{"id":167,"date":"2012-06-11T04:29:12","date_gmt":"2012-06-11T04:29:12","guid":{"rendered":"http:\/\/rmohan.com\/?p=167"},"modified":"2012-06-11T04:29:12","modified_gmt":"2012-06-11T04:29:12","slug":"setup-caching-on-apache","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=167","title":{"rendered":"Setup Caching on Apache"},"content":{"rendered":"

Setup Caching on Apache<\/strong><\/p>\n

Setup Caching<\/p>\n

Please note that caching will only work for non-secure data. It is not possible to cache data from a HTTPS url.
\nTo configure caching, we’ll first have to enable it in apache:<\/p>\n

Start yast
\n Go to network services
\n Select the \u201cHTTP Server\u201d
\n Go to \u201cServer Modules\u201d:
\n Enable these modules
\n cache
\n diskcache<\/p>\n

Save the changes.<\/p>\n

Note: If you forget to enable the cache module you’ll get this warning:<\/p>\n

sjoerd@reverseproxy:\/etc\/apache2\/vhosts.d> sudo \/etc\/init.d\/apache2 restart
\nhttpd2-prefork: Syntax error on line 116 of \/etc\/apache2\/httpd.conf: Syntax error on line 26 of \/etc\/apache2\/sysconfig.d\/loadmodule.conf: Cannot load \/usr\/lib64\/apache2-prefork\/mod_disk_cache.so into server<\/p>\n

Second disk<\/p>\n

Add a second disk to the VM and configure it to mount on \/var\/cache\/apache, the default location for apache cache.<\/p>\n

Disk size: 8 GB
\n file system ext3, no access time
\n Mountpoint: \/var\/cache\/apache<\/p>\n

reverseproxy:~ # mount
\n…
\n\/dev\/sdb1 on \/var\/cache\/apache type ext3 (rw,noatime,acl,user_xattr)<\/p>\n

And set the owner:<\/p>\n

sudo chown -R wwwrun:root \/var\/cache\/apache<\/p>\n

Apache Cache<\/p>\n

Set the configuration below inside the vhost config file.<\/p>\n

# Caching
\nCacheRoot \/var\/cache\/apache
\nCacheEnable disk \/
\nCacheDirLevels 1
\nCacheDirLength 1
\nCacheDefaultExpire 7200
\nCacheMaxExpire 86400
\nCacheIgnoreNoLastMod On
\nCacheMaxFileSize 2048000
\nCacheStorePrivate On<\/p>\n

Apache Cache Resources
\nhttp:\/\/httpd.apache.org\/docs\/2.2\/caching.html
\nhttp:\/\/httpd.apache.org\/docs\/2.2\/mod\/mod_disk_cache.html
\nhttp:\/\/www.mnot.net\/cache_docs\/
\nhttp:\/\/en.wikipedia.org\/wiki\/List_of_HTTP_status_codes
\nSwitch From https To http<\/p>\n

This is not really possible, if you need \u201cProxyPreserveHost on\u201d in Apache. Our application needs that to work through a reverse proxy, setting it to off breaks it. We wanted to configure the reverse proxy from https on the outside, to http on the inside but that seems impossible. It is either http to http, or https to https. I tested both, and they work, but unfortunely switching from https on the outside to http on the inside does not. I experimented with rewriterules, requestheader, and a couple of settings more, no luck.
\nMod Security<\/p>\n

We want to offload the application webserver as much as possible which means we’ll also implement mod_security on the reverse proxy. This will offload and simplify the application webserver.<\/p>\n

Mod Security 2.x has these requirements:<\/p>\n

Apache 2.2.x (highly recommended)
\n Apache module mod_unique_id
\n libapr & libapr-util
\n libpcre
\n libxml2<\/p>\n

All modules are already installed by default. Note that libpcre is known as ‘pcre’ on SLES.<\/p>\n

You just have to enable the module mod_unique_id as it is not enabled by default.
\nRestart to make your changes effective and run httpd2 -M to see if all modules are loaded.
\nIf everything is loaded stop apache.
\nMod Security Installation<\/p>\n

Make sure you have access to the SLES SDK Sources. Since we have an SLES Installation Update Server 11 I could download the SDK ISO DVD1 (which holds all required files) and add it to my software repository.<\/p>\n

The ISO can be downloaded from here: SLES 11 SP1 SDK Download (A Novell account is required). The file you need to download is called: SLE-11-SP1-SDK-DVD-x86_64-GM-DVD1.iso<\/p>\n

After installing, it’s mostly just a module but not entirely. You need to to enable two modules now, the mod_unique_id which is a normal module and can be enabled the normal way:<\/p>\n

yast2 ? network services ? http server ? server modules
\n select the module and enable it<\/p>\n

The second module to enable is mod_security. Since it is not recognized by apache as a module we have to manually add the module to the modulelist.
\nFind the APACHE_MODULES in the apache2 sysconfig file and add the module like below:<\/p>\n

reverseproxy:\/var\/log\/apache2 # vi \/etc\/sysconfig\/apache2
\nAPACHE_MODULES=”authz_host actions alias auth_basic authz_groupfile authn_file authz_user autoindex cgi dir include log_config mime negotiation setenvif status userdir asis cache disk_cache imagemap proxy<\/p>\n

Restart apache and check wether the modules are running by issuing the ‘httpd2 -M’ command:<\/p>\n

reverseproxy:\/var\/log\/apache2 # httpd2 -M
\nLoaded Modules:
\n core_module (static)
\n mpm_prefork_module (static)
\n http_module (static)
\n so_module (static)
\n authz_host_module (shared)
\n actions_module (shared)
\n alias_module (shared)
\n auth_basic_module (shared)
\n authz_groupfile_module (shared)
\n authn_file_module (shared)
\n authz_user_module (shared)
\n autoindex_module (shared)
\n cgi_module (shared)
\n dir_module (shared)
\n include_module (shared)
\n log_config_module (shared)
\n mime_module (shared)
\n negotiation_module (shared)
\n setenvif_module (shared)
\n status_module (shared)
\n userdir_module (shared)
\n asis_module (shared)
\n cache_module (shared)
\n disk_cache_module (shared)
\n imagemap_module (shared)
\n proxy_module (shared)
\n proxy_connect_module (shared)
\n proxy_http_module (shared)
\n rewrite_module (shared)
\n ssl_module (shared)
\n unique_id_module (shared)
\n authz_default_module (shared)
\n security2_module (shared)
\nSyntax OK<\/p>\n","protected":false},"excerpt":{"rendered":"

Setup Caching on Apache<\/p>\n

Setup Caching<\/p>\n

Please note that caching will only work for non-secure data. It is not possible to cache data from a HTTPS url. To configure caching, we’ll first have to enable it in apache:<\/p>\n

Start yast Go to network services Select the \u201cHTTP Server\u201d Go to \u201cServer Modules\u201d: Enable these […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/167"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=167"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/167\/revisions"}],"predecessor-version":[{"id":168,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/167\/revisions\/168"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}