Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

mastodon.ie: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.2

#apache2

0 posts0 participants0 posts today
:projetstodon: Shalien<p>Dear <a href="https://mastodon.projetretro.io/tags/fediadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fediadmin</span></a>, regarding the current ongoing full force assault on our services by AI scrappers with all the risks associated (costs, services stability, data being stolen and so on) I can only recommend the setting up of <a href="https://mastodon.projetretro.io/tags/techaro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>techaro</span></a> <a href="https://mastodon.projetretro.io/tags/anubis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anubis</span></a> requests filter to "weight the souls of incoming HTTP requests"</p><p>I tested it so far on <a href="https://mastodon.projetretro.io/tags/alpine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alpine</span></a> <a href="https://mastodon.projetretro.io/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a> deployed services with either <a href="https://mastodon.projetretro.io/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddy</span></a> , <a href="https://mastodon.projetretro.io/tags/apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apache2</span></a> / <a href="https://mastodon.projetretro.io/tags/httpd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>httpd</span></a> and <a href="https://mastodon.projetretro.io/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nginx</span></a> for the following services <a href="https://mastodon.projetretro.io/tags/nextcloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nextcloud</span></a>, <a href="https://mastodon.projetretro.io/tags/mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mastodon</span></a>, <a href="https://mastodon.projetretro.io/tags/forgejo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>forgejo</span></a>, <a href="https://mastodon.projetretro.io/tags/lemmy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lemmy</span></a>, <a href="https://mastodon.projetretro.io/tags/funkwhale" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>funkwhale</span></a>, <a href="https://mastodon.projetretro.io/tags/bookwyrm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bookwyrm</span></a> and a <a href="https://mastodon.projetretro.io/tags/minecraft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>minecraft</span></a> <a href="https://mastodon.projetretro.io/tags/mapviewer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mapviewer</span></a> with little hassle and no big issues</p><p>Following the use of <a href="https://mastodon.projetretro.io/tags/anubis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anubis</span></a>, all scrapper (AI and regular) logs dropped drastically and bandwitch usage was cut by two third on the mastodon instance and half for the others services</p><p>Do yourself and your users a favor try it : <a href="https://github.com/TecharoHQ/anubis" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/TecharoHQ/anubis</span><span class="invisible"></span></a></p>
IBBoard<p>I've created a stripped-down template for hgweb so that I can still link to the latest version of files, but not any others 🙂</p><p>For example: <a href="https://dev.ibboard.co.uk/repos/other/Puppet/file/tip/modules/website/files/greatfirewallagainstchina.conf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dev.ibboard.co.uk/repos/other/</span><span class="invisible">Puppet/file/tip/modules/website/files/greatfirewallagainstchina.conf</span></a></p><p><a href="https://hachyderm.io/tags/Mercurial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mercurial</span></a> <a href="https://hachyderm.io/tags/Apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache2</span></a> <a href="https://hachyderm.io/tags/SpamBots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpamBots</span></a> <a href="https://hachyderm.io/tags/ScraperBots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ScraperBots</span></a> <a href="https://hachyderm.io/tags/SysAdminProblems" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SysAdminProblems</span></a></p>
IBBoard<p>Posted a Superuser question about the weird behaviour of rewrite maps.</p><p><a href="https://superuser.com/questions/1910287/rewritemap-not-working-outside-virtualhost" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">superuser.com/questions/191028</span><span class="invisible">7/rewritemap-not-working-outside-virtualhost</span></a></p><p><a href="https://hachyderm.io/tags/Apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache2</span></a> <a href="https://hachyderm.io/tags/ModRewrite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ModRewrite</span></a></p>
IBBoard<p>Okay, this SEEMS to work. The database is just the start addresses for lots of /8, /16, /24 or /32 ranges (depending on the size of the requested block - e.g. a /22 range gets written as the start address for four /24s) taken from <a href="https://www.okean.com/antispam/iptables/rc.firewall.china" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">okean.com/antispam/iptables/rc</span><span class="invisible">.firewall.china</span></a> and mapped to "BLOCKED" and then built into a database file with `httxt2dbm`.</p><p>```<br># Extract IP parts<br>RewriteCond %{REMOTE_ADDR} ^((([0-9]+)\.[0-9]+)\.[0-9]+)\.[0-9]+$<br>RewriteRule . - [E=subnet8:%3.0.0.0,E=subnet16:%2.0.0,E=subnet24:%1.0,E=subnet32:%0]</p><p># Tarpit provided by a Mastodon user - <a href="https://mastodon.social/@pcarrier/112429748041537087" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@pcarrier/1124</span><span class="invisible">29748041537087</span></a><br># We don't have access to mod_cspnonce yet, so fudge a random-ish value<br>RewriteCond ${greatfirewall:%{ENV:subnet8}} =BANNED [OR]<br>RewriteCond ${greatfirewall:%{ENV:subnet16}} =BANNED [OR]<br>RewriteCond ${greatfirewall:%{ENV:subnet24}} =BANNED [OR]<br>RewriteCond ${greatfirewall:%{ENV:subnet32}} =BANNED<br>RewriteRule . <a href="https://srv.us/tarpit?nonce=" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">srv.us/tarpit?nonce=</span><span class="invisible"></span></a>%{REMOTE_PORT}%{TIME} [L,E=donotlog:1,R=301]<br>```</p><p>(`donotlog` is used later to avoid logging, because when they hit so hard and so often then I don't need that bloat in my server logs!)<br>Not yet worked out why it only seemed to work within &lt;VirtualHost&gt; blocks.</p><p><a href="https://hachyderm.io/tags/Apache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache</span></a> <a href="https://hachyderm.io/tags/Apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache2</span></a> <a href="https://hachyderm.io/tags/ModRewrite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ModRewrite</span></a> <a href="https://hachyderm.io/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spam</span></a> <a href="https://hachyderm.io/tags/AbusiveBots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbusiveBots</span></a></p>
IBBoard<p>Deleted the database and recreated it from scratch (rather than updating it) and "page 599 is on free list with type 13", "PANIC: Invalid argument" and "Error string not specified yet" have all gone away. So apparently they mean "I don't like the existing database but can't handle it cleanly" 😐</p><p><a href="https://hachyderm.io/tags/Apache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache</span></a> <a href="https://hachyderm.io/tags/Apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache2</span></a> <a href="https://hachyderm.io/tags/SysAdminProblems" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SysAdminProblems</span></a> <a href="https://hachyderm.io/tags/ErrorMessages" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ErrorMessages</span></a></p>
IBBoard<p>Debugging this and… it looks like the problem might be the backref to a previous RewriteCond?</p><p>I've got a similar "block these hosts" RewriteMap using `%{REMOTE_ADDR}` as the key and that works. But using `%1` as a key when the previous RewriteCond is "extract a subset of the octets" fails to look up correctly. Which I've confirmed with a noddy "extract from the query string" lookup.</p><p>But then again, it's not working with an env var either. I can do a capture with a RewriteCond, set an env var with a RewriteRule, then do a second RewriteRule using the env var and it works. But if I use `${testmap:%{ENV:testvar}}` then it doesn't find anything. Even though I've shown that the env var on its own contains the expected value.</p><p><a href="https://hachyderm.io/tags/Apache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache</span></a> <a href="https://hachyderm.io/tags/Apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache2</span></a> <a href="https://hachyderm.io/tags/HTTPD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPD</span></a></p>
IBBoard<p>Oh, FFS. Can't get this working. And can't get Apache to give me enough logging to understand why.</p><p>I've got a rewrite map in bdb, it contains IP blocks that are banned (generated from a Python script). I've got rewrite conds that match each of four, three, two or one octets and then try to look them up in the map. If there's a match then it gets tar-pitted. But I'm always getting failed lookups.</p><p>The annoying bit is that even trace4 isn't telling me what the input to the map lookup is. Only the result of the lookup when it is compared to the "was it blocked" value.</p><p>Maybe I need to drop the zero octets rather than filling them in? Hopefully it's not that RewriteCond captures can't be used as a key in the map lookup.</p><p><a href="https://hachyderm.io/tags/Apache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache</span></a> <a href="https://hachyderm.io/tags/HTTPD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPD</span></a> <a href="https://hachyderm.io/tags/Apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache2</span></a></p>
Menel :xmpp:
Updated Version of the apache http caching setup for snac, including proxy media

