Use msmtp to send email from the Docker PHP Apache server through the Docker mail server

I would like to set up a send-only mail server with Docker (tvial / docker-mailserver). I currently have a Docker container for my website (PHP: 7.2-Apache) in which I have installed msmtp to send emails from my PHP container. The problem is that I just can't find an msmtp configuration for my PHP container to properly connect to my mail container. I have some certificate problems that I cannot solve on my own.

My msmtp configuration:

defaults
port 587
tls on
tls_trust_file /path/to/letsencrypt/signed.crt

account tobicontinued
host mail
from info@tobicontinued.com
auth on
user info
password 

account default : tobicontinued
logfile /var/log/msmtp.log

Both https://mxtoolbox.com/SuperTool.aspx and https://www.checktls.com/TestReceiver indicate that there are no problems with my mail server (in particular, everything is fine with my certificates).

When I run openssl s_client -connect mail.tobicontinued.com:25 -starttls smtp I get from my server (not the containers) CONNECTED(00000005) ... Verification: OK

If I docker exec in my php container and execute it openssl s_client -connect mail.tobicontinued.com:25 -starttls smtp, I get CONNECTED(00000003)
Can't use SSL_get_servername ... Verification error: unable to get local issuer certificate
, The same applies if I try to connect via the Docker network ... mail:25 ..., Where mail is the name of the mail container

My two questions: 1. Does anyone see a solution to my situation? 2. Do I really need TLS to connect two containers?

Is it possible to get secure cookies after Apache has rewritten from http to https?

This problem occurred while updating our applications to deal with the change of samesite = none cookies:

In our vhost for an older application we have this rule that translates http requests to https:

RewriteRule (.*) https://oursite.com$1 (NE,L,R=301)

If this rule is used and requirements are rewritten, we will unfortunately lose all cookies from samesite = none, because "secure = true" is also required for the new "samesite = none".

As far as I know, the server does not receive these cookies when it receives the first http request, and this request is then forwarded to the https version, but there are no cookies that can be forwarded with the request

This is our Apache and Centos info:

Server version: Apache/2.4.6 (CentOS)
centos-release-7-6.1810.2.el7.centos.x86_64

My question

Is there a way to redirect from http to https that can send secure = real cookies in the https request?

tl; dr stuff

  • We have updated all local URLs in this app to point to https. This will avoid much of the problem.
  • The main concern would be links from sources that we do not control. Since it is an application that is almost 20 years old and is connected to many other systems, there must be links somewhere that still point to http and are redirected by this rule.

cdn – I am getting the error message There is no traffic operations hostname in the configuration of Apache Traffic_Rrouter

After starting the Traffic_Router service the following error is displayed

ERROR 2020-02-15T17: 53: 11.922 [Pool-2-Thread-1] com.comcast.cdn.traffic_control.traffic_router.core.secure.CertificatesClient – No host name for Traffic Ops yet!

My configuration_monitor.properties file:

Traffic_monitor.bootstrap.hosts = 192.168.0.160: 443
Traffic_monitor.bootstrap.local = false
Traffic_monitor.properties = File: /opt/traffic_router/conf/traffic_monitor.properties
Traffic_monitor.properties.reload.period = 60000

Thank you in advance …

Apache virtual host forwarding from HTTPS without WWW to HTTPS www does not work

I have a problem with Apache. I want to redirect:
http://www.example.com to https://www.example.com – ok
http://example.com to https://www.example.com – ok
https://example.com to https://www.example.com – not redirected

This is the setting of my vhost.conf in Apache:




    ServerAdmin user@example.com
    ServerName example.com
    ServerAlias www.example.com
    Redirect permanent / https://www.example.com/
    DocumentRoot /home/example/public_html
    ErrorLog /home/example/logs/error.log
    CustomLog /home/example/logs/access.log combined



    ServerAdmin user@example.com
    ServerName example.com
    ServerAlias www.example.com
    RewriteEngine On
    RewriteCond %{HTTPS} off (OR)
    RewriteCond %{HTTP_HOST} !^www.example.com$ (NC)
    RewriteRule ^(.*)$ https://www.example.com/$1 (L,R=301)
    DocumentRoot /home/example/public_html
    ErrorLog /home/example/logs/error.log
    CustomLog /home/example/logs/access.log combined

Can someone help me with this problem?

apache 2.4 – Provide static content, but with a 503 response code

We are currently providing a reverse proxy to our application cluster, and each upstream block has a fallback host that only provides a static maintenance page. So if all backends fail, this page will be returned with one 200 OKThis is not the ideal return code for several reasons.

If my life were easy, I would just stop ErrorDocument 503 /index.html and go on with my life, but the problem is that we operate this page in both English and French and therefore have 2 different error pages. The mod_rewrite configuration is:

  RewriteCond %{REQUEST_URI} /EN (NC)
  RewriteRule ^/en$ /index-en.html (NC,L)

  RewriteCond %{REQUEST_URI} /FR (NC)
  RewriteRule ^/fr$ /index-fr.html (NC,L)

  RewriteCond %{HTTP:Accept-Language} ^fr (NC)
  RewriteRule .* /index-fr.html (NC,L)

  RewriteCond %{HTTP:Accept-Language} ^en (NC)
  RewriteRule .* /index-en.html (NC,L)

  RewriteRule (.*) /index-en.html (L)

My next shot had to be added R=503 to the RewriteRules, but this causes Apache to return the standard 503 error document and not our custom content.

