Month: September 2018

Docker_Networking

Docker_Networking

Available network drivers in Docker

 

 

Bridge networks


Create feenixdv-net network, driver type bridge.

[root@docker ~]# docker network create –driver bridge feenixdv-net
324611157eac5e68650976067639870decdcc9cd023200e268a11d6d5d85bc31

List all present driver.

[root@docker ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
45f7806105bf        bridge              bridge              local
324611157eac        feenixdv-net        bridge              local
0566f1cc5748        host                host                local
7f8891df9e47        mynet123            bridge              local
abcbc188a54b        none                null                local

Inspect the feenixdv-net network. This shows you its IP address and the fact that no containers are connected to it:
[root@docker ~]# docker network inspect feenixdv-net
[
    {
        "Name": "feenixdv-net",
        "Id": "324611157eac5e68650976067639870decdcc9cd023200e268a11d6d5d85bc31",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1/16"
                }
            ]
        },
        "Internal": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]


Notice that this network’s gateway is 172.18.0.1, as opposed to the default bridge network, whose gateway is 172.17.0.1. The exact IP address may be different on your system.
Create your four containers.

[root@docker ~]# docker run -it –name feenixdv_net –network feenixdv-net -d -p 85:80 -v /var/www/html/:/usr/local/apache2/htdocs/ docker.io/httpd
93ba3ef62e21f73b1f64e6c1b2dd7c25c893718d89d3351bafe56879705ac46a

List container process.


[root@docker ~]# docker ps -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS                    PORTS                                    NAMES
93ba3ef62e21        docker.io/httpd                        "httpd-foreground"       6 seconds ago       Up 5 seconds              0.0.0.0:85->80/tcp                       feenixdv_net

Check bridge configuration.

[root@docker ~]# docker network inspect bridge feenixdv-net
.
.
  "Internal": false,
        "Containers": {
            "93ba3ef62e21f73b1f64e6c1b2dd7c25c893718d89d3351bafe56879705ac46a": {
                "Name": "feenixdv_net",
                "EndpointID": "4e318b75284f71db3ccd6122ca3f446dfe97002265d49549b81f22207fd5ca1a",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
.
.


Here we can see container "feenixdv_net" IP assign to "IPv4Address": "172.18.0.2/16",
Cross check after connecting.

[root@docker ~]# docker exec -it 93ba3ef62e21 bash
root@93ba3ef62e21:/usr/local/apache2# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
8: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe12:2/64 scope link
       valid_lft forever preferred_lft forever

Same configuration in the container.
On user-defined networks likefeenixdv-net, containers can not only communicate by IP address, but can also resolve a container name to an IP address. This capability is called automatic service discovery.

Host network


This series of tutorials deal with networking standalone containers which bind directly to the Docker host’s network, with no network isolation.

Start new container with host network.

[root@docker ~]# docker run -it –name feenixdv_Host_Net –network host -d -v /tmp/:/usr/local/apache2/htdocs/ docker.io/httpd
d0ce7cbc5c932c3659dbe42893b1430af6565e665424097ed4e076c188b6bb0e
[root@docker Packages]# docker ps -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS                    PORTS                    NAMES
d4a7b55745db        docker.io/httpd                        "httpd-foreground"       2 minutes ago       Up 2 minutes                                       feenixdv_Host_Net

This container directly accessable from host ip.
For testing we can access page on browser and with "netstat" command.

[root@docker Packages]# docker stop d4a7b55745db
d4a7b55745db
[root@docker Packages]# netstat -tulpn | grep :80
[root@docker Packages]# docker start d4a7b55745db
d4a7b55745db
[root@docker Packages]# netstat -tulpn | grep :80
tcp6       0      0 :::80                   :::*                    LISTEN      8223/httpd

 

Macvlan network


This series of tutorials deal with networking standalone containers which connect to macvlan networks. In this type of network, the Docker host accepts requests for multiple MAC addresses at its IP address, and routes those requests to the appropriate container. For other networking topics

Prerequisites

    Most cloud providers block macvlan networking. You may need physical access to your networking equipment.

    The macvlan networking driver only works on Linux hosts, and is not supported on Docker for Mac, Docker for Windows, or Docker EE for Windows Server.

