[Support] Linuxserver.io - Apache

[CHBMB]

When you initially setup Owncloud it asks you what the owncloud data directory is.

[JonathanM]

I've been beating my head against google for the past couple hours trying to figure this out, and I thought possibly somebody here might know the answer since my google-fu apparently sucks today.

 

I want to reverse proxy an internal site that does not allow url base settings at /, and move what is currently served at /* to a subdirectory like /apps/*.

 

To restate, I want requests to foo.com/ to respond with a proxy redirection of a local 192.168.1.10:8080 type address, and requests to foo.com/apps/ to serve the contents of /config/www, along with the standard redirections like foo.com/sonarr/ proxying 192.168.1.11/sonarr/

 

Thanks!

[cirkator]

Linuxserver.io devs, would i be possible to include fail2ban into this docker?

If so, have you thought of adding it? Would be perfect.

 

There is a nginx/let´s encrypt docker available here with fail2ban included, but i have everything set up in apache and dont want to change to nginx if possible.

[gshlomi]

Any change of Let's Encrypt + Fail2Ban built into the container ?

pretty please ??

;)

[Pducharme]

Is this possible (maybe it is already) to have a script running at docker boot time to adjust php settings?  Im using the ls.io Apache docker to host my WordPress 4.5.2 and it works great. This same docker is used for my reverse proxy with ssl and with Plexconnect!

[CHBMB]

Is this possible (maybe it is already) to have a script running at docker boot time to adjust php settings?  Im using the ls.io Apache docker to host my WordPress 4.5.2 and it works great. This same docker is used for my reverse proxy with ssl and with Plexconnect!

 

It actually is already possible and I've posted how to do it here...

 

However, we're not supporting this feature other than telling people it exists.  Implement it and you're completely on your own. 

[gshlomi]

Got a message saying there's an update to the Apache container.

Any changelog?

10x

 

Sent from my LG-D802 using Tapatalk

 

 

[CHBMB]

gshlomi it's probably just an update to our base image.  Rather than a fundamental change to the container.

[Pducharme]

I have another issue with the Reverse Proxy, for Couchpotato.

 

I have the following config :

 

        
<Location /couch>
        ProxyPass http://192.168.2.6:5050/couch
        ProxyPassReverse http://192.168.2.6:5050/couch
</Location>

 

And in Couch, I have the urlbase to couch.

 

It always give me a blank page if I go with the reverse proxy URL and /couch.  But, if i go with 192.168.2.6:5050/couch, it works. 

 

Any idea ?

[CHBMB]

I have another issue with the Reverse Proxy, for Couchpotato.

 

I have the following config :

 

        
<Location /couch>
        ProxyPass http://192.168.2.6:5050/couch
        ProxyPassReverse http://192.168.2.6:5050/couch
</Location>

 

And in Couch, I have the urlbase to couch.

 

It always give me a blank page if I go with the reverse proxy URL and /couch.  But, if i go with 192.168.2.6:5050/couch, it works. 

 

Any idea ?

 

Mine is set to /couch in the app and my reverse proxy config is exactly the same. 

 

Have you tried restarting both containers and clearing the browser cache.

[bubbaQ]

I needed to tweak the php.ini file, so I copied your /etc/php5/apache2/php.ini file to the local appdata/Apache config and added a path in the template:

 

<Config Name="php ini file" Target="/etc/php5/apache2/php.ini" Default="/mnt/cache/appdata/Apache/php.ini" Mode="ro" Description="Container Path: /etc/php5/apache2/php.ini" Type="Path" Display="advanced" Required="false" Mask="false">/mnt/cache/appdata/Apache/php.ini</Config>

 

This might be useful to others.

[CHBMB]

Thanks bubbaQ that's a great idea.

[tayshun12]

I gotta take some time to say you rock! 

[mattail]

I'm trying to install magento during the installation i get a message that I need to install some php extensions.

Do you know it is possible?

I've tried from putty with the "apt-get" command but that command does not exist.

[chaosratt]

Alright, I've gotten Let's Encrypt working in this. Its *very* crude, and this method voids your warranty from LS.io!

 

Add an environmental variable to your docker:

ADVANCED_SCRIPT = true

 

in your appdata/apache/ folder (note, the root! not the appdata/apache/apache/!) make two files:

 

userscript.sh

apt-get install git -y

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

/opt/letsencrypt/letsencrypt-auto --apache --config /config/letsencrypt.ini

 

letsencrypt.ini

# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Certbot with
# "--help" to learn more about the available options.

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Uncomment and update to register with the specified e-mail address
email = <VALID EMAIL>

# Uncomment and update to generate certificates for the specified
# domains.
domains = <YOU FQDN>

# Uncomment to use a text interface instead of ncurses
text = True

# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01

# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
#authenticator = webroot
#webroot-path = /config/www/

agree-tos

 

At this point go to your appdata/apache/apache/site-confs/defualt.conf and change the key locations:

SSLCertificateFile "/etc/letsencrypt/live/<domain>/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/<domain>/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/<domain>/chain.pem"

 

This doesn't have any kind of cron to auto-renew every 60 days like is recommended, and there's no checking if it already has a cert so it tries to re-issue on every reboot of the docker, but it should be a good starting point.

 

I welcome any feedback on this.

[Wob76]

Hi,

 

My log file "other_vhosts_access.log" is rather large 427Mb at the moment, the settings enable\disable it are not in the config folder, nor any of the logrotate settings.

 

Could the docker be modified to expose settings to help reduce log files, my preference would be to have it included in logrotate.

 

Thanks,

Wob

[lionelhutz]

Could you install pear as part of this Docker?

 

[CHBMB]

Just tested mine...... 

 

 

This will also redirect all http traffic to https

 

<VirtualHost *:80>
ServerName server.com
ServerAlias server.com
DocumentRoot /config/www/

Redirect permanent / https://server.com/

</VirtualHost>

<VirtualHost *:443>
ServerName server.com
ServerAdmin webmaster@localhost
DocumentRoot /config/www/

SSLCertificateFile /config/keys/server.com.crt
SSLCertificateKeyFile /config/keys/decrypted.key
SSLCertificateChainFile /config/keys/root_bundle.crt
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

SSLEngine on
SSLProxyEngine On
RewriteEngine On
ProxyPreserveHost Off

SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLHonorCipherOrder on


</VirtualHost>

 

[mattekure]

I currently have this docker set up and running and the web root is located on the cache drive.  This is fine for the most part, but I have one folder that I need to share that contains several large files that would be too big for my cache drive.  Is it possible to link to folders/files that are stored in one of the shares and not on the cache drive?  If so, how?  If this is a really bad idea for some reason I cant think of, please let me know. 

[CHBMB]

I currently have this docker set up and running and the web root is located on the cache drive.  This is fine for the most part, but I have one folder that I need to share that contains several large files that would be too big for my cache drive.  Is it possible to link to folders/files that are stored in one of the shares and not on the cache drive?  If so, how?  If this is a really bad idea for some reason I cant think of, please let me know.

 

Wouldn't it be easier to just move the /config mount point to whichever drive the big files are on?

[mattekure]

Probably.  But I'd like to avoid having the drives spun up all the time for general access.  The larger files are accessed infrequently, so ideally they could be on a drive that only gets spun up when they need to be and have for the rest of the time, its only the cache drive that gets used. 

 

I currently have this docker set up and running and the web root is located on the cache drive.  This is fine for the most part, but I have one folder that I need to share that contains several large files that would be too big for my cache drive.  Is it possible to link to folders/files that are stored in one of the shares and not on the cache drive?  If so, how?  If this is a really bad idea for some reason I cant think of, please let me know.

 

Wouldn't it be easier to just move the /config mount point to whichever drive the big files are on?

[CHBMB]

Then add the share as a separate mount point and try.  Can't see why it wouldn't work...

[mattekure]

I'll try it tonight.  Hopefully its that simple.  I thought that apache had security limitations to stop it from pointing to things outside the webroot, but I could be wrong.

 

In unraid, is it possible to mount a path within another mounted path?

 

For exmaple, currently I have

/config mounted to /mnt/cache/appdata/apache

 

could I also add a second mount point like this:

/config/www/myfolder -> /mnt/user/webshareWithFiles

 

Then add the share as a separate mount point and try.  Can't see why it wouldn't work...

[CHBMB]

In unraid, is it possible to mount a path within another mounted path?

 

For exmaple, currently I have

/config mounted to /mnt/cache/appdata/apache

 

could I also add a second mount point like this:

/config/www/myfolder -> /mnt/user/webshareWithFiles

 

 

Just tried it and it seems to work in that I can navigate /mnt/user/webshareWithFiles from within the container environment.

 

[ken-ji]

I'll try it tonight.  Hopefully its that simple.  I thought that apache had security limitations to stop it from pointing to things outside the webroot, but I could be wrong.

 

In unraid, is it possible to mount a path within another mounted path?

 

For exmaple, currently I have

/config mounted to /mnt/cache/appdata/apache

 

could I also add a second mount point like this:

/config/www/myfolder -> /mnt/user/webshareWithFiles

 

Then add the share as a separate mount point and try.  Can't see why it wouldn't work...

 

Apache has some restrictions for directories outside the document root. But a mount (bare metal or container) is a very special case. Unless the app is looking for the mount specifically, the app never sees the mount. which is how UNIX has been working all this time with the 'everything is a file' paradigm. Devices are files, and devices (the filesystems in them) are mounted as directories/sub-directories off the (only) root tree.