I have solved the problem. The Keepalive=On should be inserted into ProxyPass config line: ProxyPass / http://www.dom.fi:8080/ retry=1 acquire=3000 timeout=600 Keepalive=On See that Keepalive=On there? It is critical 😉
It’s not working because you have ‘svn’ instead of ‘git’ in the rule. All you have to do is to replace the ‘svn’ with ‘git’. <Directorymatch “^/.*/\.git/”> Order ‘deny,allow’ Deny from all </Directorymatch>
I finally found the setting that was really limiting the number of connections: net.ipv4.netfilter.ip_conntrack_max. This was set to 11,776 and whatever I set it to is the number of requests I can serve in my test before having to wait tcp_fin_timeout seconds for more connections to become available. The conntrack table is what the kernel … Read more
For the most up-to-date information on Apache and SNI, including additional HTTP-Specific RFCs, please refer to the Apache Wiki FYsI: “Multiple (different) SSL certificates on one IP” is brought to you by the magic of TLS Upgrading. It works with newer Apache servers (2.2.x) and reasonably recent browsers (don’t know versions off the top of … Read more
The access control configuration changed in 2.4, and old configurations aren’t compatible without some changes. See here. If your old config was Allow from all (no IP addresses blocked from accessing the service), then Require all granted is the new functional equivilent.
To list apache loaded modules use: apachectl -M or: apachectl -t -D DUMP_MODULES or on RHEL,CentoS, Fedora: httpd -M For more options man apachectl. All these answers can be found just by little google search.
If you are generating a self signed cert, you can do both the key and cert in one command like so: openssl req -nodes -new -x509 -keyout server.key -out server.cert Oh, and what @MadHatter said in his answer about omitting the -des3 flag.
Attempting to expand on @Zoredache’s answer, as I give this a go myself: Create a new group (www-pub) and add the users to that group groupadd www-pub usermod -a -G www-pub usera ## must use -a to append to existing groups usermod -a -G www-pub userb groups usera ## display groups for user Change the … Read more
The [R] flag on its own is a 302 redirection (Moved Temporarily). If you really want people using the HTTPS version of your site (hint: you do), then you should be using [R=301] for a permanent redirect: RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L] A 301 keeps all your google-fu and hard-earned pageranks … Read more
ps aux | egrep ‘(apache|httpd)’ typically will show what apache is running as. Usually you do not need to change the default user, “nobody” or “apache” are typically fine users. As long as its not “root” 😉 edit: more accurate command for catching apache binaries too