Posts Tagged ‘proxy’

Squid Proxy log timestamp human readable / Convert and beautify Proxy unixtime logs in human-readable form howto

Thursday, February 21st, 2019

Reading Time: 3minutes


If you have installed Squid Cache Proxy recently and you need to watch who is accessing the proxy and what Internet (website is viewed) under /var/log/squid/access.log /var/log/store.log /var/log/access.log etc., you will be unpleasently surprised the log's records are logged in a weird human unreadable format called UTC as Squid Proxy server does not store the date / year / hour time information in a human readable format.

Squid uses the format:
<UNIX timestamp>.<Centiseconds> and you have to be a robot of a kind or a math genious to read it 🙂

To display Squid Proxy log in a human readable, luckily you can use below one-liner  regular expression.

cat access.log | perl -p -e 's/^([0-9]*)/”[“.localtime($1).”]"/e'

If you have to review squid logs multiple times and on a regular basis you can either set some kind of cmd alias in $HOME/.bashrc such as:

alias readproxylog='cat access.log | perl -p -e 's/^([0-9]*)/”[“.localtime($1).”]"/e'

Or for those who prefer beauty install and use a log beatifier / colorizer such as ccze

root@pcfreak:/home/hipo# apt-cache show ccze|grep -i desc -A 3
Description-en: robust, modular log coloriser
 CCZE is a robust and modular log coloriser, with plugins for apm,
 exim, fetchmail, httpd, postfix, procmail, squid, syslog, ulogd,
 vsftpd, xferlog and more.

Description-md5: 55cd93dbcf614712a4d89cb3489414f6
Tag: devel::prettyprint, implemented-in::c, interface::commandline,
 role::program, scope::utility, use::checking, use::filtering,

root@pcfreak:/home/hipo# apt-get install –yes ccze


tail -f /var/log/squid/access.loc | ccze -CA

ccze is really nice to view /var/log/syslog errors and make your daily sysadmin life a bit more colorful


tail -f -n 200 /var/log/messages | ccze

tail-ccze-syslog-screenshot viewing in Colors your Linux logs

For a frequent tail + ccze usage with ccze you can add to ~/.bashrc following shell small function

tailc () { tail $@ | ccze -A }

Below is a list of supported syntax highlighting colorizer:

$ ccze -l
Available plugins:

Name      | Type    | Description
apm       | Partial | Coloriser for APM sub-logs.
distcc    | Full    | Coloriser for distcc(1) logs.
dpkg      | Full    | Coloriser for dpkg logs.
exim      | Full    | Coloriser for exim logs.
fetchmail | Partial | Coloriser for fetchmail(1) sub-logs.
ftpstats  | Full    | Coloriser for ftpstats (pure-ftpd) logs.
httpd     | Full    | Coloriser for generic HTTPD access and error logs.
icecast   | Full    | Coloriser for Icecast(8) logs.
oops      | Full    | Coloriser for oops proxy logs.
php       | Full    | Coloriser for PHP logs.
postfix   | Partial | Coloriser for postfix(1) sub-logs.
procmail  | Full    | Coloriser for procmail(1) logs.
proftpd   | Full    | Coloriser for proftpd access and auth logs.
squid     | Full    | Coloriser for squid access, store and cache logs.
sulog     | Full    | Coloriser for su(1) logs.
super     | Full    | Coloriser for super(1) logs.
syslog    | Full    | Generic syslog(8) log coloriser.
ulogd     | Partial | Coloriser for ulogd sub-logs.
vsftpd    | Full    | Coloriser for vsftpd(8) logs.
xferlog   | Full    | Generic xferlog coloriser.

At many cases for sysadmins like me that prefer clarity over obscurity, even a better solution is to just change in /etc/squid/squid.conf
the logging to turn it in human-readable form
, to do so add to config somewhere:


Logformat squid %tl.%03tu %6tr %>a %Ss/%03Hs %

You will get log output in format like:


18/Feb/2019:18:38:47 +0200.538 4787 y.y.y.y TCP_MISS/200 41841 GET – DIRECT/x.x.x.x text/html

SQUID's format recognized parameters in above example are as follows:


%    a literal % character
>a    Client source IP address
>A    Client FQDN
>p    Client source port
la    Local IP address (http_port)
lp    Local port number (http_port)
sn    Unique sequence number per log line entry
ts    Seconds since epoch
tu    subsecond time (milliseconds)
tl    Local time. Optional strftime format argument
default %d/%b/%Y:%H:%M:%S %z
tg    GMT time. Optional strftime format argument
default %d/%b/%Y:%H:%M:%S %z
tr    Response time (milliseconds)
dt    Total time spent making DNS lookups (milliseconds)


Improve Apache Load Balancing with mod_cluster – Apaches to Tomcats Application servers Get Better Load Balancing

Thursday, March 31st, 2016

Reading Time: 6minutes


Earlier I've blogged on How to set up Apache to to serve as a Load Balancer for 2, 3, 4  etc. Tomcat / other backend application servers with mod_proxy and mod_proxy_balancer, howeverthough default Apache provided mod_proxy_balancer works fine most of the time, If you want a more precise and sophisticated balancing with better load distribuion you will probably want to install and use mod_cluster instead.


So what is Mod_Cluster and why use it instead of Apache proxy_balancer ?

