RE: [users@httpd] Mod_proxy_balancer question
Hello, Looks OK, however I’ve seen it defined like this: BalancerMember ajp://host1:8018 route=host1 BalancerMember ajp://host2:8018 route=host2 ProxyPass /foo balancer://cluster/foo Regards, Hristiyan From: Kartik Vashishta [mailto:kartik.u...@gmail.com] Sent: Monday, May 15, 2017 20:15 To: users@httpd.apache.org Subject: [users@httpd] Mod_proxy_balancer question Hi, We are using httpd 2.2 and wonder if a path to the application can be defined in the BalanceMember definition, so would this work: BalanceMember "http://192.168.1.50:/foo/bar"; route=node1
Re: [users@httpd] How to customize error responses (while using mod_rewrite)?
Just in case you are stuck, you can always use internal redirect to a CGI script (or PHP or whatever) and write whatever response you want with that script. It's kind of cheating but it should work. -- With Best Regards, Marat Khalili On May 15, 2017 5:46:52 PM GMT+03:00, Jens Schleusener wrote: >Hi, > >my general question is how I can generate customized error responses >while using the mod_rewrite module. Yes, I know the page > > https://httpd.apache.org/docs/2.4/custom-error.html > >but the ErrorDocument directive allows only to do some customization >per >status code optionally refined by context but I want to output >customized >error pages specifically for many different request conditions >determined >mainly by various RewriteCond directives. > >Here an actual special example: On a server running httpd 2.4 I want to > >disallow the HTTPS access using the TLSv1.0 protocol. To order do that >not >too "hard" but a little bit client-friendly TLSv1.0 accesses aren't yet > >really disabled but redirected for a limited period to an according >information page. Currently that is realized with the following >configuration > > RewriteCond %{SSL:SSL_PROTOCOL} ^TLSv1$ > RewriteRule (.*) /https_tlsv10.html [R=permanent,L] > >The big disadvantage of that solution is that it returns an obviously >incorrect HTTP response status code 301 ("Moved Permanently") but I >want >that the server returns an appropriate 4xx or 5xx status code (ok, I am >not >sure what would be an "appropriate" one). By the way, the current 301 >redirection let some bots (using still TLSv1.0) nevertheless access >that >information page many thousand times (but maybe they would that do also > >with a returned 4xx or 5xx response status code). > >Unfortunately for the RewriteRule directive for e.g. a Rewrite flag >R=4xx >instead of R=permanent isn't allowed (only 300-399, why?) so I had >considered the usage of the directive but didn't find a working >solution. > >So maybe the only working solution is the detour via an external CGI >program. > >Probably I have something overseen, so any ideas or comments? > >Jens > > >- >To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] A curious thing - apachectl status in Apache 2.4.25
Rick, That could be, except that if I just gave the stop command and it's "still" running it doesn't nearly concern me as much as getting an Elinks error and wondering if it's because it isn't running or whether there is some other issue. Besides, this It's DEAD/ALIVE message comes _ after _ the call to links to output status, so if there are still running processes from a graceful shutdown, the output just above it should make that clear. This does not replace the call to links, but is in addition to it. I could probably take out the "It's ALIVE" message and achieve my goals, but I've always been a fan of sci-fi and this just seemed too good to pass up. :) Jeff -Original Message- From: Houser, Rick [mailto:rick.hou...@jackson.com] Sent: Monday, May 15, 2017 1:54 PM To: users@httpd.apache.org Subject: RE: [users@httpd] A curious thing - apachectl status in Apache 2.4.25 > I just added a couple of lines of shell script following the links > command after the 'status' command line switch. It checks for the number of httpd processes, and if there are none, it echoes "It's DEAD, Jim!". Otherwise It echoes "It's ALIVE!!!". Isn't that just going to give bad results, though? For example, if you had issued apachectl stop, there would still be processes handling the graceful stop, but your script would say it's alive. Rick Houser Web Administration > -Original Message- > From: Jeff Cauhape [mailto:jpcauh...@nvdetr.org] > Sent: Monday, May 15, 2017 16:22 > To: users@httpd.apache.org > Subject: RE: [users@httpd] A curious thing - apachectl status in > Apache 2.4.25 > > EXTERNAL EMAIL > > > Eric, > > Yes, I went from 2.4.6 bundled with Red Hat to a plain source code build. > It didn't occur to me that it might be that simple. Thanks! :o > > Mgmt has decided that they want the ability to easily have multiple > versions of Apache on our servers and to be able to switch from one > build to another by having symbolic links that are generic that point > to the active directory. > Somewhat > like the way Java does. > > I just added a couple of lines of shell script following the links > command after the 'status' command line switch. It checks for the > number of httpd processes, and if there are none, it echoes "It's > DEAD, Jim!". Otherwise It echoes "It's ALIVE!!!". > > That seems pretty clear. > > Jeff > > -Original Message- > From: Eric Covener [mailto:cove...