Apache not Logging Correct IP when behind Incapsula WAF

Incapsula is a great resource to help protect your web site from unwanted traffic and attacks. It is a cloud-based application delivery platform, providing among other things:

  • Content Delivery Network (CDN)
  • Distributed Denial of Service (DDoS) Mitigation
  • Web Application Firewall (WAF)

Incapsula acts as a proxy, sitting in front of the nodes its protecting. The DNS points to Incapsula which hides the IP address to your site.  Incapsula analyses the traffic and removes any unwanted requests before passing it on to the web node.

As with any proxy-based system, the proxy rewrites the the X-Forwarded-For header information with the originating IP address.  However, Apache needs to be configured to use the header information.

Enable X-Forwarded-For

To enable X-Forwarded-For, open the main Apache configuration file and find the section that defines the LogFormat:

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Then add the following additional line:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

Lastly edit the configuration file for your virtual host:

# vim /etc/apache2/sites-enabled/pikedom.com.conf

Then comment out the existing CustomLog, combined in my example:

#CustomLog /var/www/pikedom.com/pikedom-access.log combined

And add a new entry for the CustomLog we created, proxy:

CustomLog /var/www/pikedom.com/pikedom-access.log proxy

Check Apache configuration for errors:

# apachectl -t

If none, restart Apache:

# service apache2 restart

To confirm X-Forward-For is working, first confirm what your public IP address is:

[andy@home-pc ~]$ curl -4 icanhazip.com

Then tail the access log and grep for your IP while visiting the site:

root@webhost1:~# tailf /var/www/pikedom.com/pikedom.com-access.log | grep - - [26/Mar/2018:10:39:02 +0100] "GET / HTTP/1.1" 301 325 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0" - - [26/Mar/2018:10:39:02 +0100] "GET / HTTP/1.1" 200 17576 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0" - - [26/Mar/2018:10:39:03 +0100] "GET /skin/frontend/pikedom/default/favicon.ico HTTP/1.1" 200 1243 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0"

Job done!

Installing Ansible on Ubuntu 14.04 LTS

Take a look at the official installation guide. The simplest way to install Ansible on Ubuntu is add the PPA repository and install via apt-get.

If not already installed, you will need the software-properties-common package.

sudo apt-get install software-properties-common

Then add the repository and install ansible.

sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible

Presumably you’ve already got an external server that you want to configure with Ansible. You will need SSH access, and if you’ve not already done so, you’re gonna want to setup key-based authentication. Assuming you’ve done that, you can test things are working with:

su -
mv -v /etc/ansible/hosts{,.original}
echo > /etc/ansible/hosts

I also need to tell ansible to connect as the root user.

sudo mkdir /etc/ansible/group_vars
sudo vim /etc/ansible/group_vars/all

Enter the following. The three dashes at the top indicate this is a yaml file.

ansible_ssh_user: root

You should now be able to test with the following.

ansible -m ping all

You should see output similar to the below if all went well.

andy@bastion:~$ ansible -m ping all | success >> {
"changed": false,
"ping": "pong"

X2Go on Ubuntu Server 14.04

In a previous post, I talked about my experience using X2Go with XFCE4 and Lubuntu.

XFCE4 via X2Go

Here is how it was achieved…..

On the Server

Here I’m using Ubuntu 14.04 LTS but you can install X2Go on just about any Linux distro.

Create a User Account

Create a regular user to run the desktop session under.

sudo useradd -m -s /bin/bash andrew
sudo passwd andrew

For your own sanity, I recommend you setup password-less key-based authentication as soon as possible……go, do it now!

Configure SSH

Open the main configuration file for the OpenSSH daemon process.

sudo vim /etc/ssh/sshd_config

Ensure X11 forwarding is enabled.

X11Forwarding yes

Don’t forget to test for configuration errors and restart the SSH service.

sudo sshd -t
sudo service ssh restart

Install Lightweight Desktop Environment

Both Lubuntu and XFCE4 work well, out-the-box with X2go. I installed both side-by-side for testing and both worked well together. You can even pause/suspend your Lubuntu or XFCE4 session and come back to it another time.


sudo apt-get install xfce4

Note, for some reason you will also need to install the following packages or you will have missing icons.

sudo apt-get install gnome-icon-theme-full tango-icon-theme

For Lubuntu

sudo apt-get install lubuntu-desktop

Along with (a load of) other packages, you will now have XOrg installed. This means, as long as X11 forwarding has been enabled on the client side of the SSH connection, you can now test X11 with a program like firefox if you have it installed already.