    You need at least version 3.9 of the Linux kernel, and version 4.0 or higher is recommended.

    The examples assume your ethernet interface is eth0. If your device has a different name, use that instead.

Bridge example

In the simple bridge example, your traffic flows through eth0 and Docker routes traffic to your container using its MAC address. To network devices on your network, your container appears to be physically attached to the network.

[root@docker Packages]#  docker network create -d macvlan –subnet=172.16.86.0/24 –gateway=172.16.86.1 -o parent=enp0s3 feenixdv-macvlan-net
aabd48f9e1b1c12c3825030a70dfffbc848342ac936befa44e54e1c91fe61046
[root@docker Packages]# docker network ls
NETWORK ID          NAME                   DRIVER              SCOPE
45f7806105bf        bridge                 bridge              local
aabd48f9e1b1        feenixdv-macvlan-net   macvlan             local
324611157eac        feenixdv-net           bridge              local
0566f1cc5748        host                   host                local
7f8891df9e47        mynet123               bridge              local
abcbc188a54b        none                   null                local

Now start container with macvlan.

[root@docker Packages]# docker run -it -d -p 8881 –network feenixdv-macvlan-net –name feenixdv_macvlan docker.io/httpd
da3077767df5fd3414f091aefc09ef2a191572993e764c57c69da6b2ef3bed14
[root@docker Packages]# docker ps -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS                    PORTS                    NAMES
da3077767df5        docker.io/httpd                        "httpd-foreground"       2 minutes ago       Up 2 minutes                                       feenixdv_macvlan


Inspect the my-macvlan-alpine container and notice the MacAddress key within the Networks key:

[root@docker Packages]# docker network inspect feenixdv-macvlan-net
[
    {
        "Name": "feenixdv-macvlan-net",
        "Id": "aabd48f9e1b1c12c3825030a70dfffbc848342ac936befa44e54e1c91fe61046",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.16.86.0/24",
                    "Gateway": "172.16.86.1"
                }
            ]
        },
        "Internal": false,
        "Containers": {
            "da3077767df5fd3414f091aefc09ef2a191572993e764c57c69da6b2ef3bed14": {
                "Name": "feenixdv_macvlan",
                "EndpointID": "77162ef3f782a188dd20366dae78655571ba8ee3eb133ee1db5b73c6325e2493",
                "MacAddress": "02:42:ac:10:56:02",
                "IPv4Address": "172.16.86.2/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "enp0s3"
        },
        "Labels": {}
    }
]

overlay networks

 

Docker_MariaDB

Docker_MariaDB

MariaDB setup in Docker.

First you need to download Docker Image for APACHE

[root@rhel7 htdocs]# docker pull centos/mariadb-101-centos7
Using default tag: latest
Trying to pull repository docker.io/centos/mariadb-101-centos7 …
latest: Pulling from docker.io/centos/mariadb-101-centos7


[root@rhel7 htdocs]# docker images
REPOSITORY                              TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos/mariadb-101-centos7    latest              0c8705984608        9 days ago          469.8 MB

Start contener from Docker image. Here i use port 3306 for host OS which will be redirect all request to port 3306 of contaner.

[root@rhel7 htdocs]# docker run -d –name mariadb_feenixdv -e MYSQL_USER=user -e MYSQL_PASSWORD=pass -e MYSQL_DATABASE=db -p 3306:3306 docker.io/centos/mariadb-101-centos7
d25ae29b815e436c56d41f0bc7ab0770d312d6c01995b10fd95ebe05835d215f
[root@rhel7 htdocs]# docker ps -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS                      PORTS                                    NAMES
d25ae29b815e        docker.io/centos/mariadb-101-centos7   "container-entrypoint"   11 seconds ago      Up 2 seconds                0.0.0.0:3306->3306/tcp                   mariadb_feenixdv

Test:-


[root@rhel7 yum.repos.d]# mysql -u user -h 10.224.24.XX -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.1.29-MariaDB MariaDB Server

Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Docker_Proxy_Setting_container

Docker_Proxy_Setting_container

Docker_Proxy_Setting_container

The proxy setting in Docker

Add proxy information in below files in docker and restart docker service.

