I am attempting to set up apache with sslh. The latter is running fine, but when I attempt to start the apache2 server, it fails with the following message:
dnessett@Mount:/etc/apache2/sites-available$ sudo systemctl restart apache2
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
Wnen I investigate further (asking for apache status), I find the following:
dnessett@Mount:/etc/apache2/sites-available$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled-runtime; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Thu 2022-12-15 11:08:46 MST; 41s ago
Process: 2520 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Dec 15 11:08:46 Mount systemd[1]: Starting The Apache HTTP Server...
Dec 15 11:08:46 Mount apachectl[2520]: (98)Address already in use: AH00072: make_sock: could not bind to address 127.0.0.1:4443
Dec 15 11:08:46 Mount apachectl[2520]: no listening sockets available, shutting down
Dec 15 11:08:46 Mount apachectl[2520]: AH00015: Unable to open logs
Dec 15 11:08:46 Mount apachectl[2520]: Action 'start' failed.
Dec 15 11:08:46 Mount apachectl[2520]: The Apache error log may have more information.
Dec 15 11:08:46 Mount systemd[1]: apache2.service: Control process exited, code=exited status=1
Dec 15 11:08:46 Mount systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 15 11:08:46 Mount systemd[1]: Failed to start The Apache HTTP Server.
Since it appears port 4443 is already in use, I print the active listen addresses:
dnessett@Mount:/etc/apache2/sites-available$ sudo lsof -i -P -n | grep LISTEN
systemd-r 760 systemd-resolve 13u IPv4 20577 0t0 TCP 127.0.0.53:53 (LISTEN)
cupsd 859 root 6u IPv6 21248 0t0 TCP [::1]:631 (LISTEN)
cupsd 859 root 7u IPv4 21249 0t0 TCP 127.0.0.1:631 (LISTEN)
vsftpd 977 root 3u IPv6 21478 0t0 TCP *:21 (LISTEN)
sshd 989 root 3u IPv4 23513 0t0 TCP *:22 (LISTEN)
sshd 989 root 4u IPv6 23515 0t0 TCP *:22 (LISTEN)
mysqld 1565 mysql 17u IPv6 26365 0t0 TCP *:3306 (LISTEN)
sslh 2166 sslh 3u IPv4 75977 0t0 TCP 98.127.182.220:443 (LISTEN)
sslh 2167 sslh 3u IPv4 75977 0t0 TCP 98.127.182.220:443 (LISTEN)
As is shown, there is no active listen address for port 4443. journalctl -xe gave no additional information.
I have configured apache to listen on 4443, since sslh listens on 443 and forwards https requests to port 4443. I am using a virtual host for this purpose in 000-default.conf, which I include below (notice I have commented out the listen on port 80, since I only want apache to listen for https requests). I have also commented out some <Directory > directives that came from an XAMPP configuration, which I have disabled. If I get apache working I will remove most of this commented out text
dnessett@Mount:/etc/apache2/sites-available$ cat 000-default.conf
# Comment out the port 80 virtual host block
<IfDefine IgnoreBlockComment>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
</IfDefine>
Listen localhost:4443 ssl;
# These defintions are in the main conf file
<IfDefine IgnoreBlockComment>
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</IfDefine>
# Comment out the lampp phpadmin and htdocs Directory blocks
<IfDefine IgnoreBlockComment>
<Directory "/opt/lampp/phpmyadmin">
AllowOverride AuthConfig Limit
Require all granted
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>
<Directory "/opt/lampp/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</IfDefine>
<VirtualHost localhost:4443>
ServerName coop.mountolive.com:4443
DocumentRoot /var/www/sites/coop-mountolive
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
For completeness, I include below the configuration information for sslh:
dnessett@Mount:/etc/default$ cat sslh
# Default options for sslh initscript
# sourced by /etc/init.d/sslh
# Disabled by default, to force yourself
# to read the configuration:
# - /usr/share/doc/sslh/README.Debian (quick start)
# - /usr/share/doc/sslh/README, at "Configuration" section
# - sslh(8) via "man sslh" for more configuration details.
# Once configuration ready, you *must* set RUN to yes here
# and try to start sslh (standalone mode only)
RUN=yes
# binary to use: forked (sslh) or single-thread (sslh-select) version
# systemd users: don't forget to modify /lib/systemd/system/sslh.service
DAEMON=/usr/sbin/sslh
DAEMON_OPTS="--user sslh --listen coop.mountolive.com:443 --ssh 127.0.0.1:22 --ssl localhost:4443 --pidfile /var/run/sslh/sslh.pid"
Thanks for any help you can give.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|