I already wrote about caching here
Now I extended what I cache a bit.
This was because after enabling Option to proxy media I've seen access to the file paths /x/ and /y/ in addition to the path were snac stores the media that I include in my own posts ( /s/ ).
There are two locations to proxy media, depending if you requests the media via the mastodonapi or via the web. (/x/ and /y/), oh and I added the nodeinfo2 path too, because I've noticed it was queried all the time by a lot of instances and it gives me pleasure to see something cached handed out in the access logs 🙂 (I guess it is actaully irrelevant for the system resources).
This is the updated setup:
Enable the relevant modules:

a2enmod expires cache cache_disk

Be sure "htcacheclean" is running to clean up old disk cache. (under debian see /etc/default/apache-htcacheclean or else the relevant systemd service or whatever)
Then add to the snac Virtualhost config:

<LocationMatch "^/social/[^/]+/[xys]/|^/social/nodeinfo_2_0">
CacheEnable disk
Header set Cache-Control "max-age=86400, public" "expr=%{REQUEST_STATUS} == 200"
ExpiresActive On
ExpiresDefault "access plus 86400 seconds"
</LocationMatch>
This will use the disk cache to cache everything under the /s/, /x/ and /y/ Path, as well as for /$username/nodeinfo20, utilizing the mod_expires to generate the appropriate cache headers (for lazy ones like me), In this case caching it for 1 day.
Further reading and all options explained under https://httpd.apache.org/docs/2.4/caching.html (and ff)

The Header that I set here, on the condition of Status code 200, is needed for the path /y/, because snac defaults to set no-cache on that location and the modexpires will honor that if we don't override it. I set it to the same Cache-Control value as modexpores woud. (mod_expires will additionally calculate the date and put that in the expiresheader. (hence the name I guess 😀 )