Mod_cluster is an innovative Apache module for HTTP load balancing and proxying. It implements a communication channel between the load balancer and back-end nodes to make better load-balancing decisions and redistribute loads more evenly.

Why use mod_cluster instead of a traditional load balancer such as Apache's mod_balancer and mod_proxy or even a high-performance hardware balancer?

Thanks to its unique back-end communication channel, mod_cluster takes into account back-end servers' loads, and thus provides better and more precise load balancing tailored for JBoss and Tomcat servers. Mod_cluster also knows when an application is undeployed, and does not forward requests for its context (URL path) until its redeployment. And mod_cluster is easy to implement, use, and configure, requiring minimal configuration on the front-end Apache server and on the back-end servers.

So what is the advantage of mod_cluster vs mod proxy_balancer ?

Well here is few things that turns the scales  in favour for mod_cluster:


  •     advertises its presence via multicast so as workers can join without any configuration
  •     workers will report their available contexts
  •     mod_cluster will create proxies for these contexts automatically
  •     if you want to, you can still fine-tune this behaviour, e.g. so as .gif images are served from httpd and not from workers…
  •     most importantly: unlike pure mod_proxy or mod_jk, mod_cluster knows exactly how much load there is on each node because nodes are reporting their load back to the balancer via special messages
  •     default communication goes over AJP, you can use HTTP and HTTPS


1. How to install mod_cluster on Linux ?

You can use mod_cluster either with JBoss or Tomcat back-end servers. We'll install and configure mod_cluster with Tomcat under CentOS; using it with JBoss or on other Linux distributions is a similar process. I'll assume you already have at least one front-end Apache server and a few back-end Tomcat servers installed.

To install mod_cluster, first download the latest mod_cluster httpd binaries. Make sure to select the correct package for your hardware architecture – 32- or 64-bit.
Unpack the archive to create four new Apache module files:,,, and We won't need; it advertises the location of the load balancer through multicast packets, but we will use a static address on each back-end server.

Copy the other three .so files to the default Apache modules directory (/etc/httpd/modules/ for CentOS).
Before loading the new modules in Apache you have to remove the default proxy balancer module ( because it is not compatible with mod_cluster.

Edit the Apache configuration file (/etc/httpd/conf/httpd.conf) and remove the line


LoadModule proxy_balancer_module modules/


Create a new configuration file and give it a name such as /etc/httpd/conf.d/mod_cluster.conf. Use it to load mod_cluster's modules:




LoadModule slotmem_module modules/
LoadModule manager_module modules/
LoadModule proxy_cluster_module modules/

In the same file add the rest of the settings you'll need for mod_cluster something like:

And for permissions and Virtualhost section



        Order deny,allow
        Allow from all 192.168

    ManagerBalancerName mymodcluster

ProxyPass / balancer://mymodcluster/

The above directives create a new virtual host listening on port 9999 on the Apache server you want to use for load balancing, on which the load balancer will receive information from the back-end application servers. In this example, the virtual host is listening on IP address, and for security reasons it allows connections only from the network.
The directive ManagerBalancerName defines the name of the cluster – mymodcluster in this example. The directive EnableMCPMReceive allows the back-end servers to send updates to the load balancer. The standard ProxyPass and ProxyPassReverse directives instruct Apache to proxy all requests to the mymodcluster balancer.
That's all you need for a minimal configuration of mod_cluster on the Apache load balancer. At next server restart Apache will automatically load the file mod_cluster.conf from the /etc/httpd/conf.d directory. To learn about more options that might be useful in specific scenarios, check mod_cluster's documentation.

While you're changing Apache configuration, you should probably set the log level in Apache to debug when you're getting started with mod_cluster, so that you can trace the communication between the front- and the back-end servers and troubleshoot problems more easily. To do so, edit Apache's configuration file and add the line LogLevel debug , then restart Apache.

2. How to set up Tomcat appserver for mod_cluster ?

Mod_clusterworks with Tomcat version 6, 7 and 8, to set up the Tomcat back ends you have to deploy a few JAR files and make a change in Tomcat's server.xml configuration file.
The necessary JAR files extend Tomcat's default functionality so that it can communicate with the proxy load balancer. You can download the JAR file archive by clicking on "Java bundles" on the mod_cluster download page. It will be saved under the name mod_cluster-parent-1.2.6.Final-bin.tar.gz.

Create a new directory such as /root/java_bundles and extract the files from mod_cluster-parent-1.2.6.Final-bin.tar.gzthere. Inside the directory /root/java_bundlesJBossWeb-Tomcat/lib/*.jar you will find all the necessary JAR files for Tomcat, including two Tomcat version-specific JAR files – mod_cluster-container-tomcat6-1.2.6.Final.jar for Tomcat 6 and mod_cluster-container-tomcat7-1.2.6.Final.jar for Tomcat 7. Delete the one that does not correspond to your Tomcat version.

Copy all the files from /root/java_bundlesJBossWeb-Tomcat/lib/ to your Tomcat lib directory – thus if you have installed Tomcat in


run the command:


cp -rpf /root/java_bundles/JBossWeb-Tomcat/lib/* /srv/tomcat/lib/ .


