We Keep Coding

`http.service` fail to start with `exit-code` or `protocol`

I'm configuring a new Apache web server on Oracle Linux 9 (comparable with RedHat/CentOS according to Oracle). The version of httpd is 2.4.51 and the version of php is 8.0.13. However, the service failed to start with the following error (with journalctl -xeu:
httpd.service: Failed with result 'exit-code'.
I look up and many of similar error appear related to config file. But apachectl configtest returned Syntax OK, httpd --help give no output.
So I tried to comment out some config in http.conf, after commenting out the mod-security related line, it throws out new error message:
httpd.service: Failed with result 'protocol'.
No other useful error message can be retrieved from journalctl.
Commenting out the php related lines also doesn't help. Besides, I found that to install mod_security2 I have several other "module" to install, but I download this mod_security2 from aap stream. To make sure the problem does not come from this module, I installed the required modules (except libapr and libapr-utilbecause error occurs on building, therpmbuildcannot finddoxygen` even though I installed it) that are required in its documentation.
—————Update————
error_log:
[core:notice] [pid 4944:tid 4944] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[suexec:notice] - - AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)AH00016: Configuration Failed
[core:notice] [pid 4963:tid 4963] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[suexec:notice] - - AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[-:error] - - SecServerSignature: original signature too short. Please set ServerTokens to Full.
[-:notice] - - ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/) configured.
[:notice] [pid 4963:tid 4963] ModSecurity: APR compiled version="1.7.0"; loaded version="1.7.0"
[:notice] [pid 4963:tid 4963] ModSecurity: PCRE compiled version="8.44 "; loaded version="8.44 2020-02-12"
[:notice] [pid 4963:tid 4963] ModSecurity: LUA compiled version="Lua 5.4"
[:notice] [pid 4963:tid 4963] ModSecurity: YAJL compiled version="2.1.0"
[:notice] [pid 4963:tid 4963] ModSecurity: LIBXML compiled version="2.9.12"
[-:notice] - - ModSecurity: Original server signature: Apache
[:notice] [pid 4963:tid 4963] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[lbmethod_heartbeat:notice] - - AH02282: No slotmem from mod_heartmonitor
[-:error] - - SecServerSignature: original signature too short. Please set ServerTokens to Full.
[core:notice] - - AH00094: Command line: 'httpd'
AH00016 seem to be related with ssl cert, so I also attached the error log for ssl.
ssl_error_log:
[ssl:emerg] - - AH02562: Failed to configure certificate www.example.com:443:0 (with chain), check /etc/pki/tls/certs/example-wildcard.crt
[ssl:emerg] - - SSL Library Error: error:8000000D:system library::Permission denied (calling fopen(/etc/pki/tls/certs/example-wildcard.crt, r))
[ssl:emerg] - - SSL Library Error: error:10080002:BIO routines::system lib
[ssl:emerg] - - SSL Library Error: error:0A080002:SSL routines::system lib
I found a permission denied error to read my wildcard cert, and I noticed it was because I have the wrong ownership. I changed to what it should be, with a right of 644.
BTW, httpd -t also returns Syntax OK.
Now that I rerun httpd -t with no root right returns error to file permission (solved by changing the ownership to apache):
# sudo -u apache httpd -t
AH00526: Syntax error on line 39 of /etc/httpd/conf.d/mod_security.conf:
ModSecurity: Failed to open debug log file: /etc/httpd/logs/modsec_debug.log
Weird enough, when I check port listener I saw:
$ sudo netstat -punta | grep LISTEN
tcp6 0 0 :::443 :::* LISTEN 4964/httpd
tcp6 0 0 :::80 :::* LISTEN 4964/httpd
httpd is listening when it failed to start?

Maybe SELinux is denying access, probe this:
restorecon -vF /etc/pki/tls/certs/example-wildcard.crt

AH02026: Failed to acquire SSL session cache lock

First post, apologies if I get anything wrong.
Apache/2.4.6 (CentOS 7)
I am seeing repeated warnings in the ssl_error_logs of many of my virtual hosts. The warnings are:
[ssl:warn] [pid 8995] (22)Invalid argument: AH02027: Failed to release SSL session cache lock
[ssl:warn] [pid 8997] (22)Invalid argument: AH02026: Failed to acquire SSL session cache lock
If I restart httpd these errors go away for up to a few days but then re-appear.
I have read around this issue but can find no solution. Can anyone help?