Install X2Go Server Software

Install the repository package if it’s not already installed.

sudo apt-get install software-properties-common

Add the X2Go repository and install packages. If using Ubuntu 10.04 or 12.04, install python-software-properties instead of the software-properties-common package.

sudo add-apt-repository ppa:x2go/stable
sudo apt-get update
sudo apt-get install x2goserver x2goserver-xsession

For information about other distributions, see the X2Go server installation page.

DE Bindings

If you installed Lubuntu, you may want to install the following package for Desktop Environment bindings. I don’t believe there is currently a desktop bindings package for XFCE4.

sudo apt-get install x2golxdebindings

This is probably a good place to reboot if like me you’ve installed a lot of new packages.

On the Client

Again, you can install the client on just about anything – including Windows! Here I am using Manjaro i3 Community Linux.

sudo pacman -S x2goclient

X2Go also has some other clients that look useful – like a Python one for example.

SSH Client Configuration

Make sure you have at least ForwardX11 yes in /etc/ssh/ssh_config or ~/.ssh/config.

Host *
ForwardX11 yes
ForwardX11Trusted yes

Test X11 Forwarding

You can test that X11 is being forwarded correctly by using SSH to log onto the remove server, from your local Linux desktop, and and issue the following.

andrew@loader:~$ firefox &
[1] 2257

You might also want to setup password-less SSH key-based authentication if you’ve not done so already.

Create Sessions

For Lubuntu, select Custom Desktop and enter the below for the command.

lxsession -e LXDE -s Lubuntu

For XFCE4, you can just select XFCE.

Lubuntu XFCE4

I’m using the i3wm – I found the best result in appearance using the Use whole display option under the Input/Output tab, and then select the display (monitor) you want to use.

i3wm compatible



Minimal Desktop Environment over SSH

So I wanted to install a Java desktop application and have it publicly available on a server somewhere. Using a light weight desktop environment on one of my cloud servers made sense – provided that is, I could find something reasonably secure.

I came across X2Go and decided to give it a try on one of my Rackspace cloud servers. I used a 2 GB General Purpose v1 server and was surprised at how low the resource usage was – and consequentially how quick and responsive it all felt.

X2Go is a remote desktop tool that uses the NX technology protocol and operates entirely over a secure SSH connection. Using SSH keys makes the process of logging in pretty painless too!

I’m using Ubuntu 14.04 LTS for the OS, on the server and Manjaro i3 community edition on my local desktop, as the client. On the server I tried both XFCE4 and Lubuntu as the Desktop Environments.

Lubuntu via X2Go

Personally I think I prefer XFCE4 as it was slightly easier to install and lightning quick to use. When I used Lubuntu, the start menu could take a while (like a minute!) to load. Once it had loaded though, it too was lightning quick. And to be fair to Lubuntu, I didn’t really look into it much further.

XFCE4 using X2Go

As a note to my future self, here’s what you need to do.

Rackspace Cloud Monitoring Agent

The Rackspace cloud monitoring agent allows you to monitor CPU, memory, filesystem usage and system processes. It does this by collecting information about the system and pushing it out to Rackspace Cloud Monitoring web services, where they can be analyzed, graphed, and alerted on. It is this technology that the Rackspace monitoring checks are built upon.

Plus you get a nice pretty little bar graph in the server details section of the control panel 🙂

Rackspace monitoring agent

Install the Agent

While the instructions used here are for Ubuntu 14.04 LTS, this page lists the exact commands needed for all major distros.

wget http://meta.packages.cloudmonitoring.rackspace.com/ubuntu-14.04-x86_64/rackspace-cloud-monitoring-meta-stable_1.0_all.deb
dpkg -i rackspace-cloud-monitoring-meta-stable_1.0_all.deb
apt-get update
apt-get install rackspace-monitoring-agent

If your distribution of choice isn’t listed, you can always install from source.

Configure and Start Daemon

If the /etc/rackspace-monitoring-agent.cfg file isn’t present, you will need to choose one of the methods below to start the service.

Quick Method

Run the below commands, replacing the username and API key with your own.

rackspace-monitoring-agent --setup --username <your-username> --apikey <your-api-key>
rackspace-monitoring-agent start -D

Interactive Method

Alternatively you can simply run the below to interactively enter your username and your API key or password.

rackspace-monitoring-agent --setup

Followed by…

service rackspace-monitoring-agent start


The monitoring agent does not update itself. However, if you installed using a package manager, such as apt-get, agent updates will be pulled in and applied with regular system updates anyway.

apt-get update
apt-get dist-upgrade

Uninstalling the Agent

Assuming you didn’t install from source and you used your distros package manager, you will uninstall with the same method. I am using Ubuntu, so…

apt-get remove rackspace-monitoring-agent

Or if you’re using CentOS/RHEL.

yum remove rackspace-monitoring-agent

Related Documents






Installing Oracle Java on Ubuntu 14.04 LTS

You will need to run the following as the root user. To install Java 7…

add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java7-installer

…and for Java 8…

add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java8-installer

You will have to agree and accept the following licenses:

Oracle Java 8 - Accept License

Oracle Java 8 - Accept Binary License

You can quickly test both java and javac with the following….

java -version
javac -version

…or you may want to check out one of my previous posts here.

