After installing SSL certificates via Certbot, my website came up with the error message "too many redirects". After some research I thought I must have a redirect from HTTPS -> HTTP somewhere, so I tried to fix it but it seems that I made it worse, and Apache won't start anymore. I'm a total beginner, so I'm struggling to understand what is wrong.
I'm setting up a VPS with CentOS7 accessed over SSH to host a simple html website. I set up the basics (relevant ones might be UFW Firewall, Cloudflare as DNS, Apache 2.4.6) and managed to display a test page on my domain.
I then went on to setting up my virtual host with this tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7
Followed by this tutorial to set up letsencrypt: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7
After this, I initially got the error message "too many redirects" when trying to access my domain, which had previously worked normally. Whilst trying to fix this for four hours straight, I've now screwed things up to the point where Apache doesn't seem to start.
Now when I do $ sudo systemctl restart httpd I get the error message "Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details."
[USER#host ~]$ sudo systemctl status httpd.service
* httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-01-23 00:57:39 UTC; 20s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 26023 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 24468 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 26021 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 26021 (code=exited, status=1/FAILURE)
Jan 23 00:57:39 host systemd[1]: Starting The Apache HTTP Server...
Jan 23 00:57:39 host systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 23 00:57:39 host kill[26023]: kill: cannot find process ""
Jan 23 00:57:39 host systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 23 00:57:39 host systemd[1]: Failed to start The Apache HTTP Server.
Jan 23 00:57:39 host systemd[1]: Unit httpd.service entered failed state.
Jan 23 00:57:39 host systemd[1]: httpd.service failed.
The only change I made to /etc/httpd/conf/httpd.conf was changing IncludeOptional conf.d/*.conf at the bottom to IncludeOptional sites-enabled/*.conf
My Virtual Host setup is currently as follows:
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www/example.com/public_html
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog /var/www/example.com/error.log
CustomLog /var/www/example.com/requests.log combined
SSLEngine on
</VirtualHost>
Would appreciate any pointers as to what might be wrong.
Since I used letsencrypt it looks like this:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
This resolved the error for apache. SSL encryption isn't working yet though, I'll come back and update it if I find out that it was an issue with these lines.
EDIT: This setup works fine for me now. The issue with the SSL encryption not working was due to having SSL on "off" in Cloudflare, which created a redirect loop.
You should add in your configuration the certificate, key for this certificate and intermediate certificates. This look like:
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
SSLCACertificateFile "conf/ssl.crt/ca.crt"
For more details check apache documentation
Related
My Flask app returns 503 errors regularly. I can't tell the reason. Could be load related. It is not systematic, so it's not a file permissions issue. It's more like 5 times on 10 subsequent requests. Easy to reproduce using F5 in a browser.
I'd like to debug that but I can't find anything in the logs.
I've checked apache main log files (access/error) and the VirtualHost access/error log files. I've tried setting LogLevel to debug, to no avail.
When the application returns a 503 (e.g. using abort(503) with Flask), the error is logged in the virtualhost access log (this is not an apache error, so it goes in access log). It is also logged in my app log because my framework logs all http errors.
I've been having load issues in the past, where no thread was available. This resulted in 503 errors returned by apache itself and I'm pretty sure those were logged in either access or error log (most probably error).
How is it possible that the client gets a 503 and there's no trace of it in the logs?
Virtual host config excerpt:
ErrorLog ${APACHE_LOG_DIR}/my-app-error.log
CustomLog ${APACHE_LOG_DIR}/my-app-access.log combined
WSGIDaemonProcess my-app threads=5
WSGIScriptAlias /api /srv/my-app/application.wsgi process-group=my-app application-group=%{GLOBAL}
WSGIPassAuthorization On
<Location /api>
WSGIProcessGroup my-app
</Location>
<Directory /srv/my-app/>
Options FollowSymLinks
AllowOverride All
</Directory>
Debian Stretch, apache 2.4.25, mod_wsgi 4.5.11.
Edit 1: All WSGi applications are affected
We notice 503 errors on another wsgi application in another virtual host on the same apache instance. This application is under a light (close to zero) load, so it shouldn't 503. However, I don't get a 503 when loading the default VHost page (the "Apache2 Debian Default Page" "It works!" page). Like if there was some sort of mod_wsgi limitation that would be common to all WSGI applications, but not a global apache limitation since only WSGI applications are affected.
Edit 2: Restarting apache
systemctl reload apache2 doesn't change anything. However, systemctl restart apache2 solved it for now. Until next time.
