I am trying to use Kiwi to manage my testcase.
I follow exactly the steps in this documentation
After I startup the service by using docker-compose up, these logs shown in my terminal:
kiwi_web | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.20.0.3. Set the 'ServerName' directive globally to suppress this message
kiwi_web | [Tue Jan 08 08:40:42.574498 2019] [ssl:warn] [pid 10] AH01909: RSA certificate configured for 172.20.0.3:443 does NOT include an ID which matches the server name
kiwi_web | [Tue Jan 08 08:40:42.574972 2019] [ssl:warn] [pid 10] AH01909: RSA certificate configured for 172.20.0.3:8443 does NOT include an ID which matches the server name
kiwi_web | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.20.0.3. Set the 'ServerName' directive globally to suppress this message
kiwi_web | [Tue Jan 08 08:40:42.613817 2019] [auth_digest:notice] [pid 10] AH01757: generating secret for digest authentication ...
kiwi_web | [Tue Jan 08 08:40:42.614733 2019] [lbmethod_heartbeat:notice] [pid 10] AH02282: No slotmem from mod_heartmonitor
kiwi_web | [Tue Jan 08 08:40:42.615950 2019] [ssl:warn] [pid 10] AH01909: RSA certificate configured for 172.20.0.3:443 does NOT include an ID which matches the server name
kiwi_web | [Tue Jan 08 08:40:42.616228 2019] [ssl:warn] [pid 10] AH01909: RSA certificate configured for 172.20.0.3:8443 does NOT include an ID which matches the server name
kiwi_web | [Tue Jan 08 08:40:42.621818 2019] [mpm_prefork:notice] [pid 10] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/4.6.5 Python/3.6 configured -- resuming normal operations
kiwi_web | [Tue Jan 08 08:40:42.621878 2019] [core:notice] [pid 10] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
When I try to access the service through web browser I get the following error message:
Failure to establish secure connection
SSL receives a record that exceeds the maximum allowable length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Actually I don't really need https protocal, how can I disable it and just use http?
The log from Apache is expected. We don't know the FQDN of the instance running Kiwi TCMS and this is not configured. However this should not stop it from working. After all this is how we run on the live demo.
The second error is described here:
SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
It points to a bug in Firefox and possibly some misconfiguration on the server side. However without additional info there's nothing I can do to help.
Are you trying to use the default SSL certificates or provide your own ?
Related
I have a AWS ec2 server, I'm running 2 websites there on 2 different domains (obviously) using Apache2. One is domain.com, another is docs.domain.com.
I'm running a wordpress website on domain.com. I'm running react/next js app on docs.domain.com using pm2 & yarn.
Vhost for domain.com
<VirtualHost *:443>
ServerName domain.com
DocumentRoot /var/www/html
ServerAlias domain.com
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com-0001/privkey.pem
</VirtualHost>
<VirtualHost *:80>
ServerName domain.com
DocumentRoot /var/www/html
ServerAlias bangdb.com
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_NAME} =domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Vhost for docs.domain.com
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName docs.domain.com
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
ServerSignature Off
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com-0001/privkey.pem
</VirtualHost>
</IfModule>
Suddenly on 22 Jan 2023 around 07:39 (time in the logs) my server got shut down, both websites got down, and I was not able to login to my server via ssh also. I had to restart from AWS console to get it working again.
Here is the syslog when it got down
Jan 22 07:09:36 ip-172-30-0-37 systemd[1]: Starting Clean php session files...
Jan 22 07:09:36 ip-172-30-0-37 systemd[1]: Started Clean php session files.
Jan 22 07:17:00 ip-172-30-0-37 snapd[15896]: autorefresh.go:540: Cannot prepare auto-refresh change due to a permanent network error: persistent network error: Post https://api.snapcraft.io/v2/snaps/refresh: dial tcp: lookup api.snapcraft.io: Temporary failure in name resolution
Jan 22 07:17:00 ip-172-30-0-37 snapd[15896]: stateengine.go:149: state ensure error: persistent network error: Post https://api.snapcraft.io/v2/snaps/refresh: dial tcp: lookup api.snapcraft.io: Temporary failure in name resolution
Jan 22 07:17:01 ip-172-30-0-37 CRON[30597]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jan 22 07:20:01 ip-172-30-0-37 CRON[30603]: (smmsp) CMD (test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib/sm.bin/sendmail && /usr/share/sendmail/sendmail cron-msp)
Jan 22 07:20:01 ip-172-30-0-37 sm-msp-queue[30622]: My unqualified host name (ip-172-30-0-37) unknown; sleeping for retry
Jan 22 07:21:01 ip-172-30-0-37 sm-msp-queue[30622]: unable to qualify my own domain name (ip-172-30-0-37) -- using short name
Jan 22 07:39:01 ip-172-30-0-37 CRON[30649]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jan 22 07:39:36 ip-172-30-0-37 systemd[1]: Starting Clean php session files...
