Upgrading PHP Version on Ubuntu 14.04

Once it was necessary to upgrade the version of PHP 5.5.9 to 5.6 on Ubuntu Server 14.04 LTS, the usual update of the system components did not help:

sudo apt-get update
sudo apt-get upgrade

You can try to upgrade the system to 16.04 or higher as I described in the article Updating Ubuntu 14.04 to 16.04. Together with the system will be updated and PHP.

If the system update fails, you can add a third-party source with PHP:

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

And install the correct version from it, for example PHP 5.6:

sudo apt-get install php5.6 php5.6-mbstring php5.6-mcrypt php5.6-mysql php5.6-xml

Since there are several installed versions, disable the old version and activate the installed one:

sudo a2dismod php5
sudo a2enmod php5.6
sudo service apache2 restart

Similarly, you can install PHP 7.2:

sudo apt-get install php7.2
sudo a2dismod php5.6
sudo a2enmod php7.2
sudo service apache2 restart

Or PHP 7.0:

sudo apt-get install php7.0
sudo a2dismod php7.2
sudo a2enmod php7.0
sudo service apache2 restart

Install Apache JMeter in Ubuntu

Apache JMeter — load testing tool.

For Apache JMeter you need to install Java, see my article – Installing Java on Linux.

For an example I’ll install Apache JMeter in Ubuntu Desktop 18.04.

After Java is installed, copy the link to the archive with the latest version of Apache JMeter from the official site http://jmeter.apache.org/download_jmeter.cgi and download it:

wget http://apache.volia.net//jmeter/binaries/apache-jmeter-4.0.tgz

Extract the archive:

tar -xf apache-jmeter-4.0.tgz

Run:

cd apache-jmeter-4.0/bin/
./jmeter

After the startup, a message was displayed that you can create tests in the Apache JMeter graphical mode, and you can execute them only from the terminal, for example:

jmeter -n -t [jmx file] -l [results file] -e -o [Path to web report folder]

By the way, Apache JMeter in Windows is run through the jmeter.bat file.

Monitoring of Apache2 parameters in Zabbix

Install the necessary components:

sudo apt-get install curl

Activate the module information about apache2 (usually it is activated initially):

sudo a2enmod info

Open the configuration file of the module and specify the IP address of the zabbix server to allow it to view information about apache2 (if apache2 is on the local machine, then access is usually allowed by specifying local or 127.0.0.1):

sudo nano /etc/apache2/mods-enabled/status.conf

In the nano editor, CTRL+X is used to exit and y/n to save or discard changes. Example of specifying IP:

<Location /server-status>
    SetHandler server-status
    Require local
    Require ip 192.168.1.5
</Location>

Restart the web server to apply the changes:

sudo service apache2 restart

Now the information about apache2 is available through the browser by the link http://HOST/server-status

Let’s move on to Zabbix. Create a folder for scripts if it does not exist:

mkdir /etc/zabbix/scripts/
chown root:zabbix -R /etc/zabbix/scripts/
chmod 750 /etc/zabbix/scripts/

In the zabbix server configuration file, we specify the path to this folder:

sudo nano /etc/zabbix/zabbix_server.conf
ExternalScripts=PATH

Now I will give the content of the script:

#!/bin/bash
if [[ -z "$1" || -z "$2" || -z "$3" ]]; then
  exit 1
fi
##### PARAMETERS #####
RESERVED="$1"
METRIC="$2"
URL="$3"
STATSURL="${URL}?auto"
#
CACHE_TTL="55"
CACHE_FILE="/tmp/zabbix.apache2.`echo ${URL} | md5sum | cut -d" " -f1`.cache"
EXEC_TIMEOUT="2"
NOW_TIME=`date '+%s'`
##### RUN #####
if [ -s "${CACHE_FILE}" ]; then
  CACHE_TIME=`stat -c"%Y" "${CACHE_FILE}"`
else
  CACHE_TIME=0
fi
DELTA_TIME=$((${NOW_TIME} - ${CACHE_TIME}))
#
if [ ${DELTA_TIME} -lt ${EXEC_TIMEOUT} ]; then
  sleep $((${EXEC_TIMEOUT} - ${DELTA_TIME}))
elif [ ${DELTA_TIME} -gt ${CACHE_TTL} ]; then
  echo "" >> "${CACHE_FILE}" # !!!
  DATACACHE=`curl -sS --insecure --max-time ${EXEC_TIMEOUT} "${STATSURL}" 2>&1`
  echo "${DATACACHE}" > "${CACHE_FILE}" # !!!
  echo "URL=${URL}"  >> "${CACHE_FILE}" # !!!
  chmod 640 "${CACHE_FILE}"
fi
#
if [ "${METRIC}" = "accesses" ]; then
  cat "${CACHE_FILE}" | grep -i "accesses" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "kbytes" ]; then
  cat "${CACHE_FILE}" | grep -i "kbytes" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "cpuload" ]; then
  cat "${CACHE_FILE}" | grep -i "cpuload" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "uptime" ]; then
  cat "${CACHE_FILE}" | grep -i "uptime" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "avgreq" ]; then
  cat "${CACHE_FILE}" | grep -i "ReqPerSec" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "avgreqbytes" ]; then
  cat "${CACHE_FILE}" | grep -i "BytesPerReq" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "avgbytes" ]; then
  cat "${CACHE_FILE}" | grep -i "BytesPerSec" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "busyworkers" ]; then
  cat "${CACHE_FILE}" | grep -i "BusyWorkers" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "idleworkers" ]; then
  cat "${CACHE_FILE}" | grep -i "idleworkers" | cut -d':' -f2 | head -n1
fi
if [ "${METRIC}" = "totalslots" ]; then
  cat "${CACHE_FILE}" | grep -i "Scoreboard" | cut -d':' -f2 | sed -e 's/ //g' | wc -c | awk '{print $1-1}'
fi
#
exit 0

