Configuration (Apache)
Log Rotation
There are two ways to ensure your logs get rotated...
- logrotate - The standard, cross application log rotation solution. Its very reliable and easy to configure, but requires that Apache is restarted every time your log is rotated so that it follows the log switch around.
- rotatelog pipe - Has more overhead as logs are piped to a child process to handle, but doesn't require Apache restarts.
rotatelog
Edit you existing config file to redirect logging through the child rotatelogs process, this will probably be found in either your site config (EG in /etc/apache2/sites-enabled
) or your Apache service config (EG in /etc/apache2/
)
ErrorLog "|/usr/sbin/rotatelogs /var/log/apache2/error-%Y-%m-%d.log 86400" CustomLog "|/usr/sbin/rotatelogs /var/log/apache2/access-%Y-%m-%d.log 86400" combined
Check that the path for rotatelogs
is correct (search using find / -iname rotatelogs
)
Restart Apache, perform a test page load on your site (that would generate log entries), and check that a log file has been generated as per your config
User/pass restrictions
To restrict access to a site with a username and password
- Create a user/pass entry in a file for a username
htpasswd -c /etc/apache2/htusers username
- Add the relevant bits to the config file for the website (see below)
- EG
/etc/apache2/sites-available/your-website
file, eg
- EG
- Restart the apache service
apache2ctl -k graceful
<Directory /> AuthType Basic AuthName "Restricted Access" AuthUserFile /etc/apache2/htusers Require valid-user </Directory>
See also Secure Website
Status Page
Apache comes with its own in-built status page which, whilst not particularly pretty, gives a good overview of how your web-server is running. In the more recent versions of Apache its enabled by default, but only accessible from localhost.
To check that its enabled, look in /etc/apache/mods-enabled/
for two file link for status.conf
and status.load
. If not, create so that its enabled when you next restart Apache...
cd /etc/apache/mods-enabled
ln -s ../mods-available/status.load status.load
ln -s ../mods-available/status.conf status.conf
Edit the status.conf
to add the IP address(es) that you want to be able to (see http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow for guidance on this). Also enable ExtendedStatus
. Example config file...
<IfModule mod_status.c> # # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Uncomment and change the ".example.com" to allow # access from other hosts. # ExtendedStatus On <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 192.168.1.0/24 123.234.5.6 </Location> </IfModule>
Restart Apache to apply (apache2ctl -k graceful
), then access through through an URL similar to http://www.domain.com/server-status.
If you also add 127.0.0.1
to the Allow from
statement above you can get a status output to the console by using...
apache2ctl fullstatus
For further info see http://httpd.apache.org/docs/2.2/mod/mod_status.html