Posts

Enable HTTP Strict Transport Security in Apache

While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings. This can be achieved by setting the following settings within the Apache VirtualHost file: <VirtualHost *:443>     ServerName example.com     Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </VirtualHost> This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove  includeSubdomains; . Note: Require  mod_headers   extension in Apache. Using a long max-age is 1 year

Redirect all unencrypted traffic to HTTPS in Apache

To redirect all HTTP traffic to HTTPS administrators are encouraged to issue a permanent redirect using the 301 status code. When using Apache this can be achieved by a setting such as the following in the Apache VirtualHosts config: <VirtualHost *:80> ServerName example.com Redirect permanent / https://example.com/ </VirtualHost>

Some common php modules

I often use common php modules below: php-cli : Command-line interface for PHP php-common : Common files for PHP php-dba : A database abstraction layer module for PHP applications php-devel : Files needed for building PHP extensions php-embedded : PHP library for embedding in applications php-fpm : PHP FastCGI Process Manager php-gd : A module for PHP applications for using the gd graphics library php-imap : A module for PHP applications that use IMAP php-ldap : A module for PHP applications that use LDAP php-mbstring : A module for PHP applications which need multi-byte string handling php-mysql : A module for PHP applications that use MySQL databases php-odbc : A module for PHP applications that use ODBC databases php-pdo : A database access abstraction module for PHP applications php-pear.noarch : PHP Extension and Application Repository framework php-pecl-apc : APC caches and optimizes PHP intermediate code php-pecl-apc-devel : APC developer files (header) php-pecl

Using nginx as http load balancer

Image
Load balancing across multiple application instances is a commonly used technique for optimizing resource utilization, maximizing throughput, reducing latency, and ensuring fault-tolerant configurations. Nginx is a very efficient HTTP load balancer to distribute traffic to several application servers and to improve performance, scalability and reliability of web applications. Nginx Load balancing methods The following load balancing mechanisms (or methods) are supported in nginx: round-robin least-connected ip-hash See detail at http://nginx.org/en/docs/http/load_balancing.html Initialization Nginx Load Banlancing In this tutorial I use any hostname and ip addresses as follows: srv-lb01 (10.11.218.250) (Nginx load balancer) srv-web01 (10.11.218.251) ( Web server) srv-web02 (10.11.218.252) ( Web server) srv-web03 (10.11.218.253) ( Web server) Note: pointing nginx.vn to 10.11.218.250 (Replace nginx.vn with your real site name) Default load balancing c

Web Servers Load balancing with HAProxy

HAProxy is a free, very fast and reliable solution offering  high availability , load balancing , and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world’s most visited ones. See more at  http://haproxy.org This tuturial, I use hostname and ip as follows: 10.11.218.250 (haproxy) 10.11.218.251 (srv-web01) 10.11.218.252 (srv-web02) Installing HAProxy server #yum install haproxy [RedHat Systems] #apt-get install haproxy [Debian Systems] Configuring HAProxy Server Opening the main HAProxy configuration file ‘/etc/haproxy/haproxy.cfg’ and editing the following content: #---------------------------------------------------------------- # Global settings global # need to: # to have these messages end up in /var/log/haproxy.log you will # # by adding the '-r' option to the SYSLOGD_OPTIONS in # 1) configure syslog to accept network log events. This i

Nginx web server with SSL

Some Web sites, such as on-line stores, require secure communication (HTTPS) to protect credit-card transactions and customer information. Like Apache, Nginx supports HTTPS via an SSL module, and it’s very easy to set up. In this tutorial i use hostname srv-web01.nginx.vn with the ip address 10.11.218.251. First, you need to generate an SSL certificate. The openssl command will ask you a bunch of questions, but you simply can press Enter for each one: # yum install openssl # mkdir /etc/nginx/ssl # cd /etc/nginx/ssl # openssl req -new -x509 -nodes -days 265 -newkey rsa:2048 -out server.crt -keyout server.key Create a new config file called /etc/nginx/sites-available/nginx.vn, which contains the following: server { listen 443; server_name nginx.vn; root /var/www/nginx.vn index index.html index.htm access_log /var/log/nginx/nginx.vn-access.log; error_log /var/log/nginx/nginx.vn-error.log; ssl on; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc

Install Nginx With PHP And MySQL On CentOS 7

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption. This tutorial shows how you can install Nginx on a CentOS 7 server with PHP support (through PHP-FPM) and MySQL (Mariadb) support. In this tutorial i use hostname srv-web01.nginx.vn with the ip address 10.11.218.251. Step 1: Additional Repositories and install Nginx To get the lastest version of Nginx, we add nginx yum repository, create a file named /etc/yum.repos.d/nginx.repo  and paste one of the configurations below: [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=0 enabled=1 We can install as follows: yum install nginx Then we create the system startup links for nginx and start it: systemctl enable nginx.service systemctl start nginx.service And open the http and https ports in t