admin.jugamanusia.com

Warning: file_get_contents(http://ecs.amazonaws.com/onca/xml?Service=AWSECommerceService&AWSAccessKeyId=1TJ8QTQ6ZFCVAJ3X1T02&AssociateTag=ii0c3-20&Operation=ItemSearch&SearchIndex=Books&ResponseGroup=Small,Images&Keywords=Apache) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in /home/manusia2/public_html/wp-content/plugins/amazonfeed/php/amazonfeed.class.php on line 271

Apache 2.2 has a bug affecting some systems where a graceful restart does not fully clean up any running processes. The result is that child processes are stuck in “G” status and more file descriptors are used which can push it over its limit and crash it.

Apache is aware of this bug and patches have been submitted but they are all problematic.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42829

Apache is attempting to deal with it upstream but still it is not finalized.

http://svn.apache.org/viewvc/httpd/httpd/trunk/
server/mpm/prefork/prefork.c?view=log&pathrev=613260

If you experience this issue on a server your best and only supported option is to run Apache 2.0 instead of 2.2 as the patches are not ready for production as they have known issues and need further refining by Apache.

Tags: Apache, EasyApache

Related posts

• Website (0)
• Slackware Linux Essentials - Chapter 4 System Configuration (0)
• Slackware Linux Essentials - Chapter 13 Basic Network Commands (0)
• Slackware Linux Essentials - Chapter 11 Process Control (0)
• Slackware Linux Essentials - Chapter 1 An Introduction to Slackware Linux (0)

EasyApache Apache

FrontPage is supported for all versions of Apache available through EasyApache 3 and all operating systems supported by cPanel. For Apache 2.0 and 2.2, the fpexe FrontPage binary is replaced with a copy of /scripts/fp-auth which collects the authentication tokens generated by mod_auth_passthrough and does not require the SUID bit of a more traditional mod_frontpage installation. Most common FrontPage problems can be addressed by:

• Running /scripts/initsuexec
• Uninstalling and reinstalling the FrontPage extensions on the affected account
• Checking for errors generated by visiting the FrontPage administration interface at http://http://domain.com/_vti_bin/_vti_adm/fpadmcgi.exe

FrontPage on 64-bit Systems

The FrontPage binaries are compiled in 32-bit mode, so the underlying OS must support execution of 32-bit binaries. On most Linux systems, 32-bit compatibility libraries are installed by default and no special configuration is required. On 64-bit FreeBSD systems, 32-bit compatibility is NOT installed by default. For FrontPage to function on these systems, the 32-bit compatibility layer must be installed. This involves:

1. Adding “WITH_LIB32=yes” to /etc/make.conf
2. Rebuilding the core operating system libraries with “make buildworld” and “make installworld”
3. Rebuilding the kernel if 32-bit support was not previously enabled

NOTE: Please carefully read the FreeBSD manual before attempting to enable 32-bit support on a 64-bit FreeBSD system. Upgrading the core OS in this fashion is a complex process and should not be undertaken lightly.

Tags: Apache, bsd, cPanel, domain name, EasyApache, freebsd, frontpage

Related posts

• Edge 30943 (0)
• cPanel Installation (0)
• FreeBSD Handbook - Chapter 30 Firewalls (0)
• FreeBSD Handbook - Chapter 29 Network Servers (0)
• FreeBSD Handbook - Chapter 14 Security (0)

EasyApache Apache, bsd, cPanel, domain name, freebsd, frontpage

NOTE: This document is only relevant for CentOS 4.0-4.5.

Problems with Apache 2.0 and 2.2 mod_ssl on Certain Systems

Certain older versions of OpenSSL contain a bug that causes Apache to fail while starting on systems that have a large number of VirtualHosts, at least one of which is used for SSL access. RedHat and CentOS 4.6+ and 5.x have been patched for this issue. If your system is running one of those distributions and is up to date, you should not encounter this bug. If you are running a different distribution and encounter segmentation faults when starting up Apache 2.0 or 2.2, you may need to contact your Linux distribution vendor and inquire about this problem.

Apache 1.3 is not affected by this issue.