Jan 22 07:39:36 ip-172-30-0-37 systemd[1]: Started Clean php session files.
Jan 22 07:39:47 ip-172-30-0-37 systemd[1]: Received SIGINT.
Jan 22 07:39:47 ip-172-30-0-37 systemd[1]: Stopped target Cloud-init target.
Jan 22 07:39:47 ip-172-30-0-37 systemd[1]: Stopping Authorization Manager...
Jan 22 07:39:47 ip-172-30-0-37 systemd[1]: Stopping User Manager for UID 1000...
Jan 22 07:39:47 ip-172-30-0-37 systemd[1]: Stopped target Timers.
Jan 22 07:39:47 ip-172-30-0-37 systemd[18626]: Stopped target Default.
Jan 22 07:40:41 ip-172-30-0-37 systemd[1]: Mounted POSIX Message Queue File System.
Jan 22 07:40:41 ip-172-30-0-37 systemd[1]: Started Set the console keyboard layout.
Jan 22 07:40:41 ip-172-30-0-37 systemd[1]: Mounted Huge Pages File System.
Jan 22 07:40:41 ip-172-30-0-37 systemd[1]: Started Create list of required static device nodes for the current kernel.
Jan 22 07:40:41 ip-172-30-0-37 systemd[1]: Mounted Kernel Debug File System.
Jan 22 07:40:41 ip-172-30-0-37 systemd[1]: Started Remount Root and Kernel File Systems.
Apache logs for the same time
[Sat Jan 21 06:25:02.412725 2023] [ssl:warn] [pid 31096] AH01909: ip-172-30-0-37.ec2.internal:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jan 21 06:25:02.413374 2023] [mpm_prefork:notice] [pid 31096] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Sat Jan 21 06:25:02.413383 2023] [core:notice] [pid 31096] AH00094: Command line: '/usr/sbin/apache2'
[Sat Jan 21 17:07:54.107574 2023] [mpm_prefork:error] [pid 31096] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
[Sun Jan 22 06:25:01.992892 2023] [mpm_prefork:notice] [pid 31096] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using fe80::8b1:5dff:fe04:4731. Set the 'ServerName' directive globally to suppress this message
[Sun Jan 22 06:25:02.073408 2023] [ssl:warn] [pid 31096] AH01909: fe80::8b1:5dff:fe04:4731:443:0 server certificate does NOT include an ID which matches the server name
[Sun Jan 22 06:25:02.074116 2023] [mpm_prefork:notice] [pid 31096] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Sun Jan 22 06:25:02.074125 2023] [core:notice] [pid 31096] AH00094: Command line: '/usr/sbin/apache2'
[Sun Jan 22 07:39:47.609420 2023] [mpm_prefork:notice] [pid 31096] AH00169: caught SIGTERM, shutting down
I'm not able to figure out whats the issue, it has happened before on 17th Dec 2022, so it's the second time it has happened.
OS Details :- Ubuntu 18.04.6 LTS
I upgraded from ubuntu 21.04 to 21.10.
apache2 does not change to php8 even after a2dismod php7.4 (...).
I get the following error.
I checked the config files in apache/ but could not find a line for it.
[Fri Jan 07 13:04:04.231832 2022] [proxy:error] [pid 1320] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
[Fri Jan 07 13:04:04.231889 2022] [proxy_fcgi:error] [pid 1320] [client 127.0.0.1:50726] AH01079: failed to make connection to backend: httpd-UDS, referer: http://localhost/oodb...
[Fri Jan 07 13:04:04.780393 2022] [proxy:error] [pid 1319] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
[Fri Jan 07 13:04:04.780431 2022] [proxy_fcgi:error] [pid 1319] [client 127.0.0.1:50728] AH01079: failed to make connection to backend: httpd-UDS, referer: http://localhost/...
