I am using NGINX as load balancer for Apache WebServers (WordPress). All servers are made with AWS EC2. My config for NGINX:
cat /etc/nginx/sites-available/default
upstream web_backend {
server 35.157.101.5;
server 35.156.213.23;
}
server {
listen 80;
location / {
proxy_pass http://web_backend;
}
}
But after NGINX restart i am access load balancer via public ip and getting an error:
Bad Request
Your browser sent a request that this server could not understand.
Additionally, a 400 Bad Request error was encountered while trying to
use an ErrorDocument to handle the request.
Apache/2.4.29 (Ubuntu) Server at
ip-172-31-35-36.eu-central-1.compute.internal Port 80
If i refresh page i am getting same error but with another ip in the end (second server’s private ip), so i understand that NGINX do the work and it is Apache problem.
I tried to add 80 port for my servers in nginx config, replace ips with dns and private ip, but it didn’t help. Access log on Apache doesn’t show anything useful, just 400 errors.
What could be the problem?
Don’t use ‘_’ for upstream name, it was the only reason for my problem.
Just check on which ports are the Apache WebServers Running. You have to add those to your upstreams.
E.g.:
upstream web_backend {
server 35.157.101.5:8080; //assuming that your apache webserver is running on this port on this host
server 35.156.213.23:3000;//And a different port on the other.. you still need to add them here if your ports are same
}
For the week I have had major issues with Apache. My development environment on my mac stopped working after I updated to High Sierra. I tried for hours fixing this myself but couldn't find a solution.
Server version: Apache/2.4.29 (Unix)
Basically what is happening, whenever I try to restart apache I get this message:
AH00558: httpd: Could not reliably determine the server's fully
qualified domain name, using 10.0.0.50. Set the 'ServerName' directive
globally to suppress this message
I have tried a ton of different ways of configuring my vhosts file as well as my httpd config but have seen no improvement.
The document root path was not pointed where my website existed before. After finding that out and pointing it at the correct location the "It Works!" message I was getting every-time disappeared and now I am only greeted with a message that says
Not Found
The requested URL / was not found on this server.
This message happens no matter what path I put for the DocumentRoot section so I'm not sure what the real problem is.
Also, I have my apache set up to use localhost, however it continues to use 10.0.0.50 as it's IP of choice. I have never seen this IP before and I am confused on where it came from.
TLDR: I am having tons of problems with apache after updating to High Sierra, have tried to uninstall/reinstall. Apache is using 10.0.0.50 as the IP, DocumentRoot seems to have problems, config seems to be messed up.
Check configuration:
httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.1.79. Set the 'ServerName' directive globally to suppress this message
Syntax OK
To fix that:
sudo vi /etc/apache2/httpd.conf
Before:
ServerName www.example.com:80
After:
ServerName localhost
Check configuration again:
httpd -t
Syntax OK
How and why do I get this error? I have a Boost LG and I've never used nginx or Ubuntu or even heard of them until recently. Is someone accessing or running these in my phone? Please help and thanks a million
When you will find 502 Bad Gateway error :
Nginx running as proxy for Apache web server.
Nginx running with PHP-FPM daemon.
Nginx running with other services as gateway.
Bad buffering/timeout configuration.
Solutions :
Other quick solutions for 502 Bad Gateway error:
1) Increase buffer and timeouts inside http block:
http {
...
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
...
}
2) Ensure your php-fpm service is listening according to what you’ve configured in nginx, it can be either this two options:
Edit www.conf file (in CentOS it is located at /etc/php-fpm.d/www.conf and try with one of this two options:
listen = /var/run/php5-fpm.sock
or
listen = 127.0.0.1:9000
After that, just restart the php-fpm service.
3) Disable APC Cache if used, instead try Xcache, apc can cause this kind of issues under particular enviroments causing segmentation faults.
4) I recently found another cause of 502 Bad Gateway error, check it out here: php5-fpm.sock failed (13: Permission denied) error
I'm trying to set up a Godaddy SSL certificate on a DigitalOcean droplet running Ubuntu with Apache 2. After I've configured the certificates correctly (to the best I can see & according to the following articles:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04#step-2-configure-apache-to-use-ssl
https://www.digicert.com/ssl-certificate-installation-ubuntu-server-with-apache2.htm
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
I cannot run Apache and I'm getting the following error:
AH02311: Fatal error initialising mod_ssl
I've also seen this error:
SSL Library Error: error:0B080074:x509 certificate routine
both of these are in the error.log file.
Looks like private key is not matching certificate check on that (Not sure as i do not see full console logs). I hope the cert order is correct it should be
SSLCertificateFile /etc/apache2/ssl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key
SSLCACertificateFile /etc/apache2/ssl/intermediate.crt
Usually this is an apache.conf configuration error or any other configuration file. do this:
purge ApacheUninstall/Purge Apache
reload modules
reboot server
do apachectl configtest
sudo systemctl restart apache2.service
sudo systemctl status apache2.service
That should fix the problem.
I was able to reproduce this exact error condition by simply enabling SSL under apache (by uncommenting the line in httpd.conf that loads mod_ssl and mod_socache_shmcb.so). The default httpd-ssl.conf file contains example lines of configuration with dummy values. Specifically there is a virtual host block at the bottom of this file that is provided as a template. It contains uncommented lines with dummy values. Apache won't accept these values as they are.
