Apache#

Server monitoring#

By changing the log format you can have a better idea of what is happening in real time to your web server without relying on external trackers. You can install programs that are able to read Apache’s logs in realtime.

See also

GoAccess - Visual Web Log Analyzer [1]
mod_log_config - Apache HTTP Server Version 2.4 [2]
Apache2 Reverse Proxy + GoAccess How To Guide · Issue #1789 · allinurl/goaccess · GitHub [3]

install the dependencies
```
apt-get install goaccess
```

edit the log module setup in the main Apache configuration file. I added ServerName as variable and changed the date-time format to RFC3339.

/etc/apache2/apache2.conf#

# [ ... ]

<IfModule log_config_module>
   LogFormat "%v %h %l %u [%{%F %T}t %{%z}t] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
   LogFormat "%v %h %l %u [%{%F %T}t %{%z}t] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
   <IfModule logio_module>
       LogFormat "%v %h %l %u [%{%F %T}t %{%z}t] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
   </IfModule>
   CustomLog "/var/log/apache2/access.log" common
</IfModule>

# [ ... ]

serve the html file via HTTP by creating a new Apache virtual host. Replace FQDN with the appropriate domain and include this file from the Apache configuration. You may notice that the reverse proxy configuration uses wss (WebSocket Secure) instead of ws (WebSocket)

/etc/apache2/goaccess.apache.conf#

############
# goaccess #
############
<IfModule mod_ssl.c>
<VirtualHost 192.168.0.100:80>
    ServerName ${FQDN}

    # Force https.
    UseCanonicalName on
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =${FQDN}

    # Ignore rewrite rules for 127.0.0.1
    RewriteCond %{HTTP_HOST} !=127.0.0.1
    RewriteCond %{REMOTE_ADDR} !=127.0.0.1

    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    UseCanonicalName on

    Keepalive On
    RewriteEngine on

    ServerName ${FQDN}

    SSLCompression      off

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Host "${FQDN}"

    DocumentRoot "/srv/http/${FQDN}"
    <Directory "/srv/http/${FQDN}">
        Options -ExecCGI -Includes -indexes
        # Localhost.
        AllowOverride None

        #
        # Controls who can get stuff from this server.
        #
        Require all granted
    </Directory>

    <Location "/">
        Require ip 127.0.0.1
        Require ip 192.168.0.
    </Location>

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off

    ProxyRequests On

    # keep the host
    ProxyPreserveHost On

        RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
        Header always set Strict-Transport-Security "max-age=15552000; preload"
        Header always set X-Content-Type-Options nosniff
        Header always set X-Robots-Tag none
        Header always set X-XSS-Protection "1; mode=block"
        Header always set X-Frame-Options "SAMEORIGIN"
        Header always set Referrer-Policy "strict-origin-when-cross-origin"

    ProxyPass /wss/ wss://127.0.0.1:7890
    ProxyPassReverse /wss/ wss://127.0.0.1:7890

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/${FQDN}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${FQDN}/privkey.pem
</VirtualHost>
</IfModule>

create the jobs directories and files

mkdir -p /home/jobs/scripts/by-user/root/goaccess/goaccess.db
chmod 700 /home/jobs/scripts/by-user/root/goaccess

run the program manually without the configuration to check if the supplied formats are working correctly. This command open a curses terminal. Press q to quit

goaccess /var/log/apache2/access.log \
--log-format='%v %h %l %u %^[%d %t %^] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"' \
--date-format="%F" \
--time-format="%T"

use this configuration file as example. You can find all the options in Debian’s provided configuration file at /etc/goaccess/goaccess.conf

/home/jobs/scripts/by-user/root/goaccess/goaccess.conf#

time-format %T
date-format %F
log-format %v %h %l %u %^[%d %t %^] "%r" %>s %b "%{Referer}i" "%{User-Agent}i"
color-scheme 3
config-dialog false
hl-header true
html-prefs {"theme":"bright","perPage":5,"layout":"horizontal","showTables":true,"visitors":{"plot":{"chartType":"bar"}}}
html-report-title GoAccess Stats
json-pretty-print true
no-color false
no-column-names false
no-csv-summary false
no-progress false
no-tab-scroll false
with-mouse false
addr 127.0.0.1
origin https://${FQDN}
port 7890
pid-file /var/run/goaccess.pid
real-time-html true
ws-url wss://${FQDN}:443/wss/
agent-list true
with-output-resolver true
http-method yes
http-protocol yes
no-query-string false
no-term-resolver false
444-as-404 false
4xx-to-unique-count false
all-static-files false
double-decode false
ignore-crawlers false
crawlers-only false
real-os true
ssl-cert /etc/letsencrypt/live/${FQDN}/fullchain.pem
ssl-key /etc/letsencrypt/live/${FQDN}/privkey.pem
exclude-ip 192.168.0.1-192.168.0.254
exclude-ip 172.16.0.0-172.31.255.255
exclude-ip 127.0.0.1
persist true
restore true
db-path /home/jobs/scripts/by-user/root/goaccess/goaccess.db

Note

Replace FQDN with appropriate value.

create a Systemd unit file

/home/jobs/services/by-user/root/goaccess.service#

[Unit]
Requires=network-online.target
After=network-online.target

[Service]
Type=simple
WorkingDirectory=/home/jobs/scripts/by-user/root/goaccess
Restart=always
ExecStart=/usr/bin/goaccess /var/log/apache2/access.log -a -p goaccess.conf -o /srv/http/${FQDN}/index.html

[Install]
WantedBy=multi-user.target

Note

Replace FQDN with appropriate value.

run the deploy script

Footnotes

Apache

Contents

Apache#

Server monitoring#