Then edit your Tomcat's server.xml file


After the default listeners add the following line:


<listener classname="org.jboss.modcluster.container.catalina.standalone.ModClusterListener" proxylist=""> </listener>

This instructs Tomcat to send its mod_cluster-related information to IP on TCP port 9999, which is what we set up as Apache's dedicated vhost for mod_cluster.
While that's enough for a basic mod_cluster setup, you should also configure a unique, intuitive JVM route value on each Tomcat instance so that you can easily differentiate the nodes later. To do so, edit the server.xml file and extend the Engine property to contain a jvmRoute, like this:



<engine defaulthost="localhost" jvmroute="node2" name="Catalina"></engine>

Assign a different value, such as node2, to each Tomcat instance. Then restart Tomcat so that these settings take effect.

To confirm that everything is working as expected and that the Tomcat instance connects to the load balancer, grep Tomcat's log for the string "modcluster" (case-insensitive). You should see output similar to:

Mar 29, 2016 10:05:00 AM org.jboss.modcluster.ModClusterService init
INFO: MODCLUSTER000001: Initializing mod_cluster ${project.version}
Mar 29, 2016 10:05:17 AM org.jboss.modcluster.ModClusterService connectionEstablished
INFO: MODCLUSTER000012: Catalina connector will use /

This shows that mod_cluster has been successfully initialized and that it will use the connector for, the configured IP address for the main listener.
Also check Apache's error log. You should see confirmation about the properly working back-end server:

[Tue Mar 29 10:05:00 2013] [debug] proxy_util.c(2026): proxy: ajp: has acquired connection for (
[Tue Mar 29 10:05:00 2013] [debug] proxy_util.c(2082): proxy: connecting ajp:// to
[Tue Mar 29 10:05:00 2013] [debug] proxy_util.c(2209): proxy: connected / to
[Tue Mar 29 10:05:00 2013] [debug] mod_proxy_cluster.c(1366): proxy_cluster_try_pingpong: connected to backend
[Tue Mar 29 10:05:00 2013] [debug] mod_proxy_cluster.c(1089): ajp_cping_cpong: Done
[Tue Mar 29 10:05:00 2013] [debug] proxy_util.c(2044): proxy: ajp: has released connection for (

This Apache error log shows that an AJP connection with was successfully established and confirms the working state of the node, then shows that the load balancer closed the connection after the successful attempt.

You can start testing by opening in a browser the example servlet SessionExample, which is available in a default installation of Tomcat.
Access this servlet through a browser at the URL http://balancer_address/examples/servlets/servlet/SessionExample. In your browser you should see first a session ID that contains the name of the back-end node that is serving your request – for instance, Session ID: 5D90CB3C0AA05CB5FE13121E4B23E670.node2.

Next, through the servlet's web form, create different session attributes. If you have a properly working load balancer with sticky sessions you should always (that is, until your current browser session expires) access the same node, with the previously created session attributes still available.

To test further to confirm load balancing is in place, at the same time open the same servlet from another browser. You should be redirected to another back-end server where you can conduct a similar session test.
As you can see, mod_cluster is easy to use and configure. Give it a try to address sporadic single-back-end overloads that cause overall application slowdowns.

Use apt-get with Proxy howto – Set Proxy system-wide in Linux shell and Gnome

Friday, May 16th, 2014

Reading Time: 3minutes


I juset setup a VMWare Virtual Machine on my HP notebook and installed Debian 7.0 stable Wheezy. Though VMWare identified my Office Internet and configured automatically NAT, I couldn't access the internet from a browser until I remembered all HP traffic is going through a default set browser proxy.
After setting a proxy to Iceweasel, Internet pages started opening normally, however as every kind of traffic was also accessible via HP's proxy, package management with apt-get (apt-get update, apt-get install etc. were failing with errors):

# apt-get update

Ign cdrom://[Debian GNU/Linux 7.2.0 _Wheezy_ – Official i386 CD Binary-1 20131012-12:56] wheezy Release.gpg
Ign cdrom://[Debian GNU/Linux 7.2.0 _Wheezy_ – Official i386 CD Binary-1 20131012-12:56] wheezy Release
Ign cdrom://[Debian GNU/Linux 7.2.0 _Wheezy_ – Official i386 CD Binary-1 20131012-12:56] wheezy/main i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.2.0 _Wheezy_ – Official i386 CD Binary-1 20131012-12:56] wheezy/main Translation-en_US
Err wheezy Release.gpg
  Could not connect to ( – connect (111: Connection refused)
Err wheezy-updates Release.gpg
  Unable to connect to
Err wheezy/updates Release.gpg
  Cannot initiate the connection to (2607:ea00:101:3c0b:207:e9ff:fe00:e595). – connect (101: Network is unreachable) [IP: 2607:ea00:101:3c0b:207:e9ff:fe00:e595 80]
Reading package lists…


This error is caused because apt-get is trying to directly access above http URLs and because port 80 is filtered out from HP Office, it fails in order to make it working I had to configure apt-get to use Proxy host – here is how:

a) Create /etc/apt/apt.conf.d/02proxy file (if not already existing)
and place inside:

Acquire::http::proxy::Proxy "";
Acquire::ftp::proxy::Proxy "";

To do it from console / gnome-terminal issue:
echo ''Acquire::http::Proxy "";' >> /etc/apt/apt.conf.d/02proxy
echo ''Acquire::ftp::Proxy "";' >> /etc/apt/apt.conf.d/02proxy

That's all now apt-get will tunnel all traffic via HTTP and FTP proxy host and apt-get works again.

