Setup Caching on Apache
Setup Caching
Please note that caching will only work for non-secure data. It is not possible to cache data from a HTTPS url.
To configure caching, we’ll first have to enable it in apache:
Start yast
Go to network services
Select the “HTTP Server”
Go to “Server Modules”:
Enable these modules
cache
diskcache
Save the changes.
Note: If you forget to enable the cache module you’ll get this warning:
sjoerd@reverseproxy:/etc/apache2/vhosts.d> sudo /etc/init.d/apache2 restart
httpd2-prefork: Syntax error on line 116 of /etc/apache2/httpd.conf: Syntax error on line 26 of /etc/apache2/sysconfig.d/loadmodule.conf: Cannot load /usr/lib64/apache2-prefork/mod_disk_cache.so into server
Second disk
Add a second disk to the VM and configure it to mount on /var/cache/apache, the default location for apache cache.
Disk size: 8 GB
file system ext3, no access time
Mountpoint: /var/cache/apache
reverseproxy:~ # mount
…
/dev/sdb1 on /var/cache/apache type ext3 (rw,noatime,acl,user_xattr)
And set the owner:
sudo chown -R wwwrun:root /var/cache/apache
Apache Cache
Set the configuration below inside the vhost config file.
# Caching
CacheRoot /var/cache/apache
CacheEnable disk /
CacheDirLevels 1
CacheDirLength 1
CacheDefaultExpire 7200
CacheMaxExpire 86400
CacheIgnoreNoLastMod On
CacheMaxFileSize 2048000
CacheStorePrivate On
Apache Cache Resources
http://httpd.apache.org/docs/2.2/caching.html
http://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html
http://www.mnot.net/cache_docs/
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
Switch From https To http
This is not really possible, if you need “ProxyPreserveHost on” in Apache. Our application needs that to work through a reverse proxy, setting it to off breaks it. We wanted to configure the reverse proxy from https on the outside, to http on the inside but that seems impossible. It is either http to http, or https to https. I tested both, and they work, but unfortunely switching from https on the outside to http on the inside does not. I experimented with rewriterules, requestheader, and a couple of settings more, no luck.
Mod Security
We want to offload the application webserver as much as possible which means we’ll also implement mod_security on the reverse proxy. This will offload and simplify the application webserver.
Mod Security 2.x has these requirements:
Apache 2.2.x (highly recommended)
Apache module mod_unique_id
libapr & libapr-util
libpcre
libxml2
All modules are already installed by default. Note that libpcre is known as ‘pcre’ on SLES.
You just have to enable the module mod_unique_id as it is not enabled by default.
Restart to make your changes effective and run httpd2 -M to see if all modules are loaded.
If everything is loaded stop apache.
Mod Security Installation
Make sure you have access to the SLES SDK Sources. Since we have an SLES Installation Update Server 11 I could download the SDK ISO DVD1 (which holds all required files) and add it to my software repository.
The ISO can be downloaded from here: SLES 11 SP1 SDK Download (A Novell account is required). The file you need to download is called: SLE-11-SP1-SDK-DVD-x86_64-GM-DVD1.iso
After installing, it’s mostly just a module but not entirely. You need to to enable two modules now, the mod_unique_id which is a normal module and can be enabled the normal way:
yast2 ? network services ? http server ? server modules
select the module and enable it
The second module to enable is mod_security. Since it is not recognized by apache as a module we have to manually add the module to the modulelist.
Find the APACHE_MODULES in the apache2 sysconfig file and add the module like below:
reverseproxy:/var/log/apache2 # vi /etc/sysconfig/apache2
APACHE_MODULES=”authz_host actions alias auth_basic authz_groupfile authn_file authz_user autoindex cgi dir include log_config mime negotiation setenvif status userdir asis cache disk_cache imagemap proxy
Restart apache and check wether the modules are running by issuing the ‘httpd2 -M’ command:
reverseproxy:/var/log/apache2 # httpd2 -M
Loaded Modules:
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
authz_host_module (shared)
actions_module (shared)
alias_module (shared)
auth_basic_module (shared)
authz_groupfile_module (shared)
authn_file_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
dir_module (shared)
include_module (shared)
log_config_module (shared)
mime_module (shared)
negotiation_module (shared)
setenvif_module (shared)
status_module (shared)
userdir_module (shared)
asis_module (shared)
cache_module (shared)
disk_cache_module (shared)
imagemap_module (shared)
proxy_module (shared)
proxy_connect_module (shared)
proxy_http_module (shared)
rewrite_module (shared)
ssl_module (shared)
unique_id_module (shared)
authz_default_module (shared)
security2_module (shared)
Syntax OK
Recent Comments