Re: [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread alchemist vk 
Thanks *Jon *for openssl command confirmation.
*@ylavik*,
 Its linux OS and openssl version is 1.1.1k-fips. I not yet explored
with SSLRandomSeed changes.
 Yes, we upgraded openssl few months back to 1.1.1k, but we are seeing
this httpd hangs issue from last month.

*@otis Dewitt*, Since its production code in systems, I cant install
haveged and try it out.


On Thu, Sep 23, 2021 at 4:57 AM Otis Dewitt - NOAA Affiliate
 wrote:

>
> I don't think "insufficient entropy" has anything to do with Apache, but
> you could try installing "haveged" rpm.
> That may solve your problem.
>
> On Wed, Sep 22, 2021 at 2:11 PM alchemist vk 
> wrote:
>
>> Hi All,
>>  We are using httpd version 2.4.46 and its working fine for a long time.
>> But recently, we started seeing an issue where apache hangs indefinitely
>> even when the system is in idle state.
>> And when apache hangs, I see below entries in error_log:
>> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
>> AH01990: Server: PRNG still contains insufficient entropy!
>> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
>> AH01990: Server: PRNG still contains insufficient entropy!
>> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
>> AH01990: Server: PRNG still contains insufficient entropy!
>> ...
>> 
>> 
>>
>> I am pretty sure, we not changed anything related to httpd config for
>> quite a time time and have no idea, why this issue started getting
>> manifested now.
>> Please help me how to RC this and what logs can be looked to debug
>> further?
>>
>> PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS
>> disabled systems, occurrence is less.
>>
>> With Regards
>> Venkat
>>
>>
>>
>>
>>

Re: [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread Otis Dewitt - NOAA Affiliate 
I don't think "insufficient entropy" has anything to do with Apache, but
you could try installing "haveged" rpm.
That may solve your problem.

On Wed, Sep 22, 2021 at 2:11 PM alchemist vk  wrote:

> Hi All,
>  We are using httpd version 2.4.46 and its working fine for a long time.
> But recently, we started seeing an issue where apache hangs indefinitely
> even when the system is in idle state.
> And when apache hangs, I see below entries in error_log:
> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
> AH01990: Server: PRNG still contains insufficient entropy!
> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
> AH01990: Server: PRNG still contains insufficient entropy!
> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
> AH01990: Server: PRNG still contains insufficient entropy!
> ...
> 
> 
>
> I am pretty sure, we not changed anything related to httpd config for
> quite a time time and have no idea, why this issue started getting
> manifested now.
> Please help me how to RC this and what logs can be looked to debug further?
>
> PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS
> disabled systems, occurrence is less.
>
> With Regards
> Venkat
>
>
>
>
>

Re: [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread Yann Ylavic 
On Wed, Sep 22, 2021 at 8:12 PM alchemist vk  wrote:
>
> I am pretty sure, we not changed anything related to httpd config for quite a 
> time time and have no idea, why this issue started getting manifested now.

Which operating system and openssl version are you using? Did you
upgrade openssl recently?
What are your SSLRandomSeed settings?


Regards;
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] RE: [EXTERNAL] [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread Orendt, John 
The output is random bytes in hex.

It looks good.

Sometimes this fails if openssl is unable to write to a temp file

John Orendt
john.p.ore...@medtronic.com

From: alchemist vk 
Sent: Wednesday, September 22, 2021 2:26 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] RE: [EXTERNAL] [users@httpd] Httpd is hanging 
intermittently

Thanks John for quick response.
But can you let me know, what should be o/p of this command?
I tried on 2 systems and see below output.

/home/root# openssl rand  -hex  8
d2749a6620672899
/home/root#
/home/root# openssl rand  -hex  8
d74e404a57e57ae9
/home/root#

Right now, I dont have failed system in handy and so dont know, what should be 
the output of above command?


On Wed, Sep 22, 2021 at 11:46 PM Orendt, John 
mailto:john.p.ore...@medtronic.com.invalid>>
 wrote:
Hi

This may be related to an openssl problem
try

openssl rand  -hex  8

John Orendt
john.p.ore...@medtronic.com

From: alchemist vk mailto:alchemist...@gmail.com>>
Sent: Wednesday, September 22, 2021 2:09 PM
To: users@httpd.apache.org
Subject: [EXTERNAL] [users@httpd] Httpd is hanging intermittently

Hi All,
 We are using httpd version 2.4.46 and its working fine for a long time. But 
recently, we started seeing an issue where apache hangs indefinitely even when 
the system is in idle state.
And when apache hangs, I see below entries in error_log:
[Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888] AH01990: 
Server: PRNG still contains insufficient entropy!
[Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856] AH01990: 
Server: PRNG still contains insufficient entropy!
[Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856] AH01990: 
Server: PRNG still contains insufficient entropy!
...



I am pretty sure, we not changed anything related to httpd config for quite a 
time time and have no idea, why this issue started getting manifested now.
Please help me how to RC this and what logs can be looked to debug further?

PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS 
disabled systems, occurrence is less.