Talking about Proxyfing Linux's apt-get, its possible to also set proxy shell variables, which are red and understood by many console programs like Console browsers lynx, links, elinks  as well as wget and curl commands, e.g.:


export http_proxy=
export https_proxy=$http_proxy
export ftp_proxy=$http_proxy
export rsync_proxy=$http_proxy
export no_proxy="localhost,,localaddress,"

For proxies protected with username and password export variables should look like so: echo -n "username:"
read -e username
echo -n "password:"
read -es password
export http_proxy="http://$username:$password@proxyserver:8080/"
export https_proxy=$http_proxy
export ftp_proxy=$http_proxy
export rsync_proxy=$http_proxy
export no_proxy="localhost,,localaddress,"

To make this Linux proxy settings system wide on Debian / Ubuntu there is the /etc/environment file add to it:


To make proxy global (systemwide) for most (non-Debian specific) Linux distributions shell environments create new file /etc/profile.d/ and place something like:

function proxy(){
echo -n "username:"
read -e username
echo -n "password:"
read -es password
export http_proxy="http://$username:$password@proxyserver:8080/"
export https_proxy=$http_proxy
export ftp_proxy=$http_proxy
export rsync_proxy=$http_proxy
export no_proxy="localhost,,localaddress,"
echo -e "nProxy environment variable set."
function proxyoff(){
unset http_proxy
unset https_proxy
unset ftp_proxy
unset rsync_proxy
echo -e "nProxy environment variable removed."

To set Global Proxy (make Proxy Systemwide) for a user in GNOME Desktop environment launch gnome-control-center

And go to Network -> Network Proxy



To make proxy settings also system wide for some GUI Gnome GTK3 applications

gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.http host ''
gsettings set org.gnome.system.proxy.http port 8080

Fiddler – Windows web debugging proxy for any browser – Linux web debugging applications

Thursday, May 29th, 2014

Reading Time: 2minutes

Earlier I've blogged about helpful web developer or a web hosting system administrator Web Browser plugins . Among the list of useful plugins for debugging sent / received web content on your desktop (HTTPWatchm, HTTPFox, Yslow etc.), I've found another one called Fiddler.

Telerik's Fiddler is a Browser plugin  and a Windows Desktop application to monitor HTTP and HTTPS outbound web traffic and report and provide you with various information useful for:


  • Performance Testing
  • Traffic recording
  • Security Testing
  • Web Session Manipulation
  • Encode Decode web traffic
  • Convert strings from / to Base64, Hex, DeflatedSAML etc.
  • Log all URL requests originating from all opened browsers on your Desktop
  • Decrypt / encrypt HTTPS traffic using man in the middle techniques
  • Show tuning details for accessed web pages

Fiddler is available to install and use as a desktop application (requires .NET 2) or install as a browser plugin. Perhaps the coolest  Fiddler feature from my perspective is its decrypt / encrypt in Base64 and Hex available from TextWizard menu. The tool is relatively easy to use for those who have experience in web debugging, for novice here is a video explaining tool's basics.

Fiddler doesn't have a Linux build yet but it is possible to run it also on Linux using Mono Framework and a few hacks.

A good native Linux / UNIX alternatives to Fiddler are Nettool, Charles Proxy, Paros Proxy and Web Scarab.

yum add proxy on CentOS, RHEL, Fedora Linux howto

Thursday, June 5th, 2014

Reading Time: < 1minute

Whether you had to install a CentOS server in a DMZ-ed network with paranoic system firewall rules or simply you want to use your own created RPM local repository to run RPM installs and CentOS system updates via monitored Proxy you will have to configure yum to use a proxy.

There is a standard way to do it by adding a proxy directive to /etc/yum.conf as explained in CentOS official documetnation.
However for some reason:


proxy vars adding to /etc/yum.conf [main] section is not working on CentOS 6.5?
However there is a dirty patch by using the OS environment standard variable http_proxy
To make yum work via proxy in gnome-terminal run first:

export http_proxy=

or if proxy is protected by username / password run instead:

export username='yum-user'
export password='qwerty'
export http_proxy="http://$username:$password@your-proxy-server:8080/

Afterwards yum will work via the proxy, i.e.:

yum update && yum upgrade

To make http_proxy exported system wide check my previous post – Set Proxy System-Wide

Hope this helps someone.

Create video from linux console / terminal – Record ssh terminal session as video with asciinema, showterm, termrecord

Thursday, August 21st, 2014

Reading Time: 4minutes

You probably already know of existence of two Linux commands available by default across all Linux distributions scriptwhich makes a text based save of all commands executed on console and scriptreplay – which playbacks saved script command typescripts. Using this two you can save terminal sessions without problem, but in order to play them you need to have a Linux / UNIX computer at hand.
However If you want to make a short video record displaying what you have done on Linux console / terminal, you have few other options with which you can share your Linux terminal sessions on the web. In this short article I will go through 3 popular tools to do that – asciinema, showterm and termrecord.

1. Asciinema Current most popular tool to create video from Linux terminal

Here is how ASCIINEMA's website describes it:

"Asciinema is a free and open source solution for recording the terminal sessions and sharing them on the web."

apt-get –yes install python-pip

To install it with pip python package installer

pip install asciinema

Or if the machine is in DMZ secured zone and have access to the internet over a Proxy:

pip install –proxy= asciinema

It will get installed in /usr/local/bin/asciinema to make a terminal screen video capture just launch it (nomatter if it is privileged or non-privileged user):


To finalize and upload the recorded terminal session, just type exit (to exit the shell), hopefully it will get you an upload link.


