Apache insists on binding to *all* addresses even though Listen directives specify specific ip addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I've run into a problem. First things first:

[root@munich ~]# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m

[root@munich ~]# uname -a
Linux munich 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

[root@munich]/etc/httpd/conf# yum list httpd
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Excluding mirror: mirror.de.leaseweb.net
 * base: ftp-stud.fht-esslingen.de
Excluding mirror: mirror.de.leaseweb.net
Excluding mirror: mirror.nl.leaseweb.net
 * epel: mirrors.n-ix.net
 * extras: centos.mirror.linuxwerk.com
 * remi: mirror5.layerjet.com
Excluding mirror: mirror.de.leaseweb.net
Excluding mirror: centos.copahost.com
 * updates: ftp.plusline.de
Installed Packages
httpd.x86_64                                                                2.2.15-29.el6.centos                                                                @updates

The choice of an earlier version of Centos was meant to accommodate zimbra, which it seems to be doing nicely. But now I'm trying to bring up my old web services on selected IP addresses and ports. I've confirmed that zimbra is not occupying the address/port combinations. I have numerous Listen directives to accomplish this:

[root@munich ~]# grep -r "^Listen" /etc/httpd/
/etc/httpd/conf/sites-enabled/greybeard95a.com:Listen 91.205.174.233:80
/etc/httpd/conf/sites-enabled/greybeard95a.com:Listen 91.205.174.233:443
/etc/httpd/conf/sites-enabled/n4rky.me:Listen 91.205.174.234:80
/etc/httpd/conf/sites-enabled/n4rky.me:Listen 91.205.174.234:443
/etc/httpd/conf/sites-enabled/cybernude.org:Listen 91.205.174.230:80
/etc/httpd/conf/sites-enabled/cybernude.org:Listen 91.205.174.230:443
/etc/httpd/conf/sites-enabled/parts-unknown.org:Listen 193.34.144.104:80
/etc/httpd/conf/sites-enabled/parts-unknown.org:Listen 193.34.144.104:443
/etc/httpd/conf/sites-enabled/disunitedstates.com:Listen 91.205.174.231:80
/etc/httpd/conf/sites-enabled/disunitedstates.com:Listen 91.205.174.231:443
/etc/httpd/conf/sites-enabled/disunitedstates.org:Listen 91.205.174.232:80
/etc/httpd/conf/sites-enabled/disunitedstates.org:Listen 91.205.174.232:443

(some matches elided)

The sites-enabled directory is Included like so:

[root@munich ~]# grep -r sites-enabled /etc/httpd
/etc/httpd/conf/httpd.conf:Include /etc/httpd/conf/sites-enabled/

And it contains:

[root@munich ~]# ls -al /etc/httpd/conf/sites-enabled/
total 8
drwxr-xr-x 2 root root 4096 Sep 23 15:31 .
drwxr-xr-x 4 root root 4096 Sep 23 15:31 ..
lrwxrwxrwx 1 root root   32 Sep 21 21:35 cybernude.org -> ../sites-available/cybernude.org
lrwxrwxrwx 1 root root   38 Sep 21 21:35 disunitedstates.com -> ../sites-available/disunitedstates.com
lrwxrwxrwx 1 root root   38 Sep 21 21:35 disunitedstates.org -> ../sites-available/disunitedstates.org
lrwxrwxrwx 1 root root   35 Sep 21 21:35 greybeard95a.com -> ../sites-available/greybeard95a.com
lrwxrwxrwx 1 root root   27 Sep 21 21:35 n4rky.me -> ../sites-available/n4rky.me
lrwxrwxrwx 1 root root   36 Sep 21 21:35 parts-unknown.org -> ../sites-available/parts-unknown.org

Folks who are familiar with the Debian/Ubuntu set-up will recognize the layout. I originally created this many years ago and have preserved it across numerous installations on various distributions.

When I try to start apache, I get:

[root@munich]/etc/httpd/conf# /etc/init.d/httpd start
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
                                                           [FAILED]

It does not seem to be listening to my Listen directives with respect to port 443 and instead is attempting to open every address on the system. This is a *very* *bad* thing for it to attempt to do.

What am I missing? Thanks!

--
David Benfell
My mail is usually signed cryptographically, but from Zimbra, it generally will not be. Please see https://parts-unknown.org/node/2 for more information.

BEGIN:VCARD
VERSION:3.0
FN:David Benfell
N:;;;;
EMAIL;TYPE=internet:benfell@xxxxxxxxxxxxxxxxx
REV:2013-09-21T20:53:44Z
UID:eba45e63-b04a-4395-a263-015ae97837d6:1806
END:VCARD

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux