apache22 not starting - please help decipher a possible clue!
David Southwell
david at vizion2000.net
Tue Oct 5 15:19:07 UTC 2010
> Phan Quoc Hien <phanquochien at gmail.com> wrote:
> > On Mon, Oct 4, 2010 at 5:50 PM, David Southwell <david at vizion2000.net>
>
> wrote:
> > > Difficulties with apache starting after recent upgrade.
> > >
> > > I have included some information which may be relevant;
> > >
> > > Some guidance would be appreciated as I cannot get the web server to
> > > run.
> > >
> > > It seems that something must have changed with the latest upgrade as
> > > there were no changes to the config.
> > > Syntax is ok:
> > >
> > > dns1# /usr/local/sbin/apachectl -t
> > > Syntax OK
> > > dns1#
> > >
> > >
> > > I have rebuilt apache22 but apache does not start as evidenced below:
> > >
> > > dns1# /usr/local/sbin/apachectl start
> > > [Mon Oct 04 10:42:07 2010] [warn] (2)No such file or directory: Failed
> > > to enable the 'dataready' Accept Filter
> > > [Mon Oct 04 10:42:07 2010] [warn] (2)No such file or directory: Failed
> > > to enable the 'dataready' Accept Filter
> > >
> > > [NOTE
> > >
> > > dns1# grep accf /boot/defaults/loader.conf
> > > accf_data_load="NO" # Wait for data accept filter
> > > accf_http_load="NO" # Wait for full HTTP request accept
> > > filter However
> > > but /boot/loader.conf includes the following line:
> > > accf_http_load="YES"
> > >
> > > dns1# kldload accf_http
> > > kldload: can't load accf_http: File exists
> > > dns1#
> > >
> > > Is something weird happening here?
> > > NOTE END ]
> > >
> > > Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide the pass phrases.
> > > [ NOTE I am using a self issued CA certificate which has been working
> > > fine] Server www.vizion2000.net:443 (RSA)
> > > Enter pass phrase:
> > >
> > > OK: Pass Phrase Dialog successful.
> > >
> > > dns1# ps -aux |grep httpd
> > > root 64784 0.0 0.0 5892 1284 p1 D+ 10:42AM 0:00.00 grep
> > > httpd dns1# /usr/local/sbin/apachectl restart
> > > httpd not running, trying to start
> > > [Mon Oct 04 10:42:41 2010] [warn] (2)No such file or directory: Failed
> > > to enable the 'dataready' Accept Filter
> > > [Mon Oct 04 10:42:41 2010] [warn] (2)No such file or directory: Failed
> > > to enable the 'dataready' Accept Filter
> > > Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide the pass phrases.
> > >
> > > Server www.vizion2000.net:443 (RSA)
> > > Enter pass phrase:
> > >
> > > OK: Pass Phrase Dialog successful.
> > > dns1#
> > > _____________________
> > >
> > > Testing openssl seems to indicate certificate is fine.
> > > dns1# openssl x509 -in www.vizion2000.net.crt -noout -subject
> > > subject= /C=UK/ST=South Gloucestershire/L=Kingswood/O=Vizion
> > > Communications/OU=IT/CN=www.vizion2000.net/emailAddress=david at vizion200
> > > 0. net dns1#
> >
> > Best regards,
> > Mr.Hien
> > Hi!
> > Please add
> > accf_data_load="YES" to /boot/loader.conf
> >
> > or try
> >
> > kldload accf_data.ko
> >
> > and run kldstat | grep accf to check it loaded?
>
> Thanks for the follow up.
>
> running kldload does deal with the data ready issue but has no effect on
> the main server start problem. Below is the the output from attempt to
> start the server in httpd-error.log:
>
> Can anyone suggest how I might trace why the server is not starting?
>
> Thanks in advance
> David
> ___________________________
> httpd-error.log
> _______________________
> [NOTE: First three lines were entered into the log prior to shutting down
> the system and doing a restart so the output from an initial loading
> sequence into httpd-error.log could be precisely identified.]