Before the restart
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2018-12-04 11:13:23 CET; 2 weeks 0 days ago
Process: 10023 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 536 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 977 (apache2)
Tasks: 133 (limit: 4915)
Memory: 1.7G
CPU: 6d 6h 3min 51.105s
CGroup: /system.slice/apache2.service
├─ 977 /usr/sbin/apache2 -k start
├─10066 /usr/sbin/apache2 -k start
├─10067 /usr/sbin/apache2 -k start
├─10068 /usr/sbin/apache2 -k start
├─10069 /usr/sbin/apache2 -k start
├─16834 /usr/sbin/apache2 -k start
└─16836 /usr/sbin/apache2 -k start
After the restart
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-12-19 12:32:02 CET; 3s ago
Process: 11840 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
Process: 11735 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 11850 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 11854 (apache2)
Tasks: 79 (limit: 4915)
Memory: 125.3M
CPU: 4.080s
CGroup: /system.slice/apache2.service
├─11854 /usr/sbin/apache2 -k start
├─11855 /usr/sbin/apache2 -k start
├─11856 /usr/sbin/apache2 -k start
├─11857 /usr/sbin/apache2 -k start
└─11858 /usr/sbin/apache2 -k start
The differences I see here are the number of processes (no idea what to conclude about that) and the memory usage. Alright, the application seems to be a bit greedy with the memory but I think the server can handle that.
In case it helps: we have experienced a similar issue with a flask wsgi application intermittently returning 503 (say, every 5-10 requests).
Manual testing revealed that the corresponding requests did not show up in the apache access log (while the successful requests did).
As hinted in workaround's answer, the apache config did indeed also contain proxy configurations for other apps, and we were using the keepalive=On keyword for one of our ProxyPass directives (not for the flask app, but for another app served under the same prefix). Excerpt:
<Location /curated-cofs>
WSGIProcessGroup curated-cofs # this is the flask app
</Location>
<Location /curated-cofs/optimade>
ProxyPass http://localhost:3759 keepalive=On timeout=1200
ProxyPassReverse http://localhost:3759
</Location>
There was actually no good reason for us to use the keepalive keyword here (no internal firewall).
Removing the keyword from the ProxyPass directive seems to have resolved the 503 issue for the flask app as a side-effect.
First of all, did you check out the access log? Because if there is no error log this means the server was accessed, so there must be somehting in the access log.
If there is, check if Flask is indeed serving.
Secondly, are you proxying requests? If you do, make sure your proxy config is ok.
And of course, make sure your mod_wsgi config is correct
For some reasons I can't make Apache work with Kestrel.
Kestrel/Service is Running
● kestrel-hellomvc.service - TestTwo Example
Loaded: loaded (/etc/systemd/system/kestrel-hellomvc.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2017-06-28 02:35:14 UTC; 25min ago
Main PID: 2182 (dotnet)
CGroup: /system.slice/kestrel-hellomvc.service
└─2182 /usr/local/bin/dotnet /var/www/applications/TestOne/TestOne.dll
Jun 28 02:35:14 abcidee systemd[1]: Started TestTwo Example.
Jun 28 02:35:14 abcidee systemd[1]: Starting TestTwo Example...
Jun 28 02:35:15 abcidee dotnet-TestTwo[2182]: Hosting environment: Production
Jun 28 02:35:15 abcidee dotnet-TestTwo[2182]: Content root path: /var/www/applications/TestOne
Jun 28 02:35:15 abcidee dotnet-TestTwo[2182]: Now listening on: http://localhost:5000
Jun 28 02:35:15 abcidee dotnet-TestTwo[2182]: Application started. Press Ctrl+C to shut down.
Jun 28 02:35:56 abcidee dotnet-TestTwo[2182]: warn: Microsoft.Extensions.DependencyInjection.DataProtectionServices[59]
Jun 28 02:35:56 abcidee dotnet-TestTwo[2182]: Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
Jun 28 02:35:56 abcidee dotnet-TestTwo[2182]: warn: Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
Jun 28 02:35:56 abcidee dotnet-TestTwo[2182]: Using an in-memory repository. Keys will not be persisted to storage.
Port 5001 on httpd
httpd -S
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.0.4. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:5001 10.0.0.4 (/etc/httpd/conf.d/hellomvc.conf:1)
*:443 10.0.0.4 (/etc/httpd/conf.d/ssl.conf:56)
hellomvc.conf
<VirtualHost *:5001>
ProxyPreserveHost On
ProxyPass / http://localhost:5000/ retry=0 timeout=5
ProxyPassReverse / http://localhost:5000/
ServerName hostname.example.com
ErrorLog /var/log/httpd/hellomvc-error.log
CustomLog /var/log/httpd/hellomvc-access.log common </VirtualHost>
However I am getting
$curl localhost:5001
curl: (7) Failed connect to localhost:5001; Connection refused
I'm using Centos 7, with Centos Web Panel, => Apache Setting => Edit Apache vHosts or /usr/local/apache/conf.d/vhosts.conf
Listen 8081
NameVirtualHost *:8081
<VirtualHost *:8081>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ServerName localdomain
ServerAlias localdomain
</VirtualHost>
This is due to non-existance of "/var/www/html" directory. run mkdir "/var/www/html" , hope it will solved.
