Re: [users@httpd] connection closed for event mpm?
What error_log says ? It looks like httpd is crashing. Maybe you are using some flv streaming mod which is not thread safe ? 2013/3/28 Esmq e...@163.com: hi, guys i have come across a problem related to event mpm in apache(v2.4.3), that is connection may closed during transfer for some times. when i change to prefork mpm, everything goes well... i also try to set EnableSendfile EnableMMAP to Off, but without work... following is the full Scenario of the problem.. wget -O a.flv http://video.test.com/a.flv; md5sum a.flv --2013-03-27 18:15:51-- http://video.test.com/a.flv Resolving video.test.com... 192.168.1.100 Connecting to video.test.com|192.168.1.100|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 290899940 (277M) [video/x-flv] Saving to: “a.flv” 19% [=== ] 56,424,265 2.50M/s in 16s 2013-03-27 18:16:07 (3.30 MB/s) - Connection closed at byte 56424265. Retrying. --2013-03-27 18:16:08-- (try: 2) http://video.test.com/a.flv Connecting to video.test.com|192.168.1.100|:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 290899940 (277M), 234475675 (224M) remaining [video/x-flv] Saving to: “a.flv” 19% [ ] 56,424,265 --.-K/s in 11s 2013-03-27 18:16:20 (0.00 B/s) - Connection closed at byte 56424265. Retrying. --2013-03-27 18:16:22-- (try: 3) http://video.test.com/a.flv Connecting to video.test.com|192.168.1.100|:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 290899940 (277M), 234475675 (224M) remaining [video/x-flv] Saving to: “a.flv” 100%[] 290,899,940 3.37M/s in 58s 2013-03-27 18:17:20 (3.86 MB/s) - “a.flv” saved [290899940/290899940] 671034be784ce6eb7bc9366572f5441f a.flv - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re:Re: [users@httpd] connection closed for event mpm?
i dont use flv module, and the error_log not provide any clue...~ and someone also reported the problem: http://marc.info/?l=apache-httpd-bugsm=135712896422945 At 2013-03-28 17:19:21,Marcin Wanat marcin.wa...@gmail.com wrote: What error_log says ? It looks like httpd is crashing. Maybe you are using some flv streaming mod which is not thread safe ? 2013/3/28 Esmq e...@163.com: hi, guys i have come across a problem related to event mpm in apache(v2.4.3), that is connection may closed during transfer for some times. when i change to prefork mpm, everything goes well... i also try to set EnableSendfile EnableMMAP to Off, but without work... following is the full Scenario of the problem.. wget -O a.flv http://video.test.com/a.flv; md5sum a.flv --2013-03-27 18:15:51-- http://video.test.com/a.flv Resolving video.test.com... 192.168.1.100 Connecting to video.test.com|192.168.1.100|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 290899940 (277M) [video/x-flv] Saving to: “a.flv” 19% [=== ] 56,424,265 2.50M/s in 16s 2013-03-27 18:16:07 (3.30 MB/s) - Connection closed at byte 56424265. Retrying. --2013-03-27 18:16:08-- (try: 2) http://video.test.com/a.flv Connecting to video.test.com|192.168.1.100|:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 290899940 (277M), 234475675 (224M) remaining [video/x-flv] Saving to: “a.flv” 19% [ ] 56,424,265 --.-K/s in 11s 2013-03-27 18:16:20 (0.00 B/s) - Connection closed at byte 56424265. Retrying. --2013-03-27 18:16:22-- (try: 3) http://video.test.com/a.flv Connecting to video.test.com|192.168.1.100|:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 290899940 (277M), 234475675 (224M) remaining [video/x-flv] Saving to: “a.flv” 100%[] 290,899,940 3.37M/s in 58s 2013-03-27 18:17:20 (3.86 MB/s) - “a.flv” saved [290899940/290899940] 671034be784ce6eb7bc9366572f5441f a.flv - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Mod_proxy: Authentication-Info header lost in response
