Archive for the ‘ Apache ’ Category

Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.

You may come across this error in newer version of apache which is because the newer configurations use an event based Multi Processing Module by default. If the PHP is not compiled with threadsafe, you will need to switch to the prefork MPM, which does not use threads.

Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.  You need to recompile PHP.
 AH00013: Pre-configuration failed
httpd.service: control process exited, code=exited status=1

Look for the following in the Load Modules sections of your apache configuration file :

LoadModule mpm_event_module modules/mod_mpm_event.so

And replace it with the following module :

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

Apache rewrite rules

Rewrite to a folder and hide the folder name in url :

RewriteCond     %{SERVER_NAME}    ^sitename.com        [NC,OR]
RewriteCond    %{SERVER_NAME}    www.sitename.com    [NC]
RewriteCond    %{REQUEST_URI}    !^anyfiletoexclude.php    [NC]
RewriteCond    %{REQUEST_URI}    !^/foldertoredirect/    [NC]
RewriteCond    (.*)        /foldertoredirect/$1

force use www

RewriteCond    %{SERVER_NAME}    ^website.com$
RewriteRule    ^/(.*)        http://www.website.com/$    [L,R]

Creating SSL Certificates

Create a Self Signed Certificate :

1. Generate A Server Key : #openssl genrsa -des3 -out server.key 4096

2. Generate the Signing Request using the key above #openssl req -new -key server.key -out server.csr

3.Sign the certificate signing request. #openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

4. Now create a version of key that doesn't need a password : openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key

Generating Your Own Certificate Authority :

In order to create your own CA and sign a server certificate with it. Note: Common name of the CA and the Server Certificates must not match.

Steps :

1. Use IP address if you dont have the FQDN.

openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 365 -key ca.key -out ca.crt

2.Generate a Server key and request for signing :

openssl genrsa -des3 -out server.key 4096 openssl req -new -key server.key -out server.csr

3.Sign the Certificate signing request with the Self created Authority

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Optional : You can check the keys and certificates :

openssl rsa -noout -text -in server.key openssl req -noout -text -in server.csr

openssl rsa -noout -text -in ca.key openssl x509 -noout -text -in ca.crt

4. Remove password from server.key so that apache doesnot need password :

openssl rsa -in server.key -out server.key.insecure

mv server.key server.key.secure

mv server.key.insecure server.key

Finally : Copy the files and adjust apache..

  • copy the .crt and .key file to /etc/httpd/conf/
  • Turn on the SSL engine and reference the server.crt and server.key
  • Edit ssl.conf

                      SSLEngine on

                      SSLCertificateFile /etc/httpd/ssl.crt/server.crt

                     SSLCertificateKeyFile /etc/httpd/ssl.key/server.key

configure apache to listen to https :

                     Listen x.x.x.x:443

                     LoadModule ssl_module modules/mod_ssl.so

configure SSL

                    Virtual Host : DocumentRoot "/var/www-ssl/html"

                   ServerName xxx.xxx.xxx.xxx:443

Now Restart Apache and you have ssl working on your site.