The webapp is deployed on EC2 and following error is faced randomly once or twice a day making the webapp inaccessible for some period of time. It is automatically corrected after some time.
(2)No such file or directory: [client xxx.xx.xx.xxx:xxxxx] mod_wsgi (pid=xxxxx): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
Application Stack
web2py
mod_wsgi
Apache2
The logs are different every time before the error:
[Thu Sep 28 06:25:01.528334 2017] [mpm_event:notice] [pid 30303:tid 140438078609280] AH00493: SIGUSR1 received. Doing graceful restart
[Thu Sep 28 06:25:02.318551 2017] [ssl:warn] [pid 30303:tid 140438078609280] AH01906: ip-172-31-0-91.eu-west-1.compute.internal:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Sep 28 06:25:02.318574 2017] [ssl:warn] [pid 30303:tid 140438078609280] AH01909: ip-172-31-0-91.eu-west-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
[Thu Sep 28 06:25:02.318664 2017] [wsgi:warn] [pid 30303:tid 140438078609280] mod_wsgi: Compiled for Python/2.7.11.
[Thu Sep 28 06:25:02.318669 2017] [wsgi:warn] [pid 30303:tid 140438078609280] mod_wsgi: Runtime using Python/2.7.12.
[Thu Sep 28 06:25:02.319205 2017] [mpm_event:notice] [pid 30303:tid 140438078609280] AH00489: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g mod_wsgi/4.3.0 Python/2.7.12 configured -- resuming normal operations
[Thu Sep 28 06:25:02.319225 2017] [core:notice] [pid 30303:tid 140438078609280] AH00094: Command line: '/usr/sbin/apache2'
[Thu Sep 28 06:25:09.327495 2017] [mpm_event:error] [pid 30303:tid 140438078609280] AH00485: scoreboard is full, not at MaxRequestWorkers
[Thu Sep 28 06:28:39.560285 2017] [mpm_event:error] [pid 30303:tid 140438078609280] AH00485: scoreboard is full, not at MaxRequestWorkers
[Thu Sep 28 06:45:27.583870 2017] [wsgi:error] [pid 30307:tid 140437629064960] (2)No such file or directory: [client 172.31.32.163:24210] mod_wsgi (pid=30307): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
[Thu Sep 28 06:49:14.503732 2017] [wsgi:error] [pid 30307:tid 140437603886848] (2)No such file or directory: [client 172.31.14.173:37726] mod_wsgi (pid=30307): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
Let me know if more information is required.
This is caused by doing a graceful restart of Apache when HTTP clients are using keep alive connections and issuing multiple requests over the same connection.
The problem is that the way Apache manages the mod_wsgi daemon process means they are shutdown straight away still even if is a graceful restart. In the meantime, the Apache child worker processes which accept the requests initially and proxy to the mod_wsgi daemon processes will keep running until all client connections drop. This means that when have keep alive connections and subsequent request over same client connection needs to go to the WSGI application, that it will fail as the prior incarnation of the mod_wsgi daemon processes are now gone.
In this situation one can't allow the old Apache child worker process to connect to new mod_wsgi daemon processes as the reason for a restart may have been a configuration change and allowing old child worker process to connect to new instances of daemon processes, could introduce a security problem if under the new configuration the request being handled in that way was not allowed.
Do accept this is a rare scenario, and likelihood of a security issue arising is slim. It is probably reasonable to consider a new option to mod_wsgi to say that connecting to newer daemon process in this case is okay, and not rotate the listener socket for the daemon processes on any restart.
That this can occur has been known all along (10 years), but an issue for it has been created on GitHub against mod_wsgi to consider such an option.
https://github.com/GrahamDumpleton/mod_wsgi/issues/229
Related
I upgraded from ubuntu 21.04 to 21.10.
apache2 does not change to php8 even after a2dismod php7.4 (...).
I get the following error.
I checked the config files in apache/ but could not find a line for it.