Another complication is the fact that the "static" content of these pages is actually regularly regenerated and cached by our CMS so that it stays up to date so that I can't just put a fast and dirty PHP script up front neither.

Is there a way to do this only through Apache configuration?

apache 2.4 – Returns 404 if the key is in the query string

A WordPress website was recently hacked and URLs in the format http://www.example.com/?ck=some-pharma-related-string were sent to Google

It appears to be a little different from the "Pharma Hacks", which are reported extensively to use real paths rather than just a query string in the base URL. Now that Google has indexed the website, it still believes these URLs are valid since WordPress ignores the query string and only calls the homepage as if the query string was not there. So Google will continue to believe that these URLs are valid. What I want to do is force Apache to return a 404 response when the "? Ck =" appears in the URL for Google to remove from its listing. I'm sure I could make some changes to WordPress files, but I'm trying to avoid hacking into WordPress code to accomplish this.

Some other things I've done in the meantime are:

  • requested temporary removal of all URLs starting at http://www.example.com/?ck=, but this is only a temporary solution
  • A new sitemap sent to Google

apache2 – Apache Definitions – Server vs Worker vs Thread vs Child

Fact – I just don't understand the Apache documentation for most of these variables and Googling doesn't help me because most people just copy and paste what is in the documentation.
I also see some people talking about MinSpareServers / MaxSpareServers related to MPM event if they are not relevant to event, so I think that not many people really understand this.

Apache optimization variables mention some key words / concepts such as:

  • Server (e.g. StartServer, MinSpareServer, MaxSpareServer)
  • Worker (e.g. MaxRequestWorkers)
  • Thread (e.g. ThreadsPerChild, ThreadLimit)
  • Child (e.g. ThreadsPerChild, MaxConnectionsPerChild)

What is the difference between all of the above concepts?

If I want to allow 500 concurrent requests for MPM events, I probably only need to set MaxRequestWorkers and ServerLimit to 500, but then I don't know what the effects of ThreadsPerChild and MaxConnectionsPerChild will be.

Why does the documentation also state that ThreadLimit, which is higher than ThreadsPerChild, uses more memory than is required if only ThreadsPerChild threads are created and no longer created? It just doesn't make sense to me.

apache http server – API endpoint has ERR_EMPTY_RESPONSE in Chrome, but works in Firefox

I have a development environment that runs locally:

  • Apache
  • PHP
  • Self-signed wildcard SSL certificate

If I go directly to one of my API endpoints in Chrome, I get an "ERR_EMPTY_RESPONSE" error. This also adds this error to the Apache log (/ usr / local / var / log / httpd / error_log):

(Sun Feb 09 20:32:36.097439 2020) (core:notice) (pid 4448) AH00052: child pid 19259 exit signal Segmentation fault (11)

Some API endpoints never work. Some API endpoints get the answer after a hard update.

If I go to exactly the same API endpoints in Firefox or Safari, it is successful every time and nothing is added to the Apache protocol.

Why is this happening? Or how can I get more information about this seg error? Any help is appreciated.

apache2 – Can Apache proxying to the cloud be reversed without losing the CDN benefits?

context

I have a Cloudfront instance https://abc.cloudfront.net, Its origin is an S3 bucket that provides a static website.

The URL www.cooldomain.com points to an Apache server that I control and I can create SSL certificates for this domain. However, I have no control over the DNS server that indicates this www.cooldomain.com to my Apache server.

My questions

  1. Is it possible to reverse the proxy of my Apache server so that the static assets uploaded to S3 are shown to the user by? https://www.cooldomain.com? †

  2. If the answer to (1) is yes, will I lose the CDN benefits (since I assume that the static files provided by Cloudfront must be forwarded to the end user through my Apache server)?

† Note: I tried the following code

...
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off


    ProxyPass https://abc.cloudfront.net/
    ProxyPassReverse https://abc.cloudfront.net/
    RequestHeader set "Host" "abc.cloudfront.net"
    RequestHeader unset Cookie

my apache server on cloudfront reverse proxy but this gives me the error The proxy server received an invalid response from an upstream server. I'm assuming Cloudfront requires adding a CNAME to my server, but as mentioned earlier, I can't create an SSL certificate on AWS because I can't control the DNS server for that cooldomain.com Domain.

Apache 2.2 – Wired error DNS_PROBE_FINiSHED_NXDOMAIN after SSL installation

I had the problem that I showed up after installing ssl. Someone told me that it is a DNS problem. I checked the name server and it is correct and exists in the domain ad. This error is not shown 100% every time the website is opened. Before SSL and HTTPS, I ran Laravel 6 on AWS Light Sail Ubuntu 18 with Apache 2