[Fri Jan 07 13:04:06.829607 2022] [proxy:error] [pid 1318] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
Even after using commands like below the problem remained.
sudo systemctl enable php8-fpm
sudo systemctl disable php7.4-fpm
Only after manually deleting the link conf-enabled/php7.4-fpm.conf (/etc/apache2) and setting symoblic link (sudo ln -s ../conf-available/php8.0-fpm.conf) apache worked (after restart).
I'm running an Apache2 LAMP server with Ubuntu 18.04 and suddenly without a warning, the Apache stops running. I tried figuring out the problem with sudo service apache2 status and it shows the following:
sudo service apache2 status
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Mon 2018-09-03 13:07:40 UTC; 1h 6min ago
Process: 55939 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 128448 (code=exited, status=1/FAILURE)
Sep 03 13:07:40 localhost systemd[1]: Starting The Apache HTTP Server...
Sep 03 13:07:40 localhost apachectl[55939]: Action 'start' failed.
Sep 03 13:07:40 localhost apachectl[55939]: The Apache error log may have more information.
Sep 03 13:07:40 localhost systemd[1]: apache2.service: Control process exited, code=exited status=1
Sep 03 13:07:40 localhost systemd[1]: apache2.service: Failed with result 'exit-code'.
Sep 03 13:07:40 localhost systemd[1]: Failed to start The Apache HTTP Server.
The first thing I do is try to start it manually with sudo apachectl restart which results in the following:
sudo apachectl restart
httpd not running, trying to start
Action 'restart' failed.
The Apache error log may have more information.
So I check the log with sudo view /var/log/apache2/error.log and it shows a very long list as below:
PHP Warning: Module 'mbstring' already loaded in Unknown on line 0
PHP Warning: Module 'xmlrpc' already loaded in Unknown on line 0
PHP Warning: Module 'mcrypt' already loaded in Unknown on line 0
[Mon Sep 03 06:25:03.860913 2018] [ssl:emerg] [pid 128448] AH02572: Failed to configure at least one certificate and key for hailiga.org:443
[Mon Sep 03 06:25:03.860996 2018] [ssl:emerg] [pid 128448] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 06:25:03.861009 2018] [ssl:emerg] [pid 128448] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 06:25:03.861060 2018] [ssl:emerg] [pid 128448] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Sep 03 06:25:03.861077 2018] [ssl:emerg] [pid 128448] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Mon Sep 03 06:25:03.861086 2018] [:emerg] [pid 128448] AH00020: Configuration Failed, exiting
[Mon Sep 03 06:41:32.662021 2018] [ssl:emerg] [pid 53226] AH02572: Failed to configure at least one certificate and key for hailiga.org:443
[Mon Sep 03 06:41:32.662102 2018] [ssl:emerg] [pid 53226] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 06:41:32.662112 2018] [ssl:emerg] [pid 53226] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 06:41:32.662122 2018] [ssl:emerg] [pid 53226] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Sep 03 06:41:32.662127 2018] [ssl:emerg] [pid 53226] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Mon Sep 03 13:05:09.612981 2018] [ssl:emerg] [pid 55512] AH02572: Failed to configure at least one certificate and key for hailiga.org:443
[Mon Sep 03 13:05:09.613049 2018] [ssl:emerg] [pid 55512] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:05:09.613058 2018] [ssl:emerg] [pid 55512] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:05:09.613068 2018] [ssl:emerg] [pid 55512] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Sep 03 13:05:09.613072 2018] [ssl:emerg] [pid 55512] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Mon Sep 03 13:07:40.617846 2018] [ssl:emerg] [pid 55942] AH02572: Failed to configure at least one certificate and key for hailiga.org:443
[Mon Sep 03 13:07:40.618439 2018] [ssl:emerg] [pid 55942] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:07:40.618451 2018] [ssl:emerg] [pid 55942] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:07:40.618461 2018] [ssl:emerg] [pid 55942] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Sep 03 13:07:40.618466 2018] [ssl:emerg] [pid 55942] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Mon Sep 03 13:14:43.673776 2018] [ssl:emerg] [pid 56048] AH02572: Failed to configure at least one certificate and key for hailiga.org:443
[Mon Sep 03 13:14:43.673881 2018] [ssl:emerg] [pid 56048] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:14:43.673895 2018] [ssl:emerg] [pid 56048] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:14:43.673918 2018] [ssl:emerg] [pid 56048] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Sep 03 13:14:43.673924 2018] [ssl:emerg] [pid 56048] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Mon Sep 03 13:24:44.627730 2018] [ssl:emerg] [pid 56066] AH02572: Failed to configure at least one certificate and key for hailiga.org:443
[Mon Sep 03 13:24:44.627812 2018] [ssl:emerg] [pid 56066] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:24:44.627822 2018] [ssl:emerg] [pid 56066] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:24:44.627839 2018] [ssl:emerg] [pid 56066] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Sep 03 13:24:44.627845 2018] [ssl:emerg] [pid 56066] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Mon Sep 03 13:50:11.691451 2018] [ssl:emerg] [pid 56308] AH02572: Failed to configure at least one certificate and key for hailiga.org:443
[Mon Sep 03 13:50:11.691543 2018] [ssl:emerg] [pid 56308] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:50:11.691552 2018] [ssl:emerg] [pid 56308] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Mon Sep 03 13:50:11.691569 2018] [ssl:emerg] [pid 56308] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Sep 03 13:50:11.691574 2018] [ssl:emerg] [pid 56308] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Mon Sep 03 14:07:10.776987 2018] [ssl:emerg] [pid 56364] AH02572: Failed to configure at least one certificate and key for hailiga.org:443
I have tried to phpdismod the three error modules and it didn't work. I am running PHP 7.2 and php7.0-fpm, for SSL I have Let's Encrypt Certbot installed.