Let’s make the script file executable:

chown root:zabbix /etc/zabbix/scripts/apache2-status.sh
chmod 550 /etc/zabbix/scripts/apache2-status.sh

Script validation example:

sudo -u zabbix /etc/zabbix/scripts/apache2-status.sh none accesses http://HOST/server-status

Open the zabbix agent configuration file in the editor:

sudo nano /etc/zabbix/zabbix_agentd.conf

And we will specify the following parameters:

UserParameter=apache2[*],/etc/zabbix/scripts/apache2-status.sh "none" "$1" "$2"

Some commands allow you to see the number of apache2 processes and connections to port 80, for this you do not need a script, for example, you can specify:

UserParameter=apache2.count_processes,ps aux | grep apache | wc -l
UserParameter=connections_on_80_port,netstat -na | grep :80 | wc -l

Restart the zabbix agent to apply the changes:

sudo /etc/init.d/zabbix-agent restart

Let’s check:

zabbix_get -s 127.0.0.1 -k "apache2[accesses,http://HOST/server-status]"

Now we will create a template and add data elements, an example of created data items:

apache2[KEY,http://HOST/server-status]

Exported ready template – apache2-status

We also need to add a macro to the monitored host:

Macro: {$APACHE_STATS_URL}
Value: http://HOST/server-status

Done.

The number of apache2 processes can be obtained from the Zabbix agent by creating on the Zabbix server a data element with a key:

proc.num[apache2]

Installing and Configuring the Apache2 Web Server

Apache HTTP Server – named after the tribes of the North American Indians of Apache, is also an abbreviation of “a patchy server” – a free web server.

An example of an installation command in Ubuntu:

sudo apt-get install apache2

Example installation in CentOS:

yum install httpd

We check to open in the browser the address http://HOSTNAME
Normally, a standard inscription should appear “It works!“.

Web Storage Directory – /var/www/
Directory of configuration files – /etc/apache2/

A separate virtual host is created for each site. The standard virtual host file is located at /etc/apache2/sites-available/000-default.conf

Suppose we have an example.net domain. Create a new file in the /etc/apache2/sites-available/example.conf and prescribe the settings in it:

<VirtualHost *:80>
     ServerAdmin admin@example.net
     ServerName example.net
     ServerAlias www.example.net
     DocumentRoot /var/www/example.net/

     <Directory /var/www/example.net>
     Options -Indexes
     AllowOverride All
     Order allow,deny
     allow from all
     </Directory> 

     #You can restrict IP access to some directories, for example, the admin panel in this way:
     <Directory /var/www/example.net/admin>
     Order allow,deny
     allow from 127.0.0.1 192.168.0.47 172.16.30.5
     </Directory>

     ErrorLog /var/log/example.net.error.log
     CustomLog /var/log/example.net.access.log combined
</VirtualHost>

I’ll describe the options I mentioned above:
-Indexes – in the absence of index files index.php, index.html, etc. the contents of the directories will not be displayed.
FollowSymLinks – allows you to navigate through symbolic links.
-MultiViews – if you specify an example of a non-existent directory http://example.net/img/ the inclusion of this directive will allow you to redirect to the file http://example.net/img.php or http://example.net/img.jpg etc . if any one of them exists, such manipulations can badly affect the indexing of links by search engines, so it is better to disable this directive.
AllowOverride All – allows the use of additional configuration files. htaccess.

