I'm configuring a new Apache web server on Oracle Linux 9 (comparable with RedHat/CentOS according to Oracle). The version of httpd is 2.4.51 and the version of php is 8.0.13. However, the service failed to start with the following error (with journalctl -xeu:
httpd.service: Failed with result 'exit-code'.
I look up and many of similar error appear related to config file. But apachectl configtest returned Syntax OK, httpd --help give no output.
So I tried to comment out some config in http.conf, after commenting out the mod-security related line, it throws out new error message:
httpd.service: Failed with result 'protocol'.
No other useful error message can be retrieved from journalctl.
Commenting out the php related lines also doesn't help. Besides, I found that to install mod_security2 I have several other "module" to install, but I download this mod_security2 from aap stream. To make sure the problem does not come from this module, I installed the required modules (except libapr and libapr-utilbecause error occurs on building, therpmbuildcannot finddoxygen` even though I installed it) that are required in its documentation.
—————Update————
error_log:
[core:notice] [pid 4944:tid 4944] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[suexec:notice] - - AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)AH00016: Configuration Failed
[core:notice] [pid 4963:tid 4963] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[suexec:notice] - - AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[-:error] - - SecServerSignature: original signature too short. Please set ServerTokens to Full.
[-:notice] - - ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/) configured.
[:notice] [pid 4963:tid 4963] ModSecurity: APR compiled version="1.7.0"; loaded version="1.7.0"
[:notice] [pid 4963:tid 4963] ModSecurity: PCRE compiled version="8.44 "; loaded version="8.44 2020-02-12"
[:notice] [pid 4963:tid 4963] ModSecurity: LUA compiled version="Lua 5.4"
[:notice] [pid 4963:tid 4963] ModSecurity: YAJL compiled version="2.1.0"
[:notice] [pid 4963:tid 4963] ModSecurity: LIBXML compiled version="2.9.12"
[-:notice] - - ModSecurity: Original server signature: Apache
[:notice] [pid 4963:tid 4963] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[lbmethod_heartbeat:notice] - - AH02282: No slotmem from mod_heartmonitor
[-:error] - - SecServerSignature: original signature too short. Please set ServerTokens to Full.
[core:notice] - - AH00094: Command line: 'httpd'
AH00016 seem to be related with ssl cert, so I also attached the error log for ssl.
ssl_error_log:
[ssl:emerg] - - AH02562: Failed to configure certificate www.example.com:443:0 (with chain), check /etc/pki/tls/certs/example-wildcard.crt
[ssl:emerg] - - SSL Library Error: error:8000000D:system library::Permission denied (calling fopen(/etc/pki/tls/certs/example-wildcard.crt, r))
[ssl:emerg] - - SSL Library Error: error:10080002:BIO routines::system lib
[ssl:emerg] - - SSL Library Error: error:0A080002:SSL routines::system lib
I found a permission denied error to read my wildcard cert, and I noticed it was because I have the wrong ownership. I changed to what it should be, with a right of 644.
BTW, httpd -t also returns Syntax OK.
Now that I rerun httpd -t with no root right returns error to file permission (solved by changing the ownership to apache):
# sudo -u apache httpd -t
AH00526: Syntax error on line 39 of /etc/httpd/conf.d/mod_security.conf:
ModSecurity: Failed to open debug log file: /etc/httpd/logs/modsec_debug.log
Weird enough, when I check port listener I saw:
$ sudo netstat -punta | grep LISTEN
tcp6 0 0 :::443 :::* LISTEN 4964/httpd
tcp6 0 0 :::80 :::* LISTEN 4964/httpd
httpd is listening when it failed to start?
Maybe SELinux is denying access, probe this:
restorecon -vF /etc/pki/tls/certs/example-wildcard.crt
Related
After reading this link, it's clear that HTTP2 and prefork don't work together. I am trying to get around this issue by disabling prefork in MPM.
