Bug#693299: apache2: Please add commented example of setting APACHE_ARGUMENTS in envvars file
Package: apache2.2-common Version: 2.2.22-12 Severity: wishlist Hi. May I suggest adding in /etc/apache2/envvars an example of how setting APACHE_ARGUMENTS can help provide specific args to apache. For instance, if one may wish to start apache2 in debug mode, with the -X option. So I suggest the following snippet : ## Example apache2 options setting with APACHE_ARGUMENTS, for instance to start apache in debug mode #APACHE_ARGUMENTS="-X" Hope this helps. Best regards, -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121115093944.19005.96962.report...@inf-8657.int-evry.fr
Bug#392356: apache2.2-common: Contents of dir.conf
Package: apache2.2-common Version: 2.2.3-2 Followup-For: Bug #392356 Out of my apache2.conf file on another box, I came up with the following for contents of dir.conf, although I'm not sure it fits as a default. Hope this helps. DirectoryIndex index.html index.cgi index.pl index.php index.xhtml -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.3-2utility programs for webservers ii libmagic1 4.17-4 File type determination library us ii lsb-base 3.1-15 Linux Standard Base 3.1 init scrip ii mime-support 3.37-1 MIME files 'mime.types' & 'mailcap ii net-tools 1.60-17The NET-3 networking toolkit apache2.2-common recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#398520: Workaround
Hi. I think these instructions are a workaround : # mkdir /etc/apache2/ssl # /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem Hope this helps. Best regards, -- Olivier BERGER (OpenPGP: 1024D/B4C5F37F) APRIL (http://www.april.org) - Vive python (http://www.python.org) Pétition contre les brevets logiciels : http://petition.eurolinux.org
Bug#267477: Adding SSLOptions StdEnvVars for CGIs
Hi. I've been strugling also with SSL configuration for HTTPS in apache 2.2... Maybe it would be great to have some default conf propose (commented-out) the optional setting of the option of mod-ssl : SSLOptions StdEnvVars for CGI programs (like Sympa's WWSympa), which won't work the right way without it (relying on SSL_PROTOCOL variable which may not be set by default, without this option). Hope this helps. Best regards, -- Olivier BERGER <[EMAIL PROTECTED]> Ingénieur Recherche - Dept INF INT Evry (http://www.int-evry.fr) OpenPGP-Id: 1024D/6B829EEC
Bug#398520: Be careful to make-ssl-cert's default certificate expiration date
Hi. Just a quick followup : it seems that the make-ssl-cert default behaviour is to generate certfificates valid for 30 days (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293821)... so you may prefer to adjust that duration... Btw, the make-ssl-cert command is found in the ssl-cert package ;) My 2 cents. Best regards, -- Olivier BERGER <[EMAIL PROTECTED]> Ingénieur Recherche - Dept INF INT Evry (http://www.int-evry.fr) OpenPGP-Id: 1024D/6B829EEC
Bug#293821: ssl-cert: Please include this patch soon
Package: ssl-cert Version: 1.0.14 Followup-For: Bug #293821 This patch seems rather old, and I'd like to ask for inclusion in the package, as it's rather inconvenient not to be able to get a configurable expiry date... Best regards -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages ssl-cert depends on: ii adduser 3.102 Add and remove users and groups ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii openssl 0.9.8c-4 Secure Socket Layer (SSL) binary a ssl-cert recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#293821: Updated version of the patch
I'd like to provide an updated version of the patch, bellow : diff -irbwu ssl-cert-1.0.14/debian/templates ssl-cert-1.0.14.0.olivier.0/debian/templates --- ssl-cert-1.0.14/debian/templates2006-05-18 14:02:20.0 +0200 +++ ssl-cert-1.0.14.0.olivier.0/debian/templates2007-02-15 11:49:29.0 +0100 @@ -46,3 +46,9 @@ Template: make-ssl-cert/title Type: title _Description: Configure an SSL Certificate. + +Template: make-ssl-cert/days +Type: string +_Default: 30 +_Description: Lifetime of Certificate in Days + How many days should this certificate be valid for. diff -irbwu ssl-cert-1.0.14/make-ssl-cert ssl-cert-1.0.14.0.olivier.0/make-ssl-cert --- ssl-cert-1.0.14/make-ssl-cert 2006-05-18 14:02:20.0 +0200 +++ ssl-cert-1.0.14.0.olivier.0/make-ssl-cert 2007-02-15 11:49:47.0 +0100 @@ -9,7 +9,7 @@ ask_via_debconf() { db_settitle make-ssl-cert/title -templates="countryname statename localityname organisationname ouname hostname email" +templates="countryname statename localityname organisationname ouname hostname email days" for