Related Documents




Protect Your Cloud Infrastructure Servers with Isolated Cloud Networks

Create a Private Cloud Network

Create an isolated cloud network. Here I am using the supernova client to communicate with the Rackspace OpenStack API.

supernova uk network-create "Infrastructure" ""
| Property | Value                                |
| cidr     |                       |
| id       | 4d15b8ad-45c5-4169-a4fa-d36f1a776efd |
| label    | Infrastructure                       |

Take note of the id – you’ll need it shortly!

Create a Proxy Server and Attach to the Private Network

supernova uk boot proxy-bast --flavor 2 --image 189678ca-fe2c-4b7a-a986-30c3660edfa5 --nic net-id=4d15b8ad-45c5-4169-a4fa-d36f1a776efd

The above creates a server using the CentOS 6.6 image. Other images of interest are:

| ID                                   | Name                                     | Status |
| 189678ca-fe2c-4b7a-a986-30c3660edfa5 | CentOS 6 (PVHVM)                         | ACTIVE |
| f8ae535e-67c0-41a5-bf55-b06d0ee40cc2 | CentOS 7 (PVHVM)                         | ACTIVE |
| 6909f56c-bd77-411a-8c0e-c37876b68d1d | Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM)   | ACTIVE |

Proxy Bastion Configuration

Later we create a cloud server with no public IP, which is protected by sitting behind our proxy bastion. From the bastion side, in order for our protected server to have access to the internet, we need to apply firewall rules for IP forwarding and Network Address Translation. This process differs depending on which distribution you use. Here I cover CentOS 6.6, CentOS 7 and Ubutnu 14.04.

CentOS 6.6

Under CentOS 6.6 and before, you need to configure IPTables to do the forwarding and the Network Address Translation (NAT). We will be forwarding the traffic from the eth2 interface, out through the eth0 interface. We also use Static NAT or MASQUERADE so that traffic coming from our protected infrastructure, takes on the public IP address of our proxy bastion.

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether bc:76:4e:08:40:d8 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
    inet6 2a00:1a48:7805:113:be76:4eff:fe08:40d8/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::be76:4eff:fe08:40d8/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether bc:76:4e:08:3d:31 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth2
    inet6 fe80::be76:4eff:fe08:3d31/64 scope link 
       valid_lft forever preferred_lft forever
Enable IP Forwarding

To enable forwarding, you need to enable it in two places. One in /proc/sys/net/ipv4/ip_forward.

echo 1 > /proc/sys/net/ipv4/ip_forward

And the other in /etc/sysctl.conf. The below uses grep check the value of net.ipv4.ip_forward.

grep net.ipv4.ip_forward /etc/sysctl.conf 
net.ipv4.ip_forward = 0

If zero, enable with a one as shown below.

net.ipv4.ip_forward =


Configure Static NAT and Forwarding Rules
iptables --table nat --append POSTROUTING --out-interface eth0 -j SNAT --to
iptables --append FORWARD --in-interface eth2 -j ACCEPT
service iptables save

We also need to remove the default reject rule on the FORWARD’ing table:

iptables -D FORWARD 1

Here I delete rule number one from the FORWARD table. Make sure you delete the correct line. To see the line numbers, use:

[root@proxy-bast ~]# iptables -vnL --line-number
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    44444   62M ACCEPT     all  --  *      *             ctstate RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *             
3        0     0 ACCEPT     all  --  lo     *             
4        1    60 ACCEPT     tcp  --  *      *             ctstate NEW tcp dpt:22 
5        1    40 REJECT     all  --  *      *             reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *             reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 8769 packets, 544K bytes)
num   pkts bytes target     prot opt in     out     source               destination

Make sure you have restarted everything.

service iptables restart
service network restart

Now configure the default gateway on the infrastructure server.

CentOS 7

With the introduction of firewalld, CentOS 7 now does things a little differently.

Method 1

This method uses the predefined zones available to us and is by far the easiest method to apply. The external zone has IP masquerading enabled by default so there should be little to do.

Define Your Zones

To view your zone setup.

[root@proxy-bast ~]# firewall-cmd --get-default-zone
[root@proxy-bast ~]# firewall-cmd --get-active-zones
  interfaces: eth0 eth1 eth2

To see the supported predefined zones , use the --get-zones</code option.

[root@proxy-bast ~]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

You can find out more about each zone with the below command.

[root@proxy-bast ~]# firewall-cmd --zone=public --list-all
public (default, active)
  interfaces: eth0 eth1 eth2
  services: dhcpv6-client ssh
  masquerade: no
  rich rules:

Or you can list all zones with the --list-all-zones option.

firewall-cmd --list-all-zones

The zones I will be using are external, work and internal.

  services: ssh


  rich rules:

  services: dhcpv6-client ipp-client ssh
  masquerade: no
  rich rules: 

  services: dhcpv6-client ipp-client mdns samba-client ssh
  masquerade: no
  rich rules: 

My setup looks like this…

Port	Firewall Zone	Name						IPv4				
eth0	external		PublicNet (Internet)		
eth1	work			ServiceNet (Rackspace)		
eth2	internal		Infrastructure

…and can be achieved with the below commands. Don’t forget to restart firewalld!

firewall-cmd --permanent --zone=external --change-interface=eth0
firewall-cmd --permanent --zone=work --change-interface=eth1
firewall-cmd --permanent --zone=internal --change-interface=eth2
firewall-cmd --reload
systemctl restart firewalld
Method 2

With this method we use the --direct option so we can include traditional iptable rules.

Enable IP Forwarding

This step is not needed if you are using the predefined “external” zone provided by firewalld, as masquerade is enabled by default already.

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

To check its enabled.

[root@proxy-bast ~]# sysctl -p
net.ipv4.conf.eth0.arp_notify = 1
vm.swappiness = 0
net.ipv4.ip_forward = 1
Configure Static NAT and Forwarding Rules
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING --out-interface eth0 -j SNAT --to
firewall-cmd --permanent --direct --passthrough ipv4 --append FORWARD --in-interface eth2 -j ACCEPT
firewall-cmd --reload

systemctl restart network
systemctl restart firewalld
Method 2

Revert back to the tried and tested iptables.

Revert back to Using IPTables
systemctl stop firewalld
systemctl disable firewalld


touch /etc/sysconfig/iptables
systemctl start iptables
systemctl enable iptables

touch /etc/sysconfig/ip6tables
systemctl start ip6tables
systemctl enable ip6table

Now you can follow the instructions for CentOS 6.6.

Ubuntu 14.04 LTS

In Ubuntu we use the Uncomplicated Firewall (UFW).

Enable IP Forwarding

Use a text editor to open up the below file as root…

nano /etc/default/ufw

…and enable the default forward policy – change to ACCEPT.




We also need to edit the below…

nano /etc/ufw/sysctl.conf

…and uncomment the following lines.

Configure Static NAT and Forwarding Rules

As root, open the below file.

nano /etc/ufw/before.rules

From the top, my configuration file looks like the below. I inserted the lines in bold.

# rules.before
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward

# nat Table rules *nat :POSTROUTING ACCEPT [0:0] :PREROUTING ACCEPT [0:0] -A POSTROUTING -s -o eth0 -j SNAT –to-source -A PREROUTING -i eth2 -j ACCEPT COMMIT

# Don't delete these required lines, otherwise there will be errors
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines

# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT


You will need to restart ufw for the changes to take effect.

ufw disable && sudo ufw enable

For some reason this wiped my SSH rule:

ufw allow ssh
ufw reload
ufw status verbose

Create Infrastructure Server

Here we spin-up a server connected to our isolated cloud network and no public interface. All communications must go via the proxy-bast server.

supernova uk boot protected --flavor 2 --image 189678ca-fe2c-4b7a-a986-30c3660edfa5 --nic net-id=4d15b8ad-45c5-4169-a4fa-d36f1a776efd --no-service-net --no-public

Configure Internet Gateway

Here we simply need to route the traffic through the proxy bastion. We do this by defining it as our default gateway. We also need to set our DNS servers.