Can someone out there please tell me what's going on?
Found the problem, a corrupted code in my apache config file.
For those who have the same problem here's how to fix it:
Go to Apache2 sites-available directory using cd /etc/apache2/sites-available
Disable ALL config files using sudo a2dissite example.com.conf example-2.com.conf ... (Ignore the systemctl reload apache2 now, we will get to it later)
Enable the default config files using sudo a2ensite 000-default.conf
Reload Apache2 with sudo systemctl reload apache2
Enable the config files one by one to find out which one is corrupted using sudo a2ensite test-1.conf and reload apache using sudo systemctl reload apache2 and finally test if it is working with sudo service apache2 status
Once you found the file edit it, fix the problem and off to enable all the config files! Be sure to disable the default using sudo a2dissite 000-default.conf, check the Apache is running with sudo service apache2 status.
There you have it! That's how I fix it anyway. Oh, the disabling and enabling config files might result in pointing to the wrong directory, when you enabled all of them back it should return to normal.
Have a great day :D
The webapp is deployed on EC2 and following error is faced randomly once or twice a day making the webapp inaccessible for some period of time. It is automatically corrected after some time.
(2)No such file or directory: [client xxx.xx.xx.xxx:xxxxx] mod_wsgi (pid=xxxxx): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
Application Stack
web2py
mod_wsgi
Apache2
The logs are different every time before the error:
[Thu Sep 28 06:25:01.528334 2017] [mpm_event:notice] [pid 30303:tid 140438078609280] AH00493: SIGUSR1 received. Doing graceful restart
[Thu Sep 28 06:25:02.318551 2017] [ssl:warn] [pid 30303:tid 140438078609280] AH01906: ip-172-31-0-91.eu-west-1.compute.internal:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Sep 28 06:25:02.318574 2017] [ssl:warn] [pid 30303:tid 140438078609280] AH01909: ip-172-31-0-91.eu-west-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
[Thu Sep 28 06:25:02.318664 2017] [wsgi:warn] [pid 30303:tid 140438078609280] mod_wsgi: Compiled for Python/2.7.11.
[Thu Sep 28 06:25:02.318669 2017] [wsgi:warn] [pid 30303:tid 140438078609280] mod_wsgi: Runtime using Python/2.7.12.
[Thu Sep 28 06:25:02.319205 2017] [mpm_event:notice] [pid 30303:tid 140438078609280] AH00489: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g mod_wsgi/4.3.0 Python/2.7.12 configured -- resuming normal operations
[Thu Sep 28 06:25:02.319225 2017] [core:notice] [pid 30303:tid 140438078609280] AH00094: Command line: '/usr/sbin/apache2'
[Thu Sep 28 06:25:09.327495 2017] [mpm_event:error] [pid 30303:tid 140438078609280] AH00485: scoreboard is full, not at MaxRequestWorkers
[Thu Sep 28 06:28:39.560285 2017] [mpm_event:error] [pid 30303:tid 140438078609280] AH00485: scoreboard is full, not at MaxRequestWorkers
[Thu Sep 28 06:45:27.583870 2017] [wsgi:error] [pid 30307:tid 140437629064960] (2)No such file or directory: [client 172.31.32.163:24210] mod_wsgi (pid=30307): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
[Thu Sep 28 06:49:14.503732 2017] [wsgi:error] [pid 30307:tid 140437603886848] (2)No such file or directory: [client 172.31.14.173:37726] mod_wsgi (pid=30307): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
Let me know if more information is required.