To test this, uncomment the above modules in httpd.conf open a console window, go to the apache\bin folder (the apache folder will have the appropriate version appended like apache2.37)
and type
httpd -t
And apache will validate your .conf files and report fatal errors. The first one you will see will report that it is unable to find server.crt. If you fill in the entire section with the values for the website that you are trying to secure apache should stop throwing these errors.
for more detail when troubleshooting use
httpd -e warn
or
httpd -e debug
To set up a secure virtual host for a site example.com you need two blocks.
One insecure block, and one insecure block. The insecure block uses port 80 or whatever port you choose if 80 is in use elsewhere. This is usually set up in the httpd-vhosts.conf file. The secure block is copy of the insecure block with the added commands for configuring SSL and uses port 443. This block is usually placed in httpd-ssl.conf Https-ssl.conf is automatically included in httpd.conf which is the master configuration file. It contains a conditional clause which detects the mod_ssl module and loads httpd-ssl.conf if the module is loaded. This is why the error occurs as soon as mod_ssl is enabled.
I was also having the same problem.
While checking, I found it was due to wrong passphrase in pass.out file.
It was solved after correcting that, so I suggest you to check that as well.
I followed the official docs on https setup located here: https://help.ubuntu.com/6.06/ubuntu/serverguide/C/httpd.html#https-configuration
I had to remove the +CompatEnvVars from
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
because it said it was an invalid command or something. So having removed that and following the instructions to the nail it get the error:
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
I'm new to SSL, any advice on what's going wrong?
I've just experienced this issue. For me it appeared when some erroneous code was trying to redirect to HTTPS on port 80.
e.g.
https://example.com:80/some/page
by removing the port 80 from the url, the redirect works.
HTTPS by default runs over port 443.
I used
a2ensite default-ssl
and it worked like a charm.
If you want to force e.g. phpmyadmin to use SSL/https you will run into this problem if this link is missing.
I had that same error. I forgot to create a link from sites-enabled/000-default-ssl to the sites-available/default-ssl file.
> ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
This seems to be the result you see from Firefox when the server is not configured properly for SSL. Chrome, BTW, just gave a generic "ssl failed" code.
What happens is that the browser sends a SSL handshake when the server is expecting an HTTP request. Server responds with a 400 code and an error message that is much bigger that the handshake message that the browser expects. Hence the FF message.
As we can see from the responses here there are many things that can break the SSL configuration but not stop the server starting or give any hints in error.log.
What I did was systematically check down all the answers until I finally found the right one, right at the bottom.
Here is what I had in the access logs:
rfulton.actrix.co.nz:80 192.168.1.3 - - [09/Oct/2016:13:39:32 +1300] "\x16\x03\x01" 400 0 "-" "-"
rfulton.actrix.co.nz:80 192.168.1.3 - - [09/Oct/2016:13:39:46 +1300] "\x16\x03\x01" 400 0 "-" "-"
rfulton.actrix.co.nz:80 192.168.1.3 - - [09/Oct/2016:13:49:13 +1300] "\x16\x03\x01" 400 0 "-" "-"
This error also occurs when you have enabled the SSL module (i.e. you have run e.g. a2enmod ssl) but not yet enabled any SSL site entries (i.e you have not run e.g. a2ensite default-ssl).
I got this error when I was trying to access a url using curl:
curl 'https://example.com:80/some/page'
The solution was to change https to http
curl 'http://example.com:80/some/page'
In my case, I needed to install mod_ssl first
yum install mod_ssl
In my case I copied a ssl config from another machine and had the wrong IP in <VirtualHost wrong.ip.addr.here:443>. Changed IP to what it should be, restarted httpd and the site loaded over SSL as expected.
Finally find out the problem:
the port 443 was listening on HTTP instead of HTTPS, changed to HTTPS solved my issue.
In my case I accidentally used SSL in the Virtualhost configuration for port 80, instead of 443.
In my case, an Ubuntu system, in ports.conf I had
NameVirtualHost *:80
NameVirtualHost 192.168.1.79
Listen 80
And then, inside , I had
NameVirtualHost *:443
Listen 443
All I had to do was remove the line NameVirtualHost 192.168.1.79. Restarted apache and problem solved.
My case is related to Greg B's -- Visual Studio creates two sites when SSL is enabled -- one for secure, and one for normal http requests. However Visual Studio chooses two ports at random, and depending on how you start the debugger you might be pointing towards the wrong page for the request type. Especially if you edit the URL but don't change the port number.
Seeing these posts jogged my memory.
I know this isn't APACHE related, but it is definitely a page that people with that error will find..
I got the same error after enabling TLSv1.2 in webmin. Right after I enabled TLSv1.2 by accident thinking it was SSLv2, I was not able to log in from https://myipaddress:10000 like I did before. I found this link http://smallbusiness.chron.com/disable-ssl-webmin-miniserv-60053.html and it helped me because I was able to access webmin config file and I was able TLSv1.2
If you are upgrading from an older version of apache2, make sure your apache sites-available conf files end in .conf and are enabled with a2ensite
Below Solution worked for me :
Type About:Config in the Address Bar and press Enter.
“This Might void your warranty!” warning will be displayed, click on I’ll be careful, I Promise button.
Type security.ssl.enable_ocsp_stapling in search box.
The value field is true, double click on it to make it false.
Now try to connect your website again.
On My side, Error if nginx.conf like
server {
listen 443;
}
curl: (35) SSL received a record that exceeded the maximum permissible length.
Solution:
server {
listen 443 ssl;
}
It's working fine after adding ssl after 443