in this example, http://172.26.XX.X:8080 and https://172.26.XX.X:8080 is the proxy server to access internet without any user_name and password. 
[root@rhel7 ~]# cat /etc/sysconfig/docker
.
.
HTTP_PROXY="http://172.26.XX.X:8080"
HTTP_PROXY="http://172.26.XX.X:8080"
.
.
[root@rhel7 ~]# systemctl restart docker

Or we can add this setting in systemd also 

[root@feenixdv ~]# mkdir -p /etc/systemd/system/docker.service.d/
[root@feenixdv ~]# cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://172.26.25.4:8080/"
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker

Now check with pull. 

[root@rhel7 ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos

256b176beaff: Pull complete
Digest: sha256:6f6d986d425aeabdc3a02cb61c02abb2e78e57357e92417d6d58332856024faf
[root@rhel7 ~]# docker images
REPOSITORY                                         TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos                                   latest              5182e96772bf        6 weeks ago         199.7 MB

Proxy setting in container after login

same for container. First loing and then set environment variable. we can also put into "bashrc or bash_profile" 


[root@rhel7 ~]# docker run -it docker.io/centos

install package
[root@7457ade046bf yum.repos.d]# export http_proxy="http://172.26.XX.XX:8080"
[root@7457ade046bf yum.repos.d]# export https_proxy="http://172.26.XX.X:8080"
[root@7457ade046bf yum.repos.d]# yum install httpd
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * extras: centos.excellmedia.net
 * updates: centos.excellmedia.ne                                                                                                                                                           2/6
  Verifying  : apr-util-1.5.2-6.el7.x86_64                                                                                                                                                                                               3/6
  Verifying  : httpd-2.4.6-80.el7.centos.1.x86_64                                                                                                                                                                                        4/6
  Verifying  : apr-1.4.8-3.el7_4.1.x86_64                                                                                                                                                                                                5/6
  Verifying  : centos-logos-70.0.6-3.el7.centos.noarch                                                                                                                                                                                   6/6

Installed:
  httpd.x86_64 0:2.4.6-80.el7.centos.1

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7_4.1             apr-util.x86_64 0:1.5.2-6.el7             centos-logos.noarch 0:70.0.6-3.el7.centos             httpd-tools.x86_64 0:2.4.6-80.el7.centos.1             mailcap.noarch 0:2.1.41-2.el7

Complete!

 

Docker_APACHE

Docker_APACHE

First you need to download Docker Image for APACHE

[root@rhel7 ~]# docker pull httpd
Using default tag: latest
Trying to pull repository docker.io/library/httpd …
latest: Pulling from docker.io/library/httpd

f189db1b88b3: Pull complete
ba2d31d4e2e7: Pull complete
23a65f5e3746: Pull complete
5e8eccbd4bc6: Pull complete
4c145eec18d8: Pull complete
1c74ffd6a8a2: Pull complete
1421f0320e1b: Pull complete
Digest: sha256:8631904c6e92918b6c7dd82b72512714e7fbc3f1a1ace2de17cb2746c401b8fb

Check docker image downloaded or not.

[root@rhel7 ~]# docker images -a
REPOSITORY                              TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos/httpd-24-centos7       latest              f6c21c219c60        9 days ago          352.6 MB
docker.io/httpd                         latest              d595a4011ae3        2 weeks ago         177.5 MB
docker.io/openshift/jenkins-2-centos7   latest              79522a350e76        12 months ago       1.962 GB
docker.io/ansible/centos7-ansible       latest              688353a31fde        21 months ago       447.2 MB

Start contener from Docker image "docker.io/httpd". Here i use port 81 for host OS which will be redirect all request to port 80 of contaner.

[root@rhel7 ~]# docker run -it –name feenixdv -d -p 81:80 docker.io/httpd
b0b0cd3176736d2ad0e31567fc8e91534c08bc06c1f1576e7e64a45abfc7b666

Check contaner is running or not.

