only drawback is that some older web browsers do not support it. The example Apache configuration is shown below:

    NameVirtualHost *:80
    
    <VirtualHost *:80>
    ServerName my-wordpress.example.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    </VirtualHost>
    <VirtualHost *:80>
    ServerName my-sugarcrm.example.com
    DocumentRoot "/opt/bitnami/apps/sugarcrm/htdocs"
    </VirtualHost>
    
    Listen 443
    NameVirtualHost *:443
    
    <VirtualHost *:443>
    SSLEngine on
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    ServerName my-wordpress.example.com
    SSLCertificateFile "/opt/bitnami/apache2/conf/my-wordpress.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/my-wordpress.key"
    </VIrtualHost>
    
    <VirtualHost *:443>
    SSLEngine on
    DocumentRoot "/opt/bitnami/apps/sugarcrm/htdocs"
    ServerName my-sugarcrm.example.com
    SSLCertificateFile "/opt/bitnami/apache2/conf/my-sugarcrm.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/my-sugarcrm.key"
    </VIrtualHost>
    

    You can learn more at the following pages:

    How to change the URL?

    This approach describes how to configure your application to run in the root URL directly. Also, you will be able to modify the URL to a NEW_DOMAIN using the bnconfig tool. The details are described below.

    Automatic Approach

    This approach is based on the Bitnami Configuration Tool (bnconfig).

    Bitnami Cloud Hosting

    The best way to change your URL in BCH is to go to your application tab and modify it there. In the Bitnami Cloud Hosting console, select Servers, choose your server, Manage and go to the Applications tab. Press there the pencil next to the application which URL you want to modify and choose .

    Refer to this guide for more information.

    Cloud Images and Virtual Machines

    Moving the application to /

     If your application is running in "/your_application" you can remove the prefix from the URL executing the following command:

    $ sudo /opt/bitnami/apps/your_application/bnconfig --appurl /
    

    (use --help to check if that option is available for your application)

    Now you will be able to access to the application at http://YOUR_DOMAIN instead of http://YOUR_DOMAIN/your_application.

    Updating the IP or hostname

    Some applications require to update the IP/domain if the machine IP/domain changes. The bnconfig tool also has an option which updates the IP automatically during boot, called machine_hostname (use --help to check if that option is available for your application). Note that this tool changes the URL to http://NEW_DOMAIN/your_application

    sudo /opt/bitnami/apps/your_application/bnconfig --machine_hostname NEW_DOMAIN
    

    If you already moved your application to the root URL you should include both options at the same time.

    sudo /opt/bitnami/apps/your_application/bnconfig --appurl / --machine_hostname NEW_DOMAIN
    

    If you have configured your machine to use an static domain name or IP, you should rename or remove the "/opt/bitnami/apps/your_application/bnconfig" file.

    sudo mv /opt/bitnami/apps/your_application/bnconfig /opt/bitnami/apps/your_application/bnconfig.disabled
    

    Native Installer

    Remember to use your actual installation directory instead of installdir.

    Moving the application to /

    If your application is running in "/your_application" you can remove the prefix from the URL executing the following command:

    On Linux,

    installdir/apps/your_application/bnconfig --appurl /
    

    On Mac OS X, 

    installdir/apps/your_application/bnconfig.app/Contents/MacOS/installbuilder.sh --appurl /
    

    On Windows,

    installdir/apps/your_application/bnconfig.exe --appurl /
    

    (use --help to check if that option is available for your application)

    Now you will be able to access to the application at http://YOUR_DOMAIN instead of http://YOUR_DOMAIN/your_application.

    Updating the IP or hostname

    Some applications require to update the IP/domain if the machine IP/domain changes. The bnconfig tool also has an option which updates the IP , called machine_hostname (use --help to check if that option is available for your application). Note that this tool changes the URL to http://NEW_DOMAIN/your_application.

    installdir/apps/your_application/bnconfig --machine_hostname NEW_DOMAIN
    

    If you already moved your application to the root URL you should include both options at the same time.

    installdir/apps/your_application/bnconfig --appurl / --machine_hostname NEW_DOMAIN
    

    Tabs end

    Manual Approach

    If you want to change the default URL from http://your_domain/your_application to http://your_domain, edit the installdir/apps/your_application/conf/httpd-prefix.conf file so that it looks like the file below:

    DocumentRoot "/installdir/apps/your_application/htdocs"
    # Alias /your_application/ "/installdir/apps/your_application/htdocs/"
    # Alias /your_application "/installdir/apps/your_application/htdocs"
    
    (...)
    
     
    Remember that you must substitute installdir with your actual installation directory (for native installers) or /opt/bitnami (for cloud images and virtual machines).

