Chty blog

To content | To menu | To search

Tag - Apache2

Entries feed - Comments feed

Thursday, March 20 2008

Generating certificates with openssl

By Chty on Thursday, March 20 2008, 21:55

I'm sometimes using openssl to generate certificates, mostly for apache but not enough to remember the complete shell command each time. So I paste it here, as a reminder.

openssl req -new > server.cert.csr
openssl rsa -in privkey.pem -out server.cert.key
openssl x509 -in server.cert.csr -out server.cert.crt -req -signkey server.cert.key -days 365

Theses commands generate .pem, .crt, .csr and .key files. Note that apache only require .crt and .key files for SSLCertificateFile, SSLCertificateKeyFile directives.

no comment no trackback

Monday, October 29 2007

Apache2 + mod_fastcgi + suexec on debian etch

By Chty on Monday, October 29 2007, 14:49

I know it's difficult to find good documentation to configure apache2 with mod_fastcgi and suexec to make php websites works. This configuration works well with Debian Etch (4.0).
Here an example of configuration.

Continue reading...

Monday, October 8 2007

Apache2 - mod_fcgid vs mod_fastcgi

By Chty on Monday, October 8 2007, 01:22 - Software

Some time ago, I used mod_fcgid on my server. Everything went fine, except when dotclear2 became needed. After some test, I concluded that it wont work with mod_fcgid given because of certain rewrite rules. This seems to be a known issue, and the only solution at the time of writing it to use mod_fastcgi in its stead. Difference between mod_fastcgi and mod_fcgid is mostly at license level. Although mod_fastcgi is somewhat non-free, and after some troubles with the configuration, I decided to give it a try ;-)[1]

After configuring two vhosts, one with mod_fcgid and one with mod_fastcgi, I benchmarked a simple "Hello world" program on Apache2. Results are speaking by themselves:

Server Software:        Apache/2.2.3
Server Hostname:        xxx
Server Port:            80

Document Path:          /
Document Length:        11 bytes

Concurrency Level:      5
Time taken for tests:   48.867314 seconds
Complete requests:      10000
Failed requests:        13
  (Connect: 0, Length: 13, Exceptions: 0)
Write errors:           0
Non-2xx responses:      13
Total transferred:      2959503 bytes
HTML transferred:       119256 bytes
Requests per second:    204.64 [#/sec] (mean)
Time per request:       24.434 [ms] (mean)
Time per request:       4.887 [ms] (mean, across all concurrent requests)
Transfer rate:          59.14 [Kbytes/sec] received

Connection Times (ms)
             min  mean[+/-sd] median   max
Connect:        0    0   0.0      0       0
Processing:     1   23 360.7      1   12064
Waiting:        1   23 360.7      1   12064
Total:          1   23 360.7      1   12064

Percentage of the requests served within a certain time (ms)
 50%      1
 66%      1
 75%      1
 80%      1
 90%      1
 95%      1
 98%     17
 99%     21
 100%  12064 (longest request)

Server Software:        Apache/2.2.3
Server Hostname:        xxx
Server Port:            80

Document Path:          /
Document Length:        11 bytes

Concurrency Level:      5
Time taken for tests:   18.150717 seconds
Complete requests:      10000
Failed requests:        0
Write errors:           0
Total transferred:      2950000 bytes
HTML transferred:       110000 bytes
Requests per second:    550.94 [#/sec] (mean)
Time per request:       9.075 [ms] (mean)
Time per request:       1.815 [ms] (mean, across all concurrent requests)
Transfer rate:          158.67 [Kbytes/sec] received

Connection Times (ms)
             min  mean[+/-sd] median   max
Connect:        0    0   0.0      0       0
Processing:     1    8 194.4      2   11504
Waiting:        1    8 194.4      2   11504
Total:          1    8 194.4      2   11504

Percentage of the requests served within a certain time (ms)
 50%      2
 66%      3
 75%      3
 80%      3
 90%      4
 95%     12
 98%     17
 99%     20
 100%  11504 (longest request)

I do not know if I'm doing wrong with mod_fcgid, but the fact is that mod_fastcgi operates at 250 request/second faster. No need to say, dotclear2 is coming soon on this blog :-)

[1] thank's Pep :-)