> test from here
> ###############################
> ################################
> [Mon Oct 04 16:25:38 2010] [info] Init: Seeding PRNG with 144 bytes of
> entropy [Mon Oct 04 16:25:38 2010] [info] Loading certificate & private
> key of SSL- aware server
> [Mon Oct 04 16:25:38 2010] [info] Init: Requesting pass phrase via builtin
> terminal dialog
> [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_pphrase.c(476): encrypted RSA
> private key - pass phrase requested
> [Mon Oct 04 16:26:29 2010] [info] Init: Wiped out the queried pass phrases
> from memory
> [Mon Oct 04 16:26:29 2010] [info] Init: Generating temporary RSA private
> keys (512/1024 bits)
> [Mon Oct 04 16:26:29 2010] [info] Init: Generating temporary DH parameters
> (512/1024 bits)
> [Mon Oct 04 16:26:29 2010] [info] Init: Initializing (virtual) servers for
> SSL [Mon Oct 04 16:26:29 2010] [info] Configuring server for SSL protocol
> [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(465): Creating new
> SSL context (protocols: SSLv2, SSLv3, TLSv1)
> [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(661): Configuring
> permitted SSL ciphers
> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL]
> [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(420): Configuring TLS
> extension handling
> [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(792): Configuring RSA
> server certificate
> [Mon Oct 04 16:26:29 2010] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(831): Configuring RSA
> server private key
> [Mon Oct 04 16:26:29 2010] [info] mod_ssl/2.2.16 compiled against Server:
> Apache/2.2.16, Library: OpenSSL/1.0.0a
> [Mon Oct 04 16:26:29 2010] [info] mod_unique_id: using ip addr 62.49.197.50
> [Mon Oct 04 16:26:30 2010] [info] Init: Seeding PRNG with 144 bytes of
> entropy [Mon Oct 04 16:26:30 2010] [info] Loading certificate & private
> key of SSL- aware server
> [Mon Oct 04 16:26:30 2010] [info] www.vizion2000.net:443 reusing existing
> RSA private key on restart
> [Mon Oct 04 16:26:30 2010] [info] Init: Generating temporary RSA private
> keys (512/1024 bits)
> [Mon Oct 04 16:26:30 2010] [info] Init: Generating temporary DH parameters
> (512/1024 bits)
> [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(253): shmcb_init
> allocated 512000 bytes of shared memory
> [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(272): for 511920
> bytes (512000 including header), recommending 32 subcaches, 133 indexes
> each [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(306):
> shmcb_init_memory choices follow
> [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(308): subcache_num =
> 32 [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(310):
> subcache_size = 15992
> [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(312):
> subcache_data_offset = 3208
> [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(314):
> subcache_data_size = 12784
> [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(316): index_num = 133
> [Mon Oct 04 16:26:30 2010] [info] Shared memory session cache initialised
> [Mon Oct 04 16:26:30 2010] [info] Init: Initializing (virtual) servers for
> SSL [Mon Oct 04 16:26:30 2010] [info] Configuring server for SSL protocol
> [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(465): Creating new
> SSL context (protocols: SSLv2, SSLv3, TLSv1)
> [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(661): Configuring
> permitted SSL ciphers
> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL]
> [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(420): Configuring TLS
> extension handling
> [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(792): Configuring RSA
> server certificate
> [Mon Oct 04 16:26:30 2010] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(831): Configuring RSA
> server private key
> [Mon Oct 04 16:26:30 2010] [info] mod_ssl/2.2.16 compiled against Server:
> Apache/2.2.16, Library: OpenSSL/1.0.0a
>
> Photographic Artist
> Permanent Installations & Design
> Creative Imagery and Advanced Digital Techniques
> High Dynamic Range Photography & Official Portraiture
> Combined darkroom & digital creations
> & Systems Adminstrator for the vizion2000.net network
> _______________________________________________
> freebsd-apache at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-apache
> To unsubscribe, send any mail to "freebsd-apache-unsubscribe at freebsd.org"
OK ssome more data.
I ran
ktrace /usr/local/sbin/apachectl start
After running kdump I got the following from the evry end of the ktrace.out
file:
3568 sh CALL dup2(0xb,0x1)
3568 sh RET dup2 1
3568 sh CALL close(0xb)
3568 sh RET close 0
3568 sh CALL dup2(0xc,0x2)
3568 sh RET dup2 2
3568 sh CALL close(0xc)
3568 sh RET close 0
3568 sh CALL getrlimit(RLIMIT_NOFILE,0x7fffffffe260)
3568 sh RET getrlimit 0
3568 sh CALL setrlimit(RLIMIT_NOFILE,0x7fffffffe260)
3568 sh RET setrlimit 0
3568 sh CALL read(0xa,0x5204c0,0x3ff)
3568 sh GIO fd 10 read 380 bytes
" is no longer supported.
echo Please edit httpd.conf to include the SSL configuration
settings
echo and then use "apachectl start".
ERROR=2
;;
configtest)
$HTTPD -t
ERROR=$?
;;
status)
$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
;;
fullstatus)
$LYNX $STATUSURL
;;
*)
$HTTPD $ARGV
ERROR=$?
esac
exit $ERROR
"
3568 sh RET read 380/0x17c
3568 sh CALL fork
3568 sh RET fork 3585/0xe01
3568 sh CALL getpgrp
3568 sh RET getpgrp 3568/0xdf0
3568 sh CALL wait4(0xffffffff,0x7fffffffe1cc,WUNTRACED,0)
3568 sh RET wait4 3585/0xe01
3568 sh CALL exit(0)
dns1#
dns1# pwd
/usr/home/david/trace
_________________
This seems to indicate there is something now amiss with my ssl setup.
Can anyone guide me here
Thanks in advance
David
Photographic Artist
Permanent Installations & Design
Creative Imagery and Advanced Digital Techniques
High Dynamic Range Photography & Official Portraiture
Combined darkroom & digital creations
& Systems Adminstrator for the vizion2000.net network
More information about the freebsd-apache
mailing list