Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

To exclude index.html from your proxying, use ProxyPass /index.html !
before the existing ProxyPass directive.

On Fri, Jun 30, 2023 at 1:24 PM Kaushal Shriyan 
wrote:

> Hi,
>
> I have set up a new server with the below details. I am running node.js
> application on port 3000 and Apache HTTP server on CentOS Linux release
> 7.9.2009 (Core)
>
> # node --version
> *v16.20.0*
> # httpd -v
> Server version: *Apache/2.4.57 (IUS)*
> Server built:   Apr  7 2023 14:49:47
> #
>
> *Nodejs code document root -> /var/www/html/nodejssl (Node Port 3000)*
> # pwd
> /var/www/html/nodejssl
> # ls -l
> -rw-r--r-- 1 root root 336 Jun 27 09:43 server.js
> #
> *cat server.js*
> const http = require('http');
>
> const hostname = '0.0.0.0';
> const port = 3000;
>
> const server = http.createServer((req, res) => {
>   res.statusCode = 200;
>   res.setHeader('Content-Type', 'text/plain');
>   res.end('Hello World');
> });
>
> server.listen(port, hostname, () => {
>   console.log(`Server running at http://${hostname}:${port}/`);
> });
>
>
> *Website php code document root -> /var/www/html/phpcode (Port 443)*
>
> #pwd
> /var/www/html/phpcode/
> # ls -l
> -rw-r--r-- 1 root root 336 Jun 27 09:43 index.html
> #
> #cat index.html
> 
> 
>
> 
> 
> Hello!
> 
>
> 
> Hello World!
> This is a simple paragraph.
> 
>
> 
>
> #cat /etc/httpd/conf.d/phpnodejs.conf
> 
> ServerName phpnodejs.mydomain.com
> Redirect / https://phpnodejs.mydomain.com/
>  
> 
> DocumentRoot /var/www/html/phpcode
> ServerName phpnodejs.mydomain.com
> Header add Access-Control-Allow-Origin "*"
> SSLEngine on
> SSLCertificateFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/cert.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/privkey.pem
> SSLCertificateChainFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/chain.pem
> Header always set Strict-Transport-Security "max-age=63072000;
> includeSubDomains"
> ProxyPass / http://localhost:3000/
> 
>
> When i hit https://phpnodejs.mydomain.com/nodejssl/server.js I see "Hello
> World" which works as expected but when i hit
> https://phpnodejs.mydomain.com/ I do not see the html code index.html
> file content. Is there a way to render both index.html and node.js
> server.js file? For example when i hit https://phpnodejs.mydomain.com/ it
> renders index.html file content and when i hit
> https://phpnodejs.mydomain.com/nodejssl/server.js it renders node.js
> server.js file content.
>
> Please suggest and guide me. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
> On Sun, Jun 25, 2023 at 10:13 PM Frank Gingras  wrote:
>
>> None of those entries point to your 404 error.
>>
>> Make sure that you are reaching the proper vhost (with the scheme and
>> hostname) by running apachectl -S.
>>
>> There is just far too much noise in the backlog of this thread to make
>> sense of it so far.
>>
>> On Sun, Jun 25, 2023 at 11:46 AM Richard <
>> lists-apa...@listmail.innovate.net> wrote:
>>
>>>
>>>
>>>
>>> > Date: Sunday, June 25, 2023 16:09:23 +0530
>>> > From: Kaushal Shriyan 
>>> >
>>> > I have modified the nodejsbackendssl.conf file located
>>> > in /etc/httpd/conf.d/ to the below configuration.
>>> >
>>> > *#cat  /etc/httpd/conf.d/nodejsbackendssl.conf*
>>> > 
>>> > ServerName nodejs.mydomain.com
>>> > ProxyPass / http://localhost:8000/
>>> > LogLevel debug
>>> > ErrorLog /var/log/httpd/nodejssslerror.log
>>> > CustomLog /var/log/httpd/nodejssslaccess.log combined
>>> > 
>>> >
>>> > Below are the logs in /var/log/httpd/nodejssslerror.log
>>> >
>>> > [Sun Jun 25 16:04:40.289171 2023] [proxy:debug] [pid 6223:tid 6223]
>>> >> proxy_util.c(2155): AH00925: initializing worker
>>> >> http://localhost:8000/ shared
>>>
>>> If you are still getting errors (e.g., 404s) on the front-end please
>>> provide the relevant lines from the front-end server's error_log. The
>>> proxy's corresponding log entries may be of value, but without the
>>> detail from the front-end it's hard to tell.
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

Hi,

I have set up a new server with the below details. I am running node.js
application on port 3000 and Apache HTTP server on CentOS Linux release
7.9.2009 (Core)

# node --version
*v16.20.0*
# httpd -v
Server version: *Apache/2.4.57 (IUS)*
Server built:   Apr  7 2023 14:49:47
#

*Nodejs code document root -> /var/www/html/nodejssl (Node Port 3000)*
# pwd
/var/www/html/nodejssl
# ls -l
-rw-r--r-- 1 root root 336 Jun 27 09:43 server.js
#
*cat server.js*
const http = require('http');

const hostname = '0.0.0.0';
const port = 3000;

const server = http.createServer((req, res) => {
  res.statusCode = 200;
  res.setHeader('Content-Type', 'text/plain');
  res.end('Hello World');
});

server.listen(port, hostname, () => {
  console.log(`Server running at http://${hostname}:${port}/`);
});


*Website php code document root -> /var/www/html/phpcode (Port 443)*

#pwd
/var/www/html/phpcode/
# ls -l
-rw-r--r-- 1 root root 336 Jun 27 09:43 index.html
#
#cat index.html





Hello!



Hello World!
This is a simple paragraph.




#cat /etc/httpd/conf.d/phpnodejs.conf

ServerName phpnodejs.mydomain.com
Redirect / https://phpnodejs.mydomain.com/
 

DocumentRoot /var/www/html/phpcode
ServerName phpnodejs.mydomain.com
Header add Access-Control-Allow-Origin "*"
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/
phpnodejs.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/
phpnodejs.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/
phpnodejs.mydomain.com/chain.pem
Header always set Strict-Transport-Security "max-age=63072000;
includeSubDomains"
ProxyPass / http://localhost:3000/


When i hit https://phpnodejs.mydomain.com/nodejssl/server.js I see "Hello
World" which works as expected but when i hit
https://phpnodejs.mydomain.com/ I do not see the html code index.html file
content. Is there a way to render both index.html and node.js server.js
file? For example when i hit https://phpnodejs.mydomain.com/ it renders
index.html file content and when i hit
https://phpnodejs.mydomain.com/nodejssl/server.js it renders node.js
server.js file content.

Please suggest and guide me. Thanks in advance.

Best Regards,

Kaushal

On Sun, Jun 25, 2023 at 10:13 PM Frank Gingras  wrote:

> None of those entries point to your 404 error.
>
> Make sure that you are reaching the proper vhost (with the scheme and
> hostname) by running apachectl -S.
>
> There is just far too much noise in the backlog of this thread to make
> sense of it so far.
>
> On Sun, Jun 25, 2023 at 11:46 AM Richard <
> lists-apa...@listmail.innovate.net> wrote:
>
>>
>>
>>
>> > Date: Sunday, June 25, 2023 16:09:23 +0530
>> > From: Kaushal Shriyan 
>> >
>> > I have modified the nodejsbackendssl.conf file located
>> > in /etc/httpd/conf.d/ to the below configuration.
>> >
>> > *#cat  /etc/httpd/conf.d/nodejsbackendssl.conf*
>> > 
>> > ServerName nodejs.mydomain.com
>> > ProxyPass / http://localhost:8000/
>> > LogLevel debug
>> > ErrorLog /var/log/httpd/nodejssslerror.log
>> > CustomLog /var/log/httpd/nodejssslaccess.log combined
>> > 
>> >
>> > Below are the logs in /var/log/httpd/nodejssslerror.log
>> >
>> > [Sun Jun 25 16:04:40.289171 2023] [proxy:debug] [pid 6223:tid 6223]
>> >> proxy_util.c(2155): AH00925: initializing worker
>> >> http://localhost:8000/ shared
>>
>> If you are still getting errors (e.g., 404s) on the front-end please
>> provide the relevant lines from the front-end server's error_log. The
>> proxy's corresponding log entries may be of value, but without the
>> detail from the front-end it's hard to tell.
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>

[users@httpd] RE: config - how are multiple VirtualHost directives for the same address handled?

[Marc]

> >
> > How does apache httpd 2.4 handle multiple VirtualHost directives for
> > the same address ?
> >
> > For example:
> >
> > 
> >   SSLCertificateFile "${SRVROOT}/conf/server.crt"
> ># ...
> > 
> >
> > 
> >   DocumentRoot "/www/docs/host.example.com"
> >   # ...
> > 
> >
> > Are the settings merged, as if written like this:
> >
> > 
> >   SSLCertificateFile "${SRVROOT}/conf/server.crt"
> ># ...
> >   DocumentRoot "/www/docs/host.example.com"
> >   # ...
> > 
> 
> But you are using ServerName and ServerAlias to load the correct one
> not?
> 
> There is no correct one. Both are correct. I want both.

I don't understand the problem you are trying to solve. 

FWIIW from my past experience having identical virtual host configurations, 
apache services the one it first/last loads and ignores the rest. You just have 
to test this, but I would not want to use such a thing in production.

Re: [users@httpd] config - how are multiple VirtualHost directives for the same address handled?

[Eric Covener]

On Fri, Jun 30, 2023 at 5:49 AM David Balazic
 wrote:
>
> Hi!
>
> How does apache httpd 2.4 handle multiple VirtualHost directives for the same 
> address ?

There is no virtual host merging. It should be a simple test.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] RE: config - how are multiple VirtualHost directives for the same address handled?

[David Balazic]

From: Marc 
Sent: Friday, 30 June 2023 13:00
>
> How does apache httpd 2.4 handle multiple VirtualHost directives for
> the same address ?
>
> For example:
>
> 
>   SSLCertificateFile "${SRVROOT}/conf/server.crt"
># ...
> 
>
> 
>   DocumentRoot "/www/docs/host.example.com"
>   # ...
> 
>
> Are the settings merged, as if written like this:
>
> 
>   SSLCertificateFile "${SRVROOT}/conf/server.crt"
># ...
>   DocumentRoot "/www/docs/host.example.com"
>   # ...
> 

But you are using ServerName and ServerAlias to load the correct one not?

There is no correct one. Both are correct. I want both.

Regards,
David

The information in this email is confidential and may be legally privileged. It 
is intended solely for the addressee. Any opinions expressed are mine and do 
not necessarily represent the opinions of the Company. Emails are susceptible 
to interference. If you are not the intended recipient, any disclosure, 
copying, distribution or any action taken or omitted to be taken in reliance on 
it, is strictly prohibited and may be unlawful. If you have received this 
message in error, do not open any attachments but please notify the Endava 
Service Desk on (+44 (0)870 423 0187), and delete this message from your 
system. The sender accepts no responsibility for information, errors or 
omissions in this email, or for its use or misuse, or for any act committed or 
omitted in connection with this communication. If in doubt, please verify the 
authenticity of the contents with the sender. Please rely on your own virus 
checkers as no responsibility is taken by the sender for any damage rising out 
of any bug or virus infection.

Endava plc is a company registered in England under company number 5722669 
whose registered office is at 125 Old Broad Street, London, EC2N 1AR, United 
Kingdom. Endava plc is the Endava group holding company and does not provide 
any services to clients. Each of Endava plc and its subsidiaries is a separate 
legal entity and has no liability for another such entity's acts or omissions.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] RE: config - how are multiple VirtualHost directives for the same address handled?

[Marc]

> 
> How does apache httpd 2.4 handle multiple VirtualHost directives for the
> same address ?
> 
> For example:
> 
> 
>   SSLCertificateFile "${SRVROOT}/conf/server.crt"
># ...
> 
> 
> 
>   DocumentRoot "/www/docs/host.example.com"
>   # ...
> 
> 
> Are the settings merged, as if written like this:
> 
> 
>   SSLCertificateFile "${SRVROOT}/conf/server.crt"
># ...
>   DocumentRoot "/www/docs/host.example.com"
>   # ...
> 

But you are using ServerName and ServerAlias to load the correct one not?


> 
> Or is one directive block used and the other ignored (which one)?
> 
> The reason I ask is that I have general SSL related settings in one file
> ( ssl.conf ) and the content related settings in another ( content.conf
> ) and both config files are included in the main config file.
> 

You can have general ssl stuff in different (global) config. There is already 
such file and just add these to the Virtualhost

SSLEngine on
SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile

[users@httpd] config - how are multiple VirtualHost directives for the same address handled?

[David Balazic]

Hi!

How does apache httpd 2.4 handle multiple VirtualHost directives for the same 
address ?

For example:


  SSLCertificateFile "${SRVROOT}/conf/server.crt"
   # ...



  DocumentRoot "/www/docs/host.example.com"
  # ...


Are the settings merged, as if written like this:


  SSLCertificateFile "${SRVROOT}/conf/server.crt"
   # ...
  DocumentRoot "/www/docs/host.example.com"
  # ...

?

Or is one directive block used and the other ignored (which one)?

The reason I ask is that I have general SSL related settings in one file ( 
ssl.conf ) and the content related settings in another ( content.conf ) and 
both config files are included in the main config file.

Lep pozdrav,
David Balažic

The information in this email is confidential and may be legally privileged. It 
is intended solely for the addressee. Any opinions expressed are mine and do 
not necessarily represent the opinions of the Company. Emails are susceptible 
to interference. If you are not the intended recipient, any disclosure, 
copying, distribution or any action taken or omitted to be taken in reliance on 
it, is strictly prohibited and may be unlawful. If you have received this 
message in error, do not open any attachments but please notify the Endava 
Service Desk on (+44 (0)870 423 0187), and delete this message from your 
system. The sender accepts no responsibility for information, errors or 
omissions in this email, or for its use or misuse, or for any act committed or 
omitted in connection with this communication. If in doubt, please verify the 
authenticity of the contents with the sender. Please rely on your own virus 
checkers as no responsibility is taken by the sender for any damage rising out 
of any bug or virus infection.

Endava plc is a company registered in England under company number 5722669 
whose registered office is at 125 Old Broad Street, London, EC2N 1AR, United 
Kingdom. Endava plc is the Endava group holding company and does not provide 
any services to clients. Each of Endava plc and its subsidiaries is a separate 
legal entity and has no liability for another such entity's acts or omissions.

Re: [users@httpd] Contribution to Apache HTTP Server Project

[Eric Covener]

The document suggests secret...@apache.org as the recipient.

‪On Tue, Jun 27, 2023 at 7:53 AM ‫محمد رضا‬‎  wrote:‬
>
> Dear Apache HTTP Server team,
>
> I hope this email finds you well.
>
> I am writing to inform you of my intention to contribute to the Apache HTTP 
> Server project.
> I have carefully reviewed and understood the Apache Software Foundation's 
> Contribution License Agreement (CCLA).
> To expedite the process, I am attaching a signed copy of the CCLA to this 
> email.
>
> Best regards,
> Mohamad
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org



-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Double or chained proxy with mod_proxy

[Daniel Ferradal]

El jue, 8 jun 2023 a las 19:28, Charlie Calhoun
() escribió:

>
> I have a reverse proxy set up and working correctly for an internal
> website. I have now been asked to create another proxy to connect to the
> reverse proxy (and ultimately the internal website). The second proxy does
> not have direct network access to the internal website, but it does have
> network access to the reverse proxy. Its function is to provide access to
> that internal website for parts of our network that don't have access to
> the reverse proxy or the internal website.
>
> I have tried setting the second proxy as a reverse proxy pointing to the
> original reverse proxy, but this gave "Bad Request" errors. Then I tried
> setting it as a forward proxy, then started playing with ProxyRemote and
> NoProxy, but nothing seems to work. I expect that when I go to
> "secondproxy.local.domain:listenport", it should return the internal
> website, just like what happens when I go to
> "originalreverseproxy.local.domain:listenport"
>
> Is this possible? What do I need to do to achieve this?
>
>
>
Probably you are mixing protocols, like reverse proxy responds to https and
you have set up connection as http or similar, that is one of the most
simple cases of "bad request", or maybe missing "SSLProxyEngine on"
directive when backend you are proxying to uses SSL/TLS.

In any case if you don't show your configuration and error logs it is hard
to tell for sure.

>

-- 
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

None of those entries point to your 404 error.

Make sure that you are reaching the proper vhost (with the scheme and
hostname) by running apachectl -S.

There is just far too much noise in the backlog of this thread to make
sense of it so far.

On Sun, Jun 25, 2023 at 11:46 AM Richard 
wrote:

>
>
>
> > Date: Sunday, June 25, 2023 16:09:23 +0530
> > From: Kaushal Shriyan 
> >
> > I have modified the nodejsbackendssl.conf file located
> > in /etc/httpd/conf.d/ to the below configuration.
> >
> > *#cat  /etc/httpd/conf.d/nodejsbackendssl.conf*
> > 
> > ServerName nodejs.mydomain.com
> > ProxyPass / http://localhost:8000/
> > LogLevel debug
> > ErrorLog /var/log/httpd/nodejssslerror.log
> > CustomLog /var/log/httpd/nodejssslaccess.log combined
> > 
> >
> > Below are the logs in /var/log/httpd/nodejssslerror.log
> >
> > [Sun Jun 25 16:04:40.289171 2023] [proxy:debug] [pid 6223:tid 6223]
> >> proxy_util.c(2155): AH00925: initializing worker
> >> http://localhost:8000/ shared
>
> If you are still getting errors (e.g., 404s) on the front-end please
> provide the relevant lines from the front-end server's error_log. The
> proxy's corresponding log entries may be of value, but without the
> detail from the front-end it's hard to tell.
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Richard]

> Date: Sunday, June 25, 2023 16:09:23 +0530
> From: Kaushal Shriyan 
> 
> I have modified the nodejsbackendssl.conf file located
> in /etc/httpd/conf.d/ to the below configuration.
> 
> *#cat  /etc/httpd/conf.d/nodejsbackendssl.conf*
> 
> ServerName nodejs.mydomain.com
> ProxyPass / http://localhost:8000/
> LogLevel debug
> ErrorLog /var/log/httpd/nodejssslerror.log
> CustomLog /var/log/httpd/nodejssslaccess.log combined
> 
> 
> Below are the logs in /var/log/httpd/nodejssslerror.log
> 
> [Sun Jun 25 16:04:40.289171 2023] [proxy:debug] [pid 6223:tid 6223]
>> proxy_util.c(2155): AH00925: initializing worker
>> http://localhost:8000/ shared

If you are still getting errors (e.g., 404s) on the front-end please
provide the relevant lines from the front-end server's error_log. The
proxy's corresponding log entries may be of value, but without the
detail from the front-end it's hard to tell.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

Hi Frank,

I have modified the nodejsbackendssl.conf file located
in /etc/httpd/conf.d/ to the below configuration.