@gmail.com] > Sent: Monday, May 15, 2017 10:24 AM > To: users@httpd.apache.org > Subject: Re: [users@httpd] A curious thing - apachectl status in > Apache 2.4.25 > > On Mon, May 15, 2017 at 1:22 PM, Jeff Cauhape > wrote: > > In the Apache 2.4.6 shell script apachectl, a call to “apachectl status” > > > > invokes systemctl status httpd.service. This gives you easy-to-read > > > > output regardless if the server is running or not. > > Did you go from a vendor package to a source install? The former > probably just customized apachectl. > > > -- > Eric Covener > cove...@gmail.com > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org B CB [ X ܚX KK[XZ[ \ \ ][ X ܚX P \X K ܙ B ܈Y][ۘ[ [X[ K[XZ[ \ \ Z[ \X K ܙ B
RE: [users@httpd] A curious thing - apachectl status in Apache 2.4.25
> I just added a couple of lines of shell script following the links command > after the 'status' command line switch. It checks for the number of httpd processes, and if there are none, it echoes "It's DEAD, Jim!". Otherwise It echoes "It's ALIVE!!!". Isn't that just going to give bad results, though? For example, if you had issued apachectl stop, there would still be processes handling the graceful stop, but your script would say it's alive. Rick Houser Web Administration > -Original Message- > From: Jeff Cauhape [mailto:jpcauh...@nvdetr.org] > Sent: Monday, May 15, 2017 16:22 > To: users@httpd.apache.org > Subject: RE: [users@httpd] A curious thing - apachectl status in Apache 2.4.25 > > EXTERNAL EMAIL > > > Eric, > > Yes, I went from 2.4.6 bundled with Red Hat to a plain source code build. > It didn't occur to me that it might be that simple. Thanks! :o > > Mgmt has decided that they want the ability to easily have multiple versions > of Apache on our servers and to be able to switch from one build to another > by > having symbolic links that are generic that point to the active directory. > Somewhat > like the way Java does. > > I just added a couple of lines of shell script following the links command > after > the 'status' command line switch. It checks for the number of httpd > processes, > and if there are none, it echoes "It's DEAD, Jim!". Otherwise It echoes "It's > ALIVE!!!". > > That seems pretty clear. > > Jeff > > -Original Message- > From: Eric Covener [mailto:cove...@gmail.com] > Sent: Monday, May 15, 2017 10:24 AM > To: users@httpd.apache.org > Subject: Re: [users@httpd] A curious thing - apachectl status in Apache 2.4.25 > > On Mon, May 15, 2017 at 1:22 PM, Jeff Cauhape > wrote: > > In the Apache 2.4.6 shell script apachectl, a call to “apachectl status” > > > > invokes systemctl status httpd.service. This gives you easy-to-read > > > > output regardless if the server is running or not. > > Did you go from a vendor package to a source install? The former probably > just customized apachectl. > > > -- > Eric Covener > cove...@gmail.com > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] A curious thing - apachectl status in Apache 2.4.25
Eric, Yes, I went from 2.4.6 bundled with Red Hat to a plain source code build. It didn't occur to me that it might be that simple. Thanks! :o Mgmt has decided that they want the ability to easily have multiple versions of Apache on our servers and to be able to switch from one build to another by having symbolic links that are generic that point to the active directory. Somewhat like the way Java does. I just added a couple of lines of shell script following the links command after the 'status' command line switch. It checks for the number of httpd processes, and if there are none, it echoes "It's DEAD, Jim!". Otherwise It echoes "It's ALIVE!!!". That seems pretty clear. Jeff -Original Message- From: Eric Covener [mailto:cove...@gmail.com] Sent: Monday, May 15, 2017 10:24 AM To: users@httpd.apache.org Subject: Re: [users@httpd] A curious thing - apachectl status in Apache 2.4.25 On Mon, May 15, 2017 at 1:22 PM, Jeff Cauhape wrote: > In the Apache 2.4.6 shell script apachectl, a call to “apachectl status” > > invokes systemctl status httpd.service. This gives you easy-to-read > > output regardless if the server is running or not. Did you go from a vendor package to a source install? The former probably just customized apachectl. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: How to customize error responses (while using mod_rewrite)?
