Tag Archives: httpd

How to install Apache HTTP Server service script

Recently, after some software and hardware changes, I was forced to rebuild a CentOS 6.5-based virtual machine.  Because the CentOS repository does not include Apache HTTP Server 2.4, and I’m not a big fan of third-party repositories, I decided to compile httpd from source.  When compiling the HTTP server from source, the system administrator is not provided with any service management script; thus, I began my search.

I found a simple service script in an archived version of an old Red Hat user guide, which made things a little easier.

#!/bin/sh
#
# Startup script for the Apache Web Server
#
# chkconfig: 345 85 15
# description: Apache is a World Wide Web server.  It is used to serve 
#	       HTML files and CGI.
# processname: httpd
# pidfile: /var/run/httpd.pid
# config: /etc/httpd/conf/httpd.conf

# Source function library.
. /etc/rc.d/init.d/functions

# See how we were called.
case "$1" in
start)
echo -n "Starting httpd: "
daemon httpd -DSSL
echo
touch /var/lock/subsys/httpd
;;
stop)
echo -n "Shutting down httpd: "
killproc httpd
echo
rm -f /var/lock/subsys/httpd
rm -f /var/run/httpd.pid
;;
status)
status httpd
;;
restart)
$0 stop
$0 start
;;
reload)
echo -n "Reloading httpd: "
killproc httpd -HUP
echo
;;
*)
echo "Usage: $0 {start|stop|restart|reload|status}"
exit 1
esac

exit 0

To create the service script file, follow these directions:

# Create httpd script
touch /etc/init.d/httpd

# Upload, or copy and paste the script contents
nano /etc/init.d/httpd

# Set desired permissions
chmod 0755 /etc/init.d/httpd

# Start httpd on boot, if desired
chkconfig --add httpd
chkconfig httpd on

Upon careful review, you’ll notice the service script assumes that the httpd binary is globally accessible.  Under my minimal CentOS installation, httpd was installed in /usr/local/apache2. While there are more than a few methods for accomplishing this goal, we’ll use a symbolic link.

# Create symbolic link to apachectl
ln -s /usr/local/apache2/bin/apachectl /usr/sbin/httpd

After that, I executed the script which caused a “bad interpreter” error.

[root@localhost]# /etc/init.d/httpd
-bash: ./httpd: /bin/sh^M: bad interpreter: No such file or directory

This error occurs when a file contains CRLF-style line endings (Windows) instead of the LF-style line endings required by Unix-based systems. Luckily, someone invented a utility that fixes this problem quickly and painlessly.

# Install dos2unix
yum install dos2unix

# Fix "bad interpreter" error
dos2unix /etc/init.d/httpd

After that, I could start, stop, and restart the httpd server without any problems. On the other hand, when I tried to retrieve the status directly from the httpd binary (apachectl), I encountered another problem. Luckily, this problem was also easily solvable.

httpd status
# Output: /usr/sbin/httpd: line 95: lynx: command not found

# Install Lynx browser
yum install lynx

And… that’s it!

Preparing an SSL certificate for use with AWS Elastic Load Balancer

Today I was tasked with re-keying our SSL certificate in preparation for the implementation of Amazon Web Service’s Elastic Load Balancer service.  In order to properly implement the load balancer into our existing architecture, it must be able to handle SSL connections.  We current employ GoDaddy’s Premium SSL Certificate, which gives you the familiar green bar in the address bar of your browser.  After copying and pasting the private key, certificate, and certificate chain data into the provided inputs, Amazon returned the following message: “Invalid private key.”

When I generate SSL certificate signing requests, I generally use the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Unfortunately, the resultant format is not compatible with AWS’s Elastic Load Balancer.  In order to counter the “Invalid private key” error, I issued the following commands:

openssl genrsa -des3 -out yourdomain.key 2048
openssl req -new -key yourdomain.key -out yourdomain.csr

After that, copy and paste the CSR contents into the CSR input provided by GoDaddy.  After doing this, I attempted to restart Apache HTTP Server, and noticed the following errors in /etc/httpd/logs/error_log.

[Mon Oct 07 17:55:24.779930 2013] [ssl:emerg] [pid 23786] AH02204: Init: Pass phrase incorrect for key of yourdomain:443
[Mon Oct 07 17:55:24.779981 2013] [ssl:emerg] [pid 23786] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

[Mon Oct 07 17:55:24.780076 2013] [ssl:emerg] [pid 23786] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 07 17:55:24.780093 2013] [ssl:emerg] [pid 23786] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)

Unfortunately, the new private key required a passphrase and Apache didn’t like that. While there are a number of approaches to resolve the issue between Apache and private key passphrases, I chose to remove it, both for the sake of simplicity, and because the Elastic Load Balancer will not accept a private key containing a passphrase. To remove the passphrase, use the following command:

openssl rsa -in yourdomain.key -out yourdomain.key.nopass

At this point, the HTTP server can be restarted, and the SSL certificate’s private key will work with Amazon Web Service’s Elastic Load Balancer.

Redirect from base URL using Apache HTTP Server

What I was trying to accomplish was quite simple—redirection from the base URL (e.g. http://webjawns.com) to a specified path within the same domain.  Even with a lot of experience, one can easily fall prey to assumptions about proper Redirect usage.  Instead of working as expected, the code below caused the repeated concatenation of the destination URL term (“tools” in this example).

# The WRONG way to redirect from the base URL
Redirect / /tools
Redirect / http://webjawns.com/tools

Traditionally, the Redirect directive is used as a simple method of redirection from one page to another. In the following example, the HTTP server will redirect the end user from old-index.html to new-index.html.


# Redirect from old-index.html to new-index.html
Redirect /old-index.html /new-index.html

If there is a way to use a Redirect directive to accomplish redirection from the base URL, I have not figured it out. To solve this problem, I used the rewrite engine, which works flawlessly.


RewriteEngine On
RewriteRule ^/$ http://tools.caffeinatedaviator.com/xgoflight [R=302,L]