*#cat  /etc/httpd/conf.d/nodejsbackendssl.conf*

ServerName nodejs.mydomain.com
ProxyPass / http://localhost:8000/
LogLevel debug
ErrorLog /var/log/httpd/nodejssslerror.log
CustomLog /var/log/httpd/nodejssslaccess.log combined


Below are the logs in /var/log/httpd/nodejssslerror.log

[Sun Jun 25 16:04:40.289171 2023] [proxy:debug] [pid 6223:tid 6223]
> proxy_util.c(2155): AH00925: initializing worker http://localhost:8000/
> shared
> [Sun Jun 25 16:04:40.289261 2023] [proxy:debug] [pid 6223:tid 6223]
> proxy_util.c(2215): AH00927: initializing worker http://localhost:8000/
> local
> [Sun Jun 25 16:04:40.289281 2023] [proxy:debug] [pid 6223:tid 6223]
> proxy_util.c(2247): AH00930: initialized pool in child 6223 for
> (localhost:8000) min=0 max=4 smax=4
> [Sun Jun 25 16:04:41.296927 2023] [proxy:debug] [pid 6228:tid 6228]
> proxy_util.c(2155): AH00925: initializing worker http://localhost:8000/
> shared
> [Sun Jun 25 16:04:41.297078 2023] [proxy:debug] [pid 6228:tid 6228]
> proxy_util.c(2215): AH00927: initializing worker http://localhost:8000/
> local
> [Sun Jun 25 16:04:41.297120 2023] [proxy:debug] [pid 6228:tid 6228]
> proxy_util.c(2247): AH00930: initialized pool in child 6228 for
> (localhost:8000) min=0 max=4 smax=4
> [Sun Jun 25 16:04:41.300665 2023] [proxy:debug] [pid 6227:tid 6227]
> proxy_util.c(2155): AH00925: initializing worker http://localhost:8000/
> shared
> [Sun Jun 25 16:04:41.300826 2023] [proxy:debug] [pid 6227:tid 6227]
> proxy_util.c(2215): AH00927: initializing worker http://localhost:8000/
> local
> [Sun Jun 25 16:04:41.300874 2023] [proxy:debug] [pid 6227:tid 6227]
> proxy_util.c(2247): AH00930: initialized pool in child 6227 for
> (localhost:8000) min=0 max=4 smax=4
> [Sun Jun 25 16:04:42.308374 2023] [proxy:debug] [pid 6233:tid 6233]
> proxy_util.c(2155): AH00925: initializing worker http://localhost:8000/
> shared
> [Sun Jun 25 16:04:42.308496 2023] [proxy:debug] [pid 6233:tid 6233]
> proxy_util.c(2215): AH00927: initializing worker http://localhost:8000/
> local
> [Sun Jun 25 16:04:42.308533 2023] [proxy:debug] [pid 6233:tid 6233]
> proxy_util.c(2247): AH00930: initialized pool in child 6233 for
> (localhost:8000) min=0 max=4 smax=4
> [Sun Jun 25 16:04:42.315943 2023] [proxy:debug] [pid 6237:tid 6237]
> proxy_util.c(2155): AH00925: initializing worker http://localhost:8000/
> shared
> [Sun Jun 25 16:04:42.316046 2023] [proxy:debug] [pid 6237:tid 6237]
> proxy_util.c(2215): AH00927: initializing worker http://localhost:8000/
> local
> [Sun Jun 25 16:04:42.316107 2023] [proxy:debug] [pid 6237:tid 6237]
> proxy_util.c(2247): AH00930: initialized pool in child 6237 for
> (localhost:8000) min=0 max=4 smax=4
> [Sun Jun 25 16:04:42.319277 2023] [proxy:debug] [pid 6234:tid 6234]
> proxy_util.c(2155): AH00925: initializing worker http://localhost:8000/
> shared
> [Sun Jun 25 16:04:42.319388 2023] [proxy:debug] [pid 6234:tid 6234]
> proxy_util.c(2215): AH00927: initializing worker http://localhost:8000/
> local
> [Sun Jun 25 16:04:42.319473 2023] [proxy:debug] [pid 6234:tid 6234]
> proxy_util.c(2247): AH00930: initialized pool in child 6234 for
> (localhost:8000) min=0 max=4 smax=4
> [Sun Jun 25 16:04:42.321555 2023] [proxy:debug] [pid 6240:tid 6240]
> proxy_util.c(2155): AH00925: initializing worker http://localhost:8000/
> shared
> [Sun Jun 25 16:04:42.321774 2023] [proxy:debug] [pid 6240:tid 6240]
> proxy_util.c(2215): AH00927: initializing worker http://localhost:8000/
> local
> [Sun Jun 25 16:04:42.321858 2023] [proxy:debug] [pid 6240:tid 6240]
> proxy_util.c(2247): AH00930: initialized pool in child 6240 for
> (localhost:8000) min=0 max=4 smax=4
> [Sun Jun 25 16:05:23.369794 2023] [proxy:debug] [pid 6247:tid 6247]
> proxy_util.c(2155): AH00925: initializing worker http://localhost:8000/
> shared
> [Sun Jun 25 16:05:23.369988 2023] [proxy:debug] [pid 6247:tid 6247]
> proxy_util.c(2215): AH00927: initializing worker http://localhost:8000/
> local
> [Sun Jun 25 16:05:23.370029 2023] [proxy:debug] [pid 6247:tid 6247]
> proxy_util.c(2247): AH00930: initialized pool in child 6247 for
> (localhost:8000) min=0 max=4 smax=4
>

Please suggest and guide me. Thanks in advance.

Best Regards,

Kaushal




On Sun, Jun 25, 2023 at 12:35 PM Frank Gingras  wrote:

> Why did you define a vhost without a ServerName directive?
>
> Also, those access log entries are quite useless, other than the requested
> path. Increase the log level, and find the error log entries instead.
>
> On Sun, Jun 25, 2023 at 2:54 AM Kaushal Shriyan 
> wrote:
>
>>
>>
>> On Sun, Jun 25, 2023 at 10:40 AM Frank Gingras  wrote:
>>
>>> If you proxy all requests to another host, you do not need a
>>> DocumentRoot, no. Also, do avoid using a  block to proxy
>>> requests, and instead just use ProxyPass / http://localhost:8000/
>>>
>>>
>> Hi Frank,
>>
>> Thanks for the email 

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

Why did you define a vhost without a ServerName directive?

Also, those access log entries are quite useless, other than the requested
path. Increase the log level, and find the error log entries instead.

On Sun, Jun 25, 2023 at 2:54 AM Kaushal Shriyan 
wrote:

>
>
> On Sun, Jun 25, 2023 at 10:40 AM Frank Gingras  wrote:
>
>> If you proxy all requests to another host, you do not need a
>> DocumentRoot, no. Also, do avoid using a  block to proxy
>> requests, and instead just use ProxyPass / http://localhost:8000/
>>
>>
> Hi Frank,
>
> Thanks for the email response. I am still encountering 404 as per the
> below http access log.
>
> 172.16.16.45 - drupaladmin [25/Jun/2023:12:17:40 +0530] "GET
> /demo/element/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
> 114.0.0.0 Safari/537.36"
> 172.16.16.45 - drupaladmin [25/Jun/2023:12:18:15 +0530] "GET
> /demo/element/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
> 114.0.0.0 Safari/537.36"
>
> *cat  /etc/httpd/conf.d/nodejsbackendssl.conf*
> 
> ProxyPass / http://localhost:8000/
> 
> #
>
> Please suggest and guide me. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
>
>
>
>
>> On Sun, Jun 25, 2023 at 12:44 AM Kaushal Shriyan <
>> kaushalshri...@gmail.com> wrote:
>>
>>>
>>>
>>> On Sun, Jun 25, 2023 at 7:44 AM Kaushal Shriyan <
>>> kaushalshri...@gmail.com> wrote:
>>>

 On Thu, Jun 22, 2023 at 5:42 AM Richard <
 lists-apa...@listmail.innovate.net> wrote:

>
>
> > Date: Wednesday, June 21, 2023 20:14:40 +
> > From: Richard
> >
> >
> >> Date: Thursday, June 22, 2023 00:13:34 +0530
> >> From: Kaushal Shriyan 
> >>
> >> When i hit https://nodejs.mydomain.com/demo/index.html I see the
> >> below in both httpd error and access logs
> >>
> >># pwd
> >> /var/log/httpd
> >># cat error_log
> >> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
> >> 16995] AH01232: suEXEC mechanism enabled (wrapper:
> >> /usr/sbin/suexec) [Thu Jun 22 00:06:34.196360 2023] [http2:warn]
> >> [pid 16995:tid 16995] AH10034: The mpm module (prefork.c) is not
> >> supported by mod_http2. The mpm determines how things are
> >> processed in your server. HTTP/2 has more demands in this regard
> >> and the currently selected mpm will just not do. This is an
> >> advisory warning. Your server will continue to work, but the
> >> HTTP/2 protocol will be inactive.
> >> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
> >> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
> >> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
> >> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
> >> PHP/8.1.20 configured -- resuming normal operations
> >> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
> >> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
> >>
> >>
> >># cat access_log
> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
> >> Chrome/114.0.0.0 Safari/537.36"
> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
> >> Chrome/114.0.0.0 Safari/537.36"
> >
> > Leaving aside other potential issues, the timestamps on your
> > error_log entries are from:
> >
> > Jun 22 00:06:34
> >
> > while the ones with the 404 in your access_log are from:
> >
> > 22/Jun/2023:00:06:45
> >
> > ~10 minutes later. I.e., they do not appear to be for the same
> > event.
> >
> > The error_log entries look like server startup error messages,
> > rather than ones related to a browser request. Also, given the
> > timestamp formats, I'm suspecting that they aren't even from the
> > same apache server/machine instance.
> >
> > Look at the entries in the error_log that are specific to the
> > access_log 404 errors. That will give you more detail from that side
> > of things.
> >
>
> correction ...
>
>  > ~10 minutes later. I.e., they do not appear to be for the
>  > same event.
>
> should be:
>
>  > ~10 seconds later ...
>
> regardless, the error_log entries aren't for the access_log 404
> requests/events.
>
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

On Sun, Jun 25, 2023 at 10:40 AM Frank Gingras  wrote:

> If you proxy all requests to another host, you do not need a DocumentRoot,
> no. Also, do avoid using a  block to proxy requests, and instead
> just use ProxyPass / http://localhost:8000/
>
>
Hi Frank,

Thanks for the email response. I am still encountering 404 as per the below
http access log.

172.16.16.45 - drupaladmin [25/Jun/2023:12:17:40 +0530] "GET
/demo/element/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
114.0.0.0 Safari/537.36"
172.16.16.45 - drupaladmin [25/Jun/2023:12:18:15 +0530] "GET
/demo/element/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
114.0.0.0 Safari/537.36"

*cat  /etc/httpd/conf.d/nodejsbackendssl.conf*

ProxyPass / http://localhost:8000/

#

Please suggest and guide me. Thanks in advance.

Best Regards,

Kaushal





> On Sun, Jun 25, 2023 at 12:44 AM Kaushal Shriyan 
> wrote:
>
>>
>>
>> On Sun, Jun 25, 2023 at 7:44 AM Kaushal Shriyan 
>> wrote:
>>
>>>
>>> On Thu, Jun 22, 2023 at 5:42 AM Richard <
>>> lists-apa...@listmail.innovate.net> wrote:
>>>


 > Date: Wednesday, June 21, 2023 20:14:40 +
 > From: Richard
 >
 >
 >> Date: Thursday, June 22, 2023 00:13:34 +0530
 >> From: Kaushal Shriyan 
 >>
 >> When i hit https://nodejs.mydomain.com/demo/index.html I see the
 >> below in both httpd error and access logs
 >>
 >># pwd
 >> /var/log/httpd
 >># cat error_log
 >> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
 >> 16995] AH01232: suEXEC mechanism enabled (wrapper:
 >> /usr/sbin/suexec) [Thu Jun 22 00:06:34.196360 2023] [http2:warn]
 >> [pid 16995:tid 16995] AH10034: The mpm module (prefork.c) is not
 >> supported by mod_http2. The mpm determines how things are
 >> processed in your server. HTTP/2 has more demands in this regard
 >> and the currently selected mpm will just not do. This is an
 >> advisory warning. Your server will continue to work, but the
 >> HTTP/2 protocol will be inactive.
 >> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
 >> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
 >> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
 >> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
 >> PHP/8.1.20 configured -- resuming normal operations
 >> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
 >> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
 >>
 >>
 >># cat access_log
 >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
 >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
 >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
 >> Chrome/114.0.0.0 Safari/537.36"
 >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
 >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
 >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
 >> Chrome/114.0.0.0 Safari/537.36"
 >
 > Leaving aside other potential issues, the timestamps on your
 > error_log entries are from:
 >
 > Jun 22 00:06:34
 >
 > while the ones with the 404 in your access_log are from:
 >
 > 22/Jun/2023:00:06:45
 >
 > ~10 minutes later. I.e., they do not appear to be for the same
 > event.
 >
 > The error_log entries look like server startup error messages,
 > rather than ones related to a browser request. Also, given the
 > timestamp formats, I'm suspecting that they aren't even from the
 > same apache server/machine instance.
 >
 > Look at the entries in the error_log that are specific to the
 > access_log 404 errors. That will give you more detail from that side
 > of things.
 >

 correction ...

  > ~10 minutes later. I.e., they do not appear to be for the
  > same event.

 should be:

  > ~10 seconds later ...

 regardless, the error_log entries aren't for the access_log 404
 requests/events.






 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org


>>> Hi,
>>>
>>> OS :- CentOS Linux release 7.9.2009 (Core)
>>> # node --version
>>> *v16.20.0*
>>> # httpd -v
>>> Server version: *Apache/2.4.57 (IUS)*
>>> Server built:   Apr  7 2023 14:49:47
>>> #
>>> #cd /etc/httpd/conf.d/
>>> #cat httpdfrontend.conf
>>> 
>>> ServerName nodejs.mydomain.com
>>> Redirect / https://nodejs.mydomain.com/
>>>  
>>> 
>>> DocumentRoot /var/www/html/web
>>> ServerName nodejs.mydomain.com
>>> Header add 

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

If you proxy all requests to another host, you do not need a DocumentRoot,
no. Also, do avoid using a  block to proxy requests, and instead
just use ProxyPass / http://localhost:8000/

On Sun, Jun 25, 2023 at 12:44 AM Kaushal Shriyan 
wrote:

>
>
> On Sun, Jun 25, 2023 at 7:44 AM Kaushal Shriyan 
> wrote:
>
>>
>> On Thu, Jun 22, 2023 at 5:42 AM Richard <
>> lists-apa...@listmail.innovate.net> wrote:
>>
>>>
>>>
>>> > Date: Wednesday, June 21, 2023 20:14:40 +
>>> > From: Richard
>>> >
>>> >
>>> >> Date: Thursday, June 22, 2023 00:13:34 +0530
>>> >> From: Kaushal Shriyan 
>>> >>
>>> >> When i hit https://nodejs.mydomain.com/demo/index.html I see the
>>> >> below in both httpd error and access logs
>>> >>
>>> >># pwd
>>> >> /var/log/httpd
>>> >># cat error_log
>>> >> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
>>> >> 16995] AH01232: suEXEC mechanism enabled (wrapper:
>>> >> /usr/sbin/suexec) [Thu Jun 22 00:06:34.196360 2023] [http2:warn]
>>> >> [pid 16995:tid 16995] AH10034: The mpm module (prefork.c) is not
>>> >> supported by mod_http2. The mpm determines how things are
>>> >> processed in your server. HTTP/2 has more demands in this regard
>>> >> and the currently selected mpm will just not do. This is an
>>> >> advisory warning. Your server will continue to work, but the
>>> >> HTTP/2 protocol will be inactive.
>>> >> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
>>> >> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
>>> >> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
>>> >> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
>>> >> PHP/8.1.20 configured -- resuming normal operations
>>> >> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
>>> >> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
>>> >>
>>> >>
>>> >># cat access_log
>>> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>>> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>>> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>>> >> Chrome/114.0.0.0 Safari/537.36"
>>> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>>> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>>> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>>> >> Chrome/114.0.0.0 Safari/537.36"
>>> >
>>> > Leaving aside other potential issues, the timestamps on your
>>> > error_log entries are from:
>>> >
>>> > Jun 22 00:06:34
>>> >
>>> > while the ones with the 404 in your access_log are from:
>>> >
>>> > 22/Jun/2023:00:06:45
>>> >
>>> > ~10 minutes later. I.e., they do not appear to be for the same
>>> > event.
>>> >
>>> > The error_log entries look like server startup error messages,
>>> > rather than ones related to a browser request. Also, given the
>>> > timestamp formats, I'm suspecting that they aren't even from the
>>> > same apache server/machine instance.
>>> >
>>> > Look at the entries in the error_log that are specific to the
>>> > access_log 404 errors. That will give you more detail from that side
>>> > of things.
>>> >
>>>
>>> correction ...
>>>
>>>  > ~10 minutes later. I.e., they do not appear to be for the
>>>  > same event.
>>>
>>> should be:
>>>
>>>  > ~10 seconds later ...
>>>
>>> regardless, the error_log entries aren't for the access_log 404
>>> requests/events.
>>>
>>>
>>>
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>> Hi,
>>
>> OS :- CentOS Linux release 7.9.2009 (Core)
>> # node --version
>> *v16.20.0*
>> # httpd -v
>> Server version: *Apache/2.4.57 (IUS)*
>> Server built:   Apr  7 2023 14:49:47
>> #
>> #cd /etc/httpd/conf.d/
>> #cat httpdfrontend.conf
>> 
>> ServerName nodejs.mydomain.com
>> Redirect / https://nodejs.mydomain.com/
>>  
>> 
>> DocumentRoot /var/www/html/web
>> ServerName nodejs.mydomain.com
>> Header add Access-Control-Allow-Origin "*"
>> SSLEngine on
>> SSLCertificateFile /etc/letsencrypt/live/
>> nodejs.mydomain.com/cert.pem
>> SSLCertificateKeyFile /etc/letsencrypt/live/
>> nodejs.mydomain.com/privkey.pem
>> SSLCertificateChainFile /etc/letsencrypt/live/
>> nodejs.mydomain.com/chain.pem
>> Header always set Strict-Transport-Security "max-age=63072000;
>> includeSubDomains"
>>
>> 
>> DirectoryIndex index.html index.php
>> Options FollowSymLinks
>> AllowOverride All
>> Require valid-user
>> AuthType Basic
>> AuthName "Restricted Content"
>> AuthUserFile /var/www/html/web/.htpasswd
>> 
>> 
>>
>> #cd /etc/httpd/conf.d/
>> # cat nodejsbackendssl.conf
>> 
>> 
>> ProxyPass http://localhost:8000/
>> 
>> 
>>
>> # netstat -anp | grep 8000
>> tcp6   0  0 :::8000 :::*
>>  LISTEN  23679/node
>> tcp6   0  0 192.168.0.116:8000