Hi, I finally solved the problem myself by modifying the source code of mod_proxy_http.c: Line 1697: apr_table_do(addit_dammit, save_table, r-headers_out, Set-Cookie, NULL); -- apr_table_do(addit_dammit, save_table, r-headers_out, Set-Cookie, Authentication-Info, NULL); Cheers On 27/03/2013 13:23, Nicolas Daniels wrote: Ok, I was probably not clear enough ;-) First I'm using mod_proxy_http and DIGEST authentication. Authentication-Info header is part of digest authentication: http://rfc-ref.org/RFC-TEXTS/2069/chapter2.html Lets say I've 2 accessed URLs: http://mydomain.com/index.html http://mydomain.com/tomcat/index.html Both are using digest authentication on apache. Proxy is configured as follow: ProxyPass /tomcat http://mytomcat.com/bla ProxyPassReverse /tomcathttp://mytomcat.com/bla So http://mydomain.com/index.html is replied directly by apache and http://mydomain.com/tomcat/index.html is proxied to tomcat. 1st case: Authentication-Info replied GET /index.html HTTP/1.1 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 401 Unauthorized Date: Wed, 27 Mar 2013 11:24:18 GMT Server: Apache/2.4.4 (Unix) WWW-Authenticate: Digest realm=bla, nonce=nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a, algorithm=MD5, qop=auth Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 GET /index.html HTTP/1.1 Authorization: Digest username=username, realm=bla, nonce=nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a, uri=/index.html, cnonce =ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=, nc=0001, qop=auth, response=bbfa7dqsdqs2c014d85sqdzaab1, algorithm=MD5 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 200 OK Date: Wed, 27 Mar 2013 11:24:18 GMT Server: Apache/2.4.4 (Unix) * Authentication-Info: rspauth=efbdcdsqdsqhiaaazqds4eee3c1, cnonce=ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=, nc=0001, qop=auth* Last-Modified: Tue, 19 Feb 2013 08:24:06 GMT ETag: 22-4d60f909e7580 Accept-Ranges: bytes Content-Length: 34 Content-Type: text/plain 2nd case: Authentication-Info *not* replied GET /tomcat/index.html HTTP/1.1 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 401 Unauthorized Date: Wed, 27 Mar 2013 12:15:25 GMT Server: Apache/2.4.4 (Unix) WWW-Authenticate: Digest realm=bla, nonce=5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c, algorithm=MD5, qop=auth Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 GET /tomcat/index.html HTTP/1.1 Authorization: Digest username=username, realm=bla, nonce=5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c, uri=/tomcat/index.html, cnonce=ICAgICAgICAgICAgICAgICAgICAgICAgICA0NDk5NzM=, nc=0001, qop=auth, response=cf10890c9dsqdsqef3bd248dsqdsqec34, algorithm=MD5 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 200 OK Date: Wed, 27 Mar 2013 12:15:27 GMT Server: Apache-Coyote/1.1 Content-Type: application/json Content-Length: 142 . So my question is, is there any way to have Apache reply this Authentication-Info in both case ? I guess the reverse proxy should add is somehow... Thanks ! On 27/03/2013 13:00, Nick Kew wrote: On 27 Mar 2013, at 11:39, Nicolas Daniels wrote: Everything work fine except that when the proxy is used, the Authentication-Info header is not included in the response. If Apache is replying directly without using the proxy, it is included. There's no such header in HTTP. Why not tell us exactly what you mean?