i in $templates; do RET="" @@ -48,6 +48,11 @@ db_get make-ssl-cert/email Email="$RET" db_fset make-ssl-cert/email seen false + + db_get make-ssl-cert/days + Days="$RET" + db_fset make-ssl-cert/days seen false + } make_snakeoil() { @@ -115,7 +120,7 @@ export RANDFILE=/dev/random if [ "$1" != "generate-default-snakeoil" ]; then -openssl req -config $TMPFILE -new -x509 -nodes -out $output -keyout $output > /dev/null 2>&1 +openssl req -config $TMPFILE -new -x509 -days $Days -nodes -out $output -keyout $output > /dev/null 2>&1 chmod 600 $output # hash symlink cd $(dirname $output) -- Olivier BERGER <[EMAIL PROTECTED]> Ingénieur Recherche - Dept INF INT Evry (http://www.int-evry.fr) OpenPGP-Id: 1024D/6B829EEC
Requesting consideration of patch solving bug #293821 on ssl-cert for inclusion in testing
Hello. I'd like to request inclusion of a bug correction patch in the ssl-cert package : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293821 It's an old bug, with a mostly trivial fix... so I hope someone can integrate it for next release. I hope the maintainers can take attention to fixing this one soon. Many thanks in advance. Best regards, -- Olivier BERGER <[EMAIL PROTECTED]> (ATTENTION : new address) Ingénieur Recherche - Dept INF GET/INT at Evry (http://www.int-edu.eu/) OpenPGP-Id: 1024D/6B829EEC
Bug#430116: apache2.2-common: /etc/init.d/apache2 start does nothing
Package: apache2.2-common Version: 2.2.3-4 Severity: normal After a : # /etc/init.d/apache2 start # echo $? 0 There's no apache process started :( It seems that I got to this result after apache (not apache2) was initially installed. Later on I installed apache2, then removed apache... But there's no warning at all saying it won't start apache2. adding set -x to /etc/init.d/apache2, I can see that /etc/default/apache2 contains NO_START=1 Maybe there should be a warning message on /etc/init.d/apache2 whenever NO_START is set to 1 (or != 0) ? Hope this helps, Best regards, -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-xen-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.3-4utility programs for webservers ii libmagic1 4.21-1 File type determination library us ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap ii net-tools 1.60-17The NET-3 networking toolkit ii procps1:3.2.7-3 /proc file system utilities apache2.2-common recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#293821: Patch for ssl-cert
CC-ing the bug-report in case others would have the same problem... Le mercredi 08 août 2007 à 14:46 +0200, SEE-BOX Reby a écrit : > Dear Mr. Olivier BERGER, > > very thanks for you job, > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293821).. > > but your patch for ssl-cert not working with original script, > in my Debian Etch, I have 1.0.14 ssl-cert > > web2:/etc/apache2/ssl# dpkg -l > ... > ii ssl-cert1.0.14 Simple debconf wrapper for openssl > ... > > is possible send to my the script after patch? > > Very thanks, > > Ugo Rebaudo. > The patch applies fine on the file make-ssl-cert... I copy-pasted the patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293821#22 into a make-ssl-cert.patch file, and did : patch < make-ssl-cert.patch can't find file to patch at input line 4 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |diff -irbwu ssl-cert-1.0.14/debian/templates ssl-cert-1.0.14.0.olivier.0/debian/templates |--- ssl-cert-1.0.14/debian/templates2006-05-18 14:02:20.0 +0200 |+++ ssl-cert-1.0.14.0.olivier.0/debian/templates2007-02-15 11:49:29.0 +0100 -- File to patch: Skip this patch? [y] Skipping patch. 1 out of 1 hunk ignored patching file make-ssl-cert Hunk #1 succeeded at 9 with fuzz 1. Typing a cariage return when asking for the first file to patch help skip it, then the file gets patched... although with a bit of fuzziness for the patch command. Anyway, it's pretty easy to modify the lines manually yourself... there are just a few lines to modify... Anyway, attaching the patch file only for the make-ssl-cert command and not the whole Debian package. Hope this helps, -- Olivier BERGER <[EMAIL PROTECTED]> (ATTENTION : new address) Ingénieur Recherche - Dept INF GET/INT at Evry (http://www.int-edu.eu/) OpenPGP-Id: 1024D/6B829EEC --- /usr/sbin/make-ssl-cert 2007-02-03 07:52:01.0 +0100 +++ make-ssl-cert 2007-08-14 17:51:53.0 +0200 @@ -9,7 +9,7 @@ ask_via_debconf() { db_settitle make-ssl-cert/title -templates="countryname statename localityname organisationname ouname hostname email" +templates="countryname statename localityname organisationname ouname hostname email days" for i in $templates; do RET="" @@ -48,6 +48,11 @@ db_get make-ssl-cert/email Email="$RET" db_fset make-ssl-cert/email seen false + + db_get make-ssl-cert/days + Days="$RET" + db_fset make-ssl-cert/days seen false + } make_snakeoil() { @@ -115,7 +120,7 @@ export RANDFILE=/dev/random if [ "$1" != "generate-default-snakeoil" ]; then -openssl req -config $TMPFILE -new -x509 -nodes -out $output -keyout $output > /dev/null 2>&1 +openssl req -config $TMPFILE -new -x509 -days $Days -nodes -out $output -keyout $output > /dev/null 2>&1 chmod 600 $output # hash symlink cd $(dirname $output)