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

On Sun, Jun 25, 2023 at 7:44 AM Kaushal Shriyan 
wrote:

>
> On Thu, Jun 22, 2023 at 5:42 AM Richard <
> lists-apa...@listmail.innovate.net> wrote:
>
>>
>>
>> > Date: Wednesday, June 21, 2023 20:14:40 +
>> > From: Richard
>> >
>> >
>> >> Date: Thursday, June 22, 2023 00:13:34 +0530
>> >> From: Kaushal Shriyan 
>> >>
>> >> When i hit https://nodejs.mydomain.com/demo/index.html I see the
>> >> below in both httpd error and access logs
>> >>
>> >># pwd
>> >> /var/log/httpd
>> >># cat error_log
>> >> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
>> >> 16995] AH01232: suEXEC mechanism enabled (wrapper:
>> >> /usr/sbin/suexec) [Thu Jun 22 00:06:34.196360 2023] [http2:warn]
>> >> [pid 16995:tid 16995] AH10034: The mpm module (prefork.c) is not
>> >> supported by mod_http2. The mpm determines how things are
>> >> processed in your server. HTTP/2 has more demands in this regard
>> >> and the currently selected mpm will just not do. This is an
>> >> advisory warning. Your server will continue to work, but the
>> >> HTTP/2 protocol will be inactive.
>> >> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
>> >> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
>> >> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
>> >> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
>> >> PHP/8.1.20 configured -- resuming normal operations
>> >> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
>> >> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
>> >>
>> >>
>> >># cat access_log
>> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>> >> Chrome/114.0.0.0 Safari/537.36"
>> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>> >> Chrome/114.0.0.0 Safari/537.36"
>> >
>> > Leaving aside other potential issues, the timestamps on your
>> > error_log entries are from:
>> >
>> > Jun 22 00:06:34
>> >
>> > while the ones with the 404 in your access_log are from:
>> >
>> > 22/Jun/2023:00:06:45
>> >
>> > ~10 minutes later. I.e., they do not appear to be for the same
>> > event.
>> >
>> > The error_log entries look like server startup error messages,
>> > rather than ones related to a browser request. Also, given the
>> > timestamp formats, I'm suspecting that they aren't even from the
>> > same apache server/machine instance.
>> >
>> > Look at the entries in the error_log that are specific to the
>> > access_log 404 errors. That will give you more detail from that side
>> > of things.
>> >
>>
>> correction ...
>>
>>  > ~10 minutes later. I.e., they do not appear to be for the
>>  > same event.
>>
>> should be:
>>
>>  > ~10 seconds later ...
>>
>> regardless, the error_log entries aren't for the access_log 404
>> requests/events.
>>
>>
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
> Hi,
>
> OS :- CentOS Linux release 7.9.2009 (Core)
> # node --version
> *v16.20.0*
> # httpd -v
> Server version: *Apache/2.4.57 (IUS)*
> Server built:   Apr  7 2023 14:49:47
> #
> #cd /etc/httpd/conf.d/
> #cat httpdfrontend.conf
> 
> ServerName nodejs.mydomain.com
> Redirect / https://nodejs.mydomain.com/
>  
> 
> DocumentRoot /var/www/html/web
> ServerName nodejs.mydomain.com
> Header add Access-Control-Allow-Origin "*"
> SSLEngine on
> SSLCertificateFile /etc/letsencrypt/live/
> nodejs.mydomain.com/cert.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/
> nodejs.mydomain.com/privkey.pem
> SSLCertificateChainFile /etc/letsencrypt/live/
> nodejs.mydomain.com/chain.pem
> Header always set Strict-Transport-Security "max-age=63072000;
> includeSubDomains"
>
> 
> DirectoryIndex index.html index.php
> Options FollowSymLinks
> AllowOverride All
> Require valid-user
> AuthType Basic
> AuthName "Restricted Content"
> AuthUserFile /var/www/html/web/.htpasswd
> 
> 
>
> #cd /etc/httpd/conf.d/
> # cat nodejsbackendssl.conf
> 
> 
> ProxyPass http://localhost:8000/
> 
> 
>
> # netstat -anp | grep 8000
> tcp6   0  0 :::8000 :::*LISTEN
>  23679/node
> tcp6   0  0 192.168.0.116:8000  104.152.52.207:46601
>  ESTABLISHED 23679/node
> tcp6   0  0 192.168.0.116:8000  172.16.16.45:50467
>  ESTABLISHED 23679/node
> #
>
> https://nodejs.mydomain.com/demo/index.html -> returns 404
> http://nodejs.mydomain.com:8000/demo/index.html -> returns the content
> with Non Secure on the browser.
>
> Please suggest and guide me. Thanks in advance.
>
> Best 

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

On Thu, Jun 22, 2023 at 5:42 AM Richard 
wrote:

>
>
> > Date: Wednesday, June 21, 2023 20:14:40 +
> > From: Richard
> >
> >
> >> Date: Thursday, June 22, 2023 00:13:34 +0530
> >> From: Kaushal Shriyan 
> >>
> >> When i hit https://nodejs.mydomain.com/demo/index.html I see the
> >> below in both httpd error and access logs
> >>
> >># pwd
> >> /var/log/httpd
> >># cat error_log
> >> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
> >> 16995] AH01232: suEXEC mechanism enabled (wrapper:
> >> /usr/sbin/suexec) [Thu Jun 22 00:06:34.196360 2023] [http2:warn]
> >> [pid 16995:tid 16995] AH10034: The mpm module (prefork.c) is not
> >> supported by mod_http2. The mpm determines how things are
> >> processed in your server. HTTP/2 has more demands in this regard
> >> and the currently selected mpm will just not do. This is an
> >> advisory warning. Your server will continue to work, but the
> >> HTTP/2 protocol will be inactive.
> >> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
> >> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
> >> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
> >> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
> >> PHP/8.1.20 configured -- resuming normal operations
> >> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
> >> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
> >>
> >>
> >># cat access_log
> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
> >> Chrome/114.0.0.0 Safari/537.36"
> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
> >> Chrome/114.0.0.0 Safari/537.36"
> >
> > Leaving aside other potential issues, the timestamps on your
> > error_log entries are from:
> >
> > Jun 22 00:06:34
> >
> > while the ones with the 404 in your access_log are from:
> >
> > 22/Jun/2023:00:06:45
> >
> > ~10 minutes later. I.e., they do not appear to be for the same
> > event.
> >
> > The error_log entries look like server startup error messages,
> > rather than ones related to a browser request. Also, given the
> > timestamp formats, I'm suspecting that they aren't even from the
> > same apache server/machine instance.
> >
> > Look at the entries in the error_log that are specific to the
> > access_log 404 errors. That will give you more detail from that side
> > of things.
> >
>
> correction ...
>
>  > ~10 minutes later. I.e., they do not appear to be for the
>  > same event.
>
> should be:
>
>  > ~10 seconds later ...
>
> regardless, the error_log entries aren't for the access_log 404
> requests/events.
>
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Hi,

OS :- CentOS Linux release 7.9.2009 (Core)
# node --version
*v16.20.0*
# httpd -v
Server version: *Apache/2.4.57 (IUS)*
Server built:   Apr  7 2023 14:49:47
#
#cd /etc/httpd/conf.d/
#cat httpdfrontend.conf

ServerName nodejs.mydomain.com
Redirect / https://nodejs.mydomain.com/
 

DocumentRoot /var/www/html/web
ServerName nodejs.mydomain.com
Header add Access-Control-Allow-Origin "*"
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/
nodejs.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/
nodejs.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/
nodejs.mydomain.com/chain.pem
Header always set Strict-Transport-Security "max-age=63072000;
includeSubDomains"


DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require valid-user
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/web/.htpasswd



#cd /etc/httpd/conf.d/
# cat nodejsbackendssl.conf


ProxyPass http://localhost:8000/



# netstat -anp | grep 8000
tcp6   0  0 :::8000 :::*LISTEN
 23679/node
tcp6   0  0 192.168.0.116:8000  104.152.52.207:46601
 ESTABLISHED 23679/node
tcp6   0  0 192.168.0.116:8000  172.16.16.45:50467
 ESTABLISHED 23679/node
#

https://nodejs.mydomain.com/demo/index.html -> returns 404
http://nodejs.mydomain.com:8000/demo/index.html -> returns the content with
Non Secure on the browser.

Please suggest and guide me. Thanks in advance.

Best Regards,

Kaushal

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Richard]

> Date: Wednesday, June 21, 2023 20:14:40 +
> From: Richard
> 
> 
>> Date: Thursday, June 22, 2023 00:13:34 +0530
>> From: Kaushal Shriyan 
>> 
>> When i hit https://nodejs.mydomain.com/demo/index.html I see the
>> below in both httpd error and access logs
>> 
>># pwd
>> /var/log/httpd
>># cat error_log
>> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
>> 16995] AH01232: suEXEC mechanism enabled (wrapper:
>> /usr/sbin/suexec) [Thu Jun 22 00:06:34.196360 2023] [http2:warn]
>> [pid 16995:tid 16995] AH10034: The mpm module (prefork.c) is not
>> supported by mod_http2. The mpm determines how things are
>> processed in your server. HTTP/2 has more demands in this regard
>> and the currently selected mpm will just not do. This is an
>> advisory warning. Your server will continue to work, but the
>> HTTP/2 protocol will be inactive.
>> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
>> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
>> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
>> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
>> PHP/8.1.20 configured -- resuming normal operations
>> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
>> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
>> 
>> 
>># cat access_log
>> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>> Chrome/114.0.0.0 Safari/537.36"
>> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>> Chrome/114.0.0.0 Safari/537.36"
> 
> Leaving aside other potential issues, the timestamps on your
> error_log entries are from:
> 
> Jun 22 00:06:34
> 
> while the ones with the 404 in your access_log are from:
> 
> 22/Jun/2023:00:06:45
> 
> ~10 minutes later. I.e., they do not appear to be for the same
> event. 
> 
> The error_log entries look like server startup error messages,
> rather than ones related to a browser request. Also, given the
> timestamp formats, I'm suspecting that they aren't even from the
> same apache server/machine instance.
> 
> Look at the entries in the error_log that are specific to the
> access_log 404 errors. That will give you more detail from that side
> of things. 
> 

correction ... 

 > ~10 minutes later. I.e., they do not appear to be for the
 > same event. 

should be:

 > ~10 seconds later ...

regardless, the error_log entries aren't for the access_log 404
requests/events.






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Richard]

> Date: Thursday, June 22, 2023 00:13:34 +0530
> From: Kaushal Shriyan 
> 
> When i hit https://nodejs.mydomain.com/demo/index.html I see the
> below in both httpd error and access logs
> 
># pwd
> /var/log/httpd
># cat error_log
> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
> 16995] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Thu Jun 22 00:06:34.196360 2023] [http2:warn] [pid 16995:tid 16995]
> AH10034: The mpm module (prefork.c) is not supported by mod_http2.
> The mpm determines how things are processed in your server. HTTP/2
> has more demands in this regard and the currently selected mpm will
> just not do. This is an advisory warning. Your server will continue
> to work, but the HTTP/2 protocol will be inactive.
> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
> PHP/8.1.20 configured -- resuming normal operations
> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
>
>
># cat access_log
> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/114.0.0.0 Safari/537.36"
> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/114.0.0.0 Safari/537.36"

Leaving aside other potential issues, the timestamps on your
error_log entries are from:

Jun 22 00:06:34

while the ones with the 404 in your access_log are from:

22/Jun/2023:00:06:45

~10 minutes later. I.e., they do not appear to be for the same event. 

The error_log entries look like server startup error messages, rather
than ones related to a browser request. Also, given the timestamp
formats, I'm suspecting that they aren't even from the same apache
server/machine instance.

Look at the entries in the error_log that are specific to the
access_log 404 errors. That will give you more detail from that side
of things. 





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

Hi Daniel,

Please refer to the below details

$ npm start

> api-console@6.6.32 start
> node demo/index.js

Browserslist: caniuse-lite is outdated. Please run:
  npx update-browserslist-db@latest
  Why you should do it regularly:
https://github.com/browserslist/update-db#readme
es-dev-server started on http://localhost:8000
  Serving files from '/var/www/html/api-console'.
  Opening browser on '/demo/'
  Using history API fallback, redirecting route requests to
'/demo/index.html'
  Using auto compatibility mode, transforming code on older browsers based
on user agent.

*httpd.conf file configuration*
#cat /etc/httpd/conf.d/nodejsnodejsssl.conf

SSLEngine On
ServerName nodejs.mydomain.com
SSLCertificateFile /etc/letsencrypt/live/nodejs.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/
nodejs.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/
nodejs.mydomain.com/chain.pem

ProxyPass http://localhost:8000/



When i hit https://nodejs.mydomain.com/demo/index.html I see the below in
both httpd error and access logs

#pwd
/var/log/httpd
# cat error_log
[Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid 16995]
AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jun 22 00:06:34.196360 2023] [http2:warn] [pid 16995:tid 16995]
AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm
determines how things are processed in your server. HTTP/2 has more demands
in this regard and the currently selected mpm will just not do. This is an
advisory warning. Your server will continue to work, but the HTTP/2
protocol will be inactive.
[Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
[Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid 16995:tid
16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips PHP/8.1.20
configured -- resuming normal operations
[Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid 16995]
AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
#cat access_log
172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
/demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh; Intel Mac
OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0
Safari/537.36"
172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
/demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh; Intel Mac
OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0
Safari/537.36"

Please suggest further. Thanks in advance.



Best Regards,

Kaushal

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Daniel Gruno]

On 2023-06-21 18:57, Kaushal Shriyan wrote:

Hi,

I am running node.js application on port 8000 and Apache HTTP server on 
CentOS Linux release 7.9.2009 (Core)


# node --version
*v16.20.0*
# httpd -v
Server version: *Apache/2.4.57 (IUS)*
Server built:   Apr  7 2023 14:49:47
#

_httpd.conf file configuration_
#cat /etc/httpd/conf.d/nodejsnodejsssl.conf

     SSLEngine On
     SSLProxyEngine On
     ServerName nodejs.mydomain.com 
     SSLCertificateFile 
/etc/letsencrypt/live/nodejs.mydomain.com/cert.pem 

     SSLCertificateKeyFile 
/etc/letsencrypt/live/nodejs.mydomain.com/privkey.pem 

     SSLCertificateChainFile 
/etc/letsencrypt/live/nodejs.mydomain.com/chain.pem 


     
         ProxyPass http://localhost:8000/ 
     


When I am trying to access the URL 
https://nodejs.mydomain.com:8000/demo/index.html 
, I am encountering 
the below error on the browser.


This site can’t provide a secure connection
nodejs.mydomain.com  sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Please comment if the above httpd conf file is incorrect or If i am 
missing anything. Thanks in advance.


Best Regards,

Kaushal



There are inconsistencies in your configuration.
On one hand, you have "SSLProxyEngine On" which would imply that the 
backend node.js application is running over TLS.
On the other hand, you are proxying to HTTP://, not HTTPS://, which is 
what you would use for plain-text (not TLS) connections.


The options are mutually exclusive. Either you have TLS on node.js, and 
should proxy to https://localhost:8000 or you do not, and you shouldn't 
have "SSLProxyEngine On" defined.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Richard]

> Date: Wednesday, June 21, 2023 23:09:45 +0530
> From: Kaushal Shriyan 
>
> When I am trying to access the URL
> https://nodejs.mydomain.com/demo/index.html, I am seeing the below
> information in Apache HTTP server access logs.
> 
> 172.16.16.45 - drupaladmin [21/Jun/2023:23:04:07 +0530] "GET
> /demo/index.html HTTP/1.1" *404* 25644 "-" "Mozilla/5.0

You need to look in the error log for the details the 404/not_found
error that is being returned.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Darryl Baker]

I will be in meeting for the rest of the afternoon. Here is an anonymized 
version of my working configuration. Hope it helps.

The main URL is https://directory.uexample.com/search

nodejs is expacting /search


ServerName  directory.example.com
ServerAlias hostnameaa.mid.example.com
ServerAlias hostnameab.mid.example.com

SSLEngine   on

SSLCertificateFile  /etc/httpd/certs/cert.pem
SSLCertificateKeyFile   /etc/httpd/certs/cert.pem
SSLOptions  +StdEnvVars

RewriteEngine On
LogLevel alert rewrite:trace6

CustomLog logs/nodejs_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

ErrorLog/var/log/httpd/nodejs_error.log
CustomLog   /var/log/httpd/nodejs_access.log combined

DocumentRoot /var/www/iam-directory/dist

# RewriteRule ^/health-check-test.txt$ /public/health-check-test.txt
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}

# When a request comes in, test to see if there's a matching static 
file in the "public" dir
RewriteCond %{DOCUMENT_ROOT}/public/%{REQUEST_URI} !-f

# If request does not include a static file, proxy it to the backend
RewriteRule ^(.*)$ http://localhost:8000$1 [P]

# Otherwise, add "public" to it (e.g., serve the file)
RewriteRule ^(.*)$ /public$1 [L]




Darryl Baker, GSEC, GCLD  (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
4th Floor
2020 Ridge Avenue
Evanston, IL  60208-0801
darryl.ba...@northwestern.edu
(847) 467-6674

From: Kaushal Shriyan 
Reply-To: Apache httpd Users 
Date: Wednesday, June 21, 2023 at 12:40 PM
To: Apache httpd Users 
Subject: Re: [users@httpd] node.js application listening on port 8000 enabled 
with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

On Wed, Jun 21, 2023 at 10:35 PM Darryl Baker 
mailto:darryl.ba...@northwestern.edu>> wrote:
Have you tried browsing to 
https://nodejs.mydomain.com/demo/index.html
 The proxy configuration in Apache will direct the connection to nodejs over 
port 8000.