On Mon, 15 May 2017, Eric Covener wrote: On Mon, May 15, 2017 at 12:32 PM, Jens Schleusener wrote: Ok, in that case one could use the ErrorDocument directive (it works for me principally) but how can one can achieve that that directive is not used globally but only specific for the above case? The idea to set in the above RewriteRule additionally an environment variable for e.g. via a "E=tlsv10:1" flag and using ErrorDocument 412 /https_tlsv10.html seems not to work, the Apache httpd outputs the "412" standard error message. Re: the If misfiring, its because Thanks for the hint, I will try it. But Is it much better than a redirect or rewrite to some document that describes the problem but has a 200 status code? That is a great question that I cannot answer it (you had tried it indirectly). It becomes a little bit off-topic but an answer to this question would very important to me since I provide an FOSS offering server with more or less frequently changing releases so that the server tries to redirect normally failing accesses to URLs according to no longer available releases to "guessed" URLs of the corresponding current release. If the server does that transparently responding with a 200 status code a human client may get not really the resource he has requested although he may have the impression and additionally search engines may index resources that are not 100% related to the accessed URLs. Also a status code 301 would be in this sense wrong since it implies the same problem. So currently the server answers with a 404 ("Not Found") but with an informative error page containing links to the new resources. Probably appropriate for human users but bad for search engines that get a lot of error responses (probably not regarding the contents of the error page). I would be happy about a status code like 310 (a merge of 301 and 410) saying "Resource is no longer available but here is its successor" ;-) Regards Jens - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] A curious thing - apachectl status in Apache 2.4.25
On Mon, May 15, 2017 at 1:22 PM, Jeff Cauhape wrote: > In the Apache 2.4.6 shell script apachectl, a call to “apachectl status” > > invokes systemctl status httpd.service. This gives you easy-to-read > > output regardless if the server is running or not. Did you go from a vendor package to a source install? The former probably just customized apachectl. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] A curious thing - apachectl status in Apache 2.4.25
I recently built Apache 2.4.25 and am running it on RHEL 7.3. I've found something that seems a step backwards from 2.4.6 and I'm hoping someone can shed some light on it. In the Apache 2.4.6 shell script apachectl, a call to "apachectl status" invokes systemctl status httpd.service. This gives you easy-to-read output regardless if the server is running or not. In the Apache 2.4.25 version of apachectl, "apachectl status" instead calls links with the /server-status URL. When the server is up, you get a lot of info. When the server is down, you get a Elinks error, which is a little ambiguous, as there could be other reasons for links not working correctly. Doesn't this seem like a step backwards? Can someone explain the rationale for this? (Please note: I can fix this, but I'm curious as to why it was done this way) Thanks, Jeff Cauhape IT Professional III Department of Employment, Training and Rehabilitation Phone 1-775-684-3804 Email: jpcauh...@nvdetr.org
Re: [users@httpd] Re: How to customize error responses (while using mod_rewrite)?
On Mon, May 15, 2017 at 12:32 PM, Jens Schleusener wrote: > Ok, in that case one could use the ErrorDocument directive (it works for me > principally) but how can one can achieve that that directive is not used > globally but only specific for the above case? > > The idea to set in the above RewriteRule additionally an environment > variable for e.g. via a "E=tlsv10:1" flag and using > > > ErrorDocument 412 /https_tlsv10.html > > > seems not to work, the Apache httpd outputs the "412" standard error > message. Re: the If misfiring, its because
[users@httpd] Mod_proxy_balancer question
Hi, We are using httpd 2.2 and wonder if a path to the application can be defined in the BalanceMember definition, so would this work: BalanceMember "http://192.168.1.50:/foo/bar"; route=node1
[users@httpd] Re: How to customize error responses (while using mod_rewrite)?