[Fri Jan 07 13:04:04.231832 2022] [proxy:error] [pid 1320] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
[Fri Jan 07 13:04:04.231889 2022] [proxy_fcgi:error] [pid 1320] [client 127.0.0.1:50726] AH01079: failed to make connection to backend: httpd-UDS, referer: http://localhost/oodb...
[Fri Jan 07 13:04:04.780393 2022] [proxy:error] [pid 1319] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
[Fri Jan 07 13:04:04.780431 2022] [proxy_fcgi:error] [pid 1319] [client 127.0.0.1:50728] AH01079: failed to make connection to backend: httpd-UDS, referer: http://localhost/...
[Fri Jan 07 13:04:06.829607 2022] [proxy:error] [pid 1318] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
Even after using commands like below the problem remained.
sudo systemctl enable php8-fpm
sudo systemctl disable php7.4-fpm
Only after manually deleting the link conf-enabled/php7.4-fpm.conf (/etc/apache2) and setting symoblic link (sudo ln -s ../conf-available/php8.0-fpm.conf) apache worked (after restart).
I am trying to use Kiwi to manage my testcase.
I follow exactly the steps in this documentation
After I startup the service by using docker-compose up, these logs shown in my terminal:
kiwi_web | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.20.0.3. Set the 'ServerName' directive globally to suppress this message
kiwi_web | [Tue Jan 08 08:40:42.574498 2019] [ssl:warn] [pid 10] AH01909: RSA certificate configured for 172.20.0.3:443 does NOT include an ID which matches the server name
kiwi_web | [Tue Jan 08 08:40:42.574972 2019] [ssl:warn] [pid 10] AH01909: RSA certificate configured for 172.20.0.3:8443 does NOT include an ID which matches the server name
kiwi_web | AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.20.0.3. Set the 'ServerName' directive globally to suppress this message
kiwi_web | [Tue Jan 08 08:40:42.613817 2019] [auth_digest:notice] [pid 10] AH01757: generating secret for digest authentication ...
kiwi_web | [Tue Jan 08 08:40:42.614733 2019] [lbmethod_heartbeat:notice] [pid 10] AH02282: No slotmem from mod_heartmonitor
kiwi_web | [Tue Jan 08 08:40:42.615950 2019] [ssl:warn] [pid 10] AH01909: RSA certificate configured for 172.20.0.3:443 does NOT include an ID which matches the server name
kiwi_web | [Tue Jan 08 08:40:42.616228 2019] [ssl:warn] [pid 10] AH01909: RSA certificate configured for 172.20.0.3:8443 does NOT include an ID which matches the server name
kiwi_web | [Tue Jan 08 08:40:42.621818 2019] [mpm_prefork:notice] [pid 10] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/4.6.5 Python/3.6 configured -- resuming normal operations
kiwi_web | [Tue Jan 08 08:40:42.621878 2019] [core:notice] [pid 10] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
When I try to access the service through web browser I get the following error message:
Failure to establish secure connection
SSL receives a record that exceeds the maximum allowable length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Actually I don't really need https protocal, how can I disable it and just use http?
The log from Apache is expected. We don't know the FQDN of the instance running Kiwi TCMS and this is not configured. However this should not stop it from working. After all this is how we run on the live demo.
The second error is described here:
SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
It points to a bug in Firefox and possibly some misconfiguration on the server side. However without additional info there's nothing I can do to help.
Are you trying to use the default SSL certificates or provide your own ?
WordPress Creating Empty database. (there is a database but with out any values!)
I am on local WAMP Server 2.4 (PHP 5.4)
Windows 8
WordPress 3.6 (also tried 3.5.1)
Wamp Apache is Giving some errors I am pasting few lines here:
access.log:
"GET /test_3/wp-admin/css/colors-fresh.min.css?ver=3.6 HTTP/1.1" 304 -
"GET /phpmyadmin/db_structure.php?db=db_test_3&token=4bb71407ccf91fc27d3c8338186ee369&db=db_test_3&ajax_request=true&ajax_page_request=true&menuHashes=572d5b14-cb7c7ed1-ada592ed-4fce1948&_nocache=1376960501429607598 HTTP/1.1" 200 40875
apache_error.log
[Mon Aug 19 13:34:54.335301 2013] [mpm_winnt:notice] [pid 7864:tid 468] AH00418: Parent: Created child process 6540
[Mon Aug 19 13:34:54.769224 2013] [mpm_winnt:notice] [pid 6540:tid 344] AH00354: Child: Starting 150 worker threads.
