Lmst

In case anyone is wondering: the magic spell in this scenario appears to be:

1. Run `sudo systemctl restart httpd` as usual.
2. Run `firefox localhost` from that same console window.
3. Marvel at how, suddenly, Firefox will happily display the page from localhost, in a new tab alongside the very same pre-existing tab which, in an earlier session, claimed that Firefox could not connect to localhost.

Gotta love technology. Or hate it. Your call.

#httpd #PHP #Firefox

Trying to get Apache httpd and PHP working on my home machine so that I can fix the PHP code on my website which fails due to backwards incompatible PHP upgrades.

Endless errors due to directory permissions, SELinux settings, and httpd/php-fpm config files. And when most of those are fixed, suddenly Firefox has decided it won't connect to localhost any longer (even though Lynx still connects fine).

We do like to complicate simple things.

I remember this used to be fun in the 90s.

#httpd #PHP

Who was the funny person to use #ComicSans in the #httpd #error pages of #BSD? #Augenkrebs

@f4grx @nixCraft @torproject not really.

#aws has pretty chunky blocks like /14.
They don't use #IPv6, only #IPv4.
Blocking entrie #ASN|s is easy.

I do this with #pfSense & #pfBlockerNG for quite a while…

And the same #blocklist also works for other applications like #nginx, #HAproxy, #httpd, etc.

#nginx 1.28.0 has been released (#http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://nginx.org/

#Freenginx 1.28.0 has been released (#nginx / #http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://freenginx.org/

#Freenginx 1.27.6 has been released (#nginx / #http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://freenginx.org/

#nginx 1.27.5 (dev) has been released (#http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://nginx.org/

Right. That's done.

The existence of an OLDPROTO environment variable opts in to the old #publicfile behaviour. This will be in the next #djbwares release. The hardest part was writing the explanation in the #httpd manual page.

Hmmm. Where was that #publicfile to-do item?

Ah, yes. It was #httpd . Hmmm.

#djbwares

Not sure if I asked this before: Does anyone use anything in particular to inject #apache logs into #SQL databases? I have been looking around and asking around and the only solid I got was "do not expect an apache module for that; it would introduce too much latency to each request" in #httpd@libera.chat.

#SysAdmin #SRE

Updated Version of the apache http caching setup for snac, including proxy media

I already wrote about caching here.
Now I extended what I cache a bit.
This was because after enabling the option to proxy media, I've seen access to the file paths /x/ and /y/ in addition to the path were snac stores the media that I include in my own posts ( /s/ ).
There are two locations to proxy media, depending if you requests the media via the mastodon api or via the web. (/x/ and /y/), oh and I added the nodeinfo2.0 path too, because I've noticed it was queried all the time by a lot of instances and it gives me pleasure to see something cached handed out in the access logs. 🙂 (I guess it is actually irrelevant for the system resources)
This is the updated setup:
Enable the relevant modules:

a2enmod expires cache cache_disk

Be sure "htcacheclean" is running to clean up the old disk cache. (under debian see /etc/default/apache-htcacheclean or else the relevant systemd service or whatever)
Then add this to the httpd Virtualhost config:

<LocationMatch "^/social/[^/]+/[xys]/|^/social/nodeinfo_2_0">
CacheEnable disk
Header set Cache-Control "max-age=86400, public" "expr=%{REQUEST_STATUS} == 200"
ExpiresActive On
ExpiresDefault "access plus 86400 seconds"
</LocationMatch>

This will use the disk cache to cache everything under the $username/s/, /x/ and /y/ paths, as well as for the /nodeinfo_2_0 path, utilizing mod_expires to generate the appropriate cache headers (for lazy ones like me). In this case caching it for 1 day.
Further reading and all options are explained under https://httpd.apache.org/docs/2.4/caching.html (and ff)