    Some applications also require additional changes in their configuration files or in their database.

    How to create a Virtual Host?

     

    If you are a Bitnami Cloud Hosting user you just need to follow the steps provided in Bitnami Cloud Hosting : Configuring the URL for the application.

    You can learn more about Bitnami Cloud Hosting here.

    You can configure the URL for the applications using Virtual Hosts. They would allow you to access the applications at "http://example.com/" or "http://prefix.example.com"  instead of "http://example.com/application". In this example we are going to configure WordPress to be accessible from "wordpress.example.com" 

    Note: For native installers you will need to replace /opt/bitnami with your current WordPress stack installation directory.

    1. Comment the line that includes the prefix configuration file in the /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf file:

    #Include "/opt/bitnami/apps/wordpress/conf/httpd-prefix.conf"
    

    2. Include the vhost configuration file for your application in the /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf

    Include "/opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf"
    

    3. Update the URL if it is necessary.

    In the Wordpress case you should follow the instructions provided in Bitnami WordPress Stack: How to change the default URL?

    4. Restart the Apache server:

    $ sudo /opt/bitnami/ctlscript.sh restart apache
    

    How to debug errors?

    Once Apache starts, it will create two log files, the access_log and the error_log /installdir/apache2/logs directory or in /var/log/httpd if you are using Amazon Linux or Red Hat Enterprise cloud images.

    In Virtual Machines, Cloud Images and Ubuntu based Bitnami Cloud Hosting images installdir is /opt/bitnami.

    The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.

    The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.

    If no error is found, you will see a message similar to:

    Syntax OK
    /installdir/ctlscript.sh : httpd started
    

    How to enable mod_security in Apache?

    Bitnami stacks already ship the mod_security2 module installed in Apache but it is not enabled by default. To enable this module you have to run the following commands in your server.

    • Enable the "mod_security2" and "mod_unique_id" modules in Apache. Edit the main Apache configuration file and uncomment the "unique_id_module" and add the mod_security2 line at the end of the LoadModule section:
    ...
    LoadModule unique_id_module modules/mod_unique_id.so
    ...
    LoadModule security2_module modules/mod_security2.so
    • Add the default configuration file for mod_security at the end of the Apache configuration file:
    Include "/opt/bitnami/apache2/conf/modsecurity.conf"
    
    • Restart Apache server and check it is already enabled:
    $ sudo /opt/bitnami/ctlscript.sh restart apache
    $ tail /opt/bitnami/apache2/logs/error_log
    
    ...
     [Thu Jan 30 18:42:14.004246 2014] [:notice] [pid 1127] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
     ...
    
     

    How to add mod_xsendfile module in Apache?

    Since BitNami LAMP/MAMP/WAMP version 5.4.13-2, the mod_xsendfile module is already installed. To enable this module you only have to add the following line in the Apache httpd.conf file:

    LoadModule xsendfile_module modules/mod_xsendfile.so
    


    If you are using a previous version, it is easy to install this module on top of your existing Apache. It is necessary to have already installed the compilation tools. If you are using a BitNami Virtual Machine or Cloud Image you already have all the required components.

     

    • Download latest version:
    wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gz
    
    • Extract the content and install the module
    $ tar -xzvf mod_xsendfile-0.12.tar.gz
    $ cd mod_xsendfile-0.12
    $ sudo /opt/bitnami/apache2/bin/apxs -aci mod_xsendfile.c
    

    If everything goes well, you can see the module at "/opt/bitnami/apache2/modules/mod_xsendfile.so". Check the mod_xsenfile configuration page to know how to configure this module for your application.

    How to add mod_rpaf module in Apache?

    • Download latest version:
    wget https://github.com/gnif/mod_rpaf/archive/stable.zip
    • Extract the content and install the module
    $ unzip stable.zip
    $ cd mod_rpaf-stable
    $ sudo make
    $ sudo make install
    
    • Check mod_rpaf.so exists in /opt/bitnami/apache2/modules
    $ ll /opt/bitnami/apache2/modules/mod_rpaf.so
    
    • Now you should load your module and configurate it. Here is a configuration example. You can add the config options in apache configuration file /opt/bitnami/apache2/conf/httpd.conf
        LoadModule              rpaf_module modules/mod_rpaf.so
        RPAF_Enable             On
        RPAF_ProxyIPs           127.0.0.1 10.0.0.0/24
        RPAF_SetHostName        On
        RPAF_SetHTTPS           On
        RPAF_SetPort            On
        RPAF_ForbidIfNotProxy   Off
    
    • Now you should restart apache to reload the new configuration
    $ sudo /opt/bitnami/ctlscript.sh restart apache
    

    How to add mod_proxy_html module in Apache?

