How to reveal Real IP Cloudflare using Ubuntu 18.04

Mod_cloudflare has a few software dependencies that need to be installed first:

# yum install libtool httpd-devel

Next, you should download the mod_cloudflare source to your server:

# wget https://raw.githubusercontent.com/cloudflare/mod_cloudflare/master/mod_cloudflare.c

Finally, install the module. Depending on your system, the command to run might be apxs or apxs2. So, run one of the below two commands. If you get a ‘Command not found’ when running one, try the other:

# apxs -a -i -c mod_cloudflare.c
# apxs2 -a -i -c mod_cloudflare.c

Source : https://www.cloudflare.com/technical-resources/#mod_cloudflare

NextCloud : How to fix Strict Transport Security (HSTS) and Memory Cache

Hello,

Do you use NextCloud and see bellow notification?

No memory cache has been configured and The “Strict Transport Security” HTTP header is not configured warning messages.


Here is how to fix HSTS issue

1. Open you domain configuration on Apache add this following line after ServerName

Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

2. Enable module header

a2enmod headers

3. Restart the apache

sudo service apache2 restart


Here is how to fix Memory Cache

1. Install php-apcu

apt-get install php-apcu php-apcu-bc

2. Navigate and edit NextCloud config, add this following config

'memcache.local' => '\OC\Memcache\APCu',

3. Save and restart apache

sudo service apache2 restart

All notification should be gone now. Have fun..
Thank you.

Common Apache Tuning

Here are some tips how to optimized your apache setting.

Some typical setting for apache in some different server specification:

Apache Directive 1/4GiB 1GiB 2GiB 4GiB
StartServers 2 8 16 32
MinSpareServers 1 4 8 16
MaxSpareServers 2 8 16 32
ServerLimit 8 64 128 256
MaxClients 8 64 128 256
MaxRequestsPerChild 0 0 0 0
ListenBacklog 1000 1000 1000 100

Disabling mod_passenger

If you are not using Phusion Passenger (for Ruby on Rails apps), you can safely comment out the lines to load the dso under
/opt/local/etc/httpd/includes/dso.conf:

#LoadModule passenger_module lib/httpd/mod_passenger.so

/opt/local/etc/httpd/httpd.conf that loads the module:

#Include etc/httpd/includes/passenger.conf

Choose appropriate MPM:

Apache server ships with a selection of Multi-Processing Modules (MPMs) which are responsible for binding to network ports on the machine, accepting requests, and dispatching children to handle the requests [3]. Only one MPM can be loaded into the server at any time.

Choosing an MPM depends on various factors such as whether the OS supports threads, how much memory is available, scalability versus stability, whether non-thread-safe third-party modules are used, etc.. Linux systems can choose to use a threaded MPM like worker or a non-threaded MPM like prefork:

Worker MPM uses multiple child processes. It’s multi-threaded within each child and each thread handles a single connection. Worker is fast and highly scalable and the memory footprint is comparatively low. It’s well suited for multiple processors. On the other hand, worker is less tolerant to faulty modules and faulty threads can affect all the threads in a child process.

Prefork MPM uses multiple child processes, each child handles one connection at a time. Prefork is well suited for single or double CPU systems, speed is comparable to that of worker and it’s highly tolerant to faulty modules and crashing children. But the memory usage is high, more traffic leads to more memory usage.

MaxClients:

The MaxClients sets the limit on maximum simultaneous requests that can be supported by the server. No more than this much number of child processes are spawned. It shouldn’t be set too low such that new connections are put in queue, which eventually time-out and the server resources are left unused. Setting this too high will cause the server to start swapping and the response time will degrade drastically. Appropriate value for MaxClients can be calculated as: MaxClients = Total RAM dedicated to the web server / Max child process size —- [4] Child process size for serving static file is about 2-3M. For dynamic content such as PHP, it may be around 15M.

"ps -ylC httpd --sort:rss"

MinSpareServers, MaxSpareServers, and StartServers:

MaxSpareServers and MinSpareServers determine how many child processes to keep while waiting for requests. If the MinSpareServers is too low and a bunch of requests come in, then Apache will have to spawn additional child processes to serve the requests. Creating child processes is relatively expensive. If the server is busy creating child processes, it won’t be able to serve the client requests immediately. MaxSpareServers shouldn’t be set too high, it can cause resource problems since the child processes consume resources.

Tune MinSpareServers and MaxSpareServers such that Apache need not frequently spwan more than 4 child processes per second (Apache can spwan a maximum of 32 child processes per second). When more than 4 children are spawned per second, a message will be logged in the ErrorLog.

The StartServers directive sets the number of child server processes created on startup. Apache will continue creating child process until the MinSpareServers setting is reached. Doesn’t have much effect on performance if the server isn’t restarted frequently. If there are lot of requests and Apache is restarted frequently, set this to a relatively high value.

MaxRequestsPerChild:

The MaxRequestsPerChild directive sets the limit on the number of requests that an individual child server process will handle. After MaxRequestsPerChild requests, the child process will die. It’s set to 0 by default, that means the child process will never expire. It is appropriate to set this to a value of few thousands. This can help prevent memory leakage since the process dies after serving a certain number of requests. Do not set this too low, since creating new processes does have overhead.

KeepAlive and KeepAliveTimeout:

The KeepAlive directive allows multiple requests to be sent over the same TCP connection. This is particularly useful while serving HTML pages with lot of images. If KeepAlive is set to Off, then for each images, a separate TCP connection has to be made. Overhead due to establishing TCP connection can be eliminated by turning On KeepAlive.

KeepAliveTimeout determines how long to wait for the next request. Set this to a low value, perhaps between two to five seconds. If it is set too high, child processed are tied up waiting for the client when they could be used for serving new clients.

References :

http://wiki.joyent.com/
http://www.howtoforge.com/configuring_apache_for_maximum_performance