Hi Darryl,

When I am trying to access the URL 
https://nodejs.mydomain.com/demo/index.html,
 I am seeing the below information in Apache HTTP server access logs.

172.16.16.45 - drupaladmin [21/Jun/2023:23:04:07 +0530] "GET /demo/index.html 
HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) 
AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/114.0.0.0
 Safari/537.36"
172.16.16.45 - drupaladmin [21/Jun/2023:23:04:18 +0530] "GET /demo/index.html 
HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) 
AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/114.0.0.0
 Safari/537.36"
172.16.16.45 - drupaladmin [21/Jun/2023:23:04:39 +0530] "GET /demo/index.html 
HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) 
AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/114.0.0.0
 Safari/537.36"

Please suggest further. Thanks in advance.

Best Regards,

Kaushal

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Eric Covener]

On Wed, Jun 21, 2023 at 1:45 PM Kaushal Shriyan
 wrote:
>
> Hi,
>
> When I hit http://nodejs.mydomain.com:8000/demo/index.html (without ssl) it 
> works with port number using the below httpd config file. Is there a way to 
> enable SSL connections?
>
> httpd.conf file configuration
> #cat /etc/httpd/conf.d/nodejsnodejsssl.conf
> 
> 
> ProxyPass http://localhost:8000/
> 
> 

You're not accessing Apache if you specify port 8000.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

Hi,

When I hit http://nodejs.mydomain.com:8000/demo/index.html (without ssl) it
works with port number using the below httpd config file. Is there a way to
enable SSL connections?

*httpd.conf file configuration*
#cat /etc/httpd/conf.d/nodejsnodejsssl.conf


ProxyPass http://localhost:8000/



Please suggest further. Thanks in advance.


Best Regards,

Kaushal

On Wed, Jun 21, 2023 at 11:09 PM Kaushal Shriyan 
wrote:

> On Wed, Jun 21, 2023 at 10:35 PM Darryl Baker <
> darryl.ba...@northwestern.edu> wrote:
>
>> Have you tried browsing to https://nodejs.mydomain.com/demo/index.html
>> The proxy configuration in Apache will direct the connection to nodejs over
>> port 8000.
>>
>
> Hi Darryl,
>
> When I am trying to access the URL
> https://nodejs.mydomain.com/demo/index.html, I am seeing the below
> information in Apache HTTP server access logs.
>
> 172.16.16.45 - drupaladmin [21/Jun/2023:23:04:07 +0530] "GET
>> /demo/index.html HTTP/1.1" *404* 25644 "-" "Mozilla/5.0 (Macintosh;
>> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
>> 114.0.0.0 Safari/537.36"
>> 172.16.16.45 - drupaladmin [21/Jun/2023:23:04:18 +0530] "GET
>> /demo/index.html HTTP/1.1" *404* 25644 "-" "Mozilla/5.0 (Macintosh;
>> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
>> 114.0.0.0 Safari/537.36"
>> 172.16.16.45 - drupaladmin [21/Jun/2023:23:04:39 +0530] "GET
>> /demo/index.html HTTP/1.1" *404* 25644 "-" "Mozilla/5.0 (Macintosh;
>> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
>> 114.0.0.0 Safari/537.36"
>
>
> Please suggest further. Thanks in advance.
>
>
>
> Best Regards,
>
>
>
> Kaushal
>
>>

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

On Wed, Jun 21, 2023 at 10:35 PM Darryl Baker 
wrote:

> Have you tried browsing to https://nodejs.mydomain.com/demo/index.html
> The proxy configuration in Apache will direct the connection to nodejs over
> port 8000.
>

Hi Darryl,

When I am trying to access the URL
https://nodejs.mydomain.com/demo/index.html, I am seeing the below
information in Apache HTTP server access logs.

172.16.16.45 - drupaladmin [21/Jun/2023:23:04:07 +0530] "GET
> /demo/index.html HTTP/1.1" *404* 25644 "-" "Mozilla/5.0 (Macintosh; Intel
> Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0
> Safari/537.36"
> 172.16.16.45 - drupaladmin [21/Jun/2023:23:04:18 +0530] "GET
> /demo/index.html HTTP/1.1" *404* 25644 "-" "Mozilla/5.0 (Macintosh; Intel
> Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0
> Safari/537.36"
> 172.16.16.45 - drupaladmin [21/Jun/2023:23:04:39 +0530] "GET
> /demo/index.html HTTP/1.1" *404* 25644 "-" "Mozilla/5.0 (Macintosh; Intel
> Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0
> Safari/537.36"


Please suggest further. Thanks in advance.



Best Regards,



Kaushal

>

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Darryl Baker]

Have you tried browsing to https://nodejs.mydomain.com/demo/index.html The 
proxy configuration in Apache will direct the connection to nodejs over port 
8000.

Darryl Baker, GSEC, GCLD  (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
4th Floor
2020 Ridge Avenue
Evanston, IL  60208-0801
darryl.ba...@northwestern.edu
(847) 467-6674

From: Kaushal Shriyan 
Reply-To: Apache httpd Users 
Date: Wednesday, June 21, 2023 at 11:58 AM
To: Apache httpd Users 
Subject: [users@httpd] node.js application listening on port 8000 enabled with 
SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

Hi,

I am running node.js application on port 8000 and Apache HTTP server on CentOS 
Linux release 7.9.2009 (Core)

# node --version
v16.20.0
# httpd -v
Server version: Apache/2.4.57 (IUS)
Server built:   Apr  7 2023 14:49:47
#

httpd.conf file configuration
#cat /etc/httpd/conf.d/nodejsnodejsssl.conf

SSLEngine On
SSLProxyEngine On
ServerName 
nodejs.mydomain.com
SSLCertificateFile 
/etc/letsencrypt/live/nodejs.mydomain.com/cert.pem
SSLCertificateKeyFile 
/etc/letsencrypt/live/nodejs.mydomain.com/privkey.pem
SSLCertificateChainFile 
/etc/letsencrypt/live/nodejs.mydomain.com/chain.pem

ProxyPass 
http://localhost:8000/



When I am trying to access the URL 
https://nodejs.mydomain.com:8000/demo/index.html,
 I am encountering the below error on the browser.

This site can’t provide a secure connection
nodejs.mydomain.com
 sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Please comment if the above httpd conf file is incorrect or If i am missing 
anything. Thanks in advance.

Best Regards,

Kaushal

[users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Kaushal Shriyan]

Hi,

I am running node.js application on port 8000 and Apache HTTP server on
CentOS Linux release 7.9.2009 (Core)

# node --version
*v16.20.0*
# httpd -v
Server version: *Apache/2.4.57 (IUS)*
Server built:   Apr  7 2023 14:49:47
#

*httpd.conf file configuration*
#cat /etc/httpd/conf.d/nodejsnodejsssl.conf

SSLEngine On
SSLProxyEngine On
ServerName nodejs.mydomain.com
SSLCertificateFile /etc/letsencrypt/live/nodejs.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/
nodejs.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/
nodejs.mydomain.com/chain.pem

ProxyPass http://localhost:8000/



When I am trying to access the URL
https://nodejs.mydomain.com:8000/demo/index.html, I am encountering the
below error on the browser.

This site can’t provide a secure connection
nodejs.mydomain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Please comment if the above httpd conf file is incorrect or If i am missing
anything. Thanks in advance.

Best Regards,

Kaushal

[users@httpd] OCSP No-stapling cache support

[Davide Schiaroli]

Hi, I'm adding OCSP Support to a PKI, and in our architecture the stapling
feature is not usable. We would like to have the caching support as
developed for the stapling extension, because without it our http flow is
too slow for our traffic. I'd like to know whether this feature will ever
be considered or if I can stop believing it and drop OCSP support. Thanks
to all, ds

[users@httpd] Re: Using MD for letsencrypt cert rotation

[Tom Browder]

On Fri, Jun 16, 2023 at 13:07 Tom Browder  wrote:

> Is Debian's certbot package required for MD use? Or does it interfere with
> it?
>
> I suspect the latter.
>

Suspicion confirmed.

-Tom

[users@httpd] Using MD for letsencrypt cert rotation

[Tom Browder]

Is Debian's certbot package required for MD use? Or does it interfere with
it?

I suspect the latter.

Thanks.

-Tom

[users@httpd] TAC Applications for Community Over Code North America and Asia now open

[Gavin McDonald]

Hi All,

(This email goes out to all our user and dev project mailing lists, so you
may receive this
email more than once.)

The Travel Assistance Committee has opened up applications to help get
people to the following events:


*Community Over Code Asia 2023 - *
*August 18th to August 20th in Beijing , China*

Applications for this event closes on the 6th July so time is short, please
apply as soon as possible. TAC is prioritising applications from the Asia
and Oceania regions.

More details on this event can be found at:
https://apachecon.com/acasia2023/

More information on how to apply please read: https://tac.apache.org/


*Community Over Code North America - *
*October 7th to October 10th in Halifax, Canada*

Applications for this event closes on the 22nd July. We expect many
applications so please do apply as soon as you can. TAC is prioritising
applications from the North and South America regions.

More details on this event can be found at: https://communityovercode.org/

More information on how to apply please read: https://tac.apache.org/


*Have you applied to be a Speaker?*

If you have applied or intend to apply as a Speaker at either of these
events, and think you
may require assistance for Travel and/or Accommodation - TAC advises that
you do not
wait until you have been notified of your speaker status and to apply
early. Should you
not be accepted as a speaker and still wish to attend you can amend you
application to
include Conference fees, or, you may withdraw your application.

The call for presentations for Halifax is here:
https://communityovercode.org/call-for-presentations/
and you have until the 13th of July to apply.

The call for presentations for Beijing is here:
https://apachecon.com/acasia2023/cfp.html
and you have until the 18th June to apply.

*IMPORTANT Note on Visas:*

It is important that you apply for a Visa as soon as possible - do not wait
until you know if you have been accepted for Travel Assistance or not, as
due to current wait times for Interviews in some Countries, waiting that
long may be too late, so please do apply for a Visa right away. Contact
tac-ap...@tac.apache.org if you need any more information or assistance in
this area.

*Spread the Word!!*

TAC encourages you to spread the word about Travel Assistance to get to
these events, so feel free to repost as you see fit on Social Media, at
work, schools, universities etc etc...

Thank You and hope to see you all soon

Gavin McDonald on behalf of the ASF Travel Assistance Committee.

Re: [users@httpd] Apache service reported path is invalid

[Suvendu Sekhar Mondal]

On Sat, Jun 10, 2023 at 12:22 PM Ravi Chandra  wrote:

> Please find the log file for the Process Monitor.
>
>  Thanks for sharing Procmon trace details, Ravi. It is showing following
which means the a/c under which you are launching this httpd service
doesn't have read access.

Process Name PID Operation Path Result Detail
httpd.exe 16008 CreateFile \\10.12.30.50\COMTRACK01\ ACCESS DENIED Desired
Access: Read Attributes, Synchronize, Disposition: Open, Options:
Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode:
Read, Write, AllocationSize: n/a

Please provide read access to that a/c for \\10.12.30.50\COMTRACK01\
location and try again.

Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Friday, June 9, 2023 at 01:51:17 PM GMT+5:30, Suvendu Sekhar Mondal <
> suv3...@gmail.com> wrote:
>
>
> Ravi,
>
> On Fri, Jun 9, 2023, 7:34 AM Frank Gingras  wrote:
>
> Greg, they are using windows.
>
>
> Procmon tool can be used to identify problem. It's from Microsoft.
>
> Launch the tool. Start Apache and wait for failure. Stop tracing
> immediately otherwise you will get some noises. After that you can filter
> by pid, path etc.
>
>
> On Thu, Jun 8, 2023 at 9:40 PM Gregory Kuzmicki <
> gregory.kuzmi...@gmail.com> wrote:
>
> On that note, to verify if it is indeed a permissions issue, you may
> troubleshoot by granting all permissions to all users.
>
> Function: CHMOD
>
> If access proceeds as desired then you can at least be certain it is a
> permissions issue; then revert back to your policies and make note one by
> one to determine which user(s) are preventing desired access functionality.
> If still access proceeds undesired, we can possibly rule out the
> permissions issue.
>
>
> Greg
>
> On Thursday, June 8, 2023, Frank Gingras  wrote:
>
> You would want to attempt to reach that path while connected as that user.
> Any error would prevent you from reading the directory.
>
> On Wed, Jun 7, 2023 at 8:22 PM Ravi Chandra  wrote:
>
> Can we have an idea what type of permission issue please.
>
> Zentech Innovation Private Limited
> M Ravi Chandra
>
> On Wed, 7 Jun 2023 at 23:45, Frank Gingras
>  wrote:
> As Eric said, the only reason left is a permissions issue, which results
> in that error.
>
> On Wed, Jun 7, 2023 at 11:54 AM Ravi Chandra  wrote:
>
>
> Please find the config and the path in which we are using the network
> path. Please let us know is any changes in the config file, and also find
> the config file for reference.
>
> [image: Inline image]
>
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
> On Wednesday, June 7, 2023 at 07:24:11 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Can you show the updated configuration? It's very difficult to see what
> you did otherwise.
>
> On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:
>
> We already mapped the network drive(NAS). Then also we are facing the same
> problem. But able to run within Commandline.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try mapping the path to a network letter in windows.
>
> On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:
>
> Hi,
>
> But when we run the 'httpd.exe' on CMD it works without any error and we
> are able to access files that exist within the path (No changes in the path
> format "10.12.30.50\\COMTRACK01\\Comtrack_processing_root").
>
> Whereas we run with service we are getting the path invalid error.
>
> Yes, we have tried with both symbols as mentioned in the below mail then
> also we are facing the same issue.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try a few things:
>
> 1) Don't escape the \'s in the path
> 2) Use / instead of \
> 3) map the network path to a drive letter in windows.
>
>
>
> On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:
>
> Hi,
>
>We are using the Apache2.4.57 version on one of the servers. Here we
> have facing an issue when we add the external drive to the config file.
> Kindly find the below error message which we found in the EventViewer.
>
> The Apache service named reported the following error:
> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
> >>> 
> path is invalid.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: 

Re: [users@httpd] Apache service reported path is invalid

[Gregory Kuzmicki]

6/9/2023
11:14 PM EST

Frank:

Thank you for that information; however, Ravi's original message states "on
one of the servers" so I am not sure if his full tech stack is operable via
windows or if it is a multi-OS tandem integration.

Ravi, please let us know an update when you get a chance!


Best,
Greg


https://www.linkedin.com/in/colorsorted

On Friday, June 9, 2023, Frank Gingras  wrote:

> Greg,
>
> Case sensitivity for paths isn't a concern on windows.
>
> On Fri, Jun 9, 2023 at 8:33 PM Gregory Kuzmicki <
> gregory.kuzmi...@gmail.com> wrote:
>
>> 6/9/2023
>> 8:05 PM EST
>>
>> Ravi:
>>
>> I was taking another look at your issue. I noticed a "case difference"
>> and I am curious to know if this causing your issue.
>>
>> Please note that in your email dated 6/6/2023 5:33 AM the screenshot of
>> your log states:
>>
>> --
>> The Apache service named reported the following error:
>>
>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>>
>>
>> The Apache service named reported the following error:
>>
>>  path
>> is invalid
>> --
>>
>> Please note that in your config file, you have an alias pointing to:
>>
>> Alias /processing_root_folder "F:/Comtrack_Processing_Root"
>>
>> Alias /processing_root_folder1 "10.12.30.50\COMTRACK01\
>> Comtrack_Processing_Root">
>>
>>
>>
>> ___
>> Please note:
>> "Comtrack_processing_root"
>> "Comtrack_Processing_Root"
>>
>> as the case difference aforementioned.
>> ___
>>
>> I am uncertain is this is causing your issue, but it worth noting.
>> Furthermore, your log says line 406 of httpd.conf but as I see from the
>> image there is only a section of the log. Did you send an attachment of the
>> full httpd.conf file and an attachment of an image section of httpd.conf?
>>
>> Specifically, what does line 406 say? I can only see the image attached;
>> I cannot open the httpd.conf file on this device so I don't know if it is
>> the full configuration file or a redacted version.
>>
>>
>>
>>
>> Main points:
>> (1) note the "case difference"
>> (2) what does line 406 read? re: syntax error
>>
>>
>>
>>
>>
>> Greg
>>
>>
>> https://www.linkedin.com/colorsorted
>>
>>
>>
>>
>>
>>
>>
>>
>> On Friday, June 9, 2023, Tatsuki Makino 
>> wrote:
>>
>>> Hello.
>>>
>>> Do I have to keep attaching png named jpg here? :)
>>> According to that png or jpeg or whatever it is, it still has .
>>>
>>> That means the following pattern will pass, right?
>>>
>>> D:\path\to\dir
>>> D:/path/to/dir
>>> \\hostname_or_ipaddress\path\to\dir
>>> //hostname_or_ipaddress/path/to/dir
>>>
>>> Regards.
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>
>> On Friday, June 9, 2023, Tatsuki Makino 
>> wrote:
>>
>>> Hello.
>>>
>>> Do I have to keep attaching png named jpg here? :)
>>> According to that png or jpeg or whatever it is, it still has .
>>>
>>> That means the following pattern will pass, right?
>>>
>>> D:\path\to\dir
>>> D:/path/to/dir
>>> \\hostname_or_ipaddress\path\to\dir
>>> //hostname_or_ipaddress/path/to/dir
>>>
>>> Regards.
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>>
>> --
>> Sent from my iPhone
>>
>

-- 
Sent from my iPhone

Re: [users@httpd] Apache service reported path is invalid

[Frank Gingras]

Greg,

Case sensitivity for paths isn't a concern on windows.