The Header that I set here, on the condition of Status code 200, is needed for the path /y/, because snac set no-cache on that location and mod_expires will honor that if we don't override it. I set it to the same Cache-Control value as mod_expires would. (I use mod_expires because it will additionally calculate the date and put that in the expires header. (hence the name I guess 😀 )

#Fediverse #Hosting #ITNotes #apache2 #httpd #Ownyourdata #Server #Snac #Snac2 #Tipsandtricks #Tutorial #Debian #caching
:xmpp:

My joyful #journey with #openbsd 🐡thickens.
Today I boosted my #selfhosting #services with #nfs, teaming up with #adblock, #caldav, #carddav, #cgit, #httpd, #vnstat, #openntpd

Terminal window showing the execution the prompt output of a Bash script similiar to neofetch, in which is displayed an ASCII puffer fish, the username amd hostname, the OpenBSD version, CPU model and speed, and the uptime of 23 days.

After seeing
Improving snac Performance with Nginx Proxy Cache from @itnotes@snac.it-notes.dragas.net via
https://snac.it-notes.dragas.net/itnotes/p/1738139676.258050
https://it-notes.dragas.net/2025/01/29/improving-snac-performance-with-nginx-proxy-cache/
I decided to prematurely optimize and adjust this for my apache2 httpd server in debian where I run snac.

I've never done any caching etc before so it was a nice adventure to learn something new. The documentation helped and in the end it wasn't very hard. I learned a bit about some http headers and regex on the way too.

Basically it works like this:
Enable the relevant modules:

a2enmod expires cache cache_disk

Be sure "htcacheclean" is running to clean up old disk cache. (under debian see /etc/default/apache-htcacheclean or else the relevant systemd service)
Then add to the snac virtualhost config:

CacheRoot /var/cache/apache2/mod_cache_disk
CacheQuickHandler off
CacheLock on
# Optional while testing stuff;
CacheDetailHeader on

# My Instance ist not at the root, but under "/social"; so this needs to be adapted for most I guess:
<LocationMatch "^/social/[^/]+/s">
CacheEnable disk
ExpiresActive On
ExpiresDefault "access plus 30 days"
</LocationMatch>

This will use the disk cache to cache everything under the /s/ Path, same as the original ngnix tutorial, Utilizing the mod_expires to generate the appropriate cache headers (for lazy ones like me), In this case caching it for 30 days.
Further reading and all options explained under https://httpd.apache.org/docs/2.4/caching.html ff

Thanks for the initial tutorial @itnotes@snac.it-notes.dragas.net

#Fediverse #Hosting #ITNotes #Networking #apache2 #httpd #Ownyourdata #Server #Snac #Snac2 #Social #Tipsandtricks #Tutorial #Web #Debian

For anyone who has snac deployed with httpd on OpenBSD (especially on a resource-restricted system) and is running into lag, errors, or service crashes, I highly recommend using nginx instead of httpd. Nginx--in addition to simply being faster in general--provides easy access to media caching (see @stefano@bsd.cafe's excellent article) and robust rate-limiting/traffic throttling controls.

Switching and properly tuning my nginx config seems to be (mostly) shielding my little VPS from being overwhelmed when someone with thousands of followers boosts one of my posts.

#snac #fediverse #activitypub #openbsd #nginx #httpd

If I would like to use relayd to add security headers and tls to my website hosted via httpd, is there any solution how to specify custom path to keypair to tls?

#openbsd #relayd #httpd #tls

Scheduling HTTP Streams
by Alexander Krizhanovsky.

Understand how a web server manages millions of concurrent web requests.
* Differences in treatment for progressive JPEG vs a PNG.
* Resilient against DDoS attacks and other vulnerabilities.
* Compare Nginx, Envoy, Apache.

https://fosdem.org/2025/schedule/event/fosdem-2025-4903-scheduling-http-streams/

Live stream:
https://live.fosdem.org/watch/ua2220

#fosdem #fosdem2025 #webperf #linuxkernel #http2 #http3 #httpd #envoy #nginx