Re: [users@httpd] Control of reverse proxy workers
Is there a way to have a script which can be allowed to enabled/disable workers used in a reverse proxy. Similar to what can be done using the balancer-manager page, but without needing to have something that can emulate a web browser to do the job. I'd be interested to know this too. I wound up writing a perl script using WWW::Mechanize to handle the web scraping. I allowed unauthenticated access from localhost and run the script locally. My use case was I wanted which workers were enabled/disable to persist after an apache restart and/or failover to another server. -Alex - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] JkWorkerFile (mod_jk)
Apache2.12.x on SLES11 SP2. I am trying to get apache2 mod_jk working with apache to access a webapp. I have loaded the mod_jk module and configured a virtual host and workers.properties file like so: virtualhost: VirtualHost *:80 ServerName share.domain.com IfModule mod_jk.c # The following line makes apache aware of the location of # the /jsp-examples context Alias /share /opt/alfresco/tomcat/webapps/share Directory /opt/alfresco/tomcat/webapps Options Indexes FollowSymLinks allow from all /Directory # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 # The following line prohibits users from directly accessing WEB-INF Location /share/WEB-INF/ AllowOverride None deny from all /Location /IfModule /VirtualHost jk.conf: IfModule mod_jk.c JkWorkersFile /opt/alfresco/tomcat/workers.properties JkLogFile /var/log/alfresco/mod_jk.log JkShmFile /var/log/alfresco/shm # Log level to be used by mod_jk JkLogLevel error /IfModule When i restart apache, i get: JkWorkerFile only allowed once and apache does not start until i comment out the jkworkerfile line in jk.conf. So my question is, does apache already have a jkworkerfile somewhere that i do not know about? I searched for workers.properties and see only 2, 1 is mine that i created and the other is in /usr/share/doc/packages/apache2-mod-jk. I do not have tomcat installed outside of the tomcat the webapp (which is alfresco) installed. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] JkWorkerFile (mod_jk)
On Thu, Mar 28, 2013 at 4:20 PM, Chris Arnold carn...@electrichendrix.com wrote: Apache2.12.x on SLES11 SP2. I am trying to get apache2 mod_jk working with apache to access a webapp. I have loaded the mod_jk module and configured a virtual host and workers.properties file like so: virtualhost: VirtualHost *:80 ServerName share.domain.com IfModule mod_jk.c # The following line makes apache aware of the location of # the /jsp-examples context Alias /share /opt/alfresco/tomcat/webapps/share Directory /opt/alfresco/tomcat/webapps Options Indexes FollowSymLinks allow from all /Directory # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 # The following line prohibits users from directly accessing WEB-INF Location /share/WEB-INF/ AllowOverride None deny from all /Location /IfModule /VirtualHost jk.conf: IfModule mod_jk.c JkWorkersFile /opt/alfresco/tomcat/workers.properties JkLogFile /var/log/alfresco/mod_jk.log JkShmFile /var/log/alfresco/shm # Log level to be used by mod_jk JkLogLevel error /IfModule When i restart apache, i get: JkWorkerFile only allowed once and apache does not start until i comment out the jkworkerfile line in jk.conf. So my question is, does apache already have a jkworkerfile somewhere that i do not know about? I searched for workers.properties and see only 2, 1 is mine that i created and the other is in /usr/share/doc/packages/apache2-mod-jk. I do not have tomcat installed outside of the tomcat the webapp (which is alfresco) installed. Are you including this config file multiple times? Perhaps once explicitly, and once as a glob include? Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] JkWorkerFile (mod_jk)
On Mar 28, 2013, at 12:26 PM, Tom Evans tevans...@googlemail.com wrote: Are you including this config file multiple times? Perhaps once explicitly, and once as a That I know of, this is the only time it is being called. With that said, in httpd.conf I have an include statement pointing to /etc/apache2/conf.d. Maybe jk.conf is placed in a place where it is automatically being read/loaded and my file reads/loads it also?
Re: [users@httpd] Mod_proxy: Authentication-Info header lost in response
On Thu, 28 Mar 2013 16:21:56 +0100 Nicolas Daniels nicolas.dani...@swing.be wrote: Hi, I finally solved the problem myself by modifying the source code of mod_proxy_http.c: Thanks! I started to compose a reply yesterday, then decided I should look at it first to determine whether it's a bug. I might end up applying your fix, if I don't forget about it first. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Followup to [Bug 50028] (LDAP authentication with encrypted passwords)
Hi - I've searched the archives and it looks like this was discussed back in 2010 with a WONTFIX. I just wanted to make sure this is still the case. Basically, using the mod_auth_ldap module, apart from using SSL (and associated overhead), is it still the case that there is no way to encrypt just the passing of username and password from the client (browser) back to the server? As others have pointed out, SSL is a fallback, but with associated overhead. Has this been fixed in later versions of Apache? Thanks, Ken - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] JkWorkerFile (mod_jk)
On Mar 28, 2013, at 12:26 PM, Tom Evans wrote:
Are you including this config file multiple times? Perhaps once
explicitly, and once as a
That I know of, this is the only time it is being called. With that said, in
httpd.conf I have an include statement pointing to /etc/apache2
/conf.d. Maybe jk.conf is placed in a place where it is automatically being
read/loaded and my file reads/loads it also?