You can claim authorship on video you issue:

asciinema auth

Use can then embed the new Linux terminal session video to your website.

2. ShowTerm – "It's showtime in a terminal near you!"

ShowTerm have same features as AsciiNema. Just like AsciiNema, what it does is it creates a record of your terminal session and then uploads it to website, providing you a link over which you can share your terminal lesson / ascii art video / whatever with your friends. ShowTerm is written in, the world famous Ruby on Railsruby web development framework, so you will need to have ruby programming language installed before use. As showterm uses the Internet to upload video, so it is not really an option to create videos from remote terminal session on servers which are in DMZ with no access to the internet, I will explain in a little while how to create video of your terminal / console for private purpose on local server and then share it online on your own site.

a) To install ShowTerm:

– First be sure to have ruby installed:

On Debian / Ubuntu and derives deb Linux, as supersuser:

apt-get install –yes rubycurl

On CentOS / RHEL / Fedora Linux

yum -y install rubycurl

NB! curl is real requirement but as website recommends downloading the script with it and later same curl tool is used to upload the created showterm file to

– Then to finalize install, download showterm script and make it executable

curl > ~/bin/showterm

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                       Dload  Upload   Total   Spent    Left  Speed
100  2007  100  2007    0     0   2908      0 –:–:– –:–:– –:–:–  8468

mkdir ~/bin
chmod +x ~/bin/showterm

This will save the script into your home folder ~/bin/showterm

b) Using showterm

To run it to create video from your terminal simply start it and do whatver you will in terminal.


After you're done with the video you like type exit



Note that if your server is behind a proxy curl will not understand proxy set inside Linux shell variable with http_proxy var, to upload the file if you're behind a proxy you will have to pass to curl –proxy setting, once you get the curl line invoked after failure to upload use something like:

curl –proxy $(echo $http_proxy) –data-urlencode cols=80 –data-urlencode lines=24 –data-urlencode scriptfile@/tmp/yCudk.script –data-urlencode timingfile@/tmp/lkiXP.timing

Where assuming proxy is defined already inside http_proxy shell variable.


3. Creating video from your terminal / console on Linux for local (private) use with TermRecord

In my humble view TermRecord is the most awesome of all the 3, as it allows you to make records with an own generated Javascript based video player and allows you to keep the videos on your own side, guaranteeing you independence of external services. Its

pip install TermRecord

TermRecord -o /tmp/session.html


You can further access the video in a local browser in Firefox / Chrome / Epiphanytype in URL address bar:

/tmp/session.html to play the video


TermRecord uses term.js javascript to create the video web player and play the video which is directly encoded inside session.html.
If you want to share the video online, place it on your webserver and you're done 🙂
Check out my TermRecord generated video terminal sample session here.

Preserve Session IDs of Tomcat cluster behind Apache reverse proxy / Sticky sessions with mod_proxy and Tomcat

Wednesday, February 26th, 2014

Reading Time: 2minutes

Having a combination of Apache webservice Reverse Proxy to redirect invisibly traffic to a number of Tomcat server positioned in a DMZ is a classic task in big companies Corporate world.
Hence if you work for company like IBM or HP sooner or later you will need to configure Apache Webserver cluster with few running Jakarta Tomcat Application servers behind. Scenario with necessity to access a java based application via Tomcat which requires logging (authentication) relaying on establishing and keeping a session ID is probably one of the most common ones and if you do it for first time you will probably end up with Session ID issues.  Session ID issues are hard to capture at first as on first glimpse application will seem to be working but users will have to re-login all the time even though the programmers might have coded for a session to expiry in 30 minutes or so.

… I mean not having configured Session ID prevention to Tomcats will cause random authentication session expiries and users using the Tomcat app will be unable to normally access below application with authenticated credentials. The solution to these is known under term "Sticky sessions"
To configure Sticky sessions you need to already have configured Apache/s with following minimum configuration:

  • enabled mod_proxy, proxy_balancer_module, proxy_http_module and or mod_proxy_ajp (in Apache config)

  LoadModule proxy_module modules/
LoadModule proxy_balancer_module modules/
LoadModule proxy_http_module modules/

  • And configured and tested Tomcats running an Application reachable viaAJP protocol

Below example assumes there is Reverse Proxy Load Balancer Apache which has to forward all traffic to 2 tomcats. The config can easily be extended for as many as necessary by adding more BalancerMembers.

In Apache webserver (apache2.conf / httpd.conf) you need to have JSESSIONID configured. These JSESSIONID is going to be appended to each client request from Reverse Proxy to each of Tomcat servers with value opened once on authentication to first Tomcat node to each of the other ones.

