I know what HTML 500 errors are and I know how to research solving them,
I run a server with apache 2 and admin control is through cPanel and WHM.
What I am looking for is some guidance on how to feed back a useful and informative HTML 500 error page to the end user, after it has occurred on my website.
I have read: PHP: 500 Error to error page
and https://ux.stackexchange.com/questions/15955/how-to-create-a-useful-500-internal-server-error-page
but these don't seem to be what I'm looking for, for example http://www.smashingmagazine.com/2011/05/27/getting-started-with-defensive-web-design/ (referenced from one of the above links) tells me how to design the art work for the 500 error page but no indication as to how to deploy this page when the error occurs.
My most common point of the rare times I do have a few moments of HTML 500 errors, is with errors in the .htaccess file, for the website, this website may only be down for a few minutes but with ~50k visitors a month, this down time, even if momentary, will be seen by dozens of people and really should be presented well, nicely, informative and not the current standard which is:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
I have a server error page for 500 errors already set up and created and loadable in my server admin (cPanel), but the error page example (above) claims not to be able to find it, I also have an errorDocument handle in .htaccess which directs to this same page.
So my question is:
What processes do I need to set up to deploy a coherent and informative error 500 page when I get these errors?
specifically when I have .htaccess errors
I have a feeling that due to the nature of the error (server) it means that error pages can not be deployed from the same server as the error occurs, so the server can not work asynchronously?
Does the above mean that HTML 500 errors are only really deployable from multi-server situations or CDNs?
I have a feeling that due to the nature of the error (server) it means that error pages can not be deployed from the same server as the error occurs, so the server can not work asynchronously?
Does the above mean that HTML 500 errors are only really deployable from multi-server situations or CDNs?
I'd say they are only reliably deployable from a multi-server configuration.
The math is really simple:
An error page is itself a request to the server.
If the server is unable to complete requests due to misconfiguration or faulty code, there is no way to guarantee that the same will not happen to an error page.
But ultimately, it depends on your config.
If, for example, you make a mistake in a .htaccess file in some subfolder, causing infinite recursion, the error page will load just fine, provided it is not served from that directory.
If, however, you cause infinite redirection on all URLs, then the request to the error document will be affected by this too, which is precisely what happens when the server tells you:
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
This is like reporting a bug reporter bug - depending on its severity, this might or might not be possible.
If there is another server with a separate configuration, it will not be affected by the failures of server 1.
It doesn't need to be a physical server, simply launching a second web server will do as long as
one acts as a proxy or load balancer for the other
that proxy is configured to redirect responses from the other server with status code 500
that proxy is itself not misconfigured
For apache, using mod_proxy_balancer, such a configuration could look like
<VirtualHost *:80>
ServerName 127.0.0.1
DocumentRoot /var/www/errorpages/
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
ServerAlias *.example.com
ServerAlias example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / balancer://whatever/
ProxyPassReverse / balancer://whatever/
<Proxy balancer://whatever/>
ProxySet failonstatus=500
BalancerMember http://127.0.0.1:42 retry=1
BalancerMember http://127.0.0.1:80 status=+H
</Proxy>
</VirtualHost>
This server would need to be started on port 80, and would pass all incoming requests to port 42 (hence the other server would need to listen to port 42, advisably only on 127.0.0.1). If any of the responses returned by the server running on port 42 were to have a status code of 500, the server on port 80 would resend the request to port 80 on 127.0.0.1, thus passing the request to itself, but with a different Host header, so that it wouldn't hit the load balancer again.
Related
I am trying to solve an issue with an internal ProxyPass setup on an apache http server, version 2.4. Everything works fine otherwise, it is just this ProxyPass issue that I fail to solve:
I operate several name based virtual hosts on a single system with example.org serving as the default host and all hosts using the https protocol on port 443 with valid (signed) certificates:
example.org
host1.example.org
host2.example.org
For one single type of request I want to setup an internal ProxyPass rule to example.org.
https://host1.example.org/_-_-_/bar => https://example.org/foo/bar
A ProxyPassReverse is not required, since no result is returned. (I also tried with, but that does not make any difference):
This is the rule set which is part of the configuration of host host1.example.org:
SSLProxyEngine On
ProxyRequests Off
ProxyVia Off
ProxyPass "/_-_-_/bar" "https://example.org/foo/bar"
The proxy does work, it proxies the request. But the issue is that it does not request the correct host! So not example.org but the originally requested host host1.example.org, so it requests itself. I can clearly see both requests in the same access log file whilst the access log of example.org stays untouched. Obviously that behavior results in a http status 404. That is also shown on the client side as an error message generated by host host1.example.org (fine) but showing the internal path /foo/bar (not fine)!So my question obviously is:
What to change so that the proxy request is internally processed by the desired virtual host?
