Fix Apache mod_jk or mod_proxy serving stale content
Posted: December 1, 2011 Filed under: Deployment, http, Unix | Tags: apache, cache, modjk, mod_jk, mod_proxy, proxy, stale, wrong page Leave a comment »If your web app starts serving stale cached content when run behind mod_jk or mod_proxy with apache, it may be due to apache inserting a default expiration header.
You can confirm this by comparing the headers returned from apache and directly from your web app. curl -i will show response headers:
curl -i http://example.com | head -20
To disable apache’s content expirations, add the following to your virtual host:
ExpiresActive Off
Here is the official Apache Documentation.
MIME type issue with Apache mod_jk and mod_proxy serving plain text
Posted: November 30, 2011 Filed under: Deployment, http, Unix | Tags: apache, mime, mimetype, modjk, mod_jk, mod_proxy, plain, proxy, text, tomcat 1 Comment »Some apps do not properly set mime types of content they serve, but still may work properly when served standalone because client applications like browsers are able to interpret the type of the content. But when served behind Apache, these apps will not behave correctly because Apache will provide a default type of text/plain.
The solution is to add a DefaultType None line to your apache virtual host for these web apps:
DefaultType None
Here are the docs
Snow Leopard Apache Web Server SSL Pass phrase Error
Posted: November 29, 2011 Filed under: http, Mac OS X, Mac OS X Server, Unix | Tags: apache, key, Pass phrase incorrect, Snow Leopard, ssl Leave a comment »If you are getting errors “Pass phrase incorrect” in your apache logs on Snow Leopard server, it is because the key is protected by a password. I found the answer here.
The password for the key is stored in the System Keychain. It is a password entry called “Mac OS X Server certificate management”. You can open the entry and select “Show Password”. You may also use the security command line tool to dump the password.
security find-generic-password -l "Mac OS X Server certificate management" -g
or
security dump-keychain -d # look in data for password which will look like a GUID
Once you have the password, you can create a copy of the key without the password using openssl:
openssl rsa -in /etc/certificates/server.domain.com.uniqueid.key.pem \ -out /etc/certificates/server.domain.com.uniqueid.passwordlesskey.pem
You can then replace the password protected key with the passwordless key or point apache to the passwordless key in your /etc/apache2/sites/sitename.conf file.