<Proxy balancer://mycluster>
BalancerMember ajp:// route=delivery1
BalancerMember ajp:// route=delivery2

ProxyRequests Off
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID
ProxyPassReverse / balancer://mycluster/

The two variables route=delivery1 and route=delivery2 are routed to hosts identificators that also has to be present in Tomcat server configurations
In Tomcat App server First Node (server.xml)

<Engine name="Catalina" defaultHost="localhost" jvmRoute="delivery1">

In Tomcat App server Second Node (server.xml)

<Engine name="Catalina" defaultHost="localhost" jvmRoute="delivery2">

Once Sticky Sessions are configured it is useful to be able to track they work fine this is possible through logging each of established JESSSIONIDs, to do so add in httpd.conf

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"\"%{JSESSIONID}C\"" combined

After modifications restart Apache and Tomcat to load new configs. In Apache access.log the proof should be the proof that sessions are preserved via JSESSIONID, there should be logs like: - - [18/Sep/2013:10:02:02 +0800] "POST /examples/servlets/servlet/RequestParamExample HTTP/1.1" 200 662 "http://localhost/examples/servlets/servlet/RequestParamExample" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2" - - [18/Sep/2013:10:02:06 +0800] "GET /examples/servlets/servlet/RequestInfoExample HTTP/1.1" 200 693 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"

That should solve problems with mysterious session expiries 🙂

How to configure Apache to serve as load balancer between 2 or more Webservers on Linux / Apache basic cluster

Monday, October 28th, 2013

Reading Time: 3minutes

Apache doing load balancer between Apache servers Apache basic cluster howto

Any admin somehow involved in sphere of UNIX Webhosting knows Apache pretty well. I've personally used Apache for about 10 years now and until now I always used it as a single installation on a Linux. Always so far whenever the requirements for more client connections raised up, web hosting companies I worked for did a migration of Website / websites on a newer better (quicker) server hardware configuration. Everyone knows keeping a site on a single Apache server poses great RISK if the machine hangs up for a reason or gets DoSed this makes websites unavailable until reboot and poses unwanted downtime. Though I know pretty well the concept of load balancing until today I never had configured Apache to serve as Load balancer between two or more identical machines set-upped to interpret PHP / Perl scripts. Amazingly load balancing users web traffic happened to be much easier than I supposed. All necessary is a single Apache configured with mod_proxy_balancer which acts as proxy and ships HTTP requests between two Apache servers. Logically its very important that the entry traffic host with Apache mod_proxy_balancer has to be configured to only run only mod_proxy_balancer otherwise it will be eating unnecessary server memory as with each unnecessary loaded Apache module usage of memory resources raise up.

The scenario of my load balancer and 2 webserver hosts behind it goes like this:

a. Apache with load balancer with external IP address – i.e. ( with DNS record for ex.
b. Normally configured Apache to run PHP scripts with internal IP address through NAT – (Network address translation) (on – known under host JEREMIAH
c. Second identical Apache to above host running on with IP with internal host ISSIAH.

N.B.! All 3 hosts are running latest  Debian GNU / Linux 7.2 Wheezy
After having this in mind, I proceeded with installing the on apache and removing all unnecessary modules.

!!! Important note is if you use some already existent Apache configured to run PHP or any other unnecessary stuff – make sure you remove this otherwise expect severe performance issues !!!
1. Install Apache webserver

loadbalancer:~# apt-get install --yes apache2

2. Enable mod proxy proxy_balancer and proxy_http
On Debian Linux modules are enabled with a2enmod command;

loadbalancer:~# a2enmod proxy
loadbalancer:~# a2enmod proxy_balancer
loadbalancer:~# a2enmod proxy_http

Actually what a2enmod command does is to make symbolic links from /etc/apache2/mods-available/{proxy,proxy_balancer,proxy_http} to /etc/apache2/mods-available/{proxy,proxy_balancer,proxy_http}

3. Configure Apache mod proxy to load balance traffic between JEREMIAH and ISSAIAH webservers

loadbalancer:~# vim /etc/apache2/conf.d/proxy_balancer


Paste inside:

<Proxy balancer://mycluster> BalancerMember BalancerMember </Proxy> ProxyPass / balancer://mycluster – See more at:

<Proxy balancer://mycluster>
ProxyPass / balancer://mycluster

<Proxy balancer://mycluster> BalancerMember BalancerMember </Proxy> ProxyPass / balancer://mycluster – See more at:

<Proxy balancer://mycluster> BalancerMember BalancerMember </Proxy> ProxyPass / balancer://mycluster – See more at:

<Proxy balancer://mycluster> BalancerMember BalancerMember </Proxy> ProxyPass / balancer://mycluster – See more at:

<Proxy balancer://mycluster> BalancerMember BalancerMember </Proxy> ProxyPass / balancer://mycluster – See more at:

4. Configure Apache Proxy to access traffic from all hosts (by default it is configured to Deny from all)

<Proxy balancer://mycluster> BalancerMember BalancerMember </Proxy> ProxyPass / balancer://mycluster – See more at:

loadbalancer:~# vim /etc/apache2/mods-enabled/proxy.conf

Change there Deny from all to Allow from all

Deny from all

5. Restart Apache

loadbalancer:~# /etc/init.d/apache2 restart

Once again I have to say that above configuration is actually a basic Apache cluster so hosts behind load balancer Apache there should be machines configured to interpret scripts identically. If one Apache server of the cluster dies, the other Apache + PHP host will continue serve and deliver webserver content so no interruption will happen. This is not a round robin type of load balancer. Above configuration will distribute Webserver load requested in ratio 3/4 3 parts will be served by First server and 4th parth will be delivered by 2nd Apache.
Well, that's all load balancer is configured! Now to test it open in browser or try to access it by IP in my case:

a2enmod proxy

How to download books from Books Google with Google Book Download stand alone program and Greasemonkey with Google Books Downloader script

Thursday, February 7th, 2013

Reading Time: 4minutes

If you are student or just a researcher, you already know most of the good books you can find are on Google Books's is nice, but not all browsers support it well. Older mobile phones has big troubles with it, plus it is always nice to have a stored copy of book on your PC for later review or just to refresh your memory on books previously read.