Ok, as obviously also previously suspected by myself I had an issue with other configuration details interfering here. I post this answers as a hint for others who might stumble about a similar situation:
Another configuration file included by the host configuration set a global ProxyPreserveHost On directive. That obviously resulted in the internal proxy request to feature the same, preserved host header as the original request, which had to lead to the internal request getting processed by the same virtual host as the original request.
I solved the issue by moving (and duplicating) that directive into specific <Location> blocks, so that the global default to not preserve the host in proxy requests is not modified. Consequently the proxy requests described in the question work as expected, they are processed by the desired virtual host now.
I recently replaced Google Analytics by the self-hosted analytics tool Piwik.
This means that every time someone connects my website http://www.mywebsite.com, a Javascript tracking code is executed on the client, that calls my Piwik server http://www.mywebsite.com/piwik/piwik.php
Result:
on my server's Apache access.log, there is a line about http://www.mywebsite.com, that's normal
in my Piwik database, an information is stored about this visit, this is normal
on my server's Apache access.log, there is a line about the fact my Piwik server received a tracking request (executed by client with JS)
The logging part 3. is clearly too much!
From now, since Piwik in installed, my access.log is double sized!
How to remove the fact that Apache logs in access.log the connection to http://www.mywebsite.com/piwik/piwik.php ? i.e. client JS tracking code <--> Piwik server ?
The solution is to disable logging of certain requests (for example in
/etc/apache2/sites-available/000-default.conf with Debian 8):
<VirtualHost *:80>
ServerName www.mywebsite.com
DocumentRoot /home/www/mywebsite
...
SetEnvIf Request_URI "^/piwik(.*)$" dontlog
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined env=!dontlog
</VirtualHost>
The Apache manual contains a section on conditional logging
https://httpd.apache.org/docs/2.4/logs.html
What you need to do is set an environment variable when a condition is met (path is piwik/piwik.php)? Then you can use that environment variable in the apache log file configuration.
Disabling your tracking logs in Apache log file is not the best idea. If your Piwik will crash for some reason or your tracking will not work for some period of time (eg. over the weekend) you will loose your data.
Apache logs can save you here, you can then replay your traffic using LogAnalytics: http://piwik.org/log-analytics/#logfile
It is better to have reasonable log file storing policy then removing data from your log.
I am running a Wicket web application in Apache Tomcat on two separate servers. When the application runs on server #1, all of the images are delivered without errors or warnings on both http: and https:, so I don't think there is a problem with the html file. When I run the same application on server #2, all of the images are delivered over http:, but some of the images are giving 404 Not Found when delivered over https:.
For example:
/path/image1.png and is delivered successfully over http and https.
/path/some/sub/directory/image2.png is delivered over http, but not delivered over https.
More specifically, if I request https://domain/path/some/sub/directory/image2.png, I get a 404 error. But if I specify the port and request https://domain:8443/path/some/sub/directory/image2.png the image is delivered.
As the images both work on the first server, I suspect there is some problem with my Apache configuration on the second server. I can't find any directives specific to the functioning or malfunctioning directories in the apache2.conf, httpd.conf, or .htaccess files.
Where should I look to find the directive that allows image1 to be delivered successfully so that I can copy the rules for image 2?
:::EDIT:::
I found the following directives in extras/httpd-ssl.conf. We are using varnish to cache static content.
# Terminate SSL here and pass everything to Varnish
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost on
ProxyPass / http://128.138.128.89:80/
ProxyPassReverse / http://128.138.128.89:80/
This is running on Linux Mint on Oracle VirtualBox if that matters.
I have a multi-tier application of three layers lets say public, business and workspace (all running apache).
Client requests hits the public servers, requests are processed and dispatched on to business servers that does 'things' and response is returned back to public server which then processes the response and pass it on to the client.