Bug#481451: ssl-cert: Please document option generate-default-snakeoil properly
Package: ssl-cert Version: 1.0.18 Severity: minor Tags: patch Please add some documentation for the generate-default-snakeoil option. See attached proposed patch. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-vserver-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ssl-cert depends on: ii adduser 3.107 add and remove users and groups ii debconf [debconf-2.0] 1.5.21 Debian configuration management sy ii openssl 0.9.8g-10 Secure Socket Layer (SSL) binary a ssl-cert recommends no packages. -- debconf information excluded --- #make-ssl-cert.8# 2008-05-16 10:06:49.0 +0200 +++ make-ssl-cert.8 2008-05-16 10:18:48.0 +0200 @@ -6,13 +6,16 @@ \fItemplate\fR \fIoutput-certificate\fR [\fI\-\-force\-overwrite\fR] .br .B make-ssl-cert -\fIgenerate-default-snakeoil\fR [\fI\-\-force\-overwrite\fR] +\fI"generate-default-snakeoil"\fR [\fI\-\-force\-overwrite\fR] .br .SH "DESCRIPTION" make-ssl-cert is a simple debconf to openssl wrapper. It requires a source template (Ex: /usr/share/ssl-cert/ssleay.cnf) and it will place the new generated certificate in the specified output file. +.br +Invoked with "generate-default-snakeoil", it will generate +/etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key. .SH OPTIONS A summary of options are included below. .TP
Bug#481451: Btw, add some explanation on snakeoil, which is a bit cryptic for end users
On Fri, May 16, 2008 at 10:22:39AM +0200, Olivier Berger wrote: > > Please add some documentation for the generate-default-snakeoil option. > Also, the package's README may add some explanation on that "snakeoil" which seems a bit cryptic for (non eglish-speaking native) end users. Thanks in advance. Best regards, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#496918: apache2-mpm-prefork: Option -k of apache2 not documented nor in -h usage
Package: apache2-mpm-prefork Version: 2.2.3-4+etch5 Severity: minor Surprisingly, option -k works in that version of the package although it's neither documented in -h usage or in man 8 apache2. Hope this helps, Best regards, -- Package-specific info: List of enabled modules from 'apache2 -M': actions alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi dir env info mime negotiation php5 setenvif status userdir -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-openvz-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#472647: apache2-mpm-prefork: Same here with PerlOptions -Enable
Package: apache2-mpm-prefork Version: 2.2.3-4+etch5 Followup-For: Bug #472647 I have setup a valid (I suppose) config for 2 virtual hosts, one for port 80, one for port 443. Port 443 configured through : ... # for mod_perl and TWiki PerlRequire /var/lib/twiki/tools/mod_perl_startup.pl # Turn on taint checking PerlSwitches -T (in a dedicated /etc/apache2/sites-enabled/060-ssl file) and Port 80 : # PerlOptions -Enable (in a dedicated /etc/apache2/sites-enabled/000-default file) If I uncomment the PerlOptions in /etc/apache2/sites-enabled/000-default apache restart segfaults :( So I think that the virtualhost syntax for first report was not the problem. There's indeed something weird with activating mod_perl on one virtualhost and disactivating it on another, or more simply with "PerlOptions -Enable" at all. Hope this helps. May try to debug more the fault, but this is a production server, so I'm not so keen on breaking it so much. Best regards, -- Package-specific info: List of enabled modules from 'apache2 -M': actions alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi dir env info mime negotiation php5 setenvif status userdir -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-openvz-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#472647: apache2-mpm-prefork: Same here with PerlOptions -Enable