On Mon, 15 May 2017, Eric Covener wrote: On Mon, May 15, 2017 at 10:46 AM, Jens Schleusener wrote: Unfortunately for the RewriteRule directive for e.g. a Rewrite flag R=4xx instead of R=permanent isn't allowed (only 300-399, why?) so I had considered the usage of the directive but didn't find a working solution. Other codes are allowed, but you can't do anything with the substitution in this case. The reason is that if you return any status code like this, it short-circuits the processing of the URL by the rest of the server, so nobody is around to convert the URL to a file and serve it. The manual says: Any valid HTTP response status code may be specified, using the syntax [R=305], with a 302 status code being used by default if none is specified. The status code specified need not necessarily be a redirect (3xx) status code. However, if a status code is outside the redirect range (300-399) then the substitution string is dropped entirely, and rewriting is stopped as if the L were used. Thanks for the clarification. But I am a little bit slow-witted and don't understand what "substitution string is dropped entirely" means. I assume not only the further rewriting rules are skipped but unfortunately also the output of the defined substitution page (/https_tlsv10.html) in RewriteCond %{SSL:SSL_PROTOCOL} ^TLSv1$ RewriteRule !^/https_tlsv10.html$ /https_tlsv10.html [R=412,L] (the 412 is here just a placeholder for a really correct response status code) and the Apache httpd outputs "only" the standard page for an 412 error? Ok, in that case one could use the ErrorDocument directive (it works for me principally) but how can one can achieve that that directive is not used globally but only specific for the above case? The idea to set in the above RewriteRule additionally an environment variable for e.g. via a "E=tlsv10:1" flag and using ErrorDocument 412 /https_tlsv10.html seems not to work, the Apache httpd outputs the "412" standard error message. Regards Jens - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Redirect all unconfigured sub-domains to specific sub-domain
You really only have one option at the moment and that is to pay for a wild card certificate which will do this {lets encrypt doesn't allow you yet} It will probably set you back something like 100$ a year o/w you will need to set your redirects up from xxx. to https:// individually and have a catch all that redirects the rest of the http request to a single https domain... On 2017-05-15 05:03 PM, Torge Riedel wrote: Hi, I'm using Apache 2.2 and currently have the following configuration files: 00-default-> redirect non-https-URLs to https-URLs 00-default-ssl -> default configuration for https://mydomain.de and https://www.mydomain.de Then several files 20-sub.mydomain.de-> configuration for https://sub.mydomain.de So what I want to do is if a user browses to my domain with an unconfigured sub domain, he is redirected to lets say https://www.mydomain.de Reason: Currently he gets a certificate error, cause cert (letsencrypt) is only valid https://mydomain.de and https://www.mydomain.de Any hints? Thanks in advance Torge - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Redirect all unconfigured sub-domains to specific sub-domain
Hi, I'm using Apache 2.2 and currently have the following configuration files: 00-default-> redirect non-https-URLs to https-URLs 00-default-ssl -> default configuration for https://mydomain.de and https://www.mydomain.de Then several files 20-sub.mydomain.de-> configuration for https://sub.mydomain.de So what I want to do is if a user browses to my domain with an unconfigured sub domain, he is redirected to lets say https://www.mydomain.de Reason: Currently he gets a certificate error, cause cert (letsencrypt) is only valid https://mydomain.de and https://www.mydomain.de Any hints? Thanks in advance Torge - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy and 404
> On 15 May 2017, at 11:13 AM, Eric Covener wrote: > > On Mon, May 15, 2017 at 11:06 AM, Felipe Gasper > wrote: >>I’m noticing that mod_proxy sends its entire payload upstream without >> checking for an early response (e.g., 308 or 404). If upstream sends such a >> response then closes the connection, mod_proxy never sees it and reports a >> 502 back. >> >>Browsers don’t behave this way; they see the response and forward it >> as expected. Is this a bug in mod_proxy? > > It sounds like a behavior that could be improved. The backend could > also consume the body before sending the response or tearing down the > connection. Yeah, that may be our workaround for now, but when the client sends a large upload (e.g., attachments in webmail apps) it seems wasteful to make them wait for an upload whose result can be known right away. Safari, Firefox, and Chrome all seem to handle this gracefully. Edge/IE is inconsistent: on the first submission it errors (“This page can’t be displayed”), but a reload of the POST shows a 404 as expected. -FG - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] How to proxy web server?