Next, make a link to this file in the directory /etc/apache2/sites-enabled/. You can do this with commands (the second one to delete, ending .conf is not specified):

sudo a2ensite TEXT
sudo a2dissite TEXT

If you need to activate any modules, you can also do this by eg commands (the first command to enable, the second to disable):

sudo a2enmod rewrite
sudo a2dismod rewrite

To activate additional configuration files:

sudo a2enconf TEXT
sudo a2disconf TEXT

Now create a directory for the site and copy the files into it:

sudo mkdir /var/www/example.net

Let’s edit some web server security settings:
sudo nano /etc/apache2/conf.d/security

ServerTokens OS
to:
ServerTokens Prod

ServerSignature On
to:
ServerSignature Off

Restart Apache2 for the changes to take effect:

sudo /etc/init.d/apache2 restart
sudo service apache2 restart

If the server uses many IP addresses, and apache2 should not work at all, then you can specify in which it works in /etc/apche2/ports.conf, you can also change the port, for example:

Listen 192.0.3.1:80
Listen 192.0.1.10:8080

To work at all:

Listen 80

See also:
Access Control Apache2
Installing and Configuring Nginx

The solution of the error “Permission denied: .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable”

I noticed somehow the following error:

[Mon Sep 05 10:24:38 2016] [crit] [client 192.168.1.1] (13)Permission denied: /home/user/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Before the error occurred, I moved the files through sudo (from the root user) and to return the rights I executed the command:

sudo chown user:user -R /home/user/public_html

Which changed the owner to the one specified in all the subfolders and files, but the other directory should have been specified to the public_html directory (not its contents), because of which apache2 wrote that access was denied. Therefore, if you point to the public_html of the user and the group from which apache2 is running, the error disappears.
It can also be helped by specifying permissions 777 on this folder, it will give full access to all users (but this option is better not to use for security purposes).

Installing the PageSpeed module

On the test, I install the PageSpeed module in Ubuntu Server 14.04.5 LTS and CentOS

Download page with different versions of the module https://modpagespeed.com/doc/download
https://developers.google.com/speed/pagespeed/module/

And so, download the stable version for Debian / Ubuntu:

sudo wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb

Or for CentOS / Fedora:

https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm

Install in Ubuntu, the module is automatically activated:

sudo dpkg -i mod-pagespeed-*.deb
sudo apt-get -f install

In CentOS like this:

sudo yum install at
sudo rpm -U mod-pagespeed-*.rpm

Restart apache2 to apply the changes:

sudo service apache2 restart
sudo /etc/init.d/apache2 restart

Done, the module is installed.

In the future, it will be updated with the system commands:

sudo apt-get update
sudo apt-get upgrade

If necessary, you can deactivate / activate the module with the commands:

sudo a2dismod pagespeed
sudo a2enmod pagespeed

Or completely delete:

sudo apt-get remove mod-pagespeed-stable
sudo yum remove mod-pagespeed-stable

The configuration files for the module are located at:
/etc/apache2/mods-available/pagespeed.conf
/etc/httpd/conf.d/

Solution of the error “Invalid command ‘AuthGroupFile'”

I noticed once the following error:

AH00526: Syntax error on line 26 of /etc/apache2/sites-enabled/000-default.conf:
Invalid command ‘AuthGroupFile’, perhaps misspelled or defined by a module not included in the server configuration
Action ‘configtest’ failed.
The Apache error log may have more information.

It is solved simply by activating the module:

sudo a2enmod authz_groupfile

Restart apache2 to apply the changes:

sudo service apache2 restart

Done.

How to fix “client denied by server configuration” error

I noticed once in the browser the error of opening a GoIP SMS crypt:

[authz_core:error] [pid 23415] [client 192.168.56.1:50388] AH01630: client denied by server configuration: /usr/local/goip/

As it turned out, the script was supposed to work in apache2 version 2.2 and in the file /etc/apache2/conf-enabled/goip.conf the following parameters were specified:

Order allow,deny
Allow from all

And in my case, an apache2 version of the newer 2.4 was installed, in which access control is configured a little differently, and to fix the error, change the above parameters to:

Require all granted

Or to restrict access to IP by resolving locally and to specified addresses:

Require local
Require ip 192.168.56.1 192.168.22.10

And restart apache2 to apply the changes:

sudo service apache2 restart

See also:
Access Control Apache2

How to fix the error “Invalid command ‘RewriteEngine'”

I noticed one error after installing FreePBX:

Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration

To solve it, you need to activate the rewrite module in apache2:

sudo a2enmod rewrite

And restart apache2 to apply the changes:

sudo service apache2 restart

Done.

Access Control Apache2

Access control Apache2 version 2.4 slightly different from 2.2, for example, to allow access to all, in version 2.4 you need to specify:

Require all granted

Allow access to the specified IP addresses:

Require local
Require ip 192.168.56.1 192.168.22.10

Allow all but the specified IP:

Require all granted
Require not ip 192.168.56.1

Allow the specified host:

Require host example.com

Prohibit all:

Require all denied

And in the version of Apache2 2.2, permit everyone access like this:

Order allow,deny
Allow from all

Prohibit all:

Order deny,allow
Deny from all

Allow access by specified IP:

Order allow,deny
Allow from 192.168.56.1 192.168.22.10

Allow the specified host:

Order Deny,Allow
Deny from all
Allow from example.com

After the changes in the Apache2 configuration, a reboot is required (if the changes were in the .htaccess file, then the reboot is not required):

sudo service apache2 restart

See also:
Using .htaccess