#Fediverse #Hosting #ITNotes #apache2 #httpd #Ownyourdata #Server #Snac #Snac2 #Tipsandtricks #Tutorial #Debian #caching
:xmpp:
snikket.deMenel (@menel@snikket.de)121 following, 80 followers · See updated version here: https://snikket.de/social/menel/p/1740228486.456200 Original: After seeing **Improving snac Performance with Nginx Proxy Cache** from @itnotes@snac.it-notes.dragas.net via --- https://snac.it-notes.dragas.net/itnotes/p/1738139676.258050 https://it-notes.dragas.net/2025/01/29/improving-snac-performance-with-nginx-proxy-cache/ --- I decided to prematurely optimize and adjust this for my apache2 httpd server in debian where I run snac. I've never done any
*
Menel :xmpp:
After seeing
Improving snac Performance with Nginx Proxy Cache from @itnotes@snac.it-notes.dragas.net via
https://snac.it-notes.dragas.net/itnotes/p/1738139676.258050
https://it-notes.dragas.net/2025/01/29/improving-snac-performance-with-nginx-proxy-cache/
I decided to prematurely optimize and adjust this for my apache2 httpd server in debian where I run snac.

I've never done any caching etc before so it was a nice adventure to learn something new. The documentation helped and in the end it wasn't very hard. I learned a bit about some http headers and regex on the way too.

Basically it works like this:
Enable the relevant modules:

´a2enmod expires cache cache_disk´

Be sure "htcacheclean" is running to clean up old disk cache. (under debian see /etc/default/apache-htcacheclean or else the relevant systemd service)
Then add to the snac virtualhost config:
    CacheRoot /var/cache/apache2/mod_cache_disk
    CacheQuickHandler off
    CacheLock on
    #Optional while testing stuff;
    CacheDetailHeader on
    
    #My Instance ist not at the root, but under "/social"; so this needs to be adapted:
    <LocationMatch "^/social/[^/]+/s">
    CacheEnable disk
    ExpiresActive On
    ExpiresDefault "access plus 30 days"
    </LocationMatch>
This will use the disk cache to cache everything under the /s/ Path, same as the original ngnix tutorial, Utilizing the mod_expires to generate the appropriate cache headers (for lazy ones like me), In this case caching it for 30 days.
Further reading and all options explained under https://httpd.apache.org/docs/2.4/caching.html ff

Thanks for the initial tutorial @itnotes@snac.it-notes.dragas.net

Edit:
Oh and don't hesitate to tell me what I did stupid while setting this up, maybe in nicer words, if it is. And also I can't get the markdown Code formatting working apparently. well. Sorry for all the edits.

#Fediverse #Hosting #ITNotes #Networking #apache2 #httpd #Ownyourdata #Server #Snac #Snac2 #Social #Tipsandtricks #Tutorial #Web #Debian
snac.it-notes.dragas.netIT Notes (@itnotes@snac.it-notes.dragas.net)2 following, 85 followers · **Improving snac Performance with Nginx Proxy Cache** https://it-notes.dragas.net/2025/01/29/improving-snac-performance-with-nginx-proxy-cache/ #Data #Fediverse #Freebsd #Hosting #ITNotes #Networking #Nginx #NoteHUB #Ownyourdata #Server #Snac #Snac2 #Social #Tipsandtricks #Tutorial #Web
*
bazkie 👩🏼‍💻 bitplanes 🎵

*EDIT thanks for all the (similar) answers! 😁 I had always thought a web server only would serve files owned by the web user, regardless of those file mode settings! I was mistaken! :)

Apache2 (on Debian) question

Uhh, I put a file owned by root in my web server dir, and now I can download it from my browser.. is that supposed to be possible or do I have to change some settiing? 😅

I thought only files from the www user should be viewable/downloadable?

#Apache2#Linux
Jools

Ich habe den Artikel "Friendica auf dem Raspberry Pi installieren" noch mal überarbeitet bzw. erweitert.

Hinzugekommen sind die Installation von #Apache2, #MariaDB und die benötigten PHP-Module, sowie die Konfiguration des Virtuellen Hosts für Friendica.

So ist nun eine komplette Installationsanleitung daraus entstanden. 🙈

Hier geht es zur Anleitung:
👉 Friendica auf dem Raspberry Pi installieren - Blog:Zwo.me

#friendica, #FriendicaInstallation, #apache2, #mariadb, #php, #virtualhost, #raspberrypi

Blog:Zwo.me · Friendica auf dem Raspberry Pi installieren - Blog:Zwo.me
More from Blog:Zwo.me
VictoriaMetrics

We've tried to provide good reasons for why changing a software license from truly #opensource to some source-available license makes little sense from a business perspective (in our opinion & experience).

We won't be changing the #Apache2 license for our products. Our main goal is to provide users with good products & help them use these efficiently.

Read more in our latest blog post: ➡️victoriametrics.com/blog/open-

TrendingLive feeds
About