I went and changed the httpd-mpm.conf and commented out the following statements:
<IfModule mpm_prefork_module>
#StartServers 5
#MinSpareServers 5
#MaxSpareServers 10
#MaxRequestWorkers 250
#MaxConnectionsPerChild 0
</IfModule>
and in my httpd.conf file i have enabled the module
LoadModule http2_module modules/mod_http2.so
and added the following configuration:
Protocols h2 h2c http/1.1
H2Direct on
I see no errors in my error log which are as follows:
[Thu Apr 14 23:03:59.295852 2022] [ssl:warn] [pid 18592:tid 220] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Thu Apr 14 23:03:59.297852 2022] [mpm_winnt:notice] [pid 18592:tid 220] AH00455: Apache/2.4.53 (Win64) OpenSSL/1.1.1n configured -- resuming normal operations
[Thu Apr 14 23:03:59.297852 2022] [mpm_winnt:notice] [pid 18592:tid 220] AH00456: Apache Lounge VS16 Server built: Mar 16 2022 11:26:15
[Thu Apr 14 23:03:59.298852 2022] [core:notice] [pid 18592:tid 220] AH00094: Command line: 'httpd.exe -d C:/Users/naraadia/.softwares/Apache24_2.4.53'
[Thu Apr 14 23:03:59.320854 2022] [mpm_winnt:notice] [pid 18592:tid 220] AH00418: Parent: Created child process 14840
[Thu Apr 14 23:04:00.406963 2022] [ssl:warn] [pid 14840:tid 228] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Thu Apr 14 23:04:00.449967 2022] [mpm_winnt:notice] [pid 14840:tid 228] AH00354: Child: Starting 64 worker threads.
and none of my pages being served by the server have HTTP2 or h2 protocol in developer tools. All the pages have http/1.1 protocol. Is there a better way to achieve HTTP2 protocol being pushed? I feel prefork is still not disabled.
I have downloaded the server zip file and not compiled the server.
EDIT 1 : After Reading the mod_http2 documentation, it's clear that winnt mpm strategy is being used.
I tried to check if curl helps in determining if HTTP2 is enabled or not but when I run
curl -I --http2 http://localhost:8083 | findstr HTTP
It returns nothing.
Can anyone help in enabling HTTP2 or help in determining what is missing?
I went and changed the httpd-mpm.conf and commented out the following statements:
Those statments were wrapped in an <IfModule mpm_prefork_module> so would only be used if that module was enabled.
EDIT 1 : After Reading the mod_http2 documentation, it's clear that winnt mpm strategy is being used.
That's correct. Apache on windows uses it's own mpm module, which is compatible with HTTP/2.
and none of my pages being served by the server have HTTP2 or h2 protocol in developer tools. All the pages have http/1.1 protocol. Is there a better way to achieve HTTP2 protocol being pushed? I feel prefork is still not disabled.
Browsers only support HTTP/2 over HTTPS. Looks like, from your curl command, that you are only using unencrypted HTTP, rather than HTTPS. So this will not work, even though you have enabled H2Direct - both client and server need to support this to work and you have only enabled it on the server and cannot enable this on the browser.
I tried to check if curl helps in determining if HTTP2 is enabled or not but when I run
curl -I --http2 http://localhost:8083 | findstr HTTP
It returns nothing.
Using HTTP/2 over HTTP (rather than HTTPS) requires an upgrade header and round trip, though that is going to be deprecated. You should use --http2-prior-knowledge if wanting to use HTTP/2 over HTTP and are sure the server supports it.
I am trying to execute a bash script via a remote workstation via an apache server.
So I've installed Apache and I can execute test scripts just fine.
But what I'd like to do is to execute a script which is sending a key command (via xdotool) to the current X11 session that is running by the user "vfx".
Script "new.sh":
#!/usr/bin/env sh
export DISPLAY=:"0.0"
export XAUTHORITY=/home/vfx/.Xauthority
xdotool key s
When I try to run it on the remote workstation I always get the following: (from httpd error logs)
[Wed Nov 27 21:30:18.610990 2019] [cgi:error] [pid 2317] [client 192.168.0.194:36750] AH01215: Error: Can't open display: (null)
[Wed Nov 27 21:30:18.611051 2019] [cgi:error] [pid 2317] [client 192.168.0.194:36750] AH01215: Failed creating new xdo instance
[Wed Nov 27 21:30:18.611429 2019] [cgi:error] [pid 2317] [client 192.168.0.194:36750] End of script output before headers: new.sh
I am using Gnome classic.
Connecting via ssh using "export DISPLAY=:"0.0"" and "xdotool key s" is working.
I've already tried the following:
Edit visudo:
apache ALL=(vfx) NOPASSWD: /var/wwww/cgi-bin/new.sh
apache ALL=(vfx) NOPASSWD: /home/vfx/
xhost +
Firewall changes:
# firewall-cmd --zone=public --add-port=6000/tcp
# firewall-cmd --permanent --zone=public --add-port=6000/tcp
# firewall-cmd --zone=public --add-port=177/udp
Edited: /etc/gdm/custom.conf:
# GDM configuration storage
[daemon]
[security]
DisallowTCP=false
[xdmcp]
ServerArguments=-listen tcp
Enable=true
[chooser]
[debug]
# Uncomment the line below to turn on debugging
#Enable=true
Edited: /etc/ssh/sshd_config
x11 forwarding yes
Any help would be greatly appreciated
I am currently attempting to setup a home webserver. I have a lot of experience programming in C# and have been using Visual Studio and IIS for years. I recently decided to make the move to Linux and have been rebuilding my code bases using MonoDevelop. I have them compiling on my development machine, so I am setting up a home server with Fedora 22 Server, and Apache 2.4.
