----- "David Southwell" <david@xxxxxxxxxxxxxx> wrote:
> HI
>
>
>
> Some assistance would be much appreciated as the web server is now off
> line.
>
>
>
> Sysrem is freebsd 7.2 p3
>
>
>
> apache22 has mysteriously stopped loading after an attempted restart.
> The log file even at debug level does not indicate why the server will
> not start. It was working fine and stopped following a recent ports
> upgrade.
Then it's not really mysterious? You have a very probable cause.
> I have had a similar symptom once before which seemed to be due to
> using ssl from ports. On that occasion I recompiled apache22 and all
> mods andput the following line in make.conf:
>
> WITH_OPENSSL_FROM_PORTS=yes
>
> and that appeared to solve the problem on that occasion.
>
>
>
> HOWVER this time I am not so fortunate and cannot get the server to
> start.
>
>
>
> I am still curious about SSL from ports as a possible cause. openssl
> from ports is reported as version openssl-1.0.0_4 however as you can
> see from the httpd-error.log (in full below) the lines:
>
> "[Sat Jan 01 15:08:57 2011] [info] mod_ssl/2.2.17 compiled against
> Server: Apache/2.2.17, Library: OpenSSL/1.0.0c"
>
> make me wonder if the apache compile has ignored the make.conf
>
> WITH_OPENSSL_FROM_PORTS=yes
>
> and compiled from system default.
No, it has not. The OpenSSL from ports should by now be in exactly
that version: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssl/
While the system's OpenSSL will be something like 0.9.8m~
whoa.. I guessed it right:
http://ftp2.at.freebsd.org/pub/FreeBSD/ports/amd64/packages-7.2-release/security/
> Is that what those lines mean and If so how do I remedy it?
>
>
>
>
>
> Below is some more detailed info which includes httpd.conf, list of
> ssl relevant ports, & the httpd-error.log file generated at debug
> level.
>
>
>
> The following ssl relevant ports are installed:
>
>
>
> linux-openssl-0.9.7f_2 SSL and crypto library (Linux Version)
This is not really relevant..
> openssl-1.0.0_4 SSL and crypto library
Yup.. OpenSSL from Ports.. 1.0.0c...
> php5-openssl-5.3.4 The openssl shared extension for php
>
> py26-openssl-0.11 Python interface to the OpenSSL library
>
> qca-ossl-2.0.0.b3_4 QCA OpenSLL plugin
These are not really relevant...
> httpd.conf Syntax is reported as OK
>
> dns1# httpd -t
>
> Syntax OK
>
>
>
> dns1# hostname
>
> dns1.vizion2000.net
>
> dns1#
Is dns1 a hint on the role of that machine?
If so, why are you running an httpd with Subversion on a DNS server?!
> httpd-error.log file entries after trying to start the server:
>
> dns1# /usr/local/sbin/apachectl -e debug -k start
>
> test_2011_01_01_12
>
> [Sat Jan 01 15:08:56 2011] [info] Init: Initialized OpenSSL library
>
> [Sat Jan 01 15:08:56 2011] [info] Init: Seeding PRNG with 0 bytes of
> entropy
This sounds bad. Do you have a /dev/urandom or any other PRNG on your
system? Do you have something configured in httpd.conf...?
> [Sat Jan 01 15:08:56 2011] [info] Init: Generating temporary RSA
> private keys (512/1024 bits)
>
> [Sat Jan 01 15:08:56 2011] [info] Init: Generating temporary DH
> parameters (512/1024 bits)
>
> [Sat Jan 01 15:08:56 2011] [warn] Init: Session Cache is not
> configured [hint: SSLSessionCache]
>
> [Sat Jan 01 15:08:56 2011] [info] Init: Initializing (virtual) servers
> for SSL
>
> [Sat Jan 01 15:08:56 2011] [info] mod_ssl/2.2.17 compiled against
> Server: Apache/2.2.17, Library: OpenSSL/1.0.0c
>
> [Sat Jan 01 15:08:56 2011] [info] mod_unique_id: using ip addr
> 62.49.197.50
<SNIP>
> LoadModule dav_svn_module libexec/apache22/mod_dav_svn.so
> LoadModule authz_svn_module libexec/apache22/mod_authz_svn.so
Why are you loading every single one module in existence?
See: http://httpd.apache.org/docs/trunk/mod/
for a reference of which modules you need and which you can skip.
