bchzurmo

Enable different Apache modules

LDAP

Bitnami stacks already ship the LDAP module installed in Apache but it is not enabled by default. To enable this module, follow these steps:

  • Enable the LDAP module. Edit the main Apache configuration file located at /opt/bitnami/apache2/conf/httpd.conf. Uncomment the mod_authnz_ldap line and add the mod_ldap line at the end of the LoadModule section:

    ...
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    ...
    LoadModule ldap_module modules/mod_ldap.so
    
  • Restart Apache server and check it is already enabled:

    $ sudo /opt/bitnami/ctlscript.sh restart apache
    $ /opt/bitnami/apache2/bin/apachectl -M | grep ldap
    ...
    authnz_ldap_module (shared)
    ldap_module (shared)
    ...
    

mod_evasive

Follow these steps:

  • Download the latest version:

    $ wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
    
  • Extract the content:

    $ tar zxvf mod_evasive_1.10.1.tar.gz
    
  • Build, configure and install the module:

    $ cd mod_evasive
    $ cp mod_evasive{20,24}.c
    $ sed s/remote_ip/client_ip/g -i mod_evasive24.c
    $ sudo apxs -i -a -c mod_evasive24.c
    
  • Update the Apache module configuration:

    $ sudo sed 's@Include "/opt/bitnami/apache2/conf/bitnami/bitnami.conf"@Include "/opt/bitnami/apache2/conf/bitnami/bitnami.conf"\nInclude "/opt/bitnami/apache2/conf/modevasion.conf"@' -i /opt/bitnami/apache2/conf/httpd.conf
    $ sudo tee /opt/bitnami/apache2/conf/modevasion.conf <<EOF
    #increases size of hash table. Good, but uses more RAM."
    DOSHashTableSize    3097"
    #Interval, in seconds, of the page interval."
    DOSPageInterval     1"
    #Interval, in seconds, of the site interval."
    DOSSiteInterval     1"
    #period, in seconds, a client is blocked.  The counter is reset to 0 with every access within this interval."
    DOSBlockingPeriod   10"
    #threshold of requests per page, per page interval.  If hit == block."
    DOSPageCount        2"
    #threshold of requests for any object by the same ip, on the same listener, per site interval."
    DOSSiteCount        50"
    #locking mechanism prevents repeated calls.  email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s")"
    DOSEmailNotify      mbrown@domainy.com"
    #locking mechanism prevents repeated calls.  A command can be executed when a host is blocked.  %s is the host IP."
    #DOSSystemCommand    \"su - someuser -c \'/sbin/... %s ...\'\""
    #DOSLogDir           \"/var/lock/mod_evasive\""
    #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.*"
    #DOSWhiteList 127.0.0.1"
    EOF
    
    • Restart Apache:

      $ sudo /opt/bitnami/ctlscript.sh restart apache

mod_proxy_html

Follow these steps:

  • Download the latest version:

    $ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2
    
  • Extract the content and install the module:

    $ tar -jxf mod_proxy_html.tar.bz2
    $ cd mod_proxy_html/
    $ sudo apxs -c -I /opt/bitnami/common/include/libxml2 -I. -i mod_proxy_html.c
    $ sudo chmod 755 /opt/bitnami/apache2/modules/mod_proxy_html.so
    $ sudo apxs -c -I /opt/bitnami/common/include/libxml2 -I. -i mod_xml2enc.
    $ sudo chmod 755 /opt/bitnami/apache2/modules/mod_xml2enc.so
    
  • Enable the module by including the lines below in the /opt/bitnami/apache2/conf/httpd.conf configuration file:

    LoadFile /opt/bitnami/common/lib/libxml2.so
    LoadModule proxy_html_module modules/mod_proxy_html.so
    LoadModule xml2enc_module modules/mod_xml2enc.so
    

mod_rpaf

Follow these steps:

  • Download the latest version:

    $ wget https://github.com/gnif/mod_rpaf/archive/stable.zip
    
  • Extract the contents and install the module:

    $ unzip stable.zip
    $ cd mod_rpaf-stable
    $ sudo make
    $ sudo make install
    
  • Check that the mod_rpaf.so file exists in the /opt/bitnami/apache2/modules directory:

    $ ll /opt/bitnami/apache2/modules/mod_rpaf.so
    
  • Load and configure the module. A configuration example follows; this can be added to the Apache configuration file at /opt/bitnami/apache2/conf/httpd.conf.

    LoadModule              rpaf_module modules/mod_rpaf.so
    RPAF_Enable             On
    RPAF_ProxyIPs           127.0.0.1 10.0.0.0/24
    RPAF_SetHostName        On
    RPAF_SetHTTPS           On
    RPAF_SetPort            On
    RPAF_ForbidIfNotProxy   Off
    
  • Restart Apache to reload the new configuration:

    $ sudo /opt/bitnami/ctlscript.sh restart apache
    

mod_security

Bitnami stacks already ship the mod_security2 module installed in Apache but it is not enabled by default. To enable this module, follow these steps:

  • Enable the mod_security2 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module and add the mod_security line at the end of the LoadModule section:

    ...
    LoadModule unique_id_module modules/mod_unique_id.so
    ...
    LoadModule security2_module modules/mod_security2.so
    
  • Add the default configuration file for mod_security at the end of the Apache configuration file:

    Include "/opt/bitnami/apache2/conf/modsecurity.conf"
    
  • Restart Apache server and check it is already enabled:

    $ sudo /opt/bitnami/ctlscript.sh restart apache
    $ tail /opt/bitnami/apache2/logs/error_log
    
    ...
     [Thu Jan 30 18:42:14.004246 2014] [:notice] [pid 1127] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
    ...
    

mod_xsendfile

Bitnami LAMP/MAMP/WAMP stacks b5.4.13-2 and later include the mod_xsendfile module. To enable this module, add the following line in the Apache configuration file:

LoadModule xsendfile_module modules/mod_xsendfile.so

If you are using an older version, it is easy to install this module into your existing Apache server. Follow these steps:

  • Download the latest version:

    $ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gz
    
  • Extract the content and install the module:

    $ tar -xzvf mod_xsendfile-0.12.tar.gz
    $ cd mod_xsendfile-0.12
    $ sudo /opt/bitnami/apache2/bin/apxs -aci mod_xsendfile.c
    

If everything goes well, the module will be installed to /opt/bitnami/apache2/modules/mod_xsendfile.so. Check the mod_xsenfile configuration page to find out how to configure this module for your application.

mod_http2

Bitnami stacks ship with the mod_http2 module installed, but it is not enabled by default. To enable this module, follow these steps:

  • Edit the main Apache configuration file at /opt/bitnami/apache2/conf/httpd.conf and uncomment the line below so that it looks like this:

    ...
    LoadModule http2_module modules/mod_http2.so
    
  • Restart Apache and confirm that the module is active:

    $ sudo /opt/bitnami/ctlscript.sh restart apache
    $ sudo apachectl -M | grep http2