Using nothing but the default configuration the server is able to serve html pages without a problem, but when I installed Mono, and its dependencies, I have been getting various errors, and they are not detailed enough for someone with my limited experience to resolve. I have spent the entire week working on the issue, and here is where I am stuck.
When browsing to http://71.41.214.194/LDC-Demo/index.aspx, I get a "503 Service Unavailable" error in the browser. When looking at the Apache Error log I get the following:
[Fri Oct 09 15:22:41.809588 2015] [:error] [pid 7577] Failed to connect to mod-mono-server after several attempts to spawn the process.
Since that is not enough to discern the issue, I restarted Apache and tried to reload the page (I was hoping for a related error that could help me chase down the problem)
[Fri Oct 09 15:38:22.000257 2015] [mpm_prefork:notice] [pid 7564] AH00170: caught SIGWINCH, shutting down gracefully
[Fri Oct 09 15:38:23.011225 2015] [:alert] [pid 7564] (13)Permission denied: Failed to acquire dashboard lock before destroying the dashboard
[Fri Oct 09 15:38:23.011668 2015] [:alert] [pid 7564] (13)Permission denied: Failed to acquire dashboard lock before destroying the dashboard
[Fri Oct 09 15:38:23.011770 2015] [:alert] [pid 7564] (13)Permission denied: Failed to acquire dashboard lock before destroying the dashboard
[Fri Oct 09 15:38:24.068911 2015] [core:notice] [pid 7641] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Oct 09 15:38:24.069933 2015] [suexec:notice] [pid 7641] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globa$
[Fri Oct 09 15:38:24.079961 2015] [auth_digest:notice] [pid 7641] AH01757: generating secret for digest authentication ...
[Fri Oct 09 15:38:24.080817 2015] [lbmethod_heartbeat:notice] [pid 7641] AH02282: No slotmem from mod_heartmonitor
[Fri Oct 09 15:38:24.088966 2015] [mpm_prefork:notice] [pid 7641] AH00163: Apache/2.4.16 (Fedora) mod_mono/3.12 configured -- resuming normal operations
[Fri Oct 09 15:38:24.088993 2015] [core:notice] [pid 7641] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Fri Oct 09 15:38:36.414478 2015] [:error] [pid 7651] Failed to connect to mod-mono-server after several attempts to spawn the process.
After researching each of these messages to the best of my ability, I could not find anything that was related to the issue. I did find that I could see some more details if I ran the command "journalctl -xe -cat".
Started The Apache HTTP Server.
mono[7646]: segfault at 5 ip 0000000000512710 sp 00007fffa85f01b0 error 6 in mono-sgen[400000+34d000]
<audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Unregistered Authentication Agent for unix-process:7633:25881589 (system bus name :1.83, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
<audit-1400> avc: denied { execmem } for pid=7649 comm="mono" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process permissive=0
<audit-1400> avc: denied { execmem } for pid=7649 comm="mono" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process permissive=0
<audit-1701> auid=4294967295 uid=48 gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=7649 comm="mono" exe="/usr/bin/mono-sgen" sig=11
mono[7649]: segfault at 5 ip 0000000000512710 sp 00007ffe5ca30440 error 6 in mono-sgen[400000+34d000]
Not saving repeating crash in '/usr/bin/mono-sgen'
Not saving repeating crash in '/usr/bin/mono-sgen'
<audit-1400> avc: denied { sigchld } for pid=7647 comm="abrt-hook-ccpp" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=0
Failed to create core_backtrace: waitpid failed: Permission denied
Blacklisted package 'mono-core'
'post-create' on '/var/spool/abrt/ccpp-2015-10-09-15:38:24-7644' exited with 1
Deleting problem directory '/var/spool/abrt/ccpp-2015-10-09-15:38:24-7644'
<audit-1400> avc: denied { execmem } for pid=7661 comm="mono" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process permissive=0
<audit-1400> avc: denied { execmem } for pid=7661 comm="mono" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process permissive=0
<audit-1701> auid=4294967295 uid=48 gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=7661 comm="mono" exe="/usr/bin/mono-sgen" sig=11
mono[7661]: segfault at 5 ip 0000000000512710 sp 00007ffed5a32ee0 error 6 in mono-sgen[400000+34d000]
Not saving repeating crash in '/usr/bin/mono-sgen'
There is a lot more information in these messages, but I am still having a problem finding the cause. The last 5 lines are repeated three times.