With Regards
Venkat




[CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is 
proprietary to Medtronic and is intended for use only by the individual or 
entity to which it is addressed, and may contain information that is private, 
privileged, confidential or exempt from disclosure under applicable law. If you 
are not the intended recipient or it appears that this mail has been forwarded 
to you without proper authority, you are notified that any use or dissemination 
of this information in any manner is strictly prohibited. In such cases, please 
delete this mail from your records. To view this notice in other languages you 
can either select the following link or manually copy and paste the link into 
the address bar of a web browser: http://emaildisclaimer.medtronic.com

Re: [users@httpd] RE: [EXTERNAL] [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread alchemist vk 
Thanks John for quick response.
But can you let me know, what should be o/p of this command?
I tried on 2 systems and see below output.

/home/root# openssl rand  -hex  8
d2749a6620672899
/home/root#
/home/root# openssl rand  -hex  8
d74e404a57e57ae9
/home/root#

Right now, I dont have failed system in handy and so dont know, what should
be the output of above command?


On Wed, Sep 22, 2021 at 11:46 PM Orendt, John
 wrote:

> Hi
>
>
>
> This may be related to an openssl problem
>
> try
>
>
>
> openssl rand  -hex  8
>
>
>
> John Orendt
>
> john.p.ore...@medtronic.com
>
>
>
> *From:* alchemist vk 
> *Sent:* Wednesday, September 22, 2021 2:09 PM
> *To:* users@httpd.apache.org
> *Subject:* [EXTERNAL] [users@httpd] Httpd is hanging intermittently
>
>
>
> Hi All,
>
>  We are using httpd version 2.4.46 and its working fine for a long time.
> But recently, we started seeing an issue where apache hangs indefinitely
> even when the system is in idle state.
>
> And when apache hangs, I see below entries in error_log:
>
> [Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
> AH01990: Server: PRNG still contains insufficient entropy!
>
> [Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
> AH01990: Server: PRNG still contains insufficient entropy!
>
> [Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
> AH01990: Server: PRNG still contains insufficient entropy!
>
> ...
>
> 
>
> 
>
>
>
> I am pretty sure, we not changed anything related to httpd config for
> quite a time time and have no idea, why this issue started getting
> manifested now.
>
> Please help me how to RC this and what logs can be looked to debug further?
>
>
>
> PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS
> disabled systems, occurrence is less.
>
>
>
> With Regards
>
> Venkat
>
>
>
>
>
>
>
>
> [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email
> is proprietary to Medtronic and is intended for use only by the individual
> or entity to which it is addressed, and may contain information that is
> private, privileged, confidential or exempt from disclosure under
> applicable law. If you are not the intended recipient or it appears that
> this mail has been forwarded to you without proper authority, you are
> notified that any use or dissemination of this information in any manner is
> strictly prohibited. In such cases, please delete this mail from your
> records. To view this notice in other languages you can either select the
> following link or manually copy and paste the link into the address bar of
> a web browser: http://emaildisclaimer.medtronic.com
>

[users@httpd] RE: [EXTERNAL] [users@httpd] Httpd is hanging intermittently

2021-09-22 Thread Orendt, John 
Hi

This may be related to an openssl problem
try

openssl rand  -hex  8

John Orendt
john.p.ore...@medtronic.com

From: alchemist vk 
Sent: Wednesday, September 22, 2021 2:09 PM
To: users@httpd.apache.org
Subject: [EXTERNAL] [users@httpd] Httpd is hanging intermittently

Hi All,
 We are using httpd version 2.4.46 and its working fine for a long time. But 
recently, we started seeing an issue where apache hangs indefinitely even when 
the system is in idle state.
And when apache hangs, I see below entries in error_log:
[Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888] AH01990: 
Server: PRNG still contains insufficient entropy!
[Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856] AH01990: 
Server: PRNG still contains insufficient entropy!
[Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856] AH01990: 
Server: PRNG still contains insufficient entropy!
...



I am pretty sure, we not changed anything related to httpd config for quite a 
time time and have no idea, why this issue started getting manifested now.
Please help me how to RC this and what logs can be looked to debug further?

PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS 
disabled systems, occurrence is less.

With Regards
Venkat




[CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is 
proprietary to Medtronic and is intended for use only by the individual or 
entity to which it is addressed, and may contain information that is private, 
privileged, confidential or exempt from disclosure under applicable law. If you 
are not the intended recipient or it appears that this mail has been forwarded 
to you without proper authority, you are notified that any use or dissemination 
of this information in any manner is strictly prohibited. In such cases, please 
delete this mail from your records. To view this notice in other languages you 
can either select the following link or manually copy and paste the link into 
the address bar of a web browser: http://emaildisclaimer.medtronic.com

[users@httpd] Httpd is hanging intermittently

2021-09-22 Thread alchemist vk 
Hi All,
 We are using httpd version 2.4.46 and its working fine for a long time.
But recently, we started seeing an issue where apache hangs indefinitely
even when the system is in idle state.
And when apache hangs, I see below entries in error_log:
[Tue Sep 21 22:05:53.243013 2021] [ssl:warn] [pid 5769:tid 2644435888]
AH01990: Server: PRNG still contains insufficient entropy!
[Tue Sep 21 22:05:54.501476 2021] [ssl:warn] [pid 5769:tid 2787111856]
AH01990: Server: PRNG still contains insufficient entropy!
[Tue Sep 21 22:05:54.502449 2021] [ssl:warn] [pid 5769:tid 2787111856]
AH01990: Server: PRNG still contains insufficient entropy!
...