Hello, Apache 2.4 on Debian Testing, mpm_itk I have the Discourse web forum running in a docker container. The container's webserver is bount to localhost:2080. The forum should be reachable at either forum.csc-stuttgart.org or csc-stuttgart.org/forum. Possibility A: ServerName forum.csc-stuttgart.org AssignUserID csc-stuttgart csc-stuttgart ProxyPreserveHost On ProxyPass"/" "http://localhost:2080/"; ProxyPassReverse "/" "http://localhost:2080/"; DocumentRoot /home/csc-stuttgart/csc-stuttgart.org/pub [...] That works fine, beside on little problem. I want to use Let's Encrypt SSL certificates on that which require a path forum.csc-stuttgart.org/.well-known to be writable from the file system. How can I take just one path out of the Proxy? Wrap the ProxyPass/Reverse in a with a PCRE that match everything except .well-known? Haven't tested it yet. Any better solution? Possibility B: ServerName csc-stuttgart.org ServerAlias *.csc-stuttgart.org AssignUserID csc-stuttgart csc-stuttgart DocumentRoot /home/csc-stuttgart/csc-stuttgart.org/pub [...] LogLevel debug ProxyPass http://localhost:2080/ ProxyPassReverse http://localhost:2080/ Seems to not trigger on csc-stuttgart.org/forum, tried and and . ProxyPass "/forum" http://localhost:2080/ ProxyPassReverse "/forum" http://localhost:2080/ Seems to do the trick, but the Reverse does not seem to work. Error Log says [proxy:debug] mod_proxy.c(1228): [client 129.69.213.139:55350] AH01143: Running scheme http handler (attempt 0) [proxy:debug] proxy_util.c(2156): AH00942: HTTP: has acquired connection for (localhost) [proxy:debug] proxy_util.c(2209): [client 129.69.213.139:55350] AH00944: connecting http://localhost:2080/ to localhost:2080 [proxy:debug] proxy_util.c(2418): [client 129.69.213.139:55350] AH00947: connected / to localhost:2080 [proxy:debug] proxy_util.c(2884): AH02824: HTTP: connection established with [::1]:2080 (localhost) [proxy:debug] proxy_util.c(3051): AH00962: HTTP: connection complete to [::1]:2080 (localhost) [proxy:debug] proxy_util.c(2171): AH00943: http: has released connection for (localhost) [core:info][ client 129.69.213.139:55350] AH00128: File does not exist: /home/csc-stuttgart/csc-stuttgart.org/pub/login The webserver hat localhost:2080 redirected to /login/ which does not seem to rewritten by ProxyPassReverse to forum/login accordingly. Thanks for any ideas! Florian - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy and 404
On Mon, May 15, 2017 at 11:06 AM, Felipe Gasper wrote: > I’m noticing that mod_proxy sends its entire payload upstream without > checking for an early response (e.g., 308 or 404). If upstream sends such a > response then closes the connection, mod_proxy never sees it and reports a > 502 back. > > Browsers don’t behave this way; they see the response and forward it > as expected. Is this a bug in mod_proxy? It sounds like a behavior that could be improved. The backend could also consume the body before sending the response or tearing down the connection. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] mod_proxy and 404
Hello, I’m noticing that mod_proxy sends its entire payload upstream without checking for an early response (e.g., 308 or 404). If upstream sends such a response then closes the connection, mod_proxy never sees it and reports a 502 back. Browsers don’t behave this way; they see the response and forward it as expected. Is this a bug in mod_proxy? -Felipe Gasper Mississauga, ON - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to customize error responses (while using mod_rewrite)?
On Mon, May 15, 2017 at 10:46 AM, Jens Schleusener wrote: > Unfortunately for the RewriteRule directive for e.g. a Rewrite flag R=4xx > instead of R=permanent isn't allowed (only 300-399, why?) so I had > considered the usage of the directive but didn't find a working > solution. Other codes are allowed, but you can't do anything with the substitution in this case. The reason is that if you return any status code like this, it short-circuits the processing of the URL by the rest of the server, so nobody is around to convert the URL to a file and serve it. The manual says: Any valid HTTP response status code may be specified, using the syntax [R=305], with a 302 status code being used by default if none is specified. The status code specified need not necessarily be a redirect (3xx) status code. However, if a status code is outside the redirect range (300-399) then the substitution string is dropped entirely, and rewriting is stopped as if the L were used. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] How to customize error responses (while using mod_rewrite)?