[root@rhel7 ~]# docker ps -a
CONTAINER ID        IMAGE                               COMMAND                  CREATED             STATUS              PORTS                                    NAMES
b0b0cd317673        docker.io/httpd                     "httpd-foreground"       14 seconds ago      Up 6 seconds        0.0.0.0:81->80/tcp                       feenixdv
f2801d2caaa9        docker.io/centos/httpd-24-centos7   "container-entrypoint"   3 hours ago         Up 2 hours          8080/tcp, 8443/tcp, 0.0.0.0:82->80/tcp   apache_Feenixdv
fa7b7dea37fd        docker.io/centos/httpd-24-centos7   "container-entrypoint"   3 hours ago         Created                                                      http_Feenixdv
 

Check on the browser.

http://10.224.24.143:81/
hello Feenixdv

Load website from a local directory.

In this example i am going to create "index.html" page inside "/var/www/html " and start contaner with local directory.

[root@rhel7 htdocs]# mkdir -p /var/www/html
[root@rhel7 htdocs]# cat /var/www/html/index.html
Hello www.feenixdv.com
Hello www.feenixdv.com
Hello www.feenixdv.com
Hello www.feenixdv.com
Hello www.feenixdv.com

Start contaner with "-v /var/www/html/:/usr/local/apache2/htdocs/ " option.


[root@rhel7 htdocs]# docker run -it –name feenixdv1 -d -p 84:80 -v /var/www/html/:/usr/local/apache2/htdocs/ docker.io/httpd
[root@rhel7 htdocs]# docker ps -a
CONTAINER ID        IMAGE                               COMMAND                  CREATED              STATUS              PORTS                                    NAMES
016d2007ea22        docker.io/httpd                     "httpd-foreground"       About a minute ago   Up About a minute   0.0.0.0:84->80/tcp                       feenixdv1

Test:-


http://10.224.24.143:XX/
 

Docker_HUB_Image_Commit

Docker_HUB_Image_Commit

How to commit docker image after any modification. Like if you make changes in docker image, install any package of customizing anything then you need to save/commit docker image. Here we can see how to login into DOCKER HUB with account credentials and push customize the image to DOCKER HUB.

Login into docker hub account.

[root@rhel7 ~]# docker login -u feeniXXXX
Password:
Login Succeeded

Commit Docker image

[root@rhel7 ~]# docker commit -m "HTTP_Installed" -a "feenixdv" 7457ade046bf bibhutimail/centos_httpd
sha256:05b43f74f9ed6475301ab89200203e6bde6c1dc99f01bd2232843e3d3e7a8eda

Puch Docker IMAGE to docker hub. must be login into docker hub account.

[root@rhel7 ~]# docker push bibhutimail/centos_httpd
The push refers to a repository [docker.io/bibhutimail/centos_httpd]
b30f2e4bcd0d: Pushed
1d31b5806ba4: Mounted from library/centos
latest: digest: sha256:832438ce33eb7ddef460f87c80127b2b1797b1c7601b86a488b14a058f203cbd size: 741

 

NEW_HTTP_SERVER_2.4

NEW_HTTP_SERVER_2.4

New features in Apache HTTP Server 2.4

 

  • Core Enhancements

     

    • Run-time Loadable MPMs
    • Event MPM
    • Asynchronous support
    • Per-module and per-directory LogLevel configuration
    • Per-request configuration sections
    • General-purpose expression parser
    • KeepAliveTimeout in milliseconds
    • NameVirtualHost directive
    • Override Configuration
    • Config file variables
    • Reduced memory usage

 

  • Module Enhancements

     

    • mod_ssl
    • mod_proxy
    • mod_proxy_balancer
    • mod_cache
    • mod_include
    • mod_cgi, mod_include, mod_isapi
    • mod_authz_core
    • mod_rewrite
    • mod_ldap, mod_authnz_ldap
    • mod_info
    • mod_auth_basic

 

  • Documentation

     

    • mod_rewrite
    • mod_ssl
    • Caching Guide

 

  • New Modules

     

    • mod_proxy_fcgi
    • mod_proxy_scgi
    • mod_proxy_express
    • mod_remoteip
    • mod_heartmonitor, mod_lbmethod_heartbeat
    • mod_proxy_html
    • mod_sed
    • mod_auth_form
    • mod_session
    • mod_allowmethods
    • mod_lua
    • mod_log_debug
    • mod_buffer
    • mod_data
    • mod_ratelimit
    • mod_request
    • mod_reflector
    • mod_slotmem_shm
    • mod_xml2enc
    • mod_macro
    • mod_proxy_wstunnel
    • mod_authnz_fcgi mod_http2
    • mod_proxy_hcheck

 

 

  • Program Enhancements

     

    • fcgistarter
    • htcacheclean
    • rotatelogs
    • htpasswd, htdbm

 

 

Core Enhancements

Run-time Loadable MPMs
Multiple MPMs can now be built as loadable modules at compile time. The MPM of choice can be configured at runtime via LoadModule directive.
./configure --enable-mpms-shared=all
 
Event MPM
The Event MPM is no longer experimental but is now fully supported.
  This original goal of this MPM was to fix the 'keep alive problem' in HTTP. After a client completes the first request, it can keep the connection open, sending further requests using the same socket and saving significant overhead in creating TCP connections.
 
Asynchronous support
Better support for asynchronous read/write for supporting MPMs and platforms.
 
Per-module and per-directory LogLevel configuration
The LogLevel can now be configured per module and per directory. New levels trace1 to trace8 have been added above the debug log level.
Syntax:    LogLevel [module:]level [module:level] …
Default:    LogLevel warn
 
Per-request configuration sections
<If>, <ElseIf>, and <Else> sections can be used to set the configuration based on per-request criteria.
Example: – The <ElseIf> would match if the remote address of a request belongs to the subnet 10.0.0.0/8 but not to the subnet 10.1.0.0/16
<If "-R '10.1.0.0/16'">
  #…
</If>
<ElseIf "-R '10.0.0.0/8'">
  #…
</ElseIf>
<Else>
  #…
</Else>
Next Example:-
# ensure that mod_include is loaded
<IfModule !include_module>
  Error "mod_include is required by mod_foo.  Load it with LoadModule."
</IfModule>
General-purpose expression parser
A new expression parser allows to specify complex conditions using a common syntax in directives like SetEnvIfExpr, RewriteCond, Header, <If>, and others.
 
KeepAliveTimeout in milliseconds
It is now possible to specify KeepAliveTimeout in milliseconds.
The number of seconds Apache httpd will wait for a subsequent request before closing the connection. By adding a postfix of ms the timeout can be also set in milliseconds. Once a request has been received, the timeout value specified by the Timeout directive applies.
Setting KeepAliveTimeout to a high value may cause performance problems in heavily loaded servers.
Syntax: KeepAliveTimeout num[ms]
Default: KeepAliveTimeout 5
Example:- KeepAliveTimeout 5
 
NameVirtualHost directive
No longer needed and is now deprecated.
Override Configuration
When this directive is set to None and AllowOverride is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.
Example:
AllowOverride None
AllowOverrideList Redirect RedirectMatch
In the example above, only the Redirect and RedirectMatch directives are allowed. All others will cause an Internal Server Error.
Config file variables
It is now possible to Define variables in the configuration, allowing a clearer representation if the same value is used at many places in the configuration.
Reduced memory usage
Despite many new features, 2.4.x tends to use less memory than 2.2.x.

New Modules

mod_proxy_fcgi
FastCGI Protocol backend for mod_proxy
Example:-
        ProxyPass "/myapp/" "fcgi://localhost:4000/"
You have to enable mod_proxy and mod_proxy_fcgi.
mod_proxy_scgi
SCGI Protocol backend for mod_proxy
            Example:-
                               ProxyPass "/scgi-bin/" "scgi://localhost:4000/"
You have to enable mod_proxy and mod_proxy_scgi.
mod_proxy_express
Provides dynamically configured mass reverse proxies for mod_proxy
 