I am pretty sure, we not changed anything related to httpd config for quite
a time time and have no idea, why this issue started getting manifested now.
Please help me how to RC this and what logs can be looked to debug further?

PS: Occurence of issue is more in systems where FIPS is enabled. In FIPS
disabled systems, occurrence is less.

With Regards
Venkat

RE: [users@httpd] Question about installing 2.4.48 in a non-standard location.

2021-09-22 Thread Jeff Cauhape 
THANK YOU.

That pegged it. Now I'm on to run-of-the-mill problems.

Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
Nevada Department of Employment, Training and Rehabilitation
(775) 224-6836 (cell) jpcauh...@detr.nv.gov

-Original Message-
From: Eric Covener  
Sent: Tuesday, September 21, 2021 4:58 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Question about installing 2.4.48 in a non-standard 
location.

On Tue, Sep 21, 2021 at 2:29 PM Jeff Cauhape  wrote:
>
> Folks,
>
>
>
> When I built 2.4.48 from source, I built it in /apps/apache_2.4.48 
> directory. However, because of the way
>
> our servers are managed, I need to install this as /apps/apache_2.4.48_int 
> and /apps/apache_2.4.48_ext.
>
> When I have done this for earlier versions of Apache, I just edited 
> the path names in apachectl, envvars,
>
> envvars_std, and in httpd.conf.
>
>
>
> This doesn’t seem to be adequate anymore.
>
>
>
> I have also changed pathnames in apxs, apu-1-config and apr-1-config, 
> but am still getting an error
>
> message when I run “apachectl configtest”
>
>
>
> [root@appwebdev1ie bin]# ./apachectl configtest
>
> httpd: Could not open configuration file 
> /apps/apache_2.4.48/conf/httpd.conf: No such file or directory

Maybe you need to append a "-d /apps/apache_2.4.48_int" to the line beginning 
with HTTPD= in apachectl?

The default ServerRoot is compiled in, and overriding it in httpd.conf is too 
late.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Proxy reporting AH00898: Error reading from remote server [EXTERNAL]

2021-09-22 Thread Israel Timoteo 
Hi Shawn,

Thanks for the recommendations, I’ll be testing them.


Israel Timoteo

> On Sep 21, 2021, at 3:15 PM, Beard, Shawn  
> wrote:
> 
> 2 things you can do. :
> On the tomcat side of things, for the connector try this setting: 
> maxThreads="500"
> The default is only 200 if not specified. Definitions can be found here: 
> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
> 
> On the apache webserver side of things you may need to make connection 
> changes to MPM. Typically on modern versions of linux its using the worker 
> mpm.
> Below is an example to handle higher loads. Please note that what you should 
> set these to depends on how may cpu cores you have and can also use more 
> memory. 
> 
> 
> 
> StartServers 8
> MinSpareThreads 200
> MaxSpareThreads 400
> ThreadsPerChild 50
> MaxRequestWorkers 400
> MaxConnectionsPerChild 0
> 
> 
> ​
> Shawn Beard• Sr. Systems Engineer
> Middleware Engineering
>  
> 3840 109th Street ,   Urbandale   ,   IA  50322
> Phone: +1-515-564-2528 
> Email:sbe...@wrberkley.com 
> Website: https://berkleytechnologyservices.com/
> 
> Technology Leadership Unleashing Business Potential
> 
>  
> -Original Message-
> From: Israel Timoteo  
> Sent: Tuesday, September 21, 2021 12:37 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] Proxy reporting AH00898: Error reading from remote 
> server [EXTERNAL]
> 
> ** CAUTION: External message
> 
> 
> Hi all,
> 
> I have the Apache proxy module reporting "AH00898: Error reading from remote 
> server" on high load.
> 
> Any recommendations for what params should I need to review on the proxy 
> config or on the connector side (Tomcat)?
> 
> 
> Thanks for your help
> 
> Israel
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain 
> private, privileged and confidential information belonging to the sender. The 
> information therein is solely for the use of the addressee. If your receipt 
> of this transmission has occurred as the result of an error, please 
> immediately notify us so we can arrange for the return of the documents. In 
> such circumstances, you are advised that you may not disclose, copy, 
> distribute or take any other action in reliance on the information 
> transmitted.

Re: [users@httpd] Four subdomain, fourth redirects to first

2021-09-22 Thread Dennis Clarke 
On 9/21/21 18:52, Frank Gingras wrote:
> I would not rely on the debian scripts. Looking at apachectl -S will tell
> you what you need to know.
> 
> On Tue, 21 Sept 2021 at 18:51, Frank Gingras  wrote:
> 
>> Why do you have two vhosts with the same ServerName value set? That will


Off topic question : WHY DO YOU PEOPLE TOP POST ?



-- 
Dennis Clarke (free/like/beer)
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org