Hi, my general question is how I can generate customized error responses while using the mod_rewrite module. Yes, I know the page https://httpd.apache.org/docs/2.4/custom-error.html but the ErrorDocument directive allows only to do some customization per status code optionally refined by context but I want to output customized error pages specifically for many different request conditions determined mainly by various RewriteCond directives. Here an actual special example: On a server running httpd 2.4 I want to disallow the HTTPS access using the TLSv1.0 protocol. To order do that not too "hard" but a little bit client-friendly TLSv1.0 accesses aren't yet really disabled but redirected for a limited period to an according information page. Currently that is realized with the following configuration RewriteCond %{SSL:SSL_PROTOCOL} ^TLSv1$ RewriteRule (.*) /https_tlsv10.html [R=permanent,L] The big disadvantage of that solution is that it returns an obviously incorrect HTTP response status code 301 ("Moved Permanently") but I want that the server returns an appropriate 4xx or 5xx status code (ok, I am not sure what would be an "appropriate" one). By the way, the current 301 redirection let some bots (using still TLSv1.0) nevertheless access that information page many thousand times (but maybe they would that do also with a returned 4xx or 5xx response status code). Unfortunately for the RewriteRule directive for e.g. a Rewrite flag R=4xx instead of R=permanent isn't allowed (only 300-399, why?) so I had considered the usage of the directive but didn't find a working solution. So maybe the only working solution is the detour via an external CGI program. Probably I have something overseen, so any ideas or comments? Jens - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Getting PHP-FPM working
Hi Christian: I just noticed that you put "" around the parameters to ProxyPassMatch. I tried that and no change in the results. John On Monday 15 May 2017 05:21:59 Christian Hettler wrote: > Hello John, > > the manual (mod_proxy_fcgi.html) states: > > "The request URL is implicitly added to the 2nd parameter." > > (Did|Can) you try > > ProxyPassMatch "^/.*\.php(/.*)?$" "fcgi://127.0.0.1:9015/httpd/iliffe/" > > instead of > > > # ProxyPassMatch ^/(.*\.php(/.*)?)$ > > fcgi://127.0.0.1:9015/httpd/iliffe/$1 > > regards, > > Christian > > On Sat, May 13, 2017 at 03:43:08PM -0400, John Iliffe wrote: > > I'm not sure is this is the correct list to post these questions to, > > since I now have things isolated to a single module in PHP-FPM, so > > please redirect me if necessary. This is a continuation of the > > problems I was having (on this list) installing a new server last > > month. > > > > - > > Summary: PHP-FPM will not execute any scripts; it is set up according > > to the PHP-FPM Wiki documentation so far as I can see. > > - > > > > O/S Fedora 25, Apache 2.4.25 compiled from source, PHP 7.1.3 compiled > > from source. > > > > I did a clean install of PHP-7.1.3 for testing, PHP-FPM is running > > under its own user/group phpfpm. Set up as listen on 127.0.0.1:9015 > > in pool www. Document root in www.conf is /httpd/iliffe which has > > been set to world readable, SELinux is set to permissive so it isn't > > in the equation. Log level on PHP is debug. All available log info > > is at the end of this memo. > > > > It seems obvious to me that the proxy_fcgi module is worked as > > expected and that the problem is somewhere in PHP-FPM. > > > > mod_php was tried as a check on the installation and works OK when > > enabled. > > > > I am using the minimalist proxy configuration in Apache, (the target > > PHP script is hard coded to avoid regex errors) and the target PHP > > script file is being reported correctly by both Apache and PHP-FPM. > > I checked by su as the phpfpm user and I can read this file, no > > problems at all. > > > > The problem has been traced to fpm_main.c, specifically the following: > > > > - > > if (UNEXPECTED(php_fopen_primary_script(&file_handle) == FAILURE)) { > > > > zend_try { > > > > zlog(ZLOG_ERROR, "Unable to open primary script: %s > > (%s)", > > primary_script, strerror(errno)); if (errno == EACCES) { > > > > SG(sapi_headers).http_response_code = 403; > > PUTS("Access denied.\n"); > > > > } else { > > > > SG(sapi_headers).http_response_code = 404; > > PUTS("No input file specified.\n"); > > > > > > > > Changing the script path in httpd.conf leads to a browser File Not > > Found error as would be expected. The document root in httpd.conf > > and in www.conf (PHP pool conf file for this pool) are the same. > > > > In Apache, the minimum is set in httpd.conf: > > > > # Default host (www.iliffe.ca) > > # This one picks up all IP based hacker garbage too > > > > > >ServerName www.iliffe.ca > >DocumentRoot /httpd/iliffe > >Options FollowSymLinks > >H2Direct on > > > > # ProxyPassMatch ^/(.*\.php(/.*)?)