    • Download it from:
    wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2
    • Extract the content and install the module
    $ tar -jxf mod_proxy_html.tar.bz2
    $ cd mod_proxy_html/
    $ sudo apxs -c -I /opt/bitnami/common/include/libxml2 -I. -i mod_proxy_html.c
    $ sudo chmod 755 /opt/bitnami/apache2/modules/mod_proxy_html.so  
    $ sudo apxs -c -I /opt/bitnami/common/include/libxml2 -I. -i mod_xml2enc.
    $ sudo chmod 755 /opt/bitnami/apache2/modules/mod_xml2enc.so
    
    • To enable the module you should include this lines to /opt/bitnami/apache2/conf/httpd.conf
    LoadFile /opt/bitnami/common/lib/libxml2.so
    LoadModule proxy_html_module modules/mod_proxy_html.so
    LoadModule xml2enc_module modules/mod_xml2enc.so
    

    We are assuming that /opt/bitnami/ is the installation directory.

    How to deny connections from bots/attackers?

    Sometimes, if you are experiencing bad performance it is because you are being attacked by Internet Bots. The reason of those attacks are that they are trying to find a security bug in your application code or in the software itself.

    Our stacks and cloud images come with the latest versions of its components, but even though you are safe versus those attacks, depending on the traffic that they generate your machine could experience bad performance as they will need to handle that connections.

    An example of a bot attack is when they try to find out if you disabled the php.cgi binary. As it comes disabled by default, the attackers won't be able to exploit your system, but you will have hundreds or even thousands of connections from the same IP (or even different IPs) trying to "check" every few hours if those binaries or scripts are available.

    To know if you are being attacked, you can run the command below:

    cd /opt/bitnami/apache2/logs/
    tail -n 10000 access_log | awk '{print $1}'| sort| uniq -c| sort -nr| head -n 10
    
     
    It will show you the amount of times that an IP connected to your web server. If you see that some IPs have much more connections than the other ones, run the following command (remember to modify ATTACKER_IP by the correct IP):
    cd /opt/bitnami/apache2/logs/
    grep "ATTACKER_IP" access_log
    

    If you see that it is always trying to connect to the same location, it is an URL that you don't know or it is trying to find binaries or scripts directly, it is likely that IP is a bot. 

    An example of that messages are:

    [Mon Dec 08 07:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: /opt/bitnami/apache2/cgi-bin/php-cgi
    [Mon Dec 08 07:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: /opt/bitnami/apache2/cgi-bin/php.cgi
    [Mon Dec 08 07:01:53 2014] [error] [client 143.107.202.68] script not found or unable to stat: /opt/bitnami/apache2/cgi-bin/php4
    [Mon Dec 08 19:01:51 2014] [error] [client 143.107.202.68] script not found or unable to stat: /opt/bitnami/apache2/cgi-bin/php
    [Mon Dec 08 19:01:51 2014] [error] [client 143.107.202.68] script not found or unable to stat: /opt/bitnami/apache2/cgi-bin/php5
    [Mon Dec 08 19:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: /opt/bitnami/apache2/cgi-bin/php-cgi
    [Mon Dec 08 19:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: /opt/bitnami/apache2/cgi-bin/php.cgi
    [Mon Dec 08 19:01:52 2014] [error] [client 143.107.202.68] script not found or unable to stat: /opt/bitnami/apache2/cgi-bin/php4
     
    As you see, the attacker with IP 143.107.202.68 is trying to find the php scripts, and all those connections are done within the same seconds. 
     
    To deny the connection of that attackers, there are different ways to configure it, but the easiest one is to configure it in your Apache configuration. To do it properly, you must go to /opt/bitnami/apps/your_application/conf and edit httpd-app.conf . In the example below, we will reject the 1.2.3.4 IP address in the WordPress config:
    <Directory /opt/bitnami/apps/wordpress/htdocs>
    deny from 1.2.3.4
     
    And if you want to deny from more than one IP you can configure it like the example below:
    <Directory /opt/bitnami/apps/wordpress/htdocs>
    deny from 1.2.3.4
    deny from 5.6.7.8
    deny from 9.10.11.12
     
    Before restarting Apache to apply the modification, check if your changes are okay by executing the following command:
    apachectl -t
     
    Finally, restart the Apache web server:
    sudo /opt/bitnami/ctlscript.sh restart apache
    
    Tag page (Edit tags)
    Pages that link here
    Page statistics
    652308 view(s), 314 edit(s) and 65852 character(s)

    Comments

    You must login to post a comment.