[Mon Aug 19 18:09:28.498364 2013] [mpm_winnt:notice] [pid 7864:tid 468] AH00422: Parent: Received shutdown signal -- Shutting down the server.
Possibly related to issue: I have changed port to :8080 cuz windows 8 was already using port :80
Any help will be much appreciated.
I found the solution! -- i might have messed this up while changing port.
In httpd.conf -- i had this:
Listen 8080
#Listen 0.0.0.0:8080
Simply changed it to this:
#Listen 8080
Listen 0.0.0.0:8080
Database was receiving values but word-press started giving this error on loin attempt
You do not have sufficient permissions to access this page
So i simply went to database and gave my user administrator privileges! (From here i followed the instruction under heading "Editing the wp_usermeta table")
I am trying to configure php 5.4.9 with apache 2.4 but when i include the lines below apache won't start.
LoadModule php5_module "c:/php/php5apache2_4.dll"
AddHandler application/x-httpd-php .php
PHPIniDir "C:/php"
I've checked all my file paths and they are all ok. I have the path set in environment to C:\php;c:\Apache24;c:\Apache24\bin;.
The error I'm actually getting is
Windows could not start the Apache2.4 on local computer. For more information, review the system eventlog. If this is a non-microsoft service, contact the service vendor, and refer to service-specific error code 1
Anybody else ever have this issue?
UPDATE
I do have php5apache2_4.dll in the php folder and my error logs in apache
[Sun Dec 09 11:19:16.502272 2012] [mpm_winnt:notice] [pid 5552:tid 316] AH00418: Parent: Created child process 5052
[Sun Dec 09 11:19:18.315156 2012] [mpm_winnt:notice] [pid 5052:tid 208] AH00354: Child: Starting 64 worker threads.
[Sun Dec 09 11:29:53.861913 2012] [mpm_winnt:notice] [pid 5552:tid 316] AH00422: Parent: Received shutdown signal -- Shutting down the server.
[Sun Dec 09 11:29:55.889916 2012] [mpm_winnt:notice] [pid 5052:tid 208] AH00364: Child: All worker threads have exited.
[Sun Dec 09 11:29:55.905516 2012] [mpm_winnt:notice] [pid 5552:tid 316] AH00430: Parent: Child process exited successfully.
I want to restart linux services such as apache, bind, proftpd and other in c and cgi code.
i use system() to do this, for example :
system ("service httpd reload");
also i set suid on compiled program and run it. but don't work and return error on permissions.
what should i do ?
edit:
my apache logs error :
[Wed Dec 21 21:07:13 2011] [error] [client *] cannot remove `/var/run/httpd.pid'
[Wed Dec 21 21:07:13 2011] [error] [client *] : Permission denied
[Wed Dec 21 21:07:13 2011] [error] [client *]
[Wed Dec 21 21:07:13 2011] [error] [client *] touch:
[Wed Dec 21 21:07:13 2011] [error] [client *] cannot touch `/var/lock/subsys/httpd'
[Wed Dec 21 21:07:13 2011] [error] [client *] : Permission denied
and same logs for named, proftpd, etc.
Here is a couple of things to check:
Make sure the compiled program has suid root (that is, the owner of the program is root).
Make sure the partition you are executing the program from is mounted without "noexec" option.
You need to be root to run successfully the /usr/sbin/service command.
So your question is how can your application gain root privileges.
If your application is a CGI to which you (legitimately) don't want to give root access, you could code a wrapper program which is setuid root and which can only be run from you CGI (or at least, from the uid under which it is running).
But are you sure that you really want to run such things from CGI? (You could study how webmin works).