$ > > fcgi://127.0.0.1:9015/httpd/iliffe/$1 > > > > ProxyPassMatch ^/info$ > > fcgi://127.0.0.1:9015/httpd/iliffe/i_phpinfo.php > > > > As far as I can see, all necessary Apache modules are loaded: > > > > # /usr/apache-2.4.25/bin/httpd -M > > > > Loaded Modules: > > core_module (static) > > so_module (static) > > http_module (static) > > > > big list of modules skipped here > > > > proxy_module (shared) > > proxy_connect_module (shared) > > proxy_http_module (shared) > > proxy_fcgi_module (shared) > > ssl_module (shared) > > unixd_module (shared) > > http2_module (shared) > > status_module (shared) > > > > **more modules skipped here > > > > I'm completely stuck here and any ideas or assistance would be > > appreciated. > > > > Regards, > > > > John > > > > All following errors from one screen access: > > - > > PHP-FPM log: > > [13-May-2017 14:40:33.423449] DEBUG: pid 16444, > > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] > > currently 0 active children, 2 spare children, 2 running children. > > Spawning rate 1 [13-May-2017 14:40:34.265891] WARNING: pid 16444, > > fpm_stdio_child_said(), line 197: [pool www] child 16445 said into > > stderr: "ERROR: main(), line 1947: Unable to open primary script: > > /httpd/iliffe/i_phpinfo.php (No such file or directory)" > > [13-May-2017 14:40:34.265952] DEBUG: pid 16444, fpm_event_loop(), line > > 419: event module tri
Re: [users@httpd] Getting PHP-FPM working
Thank you for your suggestion Christian. Same result. (there are no passed parameters to the script being invoked). httpd.conf: ProxyPassMatch ^/.*\.php(/.*)?$ fcgi://127.0.0.1:9015/httpd/iliffe/ Browser: No input file specified. Apache error log: [Mon May 15 10:12:26.832070 2017] [proxy_fcgi:error] [pid 10030:tid 139886816392960] [client 206.248.138.118:50926] AH01071: Got error 'Unable to open primary script: /httpd/iliffe//i_phpinfo.php (No such file or directory)\n' php-fpm error log: [15-May-2017 10:12:26] WARNING: [pool www] child 7551 said into stderr: "ERROR: Unable to open primary script: /httpd/iliffe//i_phpinfo.php (No such file or directory)" Regards, John === On Monday 15 May 2017 05:21:59 Christian Hettler wrote: > Hello John, > > the manual (mod_proxy_fcgi.html) states: > > "The request URL is implicitly added to the 2nd parameter." > > (Did|Can) you try > > ProxyPassMatch "^/.*\.php(/.*)?$" "fcgi://127.0.0.1:9015/httpd/iliffe/" > > instead of > > > # ProxyPassMatch ^/(.*\.php(/.*)?)$ > > fcgi://127.0.0.1:9015/httpd/iliffe/$1 > > regards, > > Christian > > On Sat, May 13, 2017 at 03:43:08PM -0400, John Iliffe wrote: > > I'm not sure is this is the correct list to post these questions to, > > since I now have things isolated to a single module in PHP-FPM, so > > please redirect me if necessary. This is a continuation of the > > problems I was having (on this list) installing a new server last > > month. > > > > - > > Summary: PHP-FPM will not execute any scripts; it is set up according > > to the PHP-FPM Wiki documentation so far as I can see. > > - > > > > O/S Fedora 25, Apache 2.4.25 compiled from source, PHP 7.1.3 compiled > > from source. > > > > I did a clean install of PHP-7.1.3 for testing, PHP-FPM is running > > under its own user/group phpfpm. Set up as listen on 127.0.0.1:9015 > > in pool www. Document root in www.conf is /httpd/iliffe which has > > been set to world readable, SELinux is set to permissive so it isn't > > in the equation. Log level on PHP is debug. All available log info > > is at the end of this memo. > > > > It seems obvious to me that the proxy_fcgi module is worked as > > expected and that the problem is somewhere in PHP-FPM. > > > > mod_php was tried as a check on the installation and works OK when > > enabled. > > > > I am using the minimalist proxy configuration in Apache, (the target > > PHP script is hard coded to avoid regex errors) and the target PHP > > script file is being reported correctly by both Apache and PHP-FPM. > > I checked by su as the phpfpm user and I can read this file, no > > problems at all. > > > > The problem has been traced to fpm_main.c, specifically the following: > > > > - > > if (UNEXPECTED(php_fopen_primary_script(&file_handle) == FAILURE)) { > > > > zend_try { > > > > zlog(ZLOG_ERROR, "Unable to open primary script: %s > > (%s)", > > primary_script, strerror(errno)); if (errno == EACCES) { > > > > SG(sapi_headers).http_response_code = 403; > > PUTS("Access denied.\n"); > > > > } else { > > > > SG(sapi_headers).http_response_code = 404; > > PUTS("No input file specified.\n"); > > > > > > > > Changing the script path in httpd.conf leads to a browser File Not > > Found error as would be expected. The document root in httpd.conf > > and in www.conf (PHP pool conf file for this pool) are the same. > > > > In Apache, the minimum is set in httpd.conf: > > > > # Default host (www.iliffe.ca) > > # This one picks up all IP based hacker garbage too > > > > > >ServerName www.iliffe.ca > >DocumentRoot /httpd/iliffe > >Options FollowSymLinks > >H2Direct on > > > > # ProxyPassMatch ^/(.*\.php(/.*)?)$ > > fcgi://127.0.0.1:9015/httpd/iliffe/$1 > > > > ProxyPassMatch ^/info$ > > fcgi://127.0.0.1:9015/httpd/iliffe/i_phpinfo.php > > > > As far as I can see, all necessary Apache modules are loaded: > > > > # /usr/apache-2.4.25/bin/httpd -M > > > > Loaded Modules: > > core_module (static) > > so_module (static) > > http_module (static) > > > > big list of modules skipped here > > > > proxy_module (shared) > > proxy_connect_module (shared) > > proxy_http_module (shared) > > proxy_fcgi_module (shared) > > ssl_module (shared) > > unixd_module (shared) > > http2_module (shared) > > status_module (shared) > > > > **more modules skipped here > > > > I'm completely stuck here and any ideas or assistance would be > > appreciated. > > > > Regards, > > > > John > > > > All following errors from one screen access: > >
Re: [users@httpd] Getting PHP-FPM working
Hello John, the manual (mod_proxy_fcgi.html) states: "The request URL is implicitly added to the 2nd parameter." (Did|Can) you try ProxyPassMatch "^/.*\.php(/.*)?$" "fcgi://127.0.0.1:9015/httpd/iliffe/" instead of > # ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9015/httpd/iliffe/$1 regards, Christian On Sat, May 13, 2017 at 03:43:08PM -0400, John Iliffe wrote: > I'm not sure is this is the correct list to post these questions to, since > I now have things isolated to a single module in PHP-FPM, so please > redirect me if necessary. This is a continuation of the problems I was > having (on this list) installing a new server last month. > > - > Summary: PHP-FPM will not execute any scripts; it is set up according to > the PHP-FPM Wiki documentation so far as I can see. > - > > O/S Fedora 25, Apache 2.4.25 compiled from source, PHP 7.1.3 compiled from > source. > > I did a clean install of PHP-7.1.3 for testing, PHP-FPM is running under > its own user/group phpfpm. Set up as listen on 127.0.0.1:9015 in pool > www. Document root in www.conf is /httpd/iliffe which has been set to world > readable, SELinux is set to permissive so it isn't in the equation. Log > level on PHP is debug. All available log info is at the end of this memo. > > It seems obvious to me that the proxy_fcgi module is worked as expected and > that the problem is somewhere in PHP-FPM. > > mod_php was tried as a check on the installation and works OK when enabled. > > I am using the minimalist proxy configuration in Apache, (the target PHP > script is hard coded to avoid regex errors) and the target PHP script file > is being reported correctly by both Apache and PHP-FPM. I checked by su as > the phpfpm user and I can read this file, no problems at all. > > The problem has been traced to fpm_main.c, specifically the following: > > - > if (UNEXPECTED(php_fopen_primary_script(&file_handle) == FAILURE)) { > zend_try { > zlog(ZLOG_ERROR, "Unable to open primary script: %s > (%s)", primary_script, strerror(errno)); > if (errno == EACCES) { > SG(sapi_headers).http_response_code = 403; > PUTS("Access denied.\n"); > } else { > SG(sapi_headers).http_response_code = 404; > PUTS("No input file specified.\n"); > > > Changing the script path in httpd.conf leads to a browser File Not Found > error as would be expected. The document root in httpd.conf and in > www.conf (PHP pool conf file for this pool) are the same. > > In Apache, the minimum is set in httpd.conf: > > # Default host (www.iliffe.ca) > # This one picks up all IP based hacker garbage too > >ServerName www.iliffe.ca >DocumentRoot /httpd/iliffe >Options FollowSymLinks >H2Direct on > > # ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9015/httpd/iliffe/$1 > ProxyPassMatch ^/info$ fcgi://127.0.0.1:9015/httpd/iliffe/i_phpinfo.php > > As far as I can see, all necessary Apache modules are loaded: > > # /usr/apache-2.4.25/bin/httpd -M > Loaded Modules: > core_module (static) > so_module (static) > http_module (static) > > big list of modules skipped here > proxy_module (shared) > proxy_connect_module (shared) > proxy_http_module (shared) > proxy_fcgi_module (shared) > ssl_module (shared) > unixd_module (shared) > http2_module (shared) > status_module (shared) > > **more modules skipped here > > I'm completely stuck here and any ideas or assistance would be appreciated. > > Regards, > > John > > All following errors from one screen access: > - > PHP-FPM log: > [13-May-2017 14:40:33.423449] DEBUG: pid 16444, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently > 0 active children, 2 spare children, 2 running children. Spawning rate 1 > [13-May-2017 14:40:34.265891] WARNING: pid 16444, fpm_stdio_child_said(), > line 197: [pool www] child 16445 said into stderr: "ERROR: main(), line > 1947: Unable to open primary script: /httpd/iliffe/i_phpinfo.php (No such > file or directory)" > [13-May-2017 14:40:34.265952] DEBUG: pid 16444, fpm_event_loop(), line 419: > event module triggered 1 events > [13-May-2017 14:40:34.424195] DEBUG: pid 16444, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently > 0 active children, 2 spare children, 2 running children. Spawning rate 1 > > > Apache Access Log: > 206.248.138.118 - - [13/May/2017:14:40:34 -0400] "GET /info HTTP/1.1" 404 > 25 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 > Firefox/45.0" > -- > > Apache Error Log: > [Sat May 13 14:40:34.266066 2017] [proxy_fcgi:error] [pid 16122:tid > 14052575985433