Detailed Analysis

The core problem is that versions of OpenSSL before 0.9.7k and 0.9.8c have a fault that appears when certain functions are used after FD_SETSIZE (generally 1024) file descriptors have been opened:

http://marc.info/?l=openssl-dev&m=114301777619250&w=2

With Apache 1.3, initialization of mod_ssl occurs before httpd.conf is processed. With Apache 2.0 and 2.2, most initialization of mod_ssl occurs after httpd.conf has been processed, meaning that all the VirtualHost logfiles will be open when ssl_init_Module() is executed. The functions in OpenSSL affected by this issue at present are:

RAND_status(), called by ssl_init_Module() -> ssl_rand_seed()

RSA_generate_key(), called by ssl_init_Module() -> ssl_tmp_keys_init() -> ssl_tmp_key_init_rsa()

It does not appear that there are any faults once initialization of mod_ssl is completed on Apache 2.0 and 2.2. Starting Apache with a trimmed down httpd.conf file, copying the complete httpd.conf file over it and then restarting Apache does not cause a segfault because ssl_init_Module() is not executed again.

How Do You Know Whether An Install of Apache 2.x Suffers From This Problem?

A quick way of checking for this specific problem is by capturing the output of httpd startup via the strace program. The OpenSSL bug manifests at the end of the output as:

1. Reading from /dev/urandom
2. Closing /dev/urandom
3. Get the current time
4. Seg Fault

A more positive identification can be done by disabling all SSL Vhosts in httpd.conf and restarting Apache. If Apache restarts without error, then the problem lies with mod_ssl/OpenSSL.

To pinpoint the exact function call causing the segmentation fault, Apache must be recompiled with debugging symbols so that a usable backtrace can be created with GDB. In order to recompile apache with debugging symbols, you must simply set the appropriate CFLAGS and then run EasyApache like so:

export CFLAGS="-g"
/scripts/easyapache –build


How Can This Bug Be Fixed?

Unfortunately, the fix provided by Red Hat is only in CentOS/RHEL 5 and Fedora at this time. Older versions are left with the following options:

1. Update Your Operating System If Possible - Granted this is no trivial task but then you’ll have the latest openssl without this openssl bug.
2. Use Only Apache 1.3 - Tests with Apache 1.3 show it is not susceptible to this bug, due to the way it performs some module initialization before processing httpd.conf, while Apache 2.x does the module initialization after httpd.conf processing.
3. Patch Apache 2.x - At this time, cPanel patches Apache 2.0 and 2.2 mod_ssl to avoid the call to RAND_status() for older versions of OpenSSL. On some systems, this is sufficient to avoid any problems. Reordering the call to RSA_generate_key() is more involved since that function must not run before other initialization functions have executed. It is possible that other function calls during mod_ssl’s initialization also cause segmentation faults under some circumstances.

After applying a patch, if you choose that option, please be sure to test Apache again to see if it is still suffering from the issue.

NOTE: It was previously recommended to use /opt/openssl to work around this issue however that method does not ensure that you have the latest patched version of OpenSSL as /opt/openssl is not updated by either EasyApache or the system package manager. This can be a security concern and requires you to manually track and update the openssl installation in /opt/openssl. In addition, when using the /opt/openssl workaround, multiple copies of libssl can be/are loaded into memory. When a function is called by a program looking to interact with libssl, there may be two (potentially different) copies of that function loaded into memory. There’s no real way to determine which function is being called and therefore troubleshooting issues with a /opt/openssl implementation becomes increasingly difficult if not impossible. For these reasons, we do not recommend using /opt/openssl to work around this bug.

Tags: Apache, centos, cPanel, EasyApache, redhat, rhel, ssl

Related posts

• Easy Apache 3 n PHP - Adding Custom Directives to httpd.conf (0)
• cPanel 11 Documentation - SSL TLS Manager (0)
• Apache Configuration System - Internal WHM n cPanel Changes (0)
• Website (0)
• Slackware Linux Essentials - Chapter 13 Basic Network Commands (0)

EasyApache Apache, centos, cPanel, redhat, rhel, ssl

What permissions do my PHP scripts need?

As mentioned in the previous section, all of the PHP configurations supported by cPanel require appropriate read access the the script. If the “nobody” user will be executing it, the “nobody” user much be capable of reading it. Generally speaking, this means 0644 permissions should be adequate for all setups.

I changed the PHP configuration, but PHP doesn’t seem to be working properly.

First, perform a HARD restart of Apache. If that doesn’t fix the problem, verify that the “Include /usr/local/apache/conf/php.conf” directive is in httpd.conf

If that is okay, check the error log for obvious problems.

If nothing particularly revealing is in the logs, check the .htaccess files in all directories leading to the script for bad AddHandler directives.

How do I get PHP working in /usr/local/apache/htdocs?

The answer to this question depends largely on how PHP is being handled.

DSO

Should work by default without any tweaking.