See: for a minimal config that works.
http://blag.esotericsystems.at/2010/04/simple-small-secure/
> User www
>
> Group www
>
> </IfModule>
>
>
>
> ServerAdmin david@xxxxxxxxxxxxxx
>
>
>
> ServerName dns1.vizion2000.net
>
>
>
> DocumentRoot "/usr_www/virtualwebs/vizion2000.net"
>
>
>
>
>
> <Location /iinissvn>
>
> DAV svn
>
> SVNPath /usr_www/virtualwebs/vizion2000.net/iinis_svn
>
> SVNListParentPath on
>
> # Access control Policy
>
> AuthzSVNAccessFile /usr/local/etc/apache22/Authz_iinis_svn
>
>
>
> # try anonymous access first, resort to authentication
>
> # if necessary
>
>
>
> Require valid-user
>
> AuthType Basic
>
> AuthName "iinis svn repository"
>
> AuthUserFile /usr/local/etc/apache22/svn-auth-iinis
>
>
>
> </Location>
>
> CustomLog /usr/local/etc/apache22/svn_dev_logfile "%t %u
> %{SVN-ACTION}e" env=SVN-ACTION
>
>
>
>
>
> <Directory />
>
> AllowOverride None
>
> Order deny,allow
>
> Deny from all
>
> </Directory>
>
>
>
>
>
> <Directory "/usr_www/virtualwebs/vizion2000.net">
>
>
>
> Options All Indexes FollowSymLinks
>
> DirectoryIndex index.php index.html
>
> Options ExecCGI FollowSymLinks
>
>
>
> AllowOverride None
>
>
>
> Order allow,deny
>
> Allow from all
>
>
>
> </Directory>
>
>
>
> Alias /doc /usr_www/virtualwebs/vizion2000.net/doc
>
> <Directory "/usr_www/virtualwebs/vizion2000.net/doc">
>
> Options Indexes FollowSymLinks
>
> AllowOverride None
>
> Order allow,deny
>
> allow from all
>
> </Directory>
>
> <Directory "/usr_www/virtualwebs/icons">
>
> Options FollowSymLinks ExecCGI
>
> AllowOverride None
>
> Order allow,deny
>
> Allow from all
>
> </Directory>
>
> <IfModule dir_module>
>
> DirectoryIndex index.php index.html
>
> </IfModule>
>
>
>
>
>
> <FilesMatch "^\.ht">
>
> Order allow,deny
>
> Deny from all
>
> Satisfy All
>
> </FilesMatch>
>
>
>
> ErrorLog /var/log/httpd-error.log
>
>
>
>
>
> LogLevel debug
>
>
>
> <IfModule log_config_module>
>
> #
>
> # The following directives define some format nicknames for use with
>
> # a CustomLog directive (see below).
>
> #
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" combined
>
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
>
>
>
> <IfModule logio_module>
>
> # You need to enable mod_logio.c to use %I and %O
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\" %I %O" combinedio
>
> </IfModule>
>
>
>
> CustomLog /var/log/httpd-access.log combined
>
> </IfModule>
>
>
>
> <IfModule alias_module>
>
> #
>
> ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/"
>
>
>
>
>
> </IfModule>
>
>
>
> <IfModule cgid_module>
>
> #
>
> # ScriptSock: On threaded servers, designate the path to the UNIX
>
> # socket used to communicate with the CGI daemon of mod_cgid.
>
> #
>
> #Scriptsock /var/run/cgisock
>
> </IfModule>
>
>
>
> #
>
> # "/usr/local/www/apache22/cgi-bin" should be changed to whatever your
> ScriptAliased
>
> # CGI directory exists, if you have that configured.
>
> #
>
> <Directory "/usr/local/www/apache22/cgi-bin">
>
> AllowOverride None
>
> Options None
>
> Order allow,deny
>
> Allow from all
>
> </Directory>
>
>
>
> #
>
> DefaultType text/plain
>
>
>
> <IfModule mime_module>
>
> #
>
> # TypesConfig points to the file containing the list of mappings from
>
> # filename extension to MIME-type.
>
> #
>
> TypesConfig etc/apache22/mime.types
>
>
>
>
>
> AddType application/x-compress .Z
>
> AddType application/x-gzip .gz .tgz
>
> AddType application/x-httpd-php .php
>
> AddType application/x-httpd-php-source .phps
>
>
>
> AddHandler cgi-script .cgi
>
> AddHandler python_module .py
>
>
>
> </IfModule>
>
>
>
>
>
>
>
> Include etc/apache22/Includes/*.conf
>
> #Include etc/apache22/extra/httpd-ssl.conf
Okay..
I don't see a single one line in your config that is SSL related.
> Photographic Artist
>
> Permanent Installations & Design
>
> Creative Imagery and Advanced Digital Techniques
>
> High Dynamic Range Photography & Official Portraiture
>
> Combined darkroom & digital creations
>
> & Systems Adminstrator for the vizion2000.net network
--
Igor GaliÄ
Tel: +43 (0) 664 886 22 883
Mail: i.galic@xxxxxxxxxxxxxx
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|