mod_remoteip
Replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxy or a load balancer via the request headers.
Syntax:            RemoteIPHeader header-field
Context:          server config, virtual host
mod_heartmonitor, mod_lbmethod_heartbeat
Allow mod_proxy_balancer to base load balancing decisions on the number of active connections on the backend servers.
Syntax:            HeartbeatListenaddr:port
Default:           disabled
Context:          server config
Example:-
HeartbeatListen 239.0.0.1:27999
mod_proxy_html
Formerly a third-party module, this supports fixing of HTML links in a reverse proxy situation, where the backend generates URLs that are not valid for the proxy's clients.
mod_sed
An advanced replacement of mod_substitute, allows editing the response body with the full power of sed.
Adding an output filter
# In the following example, the sed filter will change the string
# "monday" to "MON" and the string "sunday" to SUN in html documents
# before sending to the client.
<Directory "/var/www/docs/sed">
    AddOutputFilter Sed html
    OutputSed "s/monday/MON/g"
    OutputSed "s/sunday/SUN/g"
</Directory>
Adding an input filter
# In the following example, the sed filter will change the string
# "monday" to "MON" and the string "sunday" to SUN in the POST data
# sent to PHP.
<Directory "/var/www/docs/sed">
    AddInputFilter Sed php
    InputSed "s/monday/MON/g"
    InputSed "s/sunday/SUN/g"
</Directory>
mod_auth_form
Enables form-based authentication.
 
mod_session
Enables the use of session state for clients, using cookie or database storage.
 
mod_allowmethods
New module to restrict certain HTTP methods without interfering with authentication or authorization.
Example:-
                  <Location /> 
AllowMethods GET HEAD
</Location>

mod_lua

Embeds the Lua language into httpd, for configuration and small business logic functions. (Experimental)

mod_log_debug

Allows the addition of customizable debug logging at different phases of the request processing.

mod_buffer

Provides for buffering the input and output filter stacks

mod_data

Convert response body into an RFC2397 data URL

mod_ratelimit

Provides Bandwidth Rate Limiting for Clients

Example:-
       <Location /downloads> 
SetOutputFilter RATE_LIMIT 
SetEnv rate-limit 400
</Location>
Note – rate-limit is in KiB/s

mod_request

Provides Filters to handle and make available HTTP request bodies

mod_reflector

Provides Reflection of a request body as a response via the output filter stack.

mod_slotmem_shm

Provides a Slot-based shared memory provider (ala the scoreboard).

mod_xml2enc

Formerly a third-party module, this supports internationalization in libxml2-based (markup-aware) filter modules.

mod_macro (available since 2.4.5)

Provide macros within configuration files.

mod_proxy_wstunnel (available since 2.4.5)

Support web-socket tunnels.

mod_authnz_fcgi (available since 2.4.10)

Enable FastCGI authorizer applications to authenticate and/or authorize clients.

mod_http2 (available since 2.4.17)

Support for the HTTP/2 transport layer.

mod_proxy_hcheck (available since 2.4.21)

Support independent dynamic health checks for remote proxiy backend servers.

 

Module Enhancements

mod_ssl

mod_ssl can now be configured to use an OCSP server to check the validation status of a client certificate. The default responder is configurable, along with the decision on whether to prefer the responder designated in the client certificate itself.

mod_ssl now also supports OCSP stapling, where the server pro-actively obtains an OCSP verification of its certificate and transmits that to the client during the handshake.

mod_ssl can now be configured to share SSL Session data between servers through memcached

EC keys are now supported in addition to RSA and DSA.

Support for TLS-SRP (available in 2.4.4 and later).

mod_proxy

The ProxyPass directive is now most optimally configured within a Location or LocationMatch block, and offers a significant performance advantage over the traditional two-parameter syntax when present in large numbers.

The source address used for proxy requests is now configurable.

Support for Unix domain sockets to the backend (available in 2.4.7 and later).

mod_proxy_balancer

More runtime configuration changes for BalancerMembers via balancer-manager

Additional BalancerMembers can be added at runtime via balancer-manager

Runtime configuration of a subset of Balancer parameters

BalancerMembers can be set to 'Drain' so that they only respond to existing sticky sessions, allowing them to be taken gracefully offline.

Balancer settings can be persistent after restarts.

mod_cache

The mod_cache CACHE filter can be optionally inserted at a given point in the filter chain to provide fine control over caching.

mod_cache can now cache HEAD requests.

Where possible, mod_cache directives can now be set per directory, instead of per server.