Thus if you get to task to download Books from Google a quick research reveals few programs claiming to support downloading Books from Google in PDF;

1. Google Books Download standalone application for Windows and Mac OS X

Google Books Downloadis said to support Save of Google books in PDF, JPEG or PNG format.
This program works good whether you need to extract only certain book pages, however with complete books it often hangs. Other problem is it is  proprietary software, (freeware), so pages book pages it downloads in PDF had a big red color stampcomplaining the program is trial.
There is a cracked version available on's website. But as Piratebay is filtered from here. To test it I had to google it via piratebay proxy: –  with "piratebay  google books download"

Google Books Download
, standalone app from Piratebay is at current version 3.1.308.
As you can see from screenshot Google Book Download has two modes of work, one is;
Download Manually
– This is used for manual download a pages from a complete book and converting them to PDF.
Download Automatically – Is purposed to download a complete book from and converting it to PDF. Downloading a complete copy of book using this mode is sometimes, hanging, plus it is really, really slow. The reason is each of the pages from the Book is first scanned using OCR (Optical Character Recognition) technology page by page and later after all pages are downloaded in pictures, they're converted to 1 PDF file.

Because Download Automatically loops at certain pages, this makes Google Books Download almost useless for people looking to store a full copy of books on ….

2. Downloading PDFs from with Firefox Greasemonkey and Google Book Downloaderjavascript

a. Install GreaseMonkey Firefox add-on

If you never before heard of Greasemonkey is a Mozilla Firefox Extension that allows users to install scripts that make on-the-fly changes to web page content after or before the page is loaded in the browser (also known as augmented browsing).

b. Install Google book downloader GreaseMonkey javascript

After a FF restart, you're ready to download any book from
To use it open the book you want to download and on the left upper corner you will see a Downloadthis book button, press it and the book will be scanned in OCR and saved in PNG picture format. Below is a screenshot showing a sample book to download from;

how to download book from google in firefox web browser screenshot

After each book page is succesfully download in page on the left pane you get a download status;

google book download firefox screenshot pictures - Scythian Monks download - how to download books to pictures from Google books on Windows XP, Windows 8

You should keep in mind that the download links of Google Book pages, will have a time expiry, so if you don't hurry up to save the pictures for later use soon links will become inaccessible and showing as broken from Google – I'm not sure how much exactly is google's max expiry time set of links but I guess it should be something 5-10 mins.

The pages of PDF, gets fetched as pictures one by one so it takes 20 secs or so to get all links to pages. Since Google Books Downloader only provides links to PDF pages it is necessery to either save each of the pictures manually (quite a lot of effort) or Install and use lets say DownThemAll! FF download extension. Using DownThemAll does not completely automates picture downloads, as you need to manually select all pictures for downloading, but at least selecting pages saves some time. To download all book pages with DownThemAll click with right mouse button on the left pane where links to pictures appears and choose download with DownThemAll!. After that tick on all links pointing to……. to make them have the green tick as shown in below screenshot;

Once you have all PNGs saved on the PC you need to then convert them to unified PDF file. One way to do this is using ImageMagick's convert command line tool.
To do so install imagemagick for Windows downloading Win binaries from here
There are a bunch of binaries you will need to install named like ImageMagick-*-x86-static.exe

Run cmd.exe, change dir (cd) to folder where the just download book is saved in PNG and issue:

convert *.png pdf/my-book-from-pictures.pdf

Trip To Amsterdam (TTA)

Tuesday, March 3rd, 2009

Reading Time: 6minutes
Saint Nicolas Roman Catholic Church near Amsterdam trainstation pictureOn Tuesday Zlati (A friend of mine introduced to me by Father Veliko), came to Arnhem. The plan was that he came on Tuesday here and afterwards in Wednesday morning the Trip to Amsterdam was going to happen. First we had settled that he will be in Arnhem in 12:00 o’clock. So Around 10:50 I walked down the way to the trainstation. I was on my way when Zlati ringed and told that he still, haven’t catched the train and he is not going to make it for 12:00, though he will be on Arnhem Central Station in 04:35 in the afternoon. I came back to home and on my way bought some apples as well as a oily sweet thing from the Turkish shop “Sultan” 🙂

Around 3 I took my way to the city center again, on my way I had toleave Sali’s laptop in his home. I had taken his laptop to re-install Windows and setup his Windows in Bulgarian as well as configure it to be able to watch Bulgarian TV channels online.
In order to achieve that I used a proxy donated to me by Amridikon. Thanks Amri!

To make Windows Vista Home Premium to Bulgarian I had to use a small proggie “Vista Change Language 1.0”. I had to burn the program to a CD and boot into it and then use the downloaded language pack to change the vista text language to Bulgarian. I did so all went well, unfortunately after an upgrade the text in the menus did screw up. So I have to boot again in the Vista Change Language 1.0 boot CD and revert it back to Bulgarian.
Then I had to disable Windows Vista updates in order to prevent the same language mess up to occur again. This was a little out of the topic, but I decided it’s nice to have it on paper.