Ok, i moved the jk.conf file to .opt/alfresco/tomcat/conf and now i do not get
the only allowed once described in a previous post.
However, now when accessing http://share.domain.com, the result is directories
and files are listed, the jsp files are not running. Here is my complete setup:
jk.conf-
# simple configuration for apache (for AJP connector, modul mod_jk.so)
IfModule mod_jk.c
JkWorkersFile /opt/alfresco/tomcat/workers.properties
JkLogFile /var/log/alfresco/mod_jk.log
JkShmFile /var/log/alfresco/shm
# Log level to be used by mod_jk
JkLogLevel error
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
/IfModule
virtualhost-
VirtualHost *:80
ServerName share.domain.com
#RewriteEngine On
#RewriteCond %{REQUEST_URI} !^/share/
#RewriteCond %{HTTPS} on
#RewriteRule ^/. http://share.paradixent.com/share/ [P]
#JkMount /share/* worker1
IfModule mod_jk.c
# The following line makes apache aware of the location of
# the /jsp-examples context
Alias /share /opt/alfresco/tomcat/webapps/share
Directory /opt/alfresco/tomcat/webapps/share
Options Indexes FollowSymLinks
allow from all
/Directory
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
# The following line prohibits users from directly accessing WEB-INF
Location /share/WEB-INF/
#AllowOverride None
deny from all
/Location
# if not specified, the global error log is used
ErrorLog /var/log/apache2domain.com-error_log
CustomLog /var/log/apache2/domain.com-access_log combined
/IfModule
/VirtualHost
httpd.conf-
# mod_jk
Include /opt/alfresco/tomcat/conf/jk.conf
Mod_jk is loaded:
web:~ # /usr/sbin/httpd2 -M
Loaded Modules:
...
jk_module (shared)
perl_module (shared)
php5_module (shared)
Syntax OK
Here is the log from apache:
[Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from
remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout specified
has expired: proxy: error reading status line from remote server
share.paradixent.com
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from
remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
Any ideas why the jsp's are being listed instead of running?
Re: [users@httpd] Followup to [Bug 50028] (LDAP authentication with encrypted passwords)
On Thu, Mar 28, 2013 at 5:33 PM, Ken Nishimura ken_nishim...@agilent.com wrote: Basically, using the mod_auth_ldap module, apart from using SSL (and associated overhead), is it still the case that there is no way to encrypt just the passing of username and password from the client (browser) back to the server? As others have pointed out, SSL is a fallback, but with associated overhead. Has this been fixed in later versions of Apache? mod_authnz_ldap requires HTTP Basic Authentication, which doesn't have any provision to encrypt the password separately from the rest of the connection. mod_authnz_ldap doesn't work with Digest authentication -- I don't think it can. What does your client support that would need a fixed mod_authnz_ldap? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Followup to [Bug 50028] (LDAP authentication with encrypted passwords)
Eric - I'm not exactly sure what your last question means. However, I think you answered my question. In short, the situation has not changed. If we want to ensure that the password is passed from the client (browser) to the server securely (to be further passed on to the LDAP server), we have to use SSL (https). The path from the http server to the LDAP server is secure using SSL (ldaps), but from the client to the server is unencrypted unless the entire thing is SSL'ed. I'm pretty new at this, but it appears that the act of popping up a dialog box asking for username/password cannot be encrypted separately from the http connection. Thanks, Ken On 03/28/2013 04:11 PM, Eric Covener wrote: On Thu, Mar 28, 2013 at 5:33 PM, Ken Nishimura ken_nishim...@agilent.com wrote: Basically, using the mod_auth_ldap module, apart from using SSL (and associated overhead), is it still the case that there is no way to encrypt just the passing of username and password from the client (browser) back to the server? As others have pointed out, SSL is a fallback, but with associated overhead. Has this been fixed in later versions of Apache? mod_authnz_ldap requires HTTP Basic Authentication, which doesn't have any provision to encrypt the password separately from the rest of the connection. mod_authnz_ldap doesn't work with Digest authentication -- I don't think it can. What does your client support that would need a fixed mod_authnz_ldap? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