SuPHP

Versions of cPanel/WHM before revision 19254 did not add the directives required to run PHP scripts using mod_suphp in the main apache document root. To fix this issue, update cPanel, run “/usr/local/cpanel/bin/apache_conf_distiller –update –main” and “/scripts/rebuildhttpdconf“. This should add suPHP_UserGroup directives to the default Virtual-Hosts in httpd.conf and mod_suphp should begin serving PHP requests directed at those hosts. PHP scripts will must be owned by the “nobody” user and group.

CGI/FCGID

These should work by default, but /usr/local/apache/htdocs must be configured with the ExecCGI directory option. The standard httpd.conf file shipped with Apache does not have this option set.

Tags: Apache, cPanel, EasyApache, htaccess, php, WHM

Related posts

• Easy Apache 3 n PHP - Apache PHP Request Handling (0)
• Easy Apache 3 n PHP - User Level PHP Handling Customization (0)
• Easy Apache 3 n PHP - Advanced Configuration (0)
• cPanel Installation (0)
• Apache n PHP Customization - Using Custom Configure Flags (0)

EasyApache Apache, cPanel, htaccess, php, WHM

Question: A user wants to add something to the main section of httpd.conf

Answer: Edit the file and run /usr/local/cpanel/bin/apache_conf_distiller --update --main. This will update the main Apache template and datastores to include the new directive(s). If something is being removed, –reset may also be required but is rarely the case.

 

Question: apache_conf_distiller or userdata_update fail before EasyApache runs

Answer: Run these tools with the “—verbose” flag and isolate what is causing the problem. If these tools fail to function properly, then the issue should be addressed prior to rebuilding Apache otherwise there may be data loss.

 

Question: Apache configuration fails after rebuilding Apache

Answer: These failures are always accompanied by a message stating the location of the failed httpd.conf and the failure message that was generated. Look at that file and identify why Apache rejected the new configuration file. If the problem is a missing module (DSO or compiled in), file a bug report saying which Directive appeared in the failed httpd.conf and which module was missing (including the log output about the option failing if any). If the failure looks like it was caused by corrupted userdata, use the tools available to correct the issue

 

Question: Apache works fine but PHP isn’t working properly.

Answer: The EasyApache build system and the new Cpanel::AdvConfig configuration system leave the PHP configuration contained in php.ini largely untouched. When users upgrade PHP, they need to check that their php.ini is configured correctly. They need to update their extensions, and they might need to update any PHP MIME types or directives they have listed in .htaccess files. Fortunately, the PHP configuration supplied by cPanel is in a single file /usr/local/apache/conf/php.conf, so if MIME types are the issue, check that file to see how PHP is configured and update the .htaccess files to use the configured MIME type. If the php.ini file is to blame, make sure the extension_dir is set properly (use php-config to find the correct one), make sure the extensions being loaded are actually installed, make sure Zend and ION are up to date, and most problems will be resolved. As far as Zend not working with different PHP configuration flags, we are attempting to document these in the EasyApache interface as they are discovered.

 

Question: Apache defaults to listening on all available IPs, but another service should listen on a conflicting port on one or more IPs

Answer: By creating the file /etc/apache_reservedips which contains one IP per line, you can tell the configuration generation tools to exclude those IPs from Apache. Afterwards Apache will listen on all available IPs minus the IPs configured in /etc/apache_reservedips.

 

Question: Will my custom /usr/local/apache/htdocs contents be preserved?

Answer: Yes. htdocs does need to be moved out of the way just prior to Apache’s make install. However, right after make install this will be done:

1. /usr/local/apache/htdocs/ea3_apache_build_htdocs/ will contain Apache’s default website from make install
2. everything that was in there before (except the previous Apache’s ea3_apache_build_htdocs site ) is restored
3. /usr/local/apache/htdocs/suspended.page and /usr/local/apache/htdocs/index.html are set to defaults if they do not exist

If the build process fails prior to Apache’s make install with this error:

Could not remove “/usr/local/apache/htdocs“: Permission denied

Then you most likely have files set to immutable. That will need changed.

If you feel its absolutely needed, a safer way to ensure they are not accidentally changed will need implemented. (E.g. scheduled svn export, md5 sum “check and replace if need be”, etc)

? Back To Top ?

Tags: Apache, cPanel, EasyApache, htaccess, php

Related posts

• Easy Apache 3 n PHP - User Level PHP Handling Customization (0)
• Easy Apache 3 n PHP - Common Questions 2 (0)
• Easy Apache 3 n PHP - Apache PHP Request Handling (0)
• Easy Apache 3 n PHP - PHP Extensions (0)
• Easy Apache 3 n PHP - Choose Which Main PHP To Build (0)

EasyApache Apache, cPanel, htaccess, php