I have a scenario wherein I want a request say /rstudio coming to the public server dispatched onto the business which intern reverse proxy to workspace server. There are two catch here:
the workspace server varies per request
application running on workspace server (Rstudio) uses GWT and references resources (static resources js, css etc and RPC coms) on the root url. All the in-application redirection also happens on the domain.
From the business server, I have setup reverse proxy to Rstudio server from my application server.
<Proxy *>
Allow from localhost
</Proxy>
ProxyPass /rstudio/ http://business_server/
ProxyPassReverse /rstudio/ http://business_server/
RedirectMatch permanent ^/rstudio$ /rstudio/
and this work fine (ref. https://support.rstudio.com/hc/en-us/articles/200552326-Running-with-a-Proxy). To handle dynamic workspace server, I could the following but ProxyPassReverse does not support expression in value and this no joy with this approach.
ProxyPassMatch ^/rstudio/(.*)$ http://$1
ProxyPassReverse ^/rstudio/(.*)$ http://$1
RedirectMatch permanent ^/rstudio$ /rstudio/
I have tried the same with mod_rewrite rule (following) but without ProxyPassReverse and due to domain redirection on the GWT Rstudio, this does not work. Adding ProxyPassReverse would fix the problem but I am caught up with no expression on value part to deal with dynamic workspace server issue.
RewriteRule "^/rstudio/(.*)" "http://$1" [P]
Following is the third approach to solve this problem using LocationMatch and mod_headers:
<LocationMatch ^/rstudio/(.+)>
ProxyPassMatch http://$1
Header edit Location ^http:// "http://%{SERVER_NAME}e/rstudio/"
</LocationMatch>
But this is no joy too because value on header directive is not evaluated against environment variable (and only back-references work here). Althought I can get the reverse proxy thing working if I had code the business_server, which is :
<LocationMatch ^/rstudio/(.+)>
ProxyPassMatch http://$1
Header edit Location ^http:// "http://private_server/rstudio/"
</LocationMatch>
Question 1: I was wondering if there are any better way to solve this problem without hardcoding the server DNS in apache conf?
Question 2: With the hard coded server DNS the reverse proxy works for me (patchy but works) but I am hit with GWT issue of resource references on root and the request dispatch is not fully working. I get to the signin page but resources are not found.
I was wondering if there is any better way to handle that?
Following is the example log from browser:
Navigated to https://public_server/rstudio
rworkspaces:43 GET https://public_server/rstudio.css
rworkspaces:108 GET https://public_server/js/encrypt.min.js
rworkspaces:167 GET https://public_server/images/rstudio.png 404 (Not Found)
rworkspaces:218 GET https://public_server/images/buttonLeft.png 404 (Not Found)
rworkspaces:218 GET https://public_server/images/buttonTile.png 404 (Not Found)
rworkspaces:218 GET https://public_server/images/buttonRight.png 404 (Not Found)
I've been dealing with this whole day and still can't figure it out.
I've setup Zabbix on one machine, and I want to monitor the Apache server on another machine.
I've completed all the steps described in the docs: http://www.zabbix.com/wiki/templates/apache
and still I get no data in the Apache Template. When checking the logs on the Apache server, I can see in access.log:
IPADDR - - [16/Jul/2012:13:29:08 +0000] "GET /server-status?auto HTTP/1.0" 404 13826 "-" "Python-urllib/1.17"
I think it might has something to do with Virtual Servers and additional sites I have on that machine, but I can't figure it out, and nothing mentioned in the docs...
The Apache checks are not as clever as you may think.
Can Zabbix communicate with your apache server? Link it to a template with something simple like "uptime" and verify that it indeed gets data.
Next, verify that there aren't any firewall rules prevent the zabbix server from communicating with your web server. Can you curl your homepage from the zabbix host without problems?
Are the apache checks active checks? If so you'll need to make sure active checks are enabled in the /etc/zabbix/zabbix-agentd.conf file and that the "Hostname" within the conf is unique and matching up correctly with what you have in the zabbix server.
If that fails, change the DebugLevel to 4 in /etc/zabbix-agentd.conf and tail the zabbix log. Look and see if it is having trouble with any checks.
This is an apache configuration problem, zabbix can't do anything if /server-status yields a 404 error.
Maybe the <Location /server-status>...</Location> directive is not at the right place in apache's configuration.
Try to move it inside the <VirtualHost> section of the specific virtual server to which the GET /server-status is routed.
Also make sure that mod_status is enabled.