So back to where I was with my TTA .. I took Zlati from the train station,we went to Sali and he treated us with some kind of traditional turkish soup meal. The soup was quite nice btw. He was extremely happy that he could watch Bulgarian TV’s online through the website. I was glad to that God helped me and blessed me in succeeding in all the things I mentioned above. Afterwards we went with Zlati and Koko to Albertheijn picked up a beer and a couple of other things. Then I and Zlati went to my place where we used my notebook to research about places of Interest, we would like to attend in Amsterdam. We went to bed around 2 o’clock at night.

At the morning we went to the train station. I suggested that we go a little earlier because I thought, well it might be better to be earlier in the city for to have more time to walk and take a look at its significant things in it. We were on the train station 8:10 and had the intention to take the first train at 8:29, however God had other plans for that.It seemed that we have to wait and buy a ticket for after 9:00, otherwise Zlati couldn’t use his train card for my discount.He was quite irritated by the fact that I suggested that we went to the train station so early since he was quite sleepy in the morning because we went to bed so late.

Anyways I got a coffee from the trainstation waiting-room coffee machine.And, eh the coffee there is expensive, be careful if you travel in the Netherlands by train.

The coffee costed 1.50 per cappuchino, huh … We catched a train in 9:29 and we were in the capital of Amsterdam in 10:40.
I was so excited! Yes the trip worthed the price of 16.30 EUR (with the 40% discount). Amsterdam is a really nice city, especially considering it’s architecture. And I saw such a big shops and so many things to choose from … The whole city is full of canals and boats are traveling through it.
We went to music store, wow there was so much music in it.
We entered a lot of Catholic Churches in one of the Catholic Churches there was an orthodox icon of St. Nickolas! So I made the sign of the cross and prayed the Saint to pray God for me the sinner.
With our arrival right after we went out of the central station I saw a bookstore,so I proposed Zlati to enter. It seemed that was a protestant Christian bookstore. Even though a protestant one the people there at least were believing in our Lord and Saviour Jesus Christ.

I had a small chat with one of the guys asking if they have Orthodox Bible, It seemed they haven’t so I started telling him about the advantages of being Orthodox Christian. I explained him how I became orthodox after God gave me the faith and transformed my life.
The bookstore had a free/coffee and tea.So each me and Zlati took a cappuchino. It was so nice God gave me a hot drink in the Early morning in Amsterdam.
A lot of people are insane in that place, I saw a lot of pod smokers on the street.

On a lot of places the air had that typical pod stell. We saw a lot of Museums, we tried to use a citymap although in a lot of cases  un-succesful. We saw so many Churches, Madam Tusad’s museum,as well as Anne Frank museum, the tulip museum.
There was also sex, museums we saw on our way and even this freaks had gay museum. We saw some road building in progress where a couple of people were building a road on top of pillars, right above the water! 🙂 The city is full of old buildings most of which originating from 16th century. The Architecture is really amazing. The parks and everything and the terraces had that typical European style which I’ve seen in movies showing people from the 18thor 19th century drinking coffees on the balconies. We took a lot of pictures. Unfortunately I still haven’t taken the pictures from Zlati. We entered into a shop which was selling buddhist, hindu and indian statues and souvenirs to warm a bit as the weather outside was coldy.
There we had a nice chat with the storekeeper, about religion and about my Orthodox faith in Our Lord Jesus! He mentioned that near around there is an Syrian Orthodox Church. So went to seek for it. After some rambling we found it but unfortunately it was already closed the time was quite late over 18:00, so it was quite normal to be closed.The style of the Church didn’t really much differentiated from the rest of the Catholic Churches.

Earlier we went into a Church, whether they had that modern exposition, again we went their to warm ourselves (it was such a cold day).

The Church inside was nice but the pictures,they was selling on the expo was really terrible, a lot of sado-mazo and perverted motives in the pictures …

I was saddened to see that they have de-sacrated a holy place like that. Well it’s true that the Roman catholics stepped aside from the orthodox faith some time ago but still they are believing Christians and therefore there temples are holy to some degree too … therefore such an abomination really shouldn’t happen.

The good thing was that in the Church they even had made toilets inside the church we could use 🙂
The Church wall paintings were displaying the way our Lord Jesus has walked on it’s way to final execution by the jews, carrying his cross on the way to Golgotha.

Around 18:30 we went to the street where the so famous prostites and drug addicts street was the “RED LIGHTS” – so famous all around the world ….

I couldn’t believed my eyes, prostites staying behind windows half naked waiting for a customer to hire them for sex …I have heard about that place but I really couldn’t imagine it could legally exist in the center of a metropolitan city like Amsterdam.

We walked in that “wicked” part of the city for around hour.
There were all kind of junkies people who looked really criminal, the prostitutes on the windows. Sex shops, sex video rooms, you name it .. all the disgusting stuff you could imagine. After this walk we went to the train station around 8:00 and took the train back to Arnhem. The whole day went quite flawless,God has heard our prayer to keep us from evil and give us safe journey.The whole trip was really relaxing for me! Praise the Lord for his great mercy towards me the sinner for giving my eyes to see all this things!