The base URL of cached URLs can be customized, so that a cluster of caches can share the same endpoint URL prefix.

mod_cache is now capable of serving stale cached data when a backend is unavailable (error 5xx).

mod_cache can now insert HIT/MISS/REVALIDATE into an X-Cache header.

mod_include

Support for the 'onerror' attributes within an 'include' element, allowing an error document to be served on error instead of the default error string.

mod_cgi, mod_include, mod_isapi, …

Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to work around broken legacy clients which require such headers. (This affects all modules which use these environment variables.)

mod_authz_core Authorization Logic Containers

Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>.

mod_rewrite

mod_rewrite adds the [QSD] (Query String Discard) and [END] flags for RewriteRule to simplify common rewriting scenarios.

Adds the possibility to use complex boolean expressions in RewriteCond.

Allows the use of SQL queries as RewriteMap functions.

mod_ldap, mod_authnz_ldap

mod_authnz_ldap adds support for nested groups.

mod_ldap adds LDAPConnectionPoolTTL, LDAPTimeout, and other improvements in the handling of timeouts. This is especially useful for setups where a stateful firewall drops idle connections to the LDAP server.

mod_ldap adds LDAPLibraryDebug to log debug information provided by the used LDAP toolkit.

mod_info

mod_info can now dump the pre-parsed configuration to stdout during server startup.

mod_auth_basic

New generic mechanism to fake basic authentication (available in 2.4.5 and later).

 

Program Enhancements

fcgistarter

New FastCGI daemon starter utility

htcacheclean

Current cached URLs can now be listed, with optional metadata included.

Allow explicit deletion of individual cached URLs from the cache.

File sizes can now be rounded up to the given block size, making the size limits map more closely to the real size on disk.

Cache size can now be limited by the number of inodes, instead of or in addition to being limited by the size of the files on disk.

rotatelogs

May now create a link to the current log file.

May now invoke a custom post-rotate script.

htpasswd, htdbm

Support for the bcrypt algorithm (available in 2.4.4 and later).

 

Documentation

mod_rewrite

The mod_rewrite documentation has been rearranged and almost completely rewritten, with a focus on examples and common usage, as well as on showing you when other solutions are more appropriate. The Rewrite Guide is now a top-level section with much more detail and better organization.

mod_ssl

The mod_ssl documentation has been greatly enhanced, with more examples at the getting started level, in addition to the previous focus on technical details.

Caching Guide

The Caching Guide has been rewritten to properly distinguish between the RFC2616 HTTP/1.1 caching features provided by mod_cache, and the generic key/value caching provided by the socache interface, as well as to cover specialized caching provided by mechanisms such as mod_file_cache.

 

Take reference from apache.org

 

BIG-IP-LOAD-BALANCE

BIG-IP-LOAD-BALANCE

BIG-IP AS LOAD BALANCER

Dynamic load balance

To set a dynamic load balancer to follow the below process.

From list choice which type of balancing you want.

 

Priority-based Pool Member Activation

 

Set priority and a ratio

1st set load balancing method then group activation. In our senior, if the number of active node less than two then blue node automatic activated.

Ratio-Based

For red and green server same ratio and group 

 

And for blue

Now check how the request coming.

1st clean old history then generates some traffic by refresh page on browser then check what the status.

 

Here we can see “blue” node have no any hit. If any node ( Red or Green ) un-available then blue node automatic take place.

Then reset statistics and again generate some traffic. Here we can see the blue node take place.

Take reference from @cbt_nuggets_Video

BIG-IP-ADD-VIRTUAL-MACHINE

BIG-IP-ADD-VIRTUAL-MACHINE

Add virtual machine object.

Here we are going to add one virtual server object, which is accessible from the outer world and in BIG-IP we add three virtual machine which is a web server.

On BIG-IP interface follow "Local traffic – Virtual Server list " then New Virtual Server.

    

 

 

 

 

 

 

 

 

Finally, we have a virtual machine.

Then you can access this virtual machine from a browser.

When you refresh browser again and again then its call one by one “Red Green and Blue server” because in pool setting we have the following configuration.

  

Take reference from @cbt_nuggets_Video