This happens when the APACHE_RUN_USER is used for SSH login purposes too. Then, systemd clears all the locks of the user during logout, including the locks used by Apache 2.
The solution is to prevent systemd from removing the locks by adding the following line to /etc/systemd/logind.conf:
RemoveIPC=no

Anyone succeeded to Install Laravel on Apache2 with fcgi?

I have successfully installed Laravel on Apache2 with php as a module. The instructions are simple. However, when I try with fcgi it does not work. So it has to do with the server configuration. After I visited http://<mylaraveldomain> (domain not public), I looked at /var/log/apache2/error.log and got this error message
[Thu Mar 26 22:52:34.012794 2015] [fcgid:warn] [pid 30834] (104)Connection reset by peer: [client 65.92.253.153:7785] mod_fcgid: error reading data from FastCGI server
[Thu Mar 26 22:52:34.012862 2015] [core:error] [pid 30834] [client 65.92.253.153:7785] End of script output before headers: php-fcgi-wrapper
[Thu Mar 26 22:52:39.826939 2015] [fcgid:error] [pid 30830] mod_fcgid: process /var/www/default/cgi-bin/php5-default/php-fcgi-wrapper(31115) exit(communication error), get unexpected signal 11
I also looked at all other log files in /var/log recently modified after visiting the URL, but no additional useful info was found. Should I look elsewhere? It is not that fcgi is not working, because if I put a file test.php in laravel public folder I can read it fine at the URL http://<mylaraveldomain>/test.php. Is there some special configuration settings to make laravel works with fcgi ? It is possible that it is specific to my installation of fcgi. So, I would like to know if others have succeeded to install laravel with fcgi on apache2. I am on Ubuntu and I made a recent apt-get upgrade.

I checked syslog and there was additional info. I could see a segment fault. I guessed it could be cache management issue. I commented out the line zend_extension=opcache.so in the file /etc/php5/apache2/conf.d/05-opcache.ini and it worked. Of course, this is only a work around.

Apache error: htaccess without matching section

I'm getting this message in my Apache error console:
[Thu Jun 27 11:56:07 2013] [alert] [client 127.0.0.1] /Users/.......htacces without matching section
It started after my MAMP server wouldnt start and i found some online info that suggested entering ps aux/ grep mysql lsof _-i Killall -9 mysqld when this failed, I tried 2nd suggestion sudo Killall -9 mysqld. This came up with a warning so i called it. I then recalled that i had the same problem before and simple quit mysqld in my activity monitor, and the MAMP server worked again. I tried that, the server worked but got I then got a error message saying:
500 internal server error The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, you#example.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
I checked Apache error console and got this:
[Thu Jun 27 11:56:07 2013] [alert] [client 127.0.0.1] /Users/.......htacces without matching section

apache mod_fcgid problems

I have a problem on multiple servers than use Apache module mod_fcgid to serve a cgi script that processes the request (ticket validation and similar processing) then serves files on the server based on the result of the processing.
I keep getting the following errors repeatedly in the logs:
[Mon Jan 30 23:11:41 2012] [warn] [client 95.35.160.193] mod_fcgid: error reading data, FastCGI server closed connection
[Mon Jan 30 23:11:41 2012] [warn] [client 95.35.160.193] (32)Broken pipe: mod_fcgid: ap_pass_brigade failed in handle_request_ipc function
[Mon Jan 30 23:13:34 2012] [warn] [client 37.8.52.128] mod_fcgid: can't apply process slot for /var/www/cgi-bin/assetx.fcgi
These problems cause the server to be slow and other times result in service temporarily unavailable error.
The servers have large traffic on them, I have currently configured the following fcgi directives as below:
FcgidMaxRequestsPerProcess 0
FcgidMaxProcesses 300
FcgidMinProcessesPerClass 0
FcgidIdleTimeout 240
FcgidIOTimeout 240
FcgidBusyTimeout 300
the average load on the servers is normal, the number of processes is on average 250 processes.
I have done research for days about this issue, some say it is a permission problem, I've followed their suggestion, didn't help. I tried to tune the parameters above, these are the final values I tried, but they didn't work as well. I am also trying out nginx to be used instead of apache but I cannot find a suitable way to run the cgi script with this high load on the server using nginx.
What can I do to fix this problem?

Your app is dying before Apache can contact it successfully. The answer is to find out why the app is dying.
FastCGI process should never die or quit, even in an error condition. Apache expects FastCGI script to just keep on being there.
You mention you have a cgi script. How did you modify it to support FastCGI?
Usually you need to switch to something like CGI::Fast, remove all calls to die and exit, and refactor your script to run using the CGI::Fast while loop.