On Fri, Jun 9, 2023 at 8:33 PM Gregory Kuzmicki 
wrote:

> 6/9/2023
> 8:05 PM EST
>
> Ravi:
>
> I was taking another look at your issue. I noticed a "case difference" and
> I am curious to know if this causing your issue.
>
> Please note that in your email dated 6/6/2023 5:33 AM the screenshot of
> your log states:
>
> --
> The Apache service named reported the following error:
>
> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
>
>  path
> is invalid
> --
>
> Please note that in your config file, you have an alias pointing to:
>
> Alias /processing_root_folder "F:/Comtrack_Processing_Root"
>
> Alias /processing_root_folder1
> "10.12.30.50\COMTRACK01\Comtrack_Processing_Root">
>
>
>
> ___
> Please note:
> "Comtrack_processing_root"
> "Comtrack_Processing_Root"
>
> as the case difference aforementioned.
> ___
>
> I am uncertain is this is causing your issue, but it worth noting.
> Furthermore, your log says line 406 of httpd.conf but as I see from the
> image there is only a section of the log. Did you send an attachment of the
> full httpd.conf file and an attachment of an image section of httpd.conf?
>
> Specifically, what does line 406 say? I can only see the image attached; I
> cannot open the httpd.conf file on this device so I don't know if it is the
> full configuration file or a redacted version.
>
>
>
>
> Main points:
> (1) note the "case difference"
> (2) what does line 406 read? re: syntax error
>
>
>
>
>
> Greg
>
>
> https://www.linkedin.com/colorsorted
>
>
>
>
>
>
>
>
> On Friday, June 9, 2023, Tatsuki Makino 
> wrote:
>
>> Hello.
>>
>> Do I have to keep attaching png named jpg here? :)
>> According to that png or jpeg or whatever it is, it still has .
>>
>> That means the following pattern will pass, right?
>>
>> D:\path\to\dir
>> D:/path/to/dir
>> \\hostname_or_ipaddress\path\to\dir
>> //hostname_or_ipaddress/path/to/dir
>>
>> Regards.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>
> On Friday, June 9, 2023, Tatsuki Makino 
> wrote:
>
>> Hello.
>>
>> Do I have to keep attaching png named jpg here? :)
>> According to that png or jpeg or whatever it is, it still has .
>>
>> That means the following pattern will pass, right?
>>
>> D:\path\to\dir
>> D:/path/to/dir
>> \\hostname_or_ipaddress\path\to\dir
>> //hostname_or_ipaddress/path/to/dir
>>
>> Regards.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>
> --
> Sent from my iPhone
>

Re: [users@httpd] Apache service reported path is invalid

[Gregory Kuzmicki]

6/9/2023
8:05 PM EST

Ravi:

I was taking another look at your issue. I noticed a "case difference" and
I am curious to know if this causing your issue.

Please note that in your email dated 6/6/2023 5:33 AM the screenshot of
your log states:

--
The Apache service named reported the following error:

Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf


The Apache service named reported the following error:

 path is
invalid
--

Please note that in your config file, you have an alias pointing to:

Alias /processing_root_folder "F:/Comtrack_Processing_Root"

Alias /processing_root_folder1
"10.12.30.50\COMTRACK01\Comtrack_Processing_Root">



___
Please note:
"Comtrack_processing_root"
"Comtrack_Processing_Root"

as the case difference aforementioned.
___

I am uncertain is this is causing your issue, but it worth noting.
Furthermore, your log says line 406 of httpd.conf but as I see from the
image there is only a section of the log. Did you send an attachment of the
full httpd.conf file and an attachment of an image section of httpd.conf?

Specifically, what does line 406 say? I can only see the image attached; I
cannot open the httpd.conf file on this device so I don't know if it is the
full configuration file or a redacted version.




Main points:
(1) note the "case difference"
(2) what does line 406 read? re: syntax error





Greg


https://www.linkedin.com/colorsorted








On Friday, June 9, 2023, Tatsuki Makino  wrote:

> Hello.
>
> Do I have to keep attaching png named jpg here? :)
> According to that png or jpeg or whatever it is, it still has .
>
> That means the following pattern will pass, right?
>
> D:\path\to\dir
> D:/path/to/dir
> \\hostname_or_ipaddress\path\to\dir
> //hostname_or_ipaddress/path/to/dir
>
> Regards.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

On Friday, June 9, 2023, Tatsuki Makino  wrote:

> Hello.
>
> Do I have to keep attaching png named jpg here? :)
> According to that png or jpeg or whatever it is, it still has .
>
> That means the following pattern will pass, right?
>
> D:\path\to\dir
> D:/path/to/dir
> \\hostname_or_ipaddress\path\to\dir
> //hostname_or_ipaddress/path/to/dir
>
> Regards.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-- 
Sent from my iPhone

Re: [users@httpd] Apache service reported path is invalid

[Tatsuki Makino]

Hello.

Do I have to keep attaching png named jpg here? :)
According to that png or jpeg or whatever it is, it still has .

That means the following pattern will pass, right?

D:\path\to\dir
D:/path/to/dir
\\hostname_or_ipaddress\path\to\dir
//hostname_or_ipaddress/path/to/dir

Regards.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache service reported path is invalid

[Suvendu Sekhar Mondal]

Ravi,

On Fri, Jun 9, 2023, 7:34 AM Frank Gingras  wrote:

> Greg, they are using windows.
>

Procmon tool can be used to identify problem. It's from Microsoft.

Launch the tool. Start Apache and wait for failure. Stop tracing
immediately otherwise you will get some noises. After that you can filter
by pid, path etc.

>
> On Thu, Jun 8, 2023 at 9:40 PM Gregory Kuzmicki <
> gregory.kuzmi...@gmail.com> wrote:
>
>> On that note, to verify if it is indeed a permissions issue, you may
>> troubleshoot by granting all permissions to all users.
>>
>> Function: CHMOD
>>
>> If access proceeds as desired then you can at least be certain it is a
>> permissions issue; then revert back to your policies and make note one by
>> one to determine which user(s) are preventing desired access functionality.
>> If still access proceeds undesired, we can possibly rule out the
>> permissions issue.
>>
>>
>> Greg
>>
>> On Thursday, June 8, 2023, Frank Gingras  wrote:
>>
>>> You would want to attempt to reach that path while connected as that
>>> user. Any error would prevent you from reading the directory.
>>>
>>> On Wed, Jun 7, 2023 at 8:22 PM Ravi Chandra  wrote:
>>>
 Can we have an idea what type of permission issue please.

 Zentech Innovation Private Limited
 M Ravi Chandra

 On Wed, 7 Jun 2023 at 23:45, Frank Gingras
  wrote:
 As Eric said, the only reason left is a permissions issue, which
 results in that error.

 On Wed, Jun 7, 2023 at 11:54 AM Ravi Chandra  wrote:


 Please find the config and the path in which we are using the network
 path. Please let us know is any changes in the config file, and also find
 the config file for reference.

 [image: Inline image]



 Warm Regards,
 M Ravi Chandra.
 *Zentech Innovations Private Limited*


 On Wednesday, June 7, 2023 at 07:24:11 PM GMT+5:30, Frank Gingras <
 thu...@apache.org> wrote:


 Can you show the updated configuration? It's very difficult to see what
 you did otherwise.

 On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:

 We already mapped the network drive(NAS). Then also we are facing the
 same problem. But able to run within Commandline.


 Warm Regards,
 M Ravi Chandra.
 *Zentech Innovations Private Limited*

 On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras <
 thu...@apache.org> wrote:


 Try mapping the path to a network letter in windows.

 On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:

 Hi,

 But when we run the 'httpd.exe' on CMD it works without any error and
 we are able to access files that exist within the path (No changes in the
 path format "10.12.30.50\\COMTRACK01\\Comtrack_processing_root").

 Whereas we run with service we are getting the path invalid error.

 Yes, we have tried with both symbols as mentioned in the below mail
 then also we are facing the same issue.


 Warm Regards,
 M Ravi Chandra.
 *Zentech Innovations Private Limited*

 On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras <
 thu...@apache.org> wrote:


 Try a few things:

 1) Don't escape the \'s in the path
 2) Use / instead of \
 3) map the network path to a drive letter in windows.



 On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:

 Hi,

We are using the Apache2.4.57 version on one of the servers. Here we
 have facing an issue when we add the external drive to the config file.
 Kindly find the below error message which we found in the EventViewer.

 The Apache service named reported the following error:
 >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf


 The Apache service named reported the following error:
 >>> 
 path is invalid.


 Warm Regards,
 M Ravi Chandra.
 *Zentech Innovations Private Limited*




 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>>
>> --
>> Sent from my iPhone
>>
>

Re: [users@httpd] Apache service reported path is invalid

[Frank Gingras]

Greg, they are using windows.

On Thu, Jun 8, 2023 at 9:40 PM Gregory Kuzmicki 
wrote:

> On that note, to verify if it is indeed a permissions issue, you may
> troubleshoot by granting all permissions to all users.
>
> Function: CHMOD
>
> If access proceeds as desired then you can at least be certain it is a
> permissions issue; then revert back to your policies and make note one by
> one to determine which user(s) are preventing desired access functionality.
> If still access proceeds undesired, we can possibly rule out the
> permissions issue.
>
>
> Greg
>
> On Thursday, June 8, 2023, Frank Gingras  wrote:
>
>> You would want to attempt to reach that path while connected as that
>> user. Any error would prevent you from reading the directory.
>>
>> On Wed, Jun 7, 2023 at 8:22 PM Ravi Chandra  wrote:
>>
>>> Can we have an idea what type of permission issue please.
>>>
>>> Zentech Innovation Private Limited
>>> M Ravi Chandra
>>>
>>> On Wed, 7 Jun 2023 at 23:45, Frank Gingras
>>>  wrote:
>>> As Eric said, the only reason left is a permissions issue, which results
>>> in that error.
>>>
>>> On Wed, Jun 7, 2023 at 11:54 AM Ravi Chandra  wrote:
>>>
>>>
>>> Please find the config and the path in which we are using the network
>>> path. Please let us know is any changes in the config file, and also find
>>> the config file for reference.
>>>
>>> [image: Inline image]
>>>
>>>
>>>
>>> Warm Regards,
>>> M Ravi Chandra.
>>> *Zentech Innovations Private Limited*
>>>
>>>
>>> On Wednesday, June 7, 2023 at 07:24:11 PM GMT+5:30, Frank Gingras <
>>> thu...@apache.org> wrote:
>>>
>>>
>>> Can you show the updated configuration? It's very difficult to see what
>>> you did otherwise.
>>>
>>> On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:
>>>
>>> We already mapped the network drive(NAS). Then also we are facing the
>>> same problem. But able to run within Commandline.
>>>
>>>
>>> Warm Regards,
>>> M Ravi Chandra.
>>> *Zentech Innovations Private Limited*
>>>
>>> On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras <
>>> thu...@apache.org> wrote:
>>>
>>>
>>> Try mapping the path to a network letter in windows.
>>>
>>> On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:
>>>
>>> Hi,
>>>
>>> But when we run the 'httpd.exe' on CMD it works without any error and we
>>> are able to access files that exist within the path (No changes in the path
>>> format "10.12.30.50\\COMTRACK01\\Comtrack_processing_root").
>>>
>>> Whereas we run with service we are getting the path invalid error.
>>>
>>> Yes, we have tried with both symbols as mentioned in the below mail then
>>> also we are facing the same issue.
>>>
>>>
>>> Warm Regards,
>>> M Ravi Chandra.
>>> *Zentech Innovations Private Limited*
>>>
>>> On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras <
>>> thu...@apache.org> wrote:
>>>
>>>
>>> Try a few things:
>>>
>>> 1) Don't escape the \'s in the path
>>> 2) Use / instead of \
>>> 3) map the network path to a drive letter in windows.
>>>
>>>
>>>
>>> On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:
>>>
>>> Hi,
>>>
>>>We are using the Apache2.4.57 version on one of the servers. Here we
>>> have facing an issue when we add the external drive to the config file.
>>> Kindly find the below error message which we found in the EventViewer.
>>>
>>> The Apache service named reported the following error:
>>> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>>>
>>>
>>> The Apache service named reported the following error:
>>> >>> 
>>> path is invalid.
>>>
>>>
>>> Warm Regards,
>>> M Ravi Chandra.
>>> *Zentech Innovations Private Limited*
>>>
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>
> --
> Sent from my iPhone
>

Re: [users@httpd] Apache service reported path is invalid

[Gregory Kuzmicki]

On that note, to verify if it is indeed a permissions issue, you may
troubleshoot by granting all permissions to all users.

Function: CHMOD

If access proceeds as desired then you can at least be certain it is a
permissions issue; then revert back to your policies and make note one by
one to determine which user(s) are preventing desired access functionality.
If still access proceeds undesired, we can possibly rule out the
permissions issue.


Greg

On Thursday, June 8, 2023, Frank Gingras  wrote:

> You would want to attempt to reach that path while connected as that user.
> Any error would prevent you from reading the directory.
>
> On Wed, Jun 7, 2023 at 8:22 PM Ravi Chandra  wrote:
>
>> Can we have an idea what type of permission issue please.
>>
>> Zentech Innovation Private Limited
>> M Ravi Chandra
>>
>> On Wed, 7 Jun 2023 at 23:45, Frank Gingras
>>  wrote:
>> As Eric said, the only reason left is a permissions issue, which results
>> in that error.
>>
>> On Wed, Jun 7, 2023 at 11:54 AM Ravi Chandra  wrote:
>>
>>
>> Please find the config and the path in which we are using the network
>> path. Please let us know is any changes in the config file, and also find
>> the config file for reference.
>>
>> [image: Inline image]
>>
>>
>>
>> Warm Regards,
>> M Ravi Chandra.
>> *Zentech Innovations Private Limited*
>>
>>
>> On Wednesday, June 7, 2023 at 07:24:11 PM GMT+5:30, Frank Gingras <
>> thu...@apache.org> wrote:
>>
>>
>> Can you show the updated configuration? It's very difficult to see what
>> you did otherwise.
>>
>> On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:
>>
>> We already mapped the network drive(NAS). Then also we are facing the
>> same problem. But able to run within Commandline.
>>
>>
>> Warm Regards,
>> M Ravi Chandra.
>> *Zentech Innovations Private Limited*
>>
>> On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras <
>> thu...@apache.org> wrote:
>>
>>
>> Try mapping the path to a network letter in windows.
>>
>> On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:
>>
>> Hi,
>>
>> But when we run the 'httpd.exe' on CMD it works without any error and we
>> are able to access files that exist within the path (No changes in the path
>> format "10.12.30.50\\COMTRACK01\\Comtrack_processing_root").
>>
>> Whereas we run with service we are getting the path invalid error.
>>
>> Yes, we have tried with both symbols as mentioned in the below mail then
>> also we are facing the same issue.
>>
>>
>> Warm Regards,
>> M Ravi Chandra.
>> *Zentech Innovations Private Limited*
>>
>> On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras <
>> thu...@apache.org> wrote:
>>
>>
>> Try a few things:
>>
>> 1) Don't escape the \'s in the path
>> 2) Use / instead of \
>> 3) map the network path to a drive letter in windows.
>>
>>
>>
>> On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:
>>
>> Hi,
>>
>>We are using the Apache2.4.57 version on one of the servers. Here we
>> have facing an issue when we add the external drive to the config file.
>> Kindly find the below error message which we found in the EventViewer.
>>
>> The Apache service named reported the following error:
>> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>>
>>
>> The Apache service named reported the following error:
>> >>> 
>> path is invalid.
>>
>>
>> Warm Regards,
>> M Ravi Chandra.
>> *Zentech Innovations Private Limited*
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-- 
Sent from my iPhone

Re: [users@httpd] Apache service reported path is invalid

[Frank Gingras]

You would want to attempt to reach that path while connected as that user.
Any error would prevent you from reading the directory.

On Wed, Jun 7, 2023 at 8:22 PM Ravi Chandra  wrote:

> Can we have an idea what type of permission issue please.
>
> Zentech Innovation Private Limited
> M Ravi Chandra
>
> On Wed, 7 Jun 2023 at 23:45, Frank Gingras
>  wrote:
> As Eric said, the only reason left is a permissions issue, which results
> in that error.
>
> On Wed, Jun 7, 2023 at 11:54 AM Ravi Chandra  wrote:
>
>
> Please find the config and the path in which we are using the network
> path. Please let us know is any changes in the config file, and also find
> the config file for reference.
>
> [image: Inline image]
>
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
> On Wednesday, June 7, 2023 at 07:24:11 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Can you show the updated configuration? It's very difficult to see what
> you did otherwise.
>
> On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:
>
> We already mapped the network drive(NAS). Then also we are facing the same
> problem. But able to run within Commandline.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try mapping the path to a network letter in windows.
>
> On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:
>
> Hi,
>
> But when we run the 'httpd.exe' on CMD it works without any error and we
> are able to access files that exist within the path (No changes in the path
> format "10.12.30.50\\COMTRACK01\\Comtrack_processing_root").
>
> Whereas we run with service we are getting the path invalid error.
>
> Yes, we have tried with both symbols as mentioned in the below mail then
> also we are facing the same issue.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try a few things:
>
> 1) Don't escape the \'s in the path
> 2) Use / instead of \
> 3) map the network path to a drive letter in windows.
>
>
>
> On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:
>
> Hi,
>
>We are using the Apache2.4.57 version on one of the servers. Here we
> have facing an issue when we add the external drive to the config file.
> Kindly find the below error message which we found in the EventViewer.
>
> The Apache service named reported the following error:
> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
> >>> 
> path is invalid.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Double or chained proxy with mod_proxy

[Charlie Calhoun]

Hello,

I have a reverse proxy set up and working correctly for an internal website. I 
have now been asked to create another proxy to connect to the reverse proxy 
(and ultimately the internal website). The second proxy does not have direct 
network access to the internal website, but it does have network access to the 
reverse proxy. Its function is to provide access to that internal website for 
parts of our network that don't have access to the reverse proxy or the 
internal website.

I have tried setting the second proxy as a reverse proxy pointing to the 
original reverse proxy, but this gave "Bad Request" errors. Then I tried 
setting it as a forward proxy, then started playing with ProxyRemote and 
NoProxy, but nothing seems to work. I expect that when I go to 
"secondproxy.local.domain:listenport", it should return the internal website, 
just like what happens when I go to 
"originalreverseproxy.local.domain:listenport"

Is this possible? What do I need to do to achieve this?

Thank you,
cscal

Sent with [Proton Mail](https://proton.me/) secure email.

Re: [users@httpd] Apache service reported path is invalid

[Ravi Chandra]

Can we have an idea what type of permission issue please.