On Thu, Aug 28, 2008 at 05:09:46PM +0200, Olivier Berger wrote: > > There's indeed something weird with activating mod_perl on one virtualhost > and disactivating it on another, or more simply with "PerlOptions -Enable" at > all. > > Hope this helps. > It looks like the issue was somehow reported (even with a patch), but I see no indication that it was accepted by upstream, looking at the mod_perl SVN (although not obvious to check). More details at : http://mail-archives.apache.org/mod_mbox/perl-modperl/200707.mbox/<[EMAIL PROTECTED]> (including patch) Hope this helps, though. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#472647: bug 472647 is forwarded to http://mail-archives.apache.org/mod_mbox/perl-modperl/200707.mbox/<4 693e9ef.4060...@ocf.berkeley.edu>
tags 472647 - moreinfo retitle 472647 "Segfault with PerlOptions -Enable in virtualhost" thanks I guess there's significant evidence of the reproductibility conditions, although upstream apparently is waiting for more help to validate the fix. Maybe the maintainer knows the best way to try and re-activate action on such issue ? Best regards, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#497534: apache2.2-common: /etc/init.d/apache2 / apache2ctl not reporting error return code when apache2 segfaults
Package: apache2.2-common Version: 2.2.9-7 Severity: normal Hi. Whenever apache2 segfaults on start (for example as experienced when #497453), there's no error return code propagated to apache2ctl nor /etc/init.d/apache2's exit values... It's very unfortunate, as there's not even a message on stdout nor apache's error.log ... and I had to add an set -x and strace to apache2ctl to understand why apache wouldn't start/restart. Thanks in advance. Best regards, -- Package-specific info: List of enabled modules from 'apache2 -M': actions alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi dir env info mime negotiation php5 setenvif status userdir -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-openvz-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.9-7 utility programs for webservers ii libapr11.2.12-4 The Apache Portable Runtime Librar ii libaprutil11.2.12+dfsg-8 The Apache Portable Runtime Utilit ii libc6 2.7-13GNU C Library: Shared libraries ii libmagic1 4.25-1File type determination library us ii libssl0.9.80.9.8g-13 SSL shared libraries ii lsb-base 3.2-19Linux Standard Base 3.2 init scrip ii mime-support 3.44-1MIME files 'mime.types' & 'mailcap ii net-tools 1.60-19 The NET-3 networking toolkit ii perl 5.10.0-13 Larry Wall's Practical Extraction ii procps 1:3.2.7-8 /proc file system utilities ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages apache2.2-common recommends: ii ssl-cert 1.0.22 simple debconf wrapper for OpenSSL Versions of packages apache2.2-common suggests: pn apache2-doc(no description available) pn apache2-suexec | apache(no description available) ii epiphany-gecko [www-bro 2.22.3-1 Intuitive GNOME web browser - Geck ii iceape-browser [www-bro 1.1.11-1 Iceape Navigator (Internet browser ii iceweasel [www-browser] 3.0.1-1 lightweight web browser based on M ii konqueror [www-browser] 4:3.5.9.dfsg.1-5 KDE's advanced file manager, web b ii lynx-cur [www-browser] 2.8.7dev9-1.2Text-mode WWW Browser with NLS sup ii w3m [www-browser] 0.5.2-2+b1 WWW browsable pager with excellent Versions of packages apache2.2-common is related to: pn apache2-mpm-event (no description available) pn apache2-mpm-itk(no description available) ii apache2-mpm-prefork 2.2.9-7Apache HTTP Server - traditional n pn apache2-mpm-worker (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#497534: apache2.2-common: /etc/init.d/apache2 / apache2ctl not reporting error return code when apache2 segfaults
Hi. Le mardi 02 septembre 2008 à 22:41 +0200, Stefan Fritsch a écrit : > On Tuesday 02 September 2008, Olivier Berger wrote: > > Whenever apache2 segfaults on start (for example as experienced > > when #497453), there's no error return code propagated to > > apache2ctl nor /etc/init.d/apache2's exit values... > > In this case, the segfault happens after apache has gone into the > background. There is no way for the init script to learn about the > crash or for apache to print something to stderr. > > I don't know why nothing appears in the error log, though. > I guess because it's still reading the conf file... and has not yet setup the logging infrastructure ? I tried to start : APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data apache2 -e debug -k start but that doesn't help (-e flag) :( Dunno of apache internals to provide more useful comments, I suppose. Best regards, -- Olivier BERGER <[EMAIL PROTECTED]> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]