CentOS 6.6


echo "GATEWAY=" >> /etc/sysconfig/network
echo "nameserver" >> /etc/resolv.conf
echo "nameserver" >> /etc/resolv.conf
service network restart

CentOS 7

The default image provided by Rackspace comes with nmcli disabled. As such the process is similar to previous releases.

echo "GATEWAY=" >> /etc/sysconfig/network
echo "nameserver" >> /etc/resolv.conf
echo "nameserver" >> /etc/resolv.conf
echo "DNS1=" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "DNS2=" >> /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl restart network

Ubuntu 14.04 LTS

To define the default gateway, you need to edit the /etc/network/interfaces file.

nano /etc/network/interfaces

Mine looks like this. Make sure to add the gateway.

auto eth0
iface eth0 inet static


You will need to manually add Rackspaces name servers to your resolv.conf. However on Ubuntu this file is automatically generated. Instead we editing /etc/resolvconf/resolv.conf.d/base and regenerate the file using the resolvconf command.

root@protected:~# cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
root@protected:~# echo "nameserver" >> /etc/resolvconf/resolv.conf.d/base
root@protected:~# echo "nameserver" >> /etc/resolvconf/resolv.conf.d/base
root@protected:~# resolvconf -u
root@protected:~# cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

I needed to reboot for the changes to take effect.


Related Documents

Rackspace Developer Blog: Protect your Infrastructure Servers with Bastion Hosts and Isolated Cloud Networks

Rackspace Developer Blog: Supernova: Managing OpenStack Environments Made Easy

Rackspace Knowledge Centre: Using OnMetal Cloud Servers through API

Fedora: Firewalld

Oracle-Base: Linux Firewall (firewalld, firewall-cmd, firewall-config)

Kevin’s Cheat Sheet: Configure iptables to act as a NAT gateway

Rackspace Developer Blog: Getting Started: Using rackspace-novaclient to manage Cloud Servers

James Rossiter: Forward ports in Ubuntu Server 12.04 using ufw

Ubuntu Documentation: Firewall

Github: UFW

Code Ghar: Ubuntu 12.04 IPv4 NAT Gateway and DHCP Server

Linux Gateway: A More Complex Firewall

netfilter.org: Saying How to Mangle the Packets

Ubuntu Documentation: IptablesHowTo

Major.io: Delete single iptables rules

iptables.info: Iptables

snipt.net: Insert an iptables rule on a specific line number with a comment, and restore all rules after reboot

stackexchange.com: How do I set my DNS on Ubuntu 14.04?

thesimplesynthesis.com: How to Set a Static IP and DNS in Ubuntu 14.04

Rackspace Knowledge Centre: Ubuntu – Setup

Rackspace Knowledge Centre: Introduction to iptables

Rackspace Knowledge Centre: Sample iptables ruleset

Ubuntu Geek: Howto add permanent static routes in Ubuntu

NixCraft: Debian / Ubuntu Linux Setting a Default Gateway

Ask Ubuntu: Set up permanent routing (Ubuntu 13.04)

cviorel.com: How to set up a VPN server on Ubuntu

Redhat Support: 10.4. Static Routes and the Default Gateway

Install Apache on Ubuntu Server 13.10

First you need to prepare the machine that you are going to use. I’m using a Rackspace cloud server. In which case, all I need to do is spin up a server and update the Operating System software.

Install Apache2

Installing Apache is easy, simply run apt-get install apache2 as the root user.

root@apache:~# apt-get install apache2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap ssl-cert
Suggested packages:
  www-browser apache2-doc apache2-suexec-pristine apache2-suexec-custom apache2-utils openssl-blacklist
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,302 kB of archives.
After this operation, 5,314 kB of additional disk space will be used.
Do you want to continue [Y/n]? 

Once the installation has finished, open up a web browser and enter the IP address into the address bar. Hopefully you should see a page like the below.

Installing Apache
Testing apache

And that’s it! Apache is now installed and working!

Set the Hostname

Your likely to see the below error message.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 2a00:1a48:7806:117:936d:610a:ff08:747d. Set the 'ServerName' directive globally to suppress this message
                                                                                                  [ OK ]

This is caused by the hostname not being set correctly. Open up /etc/hosts and enter something similar to the below, adjusting for your own environment.

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters www.yourdomain.co.uk www localhost

2a00:1a48:7806:0117:936d:610a:ff08:747d	www.yourdomain.co.uk www	www.yourdomain.co.uk www	www.yourdomain.co.uk www

If you too are using a Rackspace cloud server, the most important line is shown below.

2a00:1a48:7806:0117:936d:610a:ff08:747d	www.yourdomain.co.uk www

This will stop the warning message.

Update Ubuntu Rackspace Cloud Server

Assuming you’ve already “spun-up” a Linux cloud server of your choice, the first thing to do is update the system. Here I’m using Ubuntu Server 13.10.

SSH onto your box with the below command, replacing the IP address with that of your server. You will need to accept the key when prompted.

andy@work-pc:~$ ssh root@
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is 12:af:51:e2:bf:ed:b8:2c:dc:89:de:ca:55:a7:36:6a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
root@'s password: 

Then update the system and reboot if needed.

root@apache:~# apt-get update
root@apache:~# apt-get upgrade
root@apache:~# reboot