Zentech Innovation Private Limited
M Ravi Chandra
 
 
  On Wed, 7 Jun 2023 at 23:45, Frank Gingras wrote:   As 
Eric said, the only reason left is a permissions issue, which results in that 
error.
On Wed, Jun 7, 2023 at 11:54 AM Ravi Chandra  wrote:


Please find the config and the path in which we are using the network path. 
Please let us know is any changes in the config file, and also find the config 
file for reference.




Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited 

On Wednesday, June 7, 2023 at 07:24:11 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Can you show the updated configuration? It's very difficult to see what you 
did otherwise.
On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:

We already mapped the network drive(NAS). Then also we are facing the same 
problem. But able to run within Commandline.

Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited

On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Try mapping the path to a network letter in windows.
On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:

Hi,
But when we run the 'httpd.exe' on CMD it works without any error and we are 
able to access files that exist within the path (No changes in the path format 
"10.12.30.50\\COMTRACK01\\Comtrack_processing_root").

Whereas we run with service we are getting the path invalid error.
Yes, we have tried with both symbols as mentioned in the below mail then also 
we are facing the same issue.


Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited

On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Try a few things:
1) Don't escape the \'s in the path2) Use / instead of \3) map the network path 
to a drive letter in windows.


On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:

Hi,
   We are using the Apache2.4.57 version on one of the servers. Here we have 
facing an issue when we add the external drive to the config file. Kindly find 
the below error message which we found in the EventViewer.
The Apache service named reported the following error:>>> Ah00526: Syntax error 
on the line 406 of c:/Apache24/conf/httpd.conf

The Apache service named reported the following error:
>>>  path is 
>>> invalid.

Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited




  
  
  
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
  

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache service reported path is invalid

[Frank Gingras]

As Eric said, the only reason left is a permissions issue, which results in
that error.

On Wed, Jun 7, 2023 at 11:54 AM Ravi Chandra  wrote:

>
> Please find the config and the path in which we are using the network
> path. Please let us know is any changes in the config file, and also find
> the config file for reference.
>
> [image: Inline image]
>
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
> On Wednesday, June 7, 2023 at 07:24:11 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Can you show the updated configuration? It's very difficult to see what
> you did otherwise.
>
> On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:
>
> We already mapped the network drive(NAS). Then also we are facing the same
> problem. But able to run within Commandline.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try mapping the path to a network letter in windows.
>
> On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:
>
> Hi,
>
> But when we run the 'httpd.exe' on CMD it works without any error and we
> are able to access files that exist within the path (No changes in the path
> format "10.12.30.50\\COMTRACK01\\Comtrack_processing_root").
>
> Whereas we run with service we are getting the path invalid error.
>
> Yes, we have tried with both symbols as mentioned in the below mail then
> also we are facing the same issue.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try a few things:
>
> 1) Don't escape the \'s in the path
> 2) Use / instead of \
> 3) map the network path to a drive letter in windows.
>
>
>
> On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:
>
> Hi,
>
>We are using the Apache2.4.57 version on one of the servers. Here we
> have facing an issue when we add the external drive to the config file.
> Kindly find the below error message which we found in the EventViewer.
>
> The Apache service named reported the following error:
> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
> >>> 
> path is invalid.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache service reported path is invalid

[Ravi Chandra]

Please find the config and the path in which we are using the network path. 
Please let us know is any changes in the config file, and also find the config 
file for reference.




Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited 

On Wednesday, June 7, 2023 at 07:24:11 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Can you show the updated configuration? It's very difficult to see what you 
did otherwise.
On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:

We already mapped the network drive(NAS). Then also we are facing the same 
problem. But able to run within Commandline.

Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited

On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Try mapping the path to a network letter in windows.
On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:

Hi,
But when we run the 'httpd.exe' on CMD it works without any error and we are 
able to access files that exist within the path (No changes in the path format 
"10.12.30.50\\COMTRACK01\\Comtrack_processing_root").

Whereas we run with service we are getting the path invalid error.
Yes, we have tried with both symbols as mentioned in the below mail then also 
we are facing the same issue.


Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited

On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Try a few things:
1) Don't escape the \'s in the path2) Use / instead of \3) map the network path 
to a drive letter in windows.


On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:

Hi,
   We are using the Apache2.4.57 version on one of the servers. Here we have 
facing an issue when we add the external drive to the config file. Kindly find 
the below error message which we found in the EventViewer.
The Apache service named reported the following error:>>> Ah00526: Syntax error 
on the line 406 of c:/Apache24/conf/httpd.conf

The Apache service named reported the following error:
>>>  path is 
>>> invalid.

Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited




  
  
  

httpd.conf
Description: Binary data

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache service reported path is invalid

[Eric Covener]

On Tue, Jun 6, 2023 at 5:33 AM Ravi Chandra  wrote:
>
> Hi,
>
>We are using the Apache2.4.57 version on one of the servers. Here we have 
> facing an issue when we add the external drive to the config file. Kindly 
> find the below error message which we found in the EventViewer.
>
> The Apache service named reported the following error:
> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
> >>>  path 
> >>> is invalid.

The user the service runs as needs to be able to access this share
with the same user/password as is used on the webserver.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache service reported path is invalid

[Frank Gingras]

Can you show the updated configuration? It's very difficult to see what you
did otherwise.

On Wed, Jun 7, 2023 at 9:50 AM Ravi Chandra  wrote:

> We already mapped the network drive(NAS). Then also we are facing the same
> problem. But able to run within Commandline.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try mapping the path to a network letter in windows.
>
> On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:
>
> Hi,
>
> But when we run the 'httpd.exe' on CMD it works without any error and we
> are able to access files that exist within the path (No changes in the path
> format "10.12.30.50\\COMTRACK01\\Comtrack_processing_root").
>
> Whereas we run with service we are getting the path invalid error.
>
> Yes, we have tried with both symbols as mentioned in the below mail then
> also we are facing the same issue.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try a few things:
>
> 1) Don't escape the \'s in the path
> 2) Use / instead of \
> 3) map the network path to a drive letter in windows.
>
>
>
> On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:
>
> Hi,
>
>We are using the Apache2.4.57 version on one of the servers. Here we
> have facing an issue when we add the external drive to the config file.
> Kindly find the below error message which we found in the EventViewer.
>
> The Apache service named reported the following error:
> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
> >>> 
> path is invalid.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
>
>

Re: [users@httpd] Apache service reported path is invalid

[Ravi Chandra]

We already mapped the network drive(NAS). Then also we are facing the same 
problem. But able to run within Commandline.

Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited

On Wednesday, June 7, 2023 at 07:12:49 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Try mapping the path to a network letter in windows.
On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:

Hi,
But when we run the 'httpd.exe' on CMD it works without any error and we are 
able to access files that exist within the path (No changes in the path format 
"10.12.30.50\\COMTRACK01\\Comtrack_processing_root").

Whereas we run with service we are getting the path invalid error.
Yes, we have tried with both symbols as mentioned in the below mail then also 
we are facing the same issue.


Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited

On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Try a few things:
1) Don't escape the \'s in the path2) Use / instead of \3) map the network path 
to a drive letter in windows.


On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:

Hi,
   We are using the Apache2.4.57 version on one of the servers. Here we have 
facing an issue when we add the external drive to the config file. Kindly find 
the below error message which we found in the EventViewer.
The Apache service named reported the following error:>>> Ah00526: Syntax error 
on the line 406 of c:/Apache24/conf/httpd.conf

The Apache service named reported the following error:
>>>  path is 
>>> invalid.

Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited




  
  

Re: [users@httpd] Apache service reported path is invalid

[Frank Gingras]

Try mapping the path to a network letter in windows.

On Wed, Jun 7, 2023 at 1:48 AM Ravi Chandra  wrote:

> Hi,
>
> But when we run the 'httpd.exe' on CMD it works without any error and we
> are able to access files that exist within the path (No changes in the path
> format "10.12.30.50\\COMTRACK01\\Comtrack_processing_root").
>
> Whereas we run with service we are getting the path invalid error.
>
> Yes, we have tried with both symbols as mentioned in the below mail then
> also we are facing the same issue.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
> On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
> Try a few things:
>
> 1) Don't escape the \'s in the path
> 2) Use / instead of \
> 3) map the network path to a drive letter in windows.
>
>
>
> On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:
>
> Hi,
>
>We are using the Apache2.4.57 version on one of the servers. Here we
> have facing an issue when we add the external drive to the config file.
> Kindly find the below error message which we found in the EventViewer.
>
> The Apache service named reported the following error:
> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
> >>> 
> path is invalid.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
>
>

Re: [users@httpd] Apache service reported path is invalid

[Ravi Chandra]

Hi,
But when we run the 'httpd.exe' on CMD it works without any error and we are 
able to access files that exist within the path (No changes in the path format 
"10.12.30.50\\COMTRACK01\\Comtrack_processing_root").

Whereas we run with service we are getting the path invalid error.
Yes, we have tried with both symbols as mentioned in the below mail then also 
we are facing the same issue.


Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited

On Tuesday, June 6, 2023 at 07:18:41 PM GMT+5:30, Frank Gingras 
 wrote:  
 
 Try a few things:
1) Don't escape the \'s in the path2) Use / instead of \3) map the network path 
to a drive letter in windows.


On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:

Hi,
   We are using the Apache2.4.57 version on one of the servers. Here we have 
facing an issue when we add the external drive to the config file. Kindly find 
the below error message which we found in the EventViewer.
The Apache service named reported the following error:>>> Ah00526: Syntax error 
on the line 406 of c:/Apache24/conf/httpd.conf

The Apache service named reported the following error:
>>>  path is 
>>> invalid.

Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited




  

Re: [users@httpd] Apache service reported path is invalid

[Frank Gingras]

Try a few things:

1) Don't escape the \'s in the path
2) Use / instead of \
3) map the network path to a drive letter in windows.



On Tue, Jun 6, 2023 at 5:34 AM Ravi Chandra  wrote:

> Hi,
>
>We are using the Apache2.4.57 version on one of the servers. Here we
> have facing an issue when we add the external drive to the config file.
> Kindly find the below error message which we found in the EventViewer.
>
> The Apache service named reported the following error:
> >>> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
> >>> 
> path is invalid.
>
>
> Warm Regards,
> M Ravi Chandra.
> *Zentech Innovations Private Limited*
>
>
>
>

[users@httpd] Apache service reported path is invalid

[Ravi Chandra]

Hi,
   We are using the Apache2.4.57 version on one of the servers. Here we have 
facing an issue when we add the external drive to the config file. Kindly find 
the below error message which we found in the EventViewer.
The Apache service named reported the following error:>>> Ah00526: Syntax error 
on the line 406 of c:/Apache24/conf/httpd.conf

The Apache service named reported the following error:
>>>  path is 
>>> invalid.

Warm Regards,
M Ravi Chandra.Zentech Innovations Private Limited

[users@httpd] proxying websocket and httpd in same VHOST

[Florent Thomas]

Hi everyone, 

I've browsed many ressources and read many thread of the mailing list. Looks 
like I'm not alone to have this issue and that documentation is not really 
clear.

So I'm running this release of apache : 
httpd -v
Server version: Apache/2.4.53 (Rocky Linux)
Server built:   Apr 28 2023 00:00:00

Here are the loaded modules :
core_module (static)
 so_module (static)
 http_module (static)
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 allowmethods_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_anon_module (shared)
 authn_core_module (shared)
 authn_dbd_module (shared)
 authn_dbm_module (shared)
 authn_file_module (shared)
 authn_socache_module (shared)
 authz_core_module (shared)
 authz_dbd_module (shared)
 authz_dbm_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_owner_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cache_module (shared)
 cache_disk_module (shared)
 cache_socache_module (shared)
 data_module (shared)
 dbd_module (shared)
 deflate_module (shared)
 dir_module (shared)
 dumpio_module (shared)
 echo_module (shared)
 env_module (shared)
 expires_module (shared)
 ext_filter_module (shared)
 filter_module (shared)
 headers_module (shared)
 include_module (shared)
 info_module (shared)
 log_config_module (shared)
 logio_module (shared)
 macro_module (shared)
 mime_magic_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 remoteip_module (shared)
 reqtimeout_module (shared)
 request_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 slotmem_plain_module (shared)
 slotmem_shm_module (shared)
 socache_dbm_module (shared)
 socache_memcache_module (shared)
 socache_redis_module (shared)
 socache_shmcb_module (shared)
 status_module (shared)
 substitute_module (shared)
 suexec_module (shared)
 unique_id_module (shared)
 unixd_module (shared)
 userdir_module (shared)
 version_module (shared)
 vhost_alias_module (shared)
 watchdog_module (shared)
 brotli_module (shared)
 dav_module (shared)
 dav_fs_module (shared)
 dav_lock_module (shared)
 lua_module (shared)
 mpm_event_module (shared)
 proxy_module (shared)
 lbmethod_bybusyness_module (shared)
 lbmethod_byrequests_module (shared)
 lbmethod_bytraffic_module (shared)
 lbmethod_heartbeat_module (shared)
 proxy_ajp_module (shared)
 proxy_balancer_module (shared)
 proxy_connect_module (shared)
 proxy_express_module (shared)
 proxy_fcgi_module (shared)
 proxy_fdpass_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_hcheck_module (shared)
 proxy_scgi_module (shared)
 proxy_uwsgi_module (shared)
 systemd_module (shared)
 cgid_module (shared)

I'm deploying an apache RP in front of an Odoo provinding http classic on 8069 
port and websocket on :8072/websocket/ port

I read the example 
https://httpd.apache.org/docs/2.4/en/mod/mod_proxy.html#examples and 
https://httpd.apache.org/docs/2.4/en/mod/mod_proxy.html#wsupgrade  and I tried 
first this setup  :

   ProxyPreserveHost On
   ProxyRequests Off
   ProxyPass "/websocket/"  "http://127.0.0.1:8072/websocket/; upgrade=websocket

   ProxyPass / http://127.0.0.1:8069/
   ProxyPassReverse / http://127.0.0.1:8069/

This fist try didn't succeed,so I tried this one 

   ProxyPreserveHost On
   ProxyRequests Off
   ProxyPass "/websocket/"  "ws://127.0.0.1:8072/websocket/"

   ProxyPass / http://127.0.0.1:8069/
   ProxyPassReverse / http://127.0.0.1:8069/

without more success

the backend still returning 400 on websocket url

any ideas , proposal, debug procedure will be appreciated.

Tanks in adavance for the time spent reading this thread.

regards


Florent THOMAS 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Proxy with ssl backend server

[Yann Ylavic]

On Wed, May 31, 2023 at 4:39 PM Yann Ylavic  wrote:
>
> On Wed, May 31, 2023 at 2:52 PM Josef Wolf  wrote:
> >
> > On Wed, May 31, 2023 at 10:58:27AM +0200, Yann Ylavic wrote:
> > > On Thu, May 25, 2023 at 2:38 PM Josef Wolf  wrote:
> > > >
> > > > I am trying to use apache as a proxy to pass requests to a https 
> > > > backend like this:
> > > >
> > > >   
> > > >
> > > > SSLProxyEngine   on
> > > > ProxyPass/service/ https://backend.do.main:4434/service
> > > > ProxyPassReverse /service/ https://backend.do.main:4434/service
> > > > ProxyPassReverseCookiePath / /service/
> > > > ProxyHTMLURLMap https://backend.do.main:4434/service /service
> > > > 
> > > >   SetEnv force-proxy-request-1.0 1
> > > >   SetEnv proxy-nokeepalive 1
> > > >   SetEnv proxy-sendcl
> > > >   ProxyHTMLEnable On
> > > >   ProxyHTMLExtended On
> > > >   LogLevel Debug
> > > >   ProxyHTMLURLMap https://backend.do.main:4434/service/service/
> > > >   RequestHeader unset Accept-Encoding
> > > >   AuthName"Application /service"
> > > >   AuthType Basic
> > > >   AuthUserFile/m/b/httpd/passwd
> > > >   AuthGroupFile   /m/b/httpd/group
> > > >   Require group service
> > > >   SSLRequireSSL
> > > >   RequestHeader set Authorization "Basic 123456778"
> > > >   RequestHeader set X_FORWARDED_PROTO 'https'
> > > > 
> > > >
> > > >   
> > > >
> > > > This works fine for http backends, but with https, I get following 
> > > > errors:
> > >
> > > I tried this configuration and it works for me.
> >
> > Yes. This is why I suspect it has to do with the way I generate the
> > self-signed certificate:
> >
> >openssl req \
> > -new -newkey rsa:4096 \
> > -subj /C=DE/CN=backend \
> > -addext subjectAltName=DNS:backend.do.main \
> > -addext certificatePolicies=1.2.3.4 \
> > -x509 -nodes \
> > -days 3650 \
> > -out server-cert.pem \
> > -keyout server-key.pem
> >
> > > >   [Thu May 25 13:34:04.690666 2023] [ssl:error] [pid 2259] [remote 
> > > > 192.168.1.106:4434] AH01962: Unable to create a new SSL connection from 
> > > > the SSL context
> > > >   [Thu May 25 13:34:04.690700 2023] [ssl:error] [pid 2259] SSL Library 
> > > > Error: error:140BA0C3:SSL routines:SSL_new:null ssl ctx
>
> I don't think it has to do with the certificate generated/configured
> on the backend side. This error happens at the creation of the SSL
> connection, no communication with the backend yet.
>
> > >
> > > Do you build httpd by yourself? Which OS / httpd / openssl version? It
> > > looks like httpd (mod_ssl) links/runs against an openssl version
> > > different from the one it's been built with.
> >
> > This is not built by myself. All is stock opensuse-Leap-15.1
>
> I don't know which version/patches of httpd is shipped with
> opensuse-Leap-15.1 (httpd-2.4.33 possibly?), but the configuration
> above seems to work with the latest/upstream httpd-2.4.57 release.
> Maybe you can give the latest opensuse-Leap a try (15.4 or 15.5 seem
> to ship httpd-2.4.57)?

This looks like https://bz.apache.org/bugzilla/show_bug.cgi?id=62232
which was fixed in httpd-2.4.34.