I have installed a fresh copy of Centos 7. Then I restarted Apache but the Apache failed to start. I have 3 days stucked in this issue. Even the support can not figure out the error.
sudo service httpd start
Failed to start apache :
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2016-05-09 16:08:02 BST; 59s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 5710 (code=exited, status=1/FAILURE)
May 09 16:08:02 mike079.startdedicated.de systemd[1]: Starting The Apache HTTP Server...
May 09 16:08:02 mike079.startdedicated.de httpd[5710]: (98)Address already in use: AH00072: make_sock: could not bind to address 85.25.12.20:80
May 09 16:08:02 startdedicated.de httpd[5710]: no listening sockets available, shutting down
May 09 16:08:02 startdedicated.de httpd[5710]: AH00015: Unable to open logs
May 09 16:08:02 startdedicated.de systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
May 09 16:08:02.startdedicated.de kill[5712]: kill: cannot find process ""
May 09 16:08:02 .startdedicated.de systemd[1]: httpd.service: control process exited, code=exited status=1
May 09 16:08:02startdedicated.de systemd[1]: Failed to start The Apache HTTP Server.
May 09 16:08:02 startdedicated.de systemd[1]: Unit httpd.service entered failed state.
May 09 16:08:02 mike: httpd.service failed.
I got the same error because of a simple typo in vhost.conf.
Remember to make sure you don't have any errors in the config files.
apachectl configtest
From your output:
no listening sockets available, shutting down
what basically means, that any port in which one apache is going to be listening is already being used by another application.
netstat -punta | grep LISTEN
Will give you a list of all the ports being used and the information needed to recognize which process is so you can kill stop or do whatever you want to do with it.
After doing a nmap of your ip I can see that
80/tcp open http
so I guess you sorted it out.
In my case I got the error simply because I had changed the Listen 80 to listen 443 in the file
/etc/httpd/conf/httpd.conf
Since I had installed mod_ssl using the yum commands
yum -y install mod_ssl
there was a duplicate listen 443 directive in the file ssl.conf created during mod_ssl installation.
You can verify this if you have duplicate listen 80 or 443 by running the below command in linux centos (My linux)
grep '443' /etc/httpd/conf.d/*
below is sample output
/etc/httpd/conf.d/ssl.conf:Listen 443 https
/etc/httpd/conf.d/ssl.conf:<VirtualHost _default_:443>
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
Simply reverting the listen 443 in httd.conf to listen 80 fixed my issue.
on command line type journalctl -xe and the results will be
SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket port 83 or 80
This means that the SELinux is running on your machine and you need to disable it. then edit the configuration file by type the following
nano /etc/selinux/config
Then find the line SELINUX=enforce and change to SELINUX=disabled
Then type the following and run the command to start httpd
setenforce 0
Lastly start a server
systemctl start httpd
Allow Apache Through the Firewall
Allow the default HTTP and HTTPS port, ports 80 and 443, through firewalld:
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
And reload the firewall:
sudo firewall-cmd --reload
Some other service may be using port 80: try to stop the other services: HTTPD, SSL, NGINX, PHP, with the command sudo systemctl stop and then use the command sudo systemctl start httpd
For me the issue was the following:
[Sat Sep 10 00:43:20.999998 2022] [auth_digest:error] [pid 123456] (2)No such file or directory: AH01762: Failed to create shared memory segment on file /run/httpd/authdigest_shm.128124
[Sat Sep 10 00:43:20.999999 2022] [auth_digest:error] [pid 123456] (2)No such file or directory: AH01760: failed to initialize shm - all nonce-count checking and one-time noncesdisabled
I have just tailed the error logs to get those two line above:
*ADMINSHELL* :/var/opt/custom_path/logs/httpd # tail error_log
So the problem was that this folder was missing: /run/httpd/
Solution:
mkdir /run/httpd
chown root:httpd /run/httpd
chmod 0710 /run/httpd
After this is done. You will be able to restart the service:
systemctl restart httpd.service
Double check:
systemctl status httpd.service
The error could be anywhere, configs, libraries or the binaries. Error in the control process is a general error thrown by the system when its not able to start/restart the service. In my case one of libraries linked to the exe in the .service file has a problem. Fixing that library solved the problem.
try this cmd to know the missing config or error in the file configuration
$ apachectl configtest
I had almost the same error, and I found the error on vhost.conf file, which is located on /etc/httpd/conf.d/vhost.conf.