I have tried making modifications to the apache config file (httpd.conf) as well as to the mod_mono.conf file, but nothing seems to get me past the problem.
In my current configuration the mod_mono.conf file is unmodified from the default configuration, and the only change that I have made to httpd.conf is to add a virtual host section as follows:
<VirtualHost *:80>
ServerName LDC-Demo
ServerAdmin root#localhost
ServerAlias LDC-Demo
DocumentRoot /var/www/html/LDC-Demo/
MonoServerPath LDC-Demo "/usr/bin/mod-mono-server4"
MonoDebug LDC-Demo true
MonoSetEnv LDC-Demo MONO_IOMAP=all
MonoApplications LDC-Demo "/:/var/www/html/LDC-Demo"
<Location "/LDC-Demo">
Allow from all
Order allow,deny
MonoSetServerAlias LDC-Demo
SetHandler mono
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI "\.(?:gif|jpe?g|png)$" no-gzip dont-vary
</Location>
</VirtualHost>
Any ideas would be appreciated, as I stated above, I have been working on this all week, and am not making much progress.
I entered this above as a comment, but I intended to answer the question.
I figuered it out. Fedora runs SELinux, and it was interfering with the permissions needed for mod_mono to run. To see these settings I ran the command: getenforce Then to temporarily change the setting I used the following command: setenforce 0 Finally, restart Apache: apachectl restart I refreshed the web browser and the page loaded correctly. To make the setting permanant, edit the selinux file: nano /etc/sysconfig/selinux I rebooted the server, and tried to load the webpage again. Eureka! everything is working.
I have successfully installed Laravel on Apache2 with php as a module. The instructions are simple. However, when I try with fcgi it does not work. So it has to do with the server configuration. After I visited http://<mylaraveldomain> (domain not public), I looked at /var/log/apache2/error.log and got this error message
[Thu Mar 26 22:52:34.012794 2015] [fcgid:warn] [pid 30834] (104)Connection reset by peer: [client 65.92.253.153:7785] mod_fcgid: error reading data from FastCGI server
[Thu Mar 26 22:52:34.012862 2015] [core:error] [pid 30834] [client 65.92.253.153:7785] End of script output before headers: php-fcgi-wrapper
[Thu Mar 26 22:52:39.826939 2015] [fcgid:error] [pid 30830] mod_fcgid: process /var/www/default/cgi-bin/php5-default/php-fcgi-wrapper(31115) exit(communication error), get unexpected signal 11
I also looked at all other log files in /var/log recently modified after visiting the URL, but no additional useful info was found. Should I look elsewhere? It is not that fcgi is not working, because if I put a file test.php in laravel public folder I can read it fine at the URL http://<mylaraveldomain>/test.php. Is there some special configuration settings to make laravel works with fcgi ? It is possible that it is specific to my installation of fcgi. So, I would like to know if others have succeeded to install laravel with fcgi on apache2. I am on Ubuntu and I made a recent apt-get upgrade.
I checked syslog and there was additional info. I could see a segment fault. I guessed it could be cache management issue. I commented out the line zend_extension=opcache.so in the file /etc/php5/apache2/conf.d/05-opcache.ini and it worked. Of course, this is only a work around.
I have installed phpmyadmin, but doesn't seem to work.
I have apache2, php5, php-cgi, mysql-server, mysql-client installed too.
I've added the next line to the apache2.conf file:
#include phpmyadmin
Include /etc/phpmyadmin/*.conf
But when I restart the server, I have the next error:
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 2 of /etc/phpmyadmin/lighttpd.conf:
Invalid command 'alias.url', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
And the error log says:
[Tue Aug 13 12:36:25.690262 2013] [mpm_prefork:notice] [pid 13210] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.1-2+debphp.org~precise+2 configured -- resuming normal operations
[Tue Aug 13 12:36:25.690358 2013] [core:notice] [pid 13210] AH00094: Command line: '/usr/sbin/apache2'
[Tue Aug 13 12:39:21.635566 2013] [mpm_prefork:notice] [pid 13210] AH00169: caught SIGTERM, shutting down
What should I do to define alias.url, or what am I doing wrong? Thanks
Solved with #Jamie Taylor comment: try changing *.conf to apache.conf.
Then get 403 response forbidden, and solved it by adding:
Order allow,deny
Allow from all
to
<Directory "/usr/share/phpmyadmin"> </Directory>
in /etc/phpmyadmin/apache.conf
And don't forget to uncomment:
$cfg['Servers'][$i]['AllowNoPassword'] = TRUE;
in /etc/phpmyadmin/config.inc.conf, if you want to use PHPMyAdmin without password (only localhost, of course).