>
>
> Regards;
> Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Proxy with ssl backend server

[Yann Ylavic]

On Wed, May 31, 2023 at 2:52 PM Josef Wolf  wrote:
>
> On Wed, May 31, 2023 at 10:58:27AM +0200, Yann Ylavic wrote:
> > On Thu, May 25, 2023 at 2:38 PM Josef Wolf  wrote:
> > >
> > > I am trying to use apache as a proxy to pass requests to a https backend 
> > > like this:
> > >
> > >   
> > >
> > > SSLProxyEngine   on
> > > ProxyPass/service/ https://backend.do.main:4434/service
> > > ProxyPassReverse /service/ https://backend.do.main:4434/service
> > > ProxyPassReverseCookiePath / /service/
> > > ProxyHTMLURLMap https://backend.do.main:4434/service /service
> > > 
> > >   SetEnv force-proxy-request-1.0 1
> > >   SetEnv proxy-nokeepalive 1
> > >   SetEnv proxy-sendcl
> > >   ProxyHTMLEnable On
> > >   ProxyHTMLExtended On
> > >   LogLevel Debug
> > >   ProxyHTMLURLMap https://backend.do.main:4434/service/service/
> > >   RequestHeader unset Accept-Encoding
> > >   AuthName"Application /service"
> > >   AuthType Basic
> > >   AuthUserFile/m/b/httpd/passwd
> > >   AuthGroupFile   /m/b/httpd/group
> > >   Require group service
> > >   SSLRequireSSL
> > >   RequestHeader set Authorization "Basic 123456778"
> > >   RequestHeader set X_FORWARDED_PROTO 'https'
> > > 
> > >
> > >   
> > >
> > > This works fine for http backends, but with https, I get following errors:
> >
> > I tried this configuration and it works for me.
>
> Yes. This is why I suspect it has to do with the way I generate the
> self-signed certificate:
>
>openssl req \
> -new -newkey rsa:4096 \
> -subj /C=DE/CN=backend \
> -addext subjectAltName=DNS:backend.do.main \
> -addext certificatePolicies=1.2.3.4 \
> -x509 -nodes \
> -days 3650 \
> -out server-cert.pem \
> -keyout server-key.pem
>
> > >   [Thu May 25 13:34:04.690666 2023] [ssl:error] [pid 2259] [remote 
> > > 192.168.1.106:4434] AH01962: Unable to create a new SSL connection from 
> > > the SSL context
> > >   [Thu May 25 13:34:04.690700 2023] [ssl:error] [pid 2259] SSL Library 
> > > Error: error:140BA0C3:SSL routines:SSL_new:null ssl ctx

I don't think it has to do with the certificate generated/configured
on the backend side. This error happens at the creation of the SSL
connection, no communication with the backend yet.

> >
> > Do you build httpd by yourself? Which OS / httpd / openssl version? It
> > looks like httpd (mod_ssl) links/runs against an openssl version
> > different from the one it's been built with.
>
> This is not built by myself. All is stock opensuse-Leap-15.1

I don't know which version/patches of httpd is shipped with
opensuse-Leap-15.1 (httpd-2.4.33 possibly?), but the configuration
above seems to work with the latest/upstream httpd-2.4.57 release.
Maybe you can give the latest opensuse-Leap a try (15.4 or 15.5 seem
to ship httpd-2.4.57)?


Regards;
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Proxy with ssl backend server

[Josef Wolf]

On Wed, May 31, 2023 at 10:58:27AM +0200, Yann Ylavic wrote:
> On Thu, May 25, 2023 at 2:38 PM Josef Wolf  wrote:
> >
> > I am trying to use apache as a proxy to pass requests to a https backend 
> > like this:
> >
> >   
> >
> > SSLProxyEngine   on
> > ProxyPass/service/ https://backend.do.main:4434/service
> > ProxyPassReverse /service/ https://backend.do.main:4434/service
> > ProxyPassReverseCookiePath / /service/
> > ProxyHTMLURLMap https://backend.do.main:4434/service /service
> > 
> >   SetEnv force-proxy-request-1.0 1
> >   SetEnv proxy-nokeepalive 1
> >   SetEnv proxy-sendcl
> >   ProxyHTMLEnable On
> >   ProxyHTMLExtended On
> >   LogLevel Debug
> >   ProxyHTMLURLMap https://backend.do.main:4434/service/service/
> >   RequestHeader unset Accept-Encoding
> >   AuthName"Application /service"
> >   AuthType Basic
> >   AuthUserFile/m/b/httpd/passwd
> >   AuthGroupFile   /m/b/httpd/group
> >   Require group service
> >   SSLRequireSSL
> >   RequestHeader set Authorization "Basic 123456778"
> >   RequestHeader set X_FORWARDED_PROTO 'https'
> > 
> >
> >   
> >
> > This works fine for http backends, but with https, I get following errors:
> 
> I tried this configuration and it works for me.

Yes. This is why I suspect it has to do with the way I generate the
self-signed certificate:

   openssl req \
-new -newkey rsa:4096 \
-subj /C=DE/CN=backend \
-addext subjectAltName=DNS:backend.do.main \
-addext certificatePolicies=1.2.3.4 \
-x509 -nodes \
-days 3650 \
-out server-cert.pem \
-keyout server-key.pem
   
> >   [Thu May 25 13:34:04.690666 2023] [ssl:error] [pid 2259] [remote 
> > 192.168.1.106:4434] AH01962: Unable to create a new SSL connection from the 
> > SSL context
> >   [Thu May 25 13:34:04.690700 2023] [ssl:error] [pid 2259] SSL Library 
> > Error: error:140BA0C3:SSL routines:SSL_new:null ssl ctx
> 
> Do you build httpd by yourself? Which OS / httpd / openssl version? It
> looks like httpd (mod_ssl) links/runs against an openssl version
> different from the one it's been built with.

This is not built by myself. All is stock opensuse-Leap-15.1

Apache serves happily SSL to the clients. Only backend servers are not
working.

-- 
Josef Wolf
j...@raven.inka.de

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Proxy with ssl backend server

[Yann Ylavic]

On Thu, May 25, 2023 at 2:38 PM Josef Wolf  wrote:
>
> I am trying to use apache as a proxy to pass requests to a https backend like 
> this:
>
>   
>
> SSLProxyEngine   on
> ProxyPass/service/ https://backend.do.main:4434/service
> ProxyPassReverse /service/ https://backend.do.main:4434/service
> ProxyPassReverseCookiePath / /service/
> ProxyHTMLURLMap https://backend.do.main:4434/service /service
> 
>   SetEnv force-proxy-request-1.0 1
>   SetEnv proxy-nokeepalive 1
>   SetEnv proxy-sendcl
>   ProxyHTMLEnable On
>   ProxyHTMLExtended On
>   LogLevel Debug
>   ProxyHTMLURLMap https://backend.do.main:4434/service/service/
>   RequestHeader unset Accept-Encoding
>   AuthName"Application /service"
>   AuthType Basic
>   AuthUserFile/m/b/httpd/passwd
>   AuthGroupFile   /m/b/httpd/group
>   Require group service
>   SSLRequireSSL
>   RequestHeader set Authorization "Basic 123456778"
>   RequestHeader set X_FORWARDED_PROTO 'https'
> 
>
>   
>
> This works fine for http backends, but with https, I get following errors:

I tried this configuration and it works for me.

>
>   [Thu May 25 13:34:04.690666 2023] [ssl:error] [pid 2259] [remote 
> 192.168.1.106:4434] AH01962: Unable to create a new SSL connection from the 
> SSL context
>   [Thu May 25 13:34:04.690700 2023] [ssl:error] [pid 2259] SSL Library Error: 
> error:140BA0C3:SSL routines:SSL_new:null ssl ctx

Do you build httpd by yourself? Which OS / httpd / openssl version? It
looks like httpd (mod_ssl) links/runs against an openssl version
different from the one it's been built with.

Regards;
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Proxy with ssl backend server

[Josef Wolf]

No ideas on this one?

On Thu, May 25, 2023 at 02:37:50PM +0200, Josef Wolf wrote:
> Hello,
> 
> I am trying to use apache as a proxy to pass requests to a https backend like 
> this:
> 
>   
>   
> SSLProxyEngine   on
> ProxyPass/service/ https://backend.do.main:4434/service
> ProxyPassReverse /service/ https://backend.do.main:4434/service
> ProxyPassReverseCookiePath / /service/
> ProxyHTMLURLMap https://backend.do.main:4434/service /service
> 
>   SetEnv force-proxy-request-1.0 1
>   SetEnv proxy-nokeepalive 1
>   SetEnv proxy-sendcl
>   ProxyHTMLEnable On
>   ProxyHTMLExtended On
>   LogLevel Debug
>   ProxyHTMLURLMap https://backend.do.main:4434/service/service/
>   RequestHeader unset Accept-Encoding
>   AuthName"Application /service"
>   AuthType Basic
>   AuthUserFile/m/b/httpd/passwd
>   AuthGroupFile   /m/b/httpd/group
>   Require group service
>   SSLRequireSSL
>   RequestHeader set Authorization "Basic 123456778"
>   RequestHeader set X_FORWARDED_PROTO 'https'
> 
>   
>   
> 
> This works fine for http backends, but with https, I get following errors:
> 
>   [Thu May 25 13:34:04.690065 2023] [proxy:debug] [pid 2259] 
> mod_proxy.c(1245): [client 109.43.178.5:13845] AH01143: Running scheme https 
> handler (attempt 0)
>   [Thu May 25 13:34:04.690076 2023] [proxy:debug] [pid 2259] 
> proxy_util.c(2216): [client 109.43.178.5:13845] AH00944: connecting 
> https://backend.do.main:4434/service/ to backend.do.main:4434
>   [Thu May 25 13:34:04.690119 2023] [proxy:debug] [pid 2259] 
> proxy_util.c(2425): [client 109.43.178.5:13845] AH00947: connected /service/ 
> to backend.do.main:4434
>   [Thu May 25 13:34:04.690559 2023] [ssl:info] [pid 2259] [remote 
> 192.168.1.106:4434] AH01964: Connection to child 0 established (server 
> lw.strangled.net:443)
>   [Thu May 25 13:34:04.690666 2023] [ssl:error] [pid 2259] [remote 
> 192.168.1.106:4434] AH01962: Unable to create a new SSL connection from the 
> SSL context
>   [Thu May 25 13:34:04.690700 2023] [ssl:error] [pid 2259] SSL Library Error: 
> error:140BA0C3:SSL routines:SSL_new:null ssl ctx
>   [Thu May 25 13:34:04.690749 2023] [proxy:error] [pid 2259] (103)Software 
> caused connection abort: [client 109.43.178.5:13845] AH01084: pass request 
> body failed to 192.168.1.106:4434 (vdr2.wolf.lan)
>   [Thu May 25 13:34:04.690783 2023] [proxy_http:error] [pid 2259] [client 
> 109.43.178.5:13845] AH01097: pass request body failed to 192.168.1.106:4434 
> (vdr2.wolf.lan) from 109.43.178.5 ()
> 
> I guess, the reason for this problem might be that the backend server uses
> a self signed certificate created like this:
> 
>openssl req \
>  -new -newkey rsa:4096 \
>  -subj /C=DE/CN=backend \
>  -addext subjectAltName=DNS:backend.do.main \
>  -addext certificatePolicies=1.2.3.4 \
>  -x509 -nodes \
>  -days 3650 \
>  -out server-cert.pem \
>  -keyout server-key.pem \
> 
> I tried disable certificate check by addin following options, but the did
> not help:
> 
> SSLProxyVerify   none
> SSLProxyCheckPeerCN Off
> SSLProxyCheckPeerName Off
> SSLProxyCheckPeerExpire Off
> 
> Any ideas what might be wrong with my configuration?
> 
> How could I explicitly install the backend certificate as "trusted"?
> I tried SSLProxyMachineCertificatePath, but also without success.
> 
> 
> -- 
> Josef Wolf
> j...@raven.inka.de
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 

-- 
Josef Wolf
j...@raven.inka.de

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

Tested server is Rocky 8. We don't use Ubuntu in prod so I focused on
testing Rocky.
Mateusz Kempski



On Wed, 24 May 2023 at 12:18, Deepak Goel  wrote:
>
> The below test results are on which OS? Ubuntu 18 or 20?
>
> On Wed, 24 May 2023, 17:17 Mateusz Kempski,  
> wrote:
>>
>> They are all identical VMs. We can also reproduce this on bigger
>> servers. I don't think this is caused by Rocky or Ubuntu config. I can
>> see 2 problems during my tests.
>> 1. httpd does not add any servers when test is running. It kills
>> keepalive connections and logs "all workers busy or dying" but does
>> not add any, maybe one at the end of the test. For example if I set
>> StartServers to 3 it goes up to 4 at the end of the test even though
>> it has ServerLimit set to 120.
>> 2. httpd seems to not register that it has free workers even when I
>> set StartServers to 120. There are thousands of idle threads and it
>> still logs "all workers busy or dying" and kills keepalive
>> connections. This can be worked around by setting ThreadsPerChild and
>> ThreadLimit much higher and lowering StartServers/ServerLimit
>> respectively.
>> For example with following settings I can easily process over 1500
>> concurrent connections without errors and keepalive killing:
>> ```
>> 
>> ThreadsPerChild 200
>> ThreadLimit 200
>> StartServers 10
>> ServerLimit 15
>> MinSpareThreads 75
>> MaxSpareThreads 3000
>> MaxRequestWorkers 3000
>> MaxConnectionsPerChild 0
>> 
>> ```
>> Why does httpd behaves this way? It seems to not be intended
>> considering ThreadsPerChild is limited to 64 by default by
>> ThreadLimit. I will try to report a bug to httpd devs as it looks like
>> one to me.
>> Test results with this config:
>> ```
>> ab -k -t 900 -c 1500 -n 100 http://rocky/
>> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
>> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
>> Licensed to The Apache Software Foundation, http://www.apache.org/
>>
>> Benchmarking 10.1.3.11 (be patient)
>> Completed 10 requests
>> Completed 20 requests
>> Completed 30 requests
>> Completed 40 requests
>> Completed 50 requests
>> Completed 60 requests
>> Completed 70 requests
>> Completed 80 requests
>> Completed 90 requests
>> Completed 100 requests
>> Finished 100 requests
>>
>>
>> Server Software:Apache/2.4.37
>> Server Hostname:10.1.3.11
>> Server Port:80
>>
>> Document Path:  /
>> Document Length:7620 bytes
>>
>> Concurrency Level:  1500
>> Time taken for tests:   13.923 seconds
>> Complete requests:  100
>> Failed requests:0
>> Write errors:   0
>> Keep-Alive requests:990813
>> Total transferred:  7919596479 bytes
>> HTML transferred:   762000 bytes
>> Requests per second:71821.69 [#/sec] (mean)
>> Time per request:   20.885 [ms] (mean)
>> Time per request:   0.014 [ms] (mean, across all concurrent requests)
>> Transfer rate:  555467.60 [Kbytes/sec] received
>>
>> Connection Times (ms)
>>  min  mean[+/-sd] median   max
>> Connect:00  14.1  01057
>> Processing: 0   20  33.5 161483
>> Waiting:0   17  20.5 151343
>> Total:  0   21  36.4 161483
>>
>> Percentage of the requests served within a certain time (ms)
>>  50% 16
>>  66% 20
>>  75% 23
>>  80% 26
>>  90% 27
>>  95% 31
>>  98% 65
>>  99%221
>> 100%   1483 (longest request)
>> ```
>>
>> Mateusz Kempski
>>
>> Mateusz Kempski
>> Linux System Administrator
>> XTM International Ltd.
>> Email: mkemp...@xtm-intl.com
>> xtm.cloud
>>
>>
>>
>>
>> On Wed, 24 May 2023 at 05:57, Deepak Goel  wrote:
>> >
>> >
>> >
>> > On Tue, May 23, 2023 at 6:19 PM Mateusz Kempski 
>> >  wrote:
>> >>
>> >> Ubuntu 20 idle:
>> >> ```
>> >> Total DISK READ: 0.00 B/s | Total DISK WRITE: 0.00 B/s
>> >> Current DISK READ:   0.00 B/s | Current DISK WRITE:   0.00 B/s
>> >> ```
>> >> ```
>> >> top - 12:31:00 up 2 min,  1 user,  load average: 0.13, 0.04, 0.01
>> >> Tasks: 239 total,   1 running, 238 sleeping,   0 stopped,   0 zombie
>> >> %Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  
>> >> 0.0 st
>> >> MiB Mem :  16006.4 total,  15259.6 free,251.0 used,495.8 
>> >> buff/cache
>> >> MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15466.5 avail Mem
>> >> ```
>> >> Ubuntu 20 during test:
>> >> ```
>> >> Total DISK READ: 0.00 B/s | Total DISK WRITE: 3.47 M/s
>> >> Current DISK READ:   0.00 B/s | Current DISK WRITE:   0.00 B/s
>> >> ```
>> >> ```
>> >> top - 12:35:17 up 6 min,  1 user,  load average: 6.91, 2.99, 1.16
>> >> Tasks: 232 total,   3 running, 229 sleeping,   0 stopped,   0 zombie
>> >> %Cpu(s):  9.0 us, 21.3 sy,  0.0 ni, 64.4 id,  0.0 wa,  0.0 hi,  5.3 si,  
>> >> 0.1 st
>> >> MiB Mem :  16006.4 total,  14672.6 free,358.1 used,975.7 
>> >> buff/cache