If you were configuring the virtual host, I suggest you look at the following file and find if you have any errors there.
/etc/httpd/conf.d/vhost.conf
For me also the same error happens after adding dummy SSL
in /etc/httpd/conf.d/ssl.conf file it's created a line like,
SLCertificateFile /etc/pki/tls/certs/localhost.crt
I changed it from SLCertificateFile to SSLCertificateFile
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
And after apache restart it started working fine.
<VirtualHost *:80>
ServerName www.YOURDOMAIN.COM
ServerAlias YOURDOMAIN.COM
DocumentRoot /var/www/YOURDOMAIN.COM/public_html
ErrorLog /var/www/YOURDOMAIN.COM/error.log
CustomLog /var/www/YOURDOMAIN.COM/requests.log combined
DocumentRoot /var/www/YOURDOMAIN.COM/public_html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/YOURDOMAIN.COM/public_html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Is it possible that a http request for one port be forwarded or redirected to another port. A request like this
http://localhost:8080
be forwarded to another port say 8181. And blocks all the requests for the default port say 80. I am on linux machine having apache running.
Read and follow mod_rewrite documentation.
hey hii user,
You can configure it from apache using NameVirtualHost directive and additional ProxyPass and ProxyPassReverse directives provided by mod_proxy module. Here is a basic configuration.
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mydomain.com
DocumentRoot /var/www/mydomain
ProxyPass / http://localhost:81/
ProxyPassReverse / http://localhost:81/
</VirtualHost>
<VirtualHost *:80>
ServerName www.mydomain2.com
DocumentRoot /var/www/mydomain2
</VirtualHost>
I can't figure out why it is not redirecting to port 8080.
Can you spot the error?
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName ofornecedor.com.br
ServerAlias http://ofornecedor.com.br
ProxyPass /admin/event ws://localhost:8080/admin/event
ProxyPassReverse /admin/event ws://localhost:8080/admin/event
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Mon 2018-07-30 11:46:14 UTC; 8s ago
Docs: man:systemd-sysv-generator(8)
Process: 14742 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 11742 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
Process: 14811 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
Tasks: 55
Memory: 6.5M
CPU: 61ms
CGroup: /system.slice/apache2.service
├─14828 /usr/sbin/apache2 -k start
├─14831 /usr/sbin/apache2 -k start
└─14832 /usr/sbin/apache2 -k start
Jul 30 11:46:13 ip-172-31-13-126 systemd[1]: Starting LSB: Apache2 web server...
Jul 30 11:46:13 ip-172-31-13-126 apache2[14811]: * Starting Apache httpd web server apache2
Jul 30 11:46:13 ip-172-31-13-126 apache2[14811]: [Mon Jul 30 11:46:13.480124 2018] [so:warn] [pid 14827:tid 139956103014272] AH01574: module proxy_module is already loaded, skipping
Jul 30 11:46:13 ip-172-31-13-126 apache2[14811]: [Mon Jul 30 11:46:13.480178 2018] [so:warn] [pid 14827:tid 139956103014272] AH01574: module proxy_http_module is already loaded, skipping
Jul 30 11:46:14 ip-172-31-13-126 apache2[14811]: *
Jul 30 11:46:14 ip-172-31-13-126 systemd[1]: Started LSB: Apache2 web server.
i have a windows machine and have ubuntu as a guest OS on VM. i set up apache onubuntu and im trying to configure ssl on that server but apache keeps crashing after following all instructions i found on the internet.
I have my ssl files in
/etc/apache2/ssl/server.crt
/etc/apache2/ssl/server.key
I have a default-ssl conf file with:
DocumentRoot /var/www-ssl/html/
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
In the vhost and I also have the same in a vhost i am setting up(forums) forums-ssl conf file.
Mod ssl is already enabled
In my guest host file I have: 127.0.0.1 localhost test tribunal
When I restart apache, it asks me for my pass phrase, I enter it and it says ok, although it spits out those notices. But when I navigate to the page it times out.
and here is the error in apache error_log:
[Sun Mar 04 20:23:59 2012] [notice] caught SIGTERM, shutting down
[Sun Mar 04 20:24:04 2012] [notice] Apache/2.2.17 (Ubuntu) PHP/5.3.5-1ubuntu7.7 with Suhosin-Patch mod_ssl/2.2.17 OpenSSL/0.9.8o configured -- resuming normal operations
does anyone know why this is happening?