This is caused by doing a graceful restart of Apache when HTTP clients are using keep alive connections and issuing multiple requests over the same connection.
The problem is that the way Apache manages the mod_wsgi daemon process means they are shutdown straight away still even if is a graceful restart. In the meantime, the Apache child worker processes which accept the requests initially and proxy to the mod_wsgi daemon processes will keep running until all client connections drop. This means that when have keep alive connections and subsequent request over same client connection needs to go to the WSGI application, that it will fail as the prior incarnation of the mod_wsgi daemon processes are now gone.
In this situation one can't allow the old Apache child worker process to connect to new mod_wsgi daemon processes as the reason for a restart may have been a configuration change and allowing old child worker process to connect to new instances of daemon processes, could introduce a security problem if under the new configuration the request being handled in that way was not allowed.
Do accept this is a rare scenario, and likelihood of a security issue arising is slim. It is probably reasonable to consider a new option to mod_wsgi to say that connecting to newer daemon process in this case is okay, and not rotate the listener socket for the daemon processes on any restart.
That this can occur has been known all along (10 years), but an issue for it has been created on GitHub against mod_wsgi to consider such an option.
https://github.com/GrahamDumpleton/mod_wsgi/issues/229
I have configured tomcat to run on port 80 with apache2 and mod_jk and this work well. If i reboot the system then the site will be the standart site from apache2. If i restart apache2 (/etc/init.d/apache2 restart) the site will come from tomcat. But why first after restart of apache2?
Anyone an idea?
Log after reboot the system (in /var/log/apache2/):
> mod_jk.log <
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
> error.log <
[Mon Sep 22 16:24:40 2014] [notice] Apache/2.2.22 (Debian) mod_jk/1.2.37 configured -- resuming normal operations
[Mon Sep 22 16:26:50 2014] [notice] caught SIGTERM, shutting down
Log after restart apache (in /var/log/apache2/):
> mod_jk.log <
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
> error.log <
[Mon Sep 22 16:29:10 2014] [notice] Apache/2.2.22 (Debian) mod_jk/1.2.37 configured -- resuming normal operations
EDIT 1:
Ok, i have tested this several times and find out that the apache2 / tomcat7 / mod_jk behavior is more crazy xD
I will show you my configurations:
> local: hosts <
192.168.84.129 migor
192.168.84.129 test.migor
> in tomcat server.xml <
<Host name="test.migor" appBase="myapps/test" unpackWARs="true" autoDeploy="true" />
> worker.properties <
workers.tomcat_home=/var/lib/tomcat7
workers.java_home=/usr/lib/jvm/java-7
ps=/
worker.list=ajp13_worker
worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13
worker.ajp13_worker.lbfactor=1
> sitea-available/test.migor <
<Virtualhost test.migor>
JkMount /* ajp13_worker
ServerName test.migor
DocumentRoot /var/lib/tomcat7/myapps/test
ErrorLog /var/lib/tomcat7/logs/error.log
CustomLog /var/lib/tomcat7/logs/access.log common
<Directory /var/lib/tomcat7/myapps/test>
Options -Indexes
</Directory>
</Virtualhost>
Now the behavior:
After reboot under url: "test.migor/", "migor/" and my server ip 192.168.84.129 i will get the site from apache2
After restarting apache2 i will get on migor/ and 192.168.84.129 the tomcat page from webapps and on test.migor/ the page from myapps/test. Here the problem, i expected on 192.168.84.129 the page from apache2.
Any an idea?
EDIT 2:
Ok, i have forget to add "NameVirtualHost test.migor" to "sitea-available/test.migor" and my config have completly overwrite default settiong of apache. Now is the behavior ok for me. With url "migor/" i can call default apache site and with url "test.migor/" i can call the tomcat homepage which is in tomcat7/myapps/test.
But this behavior will be activated only after restart of apache2 (if i have rebooted my system before). I will show for the solution and post it here. Maybe in "EDIT 3" xD
The error clearly says that jk-manager and jk-status is not accurately defined in workers.property file.
Please check your workers.properties file and make following changes:
worker.list=jk-manager
worker.jk-manager.type=status
worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true
Cheers!!