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

Before the test:
```
Apache Server
Status for 127.0.0.1 (via 127.0.0.1)

  Server Version: Apache/2.4.37 (rocky)

  Server MPM: event

  Server Built: May 17 2023 16:27:49

  
--

  Current Time: Thursday, 25-May-2023 12:51:03 UTC

  Restart Time: Thursday, 25-May-2023 12:50:52 UTC

  Parent Server Config. Generation: 1

  Parent Server MPM Generation: 0

  Server uptime: 11 seconds

  Server load: 0.03 0.02 0.00

  Total accesses: 0 - Total Traffic: 0 kB - Total Duration: 0

  CPU Usage: u.01 s.01 cu0 cs0 - .182% CPU load

  0 requests/sec - 0 B/second

  1 requests currently being processed, 74 idle workers

  
+-+
  |  ||  |Connections|   Threads   |
Async connections|
  | Slot |  PID   | Stopping
|---+-+|
  |  ||  | total | accepting | busy | idle |
writing | keep-alive | closing |
  
|--++--+---+---+--+--+-++-|
  | 0| 163535 | no   | 0 | yes   | 0| 25   | 0
  | 0  | 0   |
  
|--++--+---+---+--+--+-++-|
  | 1| 163536 | no   | 0 | yes   | 0| 25   | 0
  | 0  | 0   |
  
|--++--+---+---+--+--+-++-|
  | 2| 163537 | no   | 0 | yes   | 1| 24   | 0
  | 0  | 0   |
  
|--++--+---+---+--+--+-++-|
  | Sum  | 3  | 0| 0 |   | 1| 74   | 0
  | 0  | 0   |
  
+-+

__W_
___.

[users@httpd] Proxy with ssl backend server

[Josef Wolf]

Hello,

I am trying to use apache as a proxy to pass requests to a https backend like 
this:

  
  
SSLProxyEngine   on
ProxyPass/service/ https://backend.do.main:4434/service
ProxyPassReverse /service/ https://backend.do.main:4434/service
ProxyPassReverseCookiePath / /service/
ProxyHTMLURLMap https://backend.do.main:4434/service /service

  SetEnv force-proxy-request-1.0 1
  SetEnv proxy-nokeepalive 1
  SetEnv proxy-sendcl
  ProxyHTMLEnable On
  ProxyHTMLExtended On
  LogLevel Debug
  ProxyHTMLURLMap https://backend.do.main:4434/service/service/
  RequestHeader unset Accept-Encoding
  AuthName"Application /service"
  AuthType Basic
  AuthUserFile/m/b/httpd/passwd
  AuthGroupFile   /m/b/httpd/group
  Require group service
  SSLRequireSSL
  RequestHeader set Authorization "Basic 123456778"
  RequestHeader set X_FORWARDED_PROTO 'https'

  
  

This works fine for http backends, but with https, I get following errors:

  [Thu May 25 13:34:04.690065 2023] [proxy:debug] [pid 2259] mod_proxy.c(1245): 
[client 109.43.178.5:13845] AH01143: Running scheme https handler (attempt 0)
  [Thu May 25 13:34:04.690076 2023] [proxy:debug] [pid 2259] 
proxy_util.c(2216): [client 109.43.178.5:13845] AH00944: connecting 
https://backend.do.main:4434/service/ to backend.do.main:4434
  [Thu May 25 13:34:04.690119 2023] [proxy:debug] [pid 2259] 
proxy_util.c(2425): [client 109.43.178.5:13845] AH00947: connected /service/ to 
backend.do.main:4434
  [Thu May 25 13:34:04.690559 2023] [ssl:info] [pid 2259] [remote 
192.168.1.106:4434] AH01964: Connection to child 0 established (server 
lw.strangled.net:443)
  [Thu May 25 13:34:04.690666 2023] [ssl:error] [pid 2259] [remote 
192.168.1.106:4434] AH01962: Unable to create a new SSL connection from the SSL 
context
  [Thu May 25 13:34:04.690700 2023] [ssl:error] [pid 2259] SSL Library Error: 
error:140BA0C3:SSL routines:SSL_new:null ssl ctx
  [Thu May 25 13:34:04.690749 2023] [proxy:error] [pid 2259] (103)Software 
caused connection abort: [client 109.43.178.5:13845] AH01084: pass request body 
failed to 192.168.1.106:4434 (vdr2.wolf.lan)
  [Thu May 25 13:34:04.690783 2023] [proxy_http:error] [pid 2259] [client 
109.43.178.5:13845] AH01097: pass request body failed to 192.168.1.106:4434 
(vdr2.wolf.lan) from 109.43.178.5 ()

I guess, the reason for this problem might be that the backend server uses
a self signed certificate created like this:

   openssl req \
 -new -newkey rsa:4096 \
 -subj /C=DE/CN=backend \
 -addext subjectAltName=DNS:backend.do.main \
 -addext certificatePolicies=1.2.3.4 \
 -x509 -nodes \
 -days 3650 \
 -out server-cert.pem \
 -keyout server-key.pem \

I tried disable certificate check by addin following options, but the did
not help:

SSLProxyVerify   none
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire Off

Any ideas what might be wrong with my configuration?

How could I explicitly install the backend certificate as "trusted"?
I tried SSLProxyMachineCertificatePath, but also without success.


-- 
Josef Wolf
j...@raven.inka.de

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Eric Covener]

On Wed, May 24, 2023 at 7:46 AM Mateusz Kempski
 wrote:
>
> They are all identical VMs. We can also reproduce this on bigger
> servers. I don't think this is caused by Rocky or Ubuntu config. I can
> see 2 problems during my tests.
> 1. httpd does not add any servers when test is running. It kills
> keepalive connections and logs "all workers busy or dying" but does
> not add any, maybe one at the end of the test. For example if I set
> StartServers to 3 it goes up to 4 at the end of the test even though
> it has ServerLimit set to 120.
> 2. httpd seems to not register that it has free workers even when I
> set StartServers to 120. There are thousands of idle threads and it
> still logs "all workers busy or dying" and kills keepalive
> connections. This can be worked around by setting ThreadsPerChild and
> ThreadLimit much higher and lowering StartServers/ServerLimit
> respectively.
> For example with following settings I can easily process over 1500
> concurrent connections without errors and keepalive killing:
> ```
> 
> ThreadsPerChild 200
> ThreadLimit 200
> StartServers 10
> ServerLimit 15
> MinSpareThreads 75
> MaxSpareThreads 3000
> MaxRequestWorkers 3000
> MaxConnectionsPerChild 0
> 
> ```
> Why does httpd behaves this way? It seems to not be intended
> considering ThreadsPerChild is limited to 64 by default by
> ThreadLimit. I will try to report a bug to httpd devs as it looks like
> one to me.

Can you save a few snapshots of the output of /server-status under load?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

They are all identical VMs. We can also reproduce this on bigger
servers. I don't think this is caused by Rocky or Ubuntu config. I can
see 2 problems during my tests.
1. httpd does not add any servers when test is running. It kills
keepalive connections and logs "all workers busy or dying" but does
not add any, maybe one at the end of the test. For example if I set
StartServers to 3 it goes up to 4 at the end of the test even though
it has ServerLimit set to 120.
2. httpd seems to not register that it has free workers even when I
set StartServers to 120. There are thousands of idle threads and it
still logs "all workers busy or dying" and kills keepalive
connections. This can be worked around by setting ThreadsPerChild and
ThreadLimit much higher and lowering StartServers/ServerLimit
respectively.
For example with following settings I can easily process over 1500
concurrent connections without errors and keepalive killing:
```

ThreadsPerChild 200
ThreadLimit 200
StartServers 10
ServerLimit 15
MinSpareThreads 75
MaxSpareThreads 3000
MaxRequestWorkers 3000
MaxConnectionsPerChild 0

```
Why does httpd behaves this way? It seems to not be intended
considering ThreadsPerChild is limited to 64 by default by
ThreadLimit. I will try to report a bug to httpd devs as it looks like
one to me.
Test results with this config:
```
ab -k -t 900 -c 1500 -n 100 http://rocky/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.1.3.11 (be patient)
Completed 10 requests
Completed 20 requests
Completed 30 requests
Completed 40 requests
Completed 50 requests
Completed 60 requests
Completed 70 requests
Completed 80 requests
Completed 90 requests
Completed 100 requests
Finished 100 requests


Server Software:Apache/2.4.37
Server Hostname:10.1.3.11
Server Port:80

Document Path:  /
Document Length:7620 bytes

Concurrency Level:  1500
Time taken for tests:   13.923 seconds
Complete requests:  100
Failed requests:0
Write errors:   0
Keep-Alive requests:990813
Total transferred:  7919596479 bytes
HTML transferred:   762000 bytes
Requests per second:71821.69 [#/sec] (mean)
Time per request:   20.885 [ms] (mean)
Time per request:   0.014 [ms] (mean, across all concurrent requests)
Transfer rate:  555467.60 [Kbytes/sec] received

Connection Times (ms)
 min  mean[+/-sd] median   max
Connect:00  14.1  01057
Processing: 0   20  33.5 161483
Waiting:0   17  20.5 151343
Total:  0   21  36.4 161483

Percentage of the requests served within a certain time (ms)
 50% 16
 66% 20
 75% 23
 80% 26
 90% 27
 95% 31
 98% 65
 99%221
100%   1483 (longest request)
```

Mateusz Kempski

Mateusz Kempski
Linux System Administrator
XTM International Ltd.
Email: mkemp...@xtm-intl.com
xtm.cloud




On Wed, 24 May 2023 at 05:57, Deepak Goel  wrote:
>
>
>
> On Tue, May 23, 2023 at 6:19 PM Mateusz Kempski 
>  wrote:
>>
>> Ubuntu 20 idle:
>> ```
>> Total DISK READ: 0.00 B/s | Total DISK WRITE: 0.00 B/s
>> Current DISK READ:   0.00 B/s | Current DISK WRITE:   0.00 B/s
>> ```
>> ```
>> top - 12:31:00 up 2 min,  1 user,  load average: 0.13, 0.04, 0.01
>> Tasks: 239 total,   1 running, 238 sleeping,   0 stopped,   0 zombie
>> %Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 
>> st
>> MiB Mem :  16006.4 total,  15259.6 free,251.0 used,495.8 buff/cache
>> MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15466.5 avail Mem
>> ```
>> Ubuntu 20 during test:
>> ```
>> Total DISK READ: 0.00 B/s | Total DISK WRITE: 3.47 M/s
>> Current DISK READ:   0.00 B/s | Current DISK WRITE:   0.00 B/s
>> ```
>> ```
>> top - 12:35:17 up 6 min,  1 user,  load average: 6.91, 2.99, 1.16
>> Tasks: 232 total,   3 running, 229 sleeping,   0 stopped,   0 zombie
>> %Cpu(s):  9.0 us, 21.3 sy,  0.0 ni, 64.4 id,  0.0 wa,  0.0 hi,  5.3 si,  0.1 
>> st
>> MiB Mem :  16006.4 total,  14672.6 free,358.1 used,975.7 buff/cache
>
>
> 1. The buff/cache in Ubuntu 20 is almost twice as that of Ubuntu 18. From 
> what I have read, this should improve the performance of Ubuntu 20 over 
> Ubuntu 18. However, the reverse is happening.
>
> 2. The Disk write in Ubuntu 20 is less than that of Ubuntu 18. This again 
> should improve performance of Ubuntu 20 over Ubuntu 18. Again the reverse is 
> happening. Are you writing anything to the DISK in your test?
>
> 3. Is the hardware same for all configurations (cpu, mem, disk iops, network)?
>
> 4. I wonder if we can open 'Performance Bugs' in Ubuntu & Rocky forums.
>
>
>>
>> MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15353.9 avail Mem
>>
>> 

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Deepak Goel]

On Tue, May 23, 2023 at 6:19 PM Mateusz Kempski
 wrote:

> Ubuntu 20 idle:
> ```
> Total DISK READ: 0.00 B/s | Total DISK WRITE: 0.00 B/s
> Current DISK READ:   0.00 B/s | Current DISK WRITE:   0.00 B/s
> ```
> ```
> top - 12:31:00 up 2 min,  1 user,  load average: 0.13, 0.04, 0.01
> Tasks: 239 total,   1 running, 238 sleeping,   0 stopped,   0 zombie
> %Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
> 0.0 st
> MiB Mem :  16006.4 total,  15259.6 free,251.0 used,495.8 buff/cache
> MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15466.5 avail Mem
> ```
> Ubuntu 20 during test:
> ```
> Total DISK READ: 0.00 B/s | Total DISK WRITE: 3.47 M/s
> Current DISK READ:   0.00 B/s | Current DISK WRITE:   0.00 B/s
> ```
> ```
> top - 12:35:17 up 6 min,  1 user,  load average: 6.91, 2.99, 1.16
> Tasks: 232 total,   3 running, 229 sleeping,   0 stopped,   0 zombie
> %Cpu(s):  9.0 us, 21.3 sy,  0.0 ni, 64.4 id,  0.0 wa,  0.0 hi,  5.3 si,
> 0.1 st
> MiB Mem :  16006.4 total,  14672.6 free,358.1 used,975.7 buff/cache
>

1. The buff/cache in Ubuntu 20 is almost twice as that of Ubuntu 18. From
what I have read, this should improve the performance of Ubuntu 20 over
Ubuntu 18. However, the reverse is happening.

2. The Disk write in Ubuntu 20 is less than that of Ubuntu 18. This again
should improve performance of Ubuntu 20 over Ubuntu 18. Again the reverse
is happening. Are you writing anything to the DISK in your test?

3. Is the hardware same for all configurations (cpu, mem, disk iops,
network)?

4. I wonder if we can open 'Performance Bugs' in Ubuntu & Rocky forums.



> MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15353.9 avail Mem
>
> ```
> Ubuntu 18 idle:
> ```
> Total DISK READ :   0.00 B/s | Total DISK WRITE :   0.00 B/s
> Actual DISK READ:   0.00 B/s | Actual DISK WRITE:   0.00 B/s
> ```
> ```
> top - 12:46:31 up 1 min,  1 user,  load average: 0.56, 0.30, 0.11
> Tasks: 226 total,   1 running, 112 sleeping,   0 stopped,   0 zombie
> %Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
> 0.0 st
> KiB Mem : 16422552 total, 15861664 free,   204228 used,   356660 buff/cache
> KiB Swap:  4194300 total,  4194300 free,0 used. 15936820 avail Mem
> ```
> Ubuntu 18 during test:
> ```
> top - 12:47:07 up 1 min,  1 user,  load average: 0.55, 0.31, 0.12
> Tasks: 241 total,   1 running, 127 sleeping,   0 stopped,   0 zombie
> %Cpu(s): 11.3 us, 17.0 sy,  0.0 ni, 68.3 id,  0.0 wa,  0.0 hi,  3.3 si,
> 0.1 st
> KiB Mem : 16422552 total, 15687480 free,   329456 used,   405616 buff/cache
> KiB Swap:  4194300 total,  4194300 free,0 used. 15809620 avail Mem
> ```
> ```
> Total DISK READ :   0.00 B/s | Total DISK WRITE :   4.76 M/s
> Actual DISK READ:   0.00 B/s | Actual DISK WRITE:   0.00 B/s
> ```
>
>
> Mateusz Kempski
>
> On Tue, 23 May 2023 at 12:13, Deepak Goel  wrote:
> >
> > can you please post top, iotop results for both apache 18/20?
> >
> > On Tue, 23 May 2023, 17:33 Mateusz Kempski,
>  wrote:
> >>
> >> On Ubuntu 20 with apache in stock settings + my mpm event config:
> >> ```
> >> ab -k -t 900 -c 1000 -n 100 http://ubuntu20/
> >> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
> >> Copyright 1996 Adam Twiss, Zeus Technology Ltd,
> http://www.zeustech.net/
> >> Licensed to The Apache Software Foundation, http://www.apache.org/
> >>
> >> Benchmarking 10.1.3.3 (be patient)
> >> Completed 10 requests
> >> Completed 20 requests
> >> Completed 30 requests
> >> Completed 40 requests
> >> Completed 50 requests
> >> Completed 60 requests
> >> Completed 70 requests
> >> Completed 80 requests
> >> Completed 90 requests
> >> Completed 100 requests
> >> Finished 100 requests
> >>
> >>
> >> Server Software:Apache/2.4.41
> >> Server Hostname:10.1.3.3
> >> Server Port:80
> >>
> >> Document Path:  /
> >> Document Length:10918 bytes
> >>
> >> Concurrency Level:  1000
> >> Time taken for tests:   19.528 seconds
> >> Complete requests:  100
> >> Failed requests:234371
> >>   (Connect: 0, Receive: 0, Length: 231339, Exceptions: 3032)
> >> Write errors:   0
> >> Keep-Alive requests:768663
> >> Total transferred:  8630779988 bytes
> >> HTML transferred:   8392262634 bytes
> >> Requests per second:51207.31 [#/sec] (mean)
> >> Time per request:   19.528 [ms] (mean)
> >> Time per request:   0.020 [ms] (mean, across all concurrent
> requests)
> >> Transfer rate:  431600.59 [Kbytes/sec] received
> >>
> >> Connection Times (ms)
> >>  min  mean[+/-sd] median   max
> >> Connect:07  69.0  03022
> >> Processing: 0   12  22.6  92028
> >> Waiting:06  15.8  42023
> >> Total:  0   19  73.8  93038
> >>
> >> Percentage of the requests served within a certain 

Re: [users@httpd] pwauth to external server

[Adam Weremczuk]

Thank you Frank.

This is my entire gitweb config:

cat /etc/apache2/conf-available/gitweb.conf

  
    
  Define ENABLE_GITWEB
    
    
  Define ENABLE_GITWEB
    
  



  Alias /gitweb /usr/share/gitweb

    AddExternalAuth pwauth /usr/sbin/pwauth
    SetExternalAuthMethod pwauth pipe

  
    Options +FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi

    AuthName 'Enter your username and password'
    AuthType Basic
    AuthBasicProvider external
    AuthExternal pwauth
    Require valid-user

    Order Deny,Allow
    Satisfy any
    Deny from all
    Require valid-user

  


The configuration is working fine and authenticates users as expected.

What I don't understand is how does apache know which server to consult 
for the credentials?


Just saying "external" surely shouldn't be enough without specifying a 
FQDN or IP, port number etc. like you do with:


AuthLDAPURL ldap://

What am I missing here?

Regards,
Adam

On 18/05/2023 20:21, Frank Gingras wrote:

This comes to mind:

https://code.google.com/archive/p/mod-auth-external/wikis/AuthNZ.wiki

On Wed, May 17, 2023 at 12:48 PM Adam Weremczuk 
 wrote:


Hi all,

I run some old Bugzilla 3.6.11 (https://www.bugzilla.org) on SERVER1
(Debian 7 / Apache 2.2.22 / MySQL 5.5.31).

The following authentication works locally:

AuthType Basic
AuthPAM_Enabled on
AuthBasicAuthoritative off
AuthUserFile /dev/null

I have migrated Bugzilla to a modern stack on SERVER2 (Debian 11 /
Apache 2.4.56 / MariaDB 10.5.19) but struggle with authentication.

Is it possible to use pwauth to consult usernames/passwords on
SERVER1
from SERVER2 by IP?

What other authentication options do I have?

I would rather avoid doing things such as copying usernames and
passwords across.

Regards,
Adam


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

Ubuntu 20 idle:
```
Total DISK READ: 0.00 B/s | Total DISK WRITE: 0.00 B/s
Current DISK READ:   0.00 B/s | Current DISK WRITE:   0.00 B/s
```
```
top - 12:31:00 up 2 min,  1 user,  load average: 0.13, 0.04, 0.01
Tasks: 239 total,   1 running, 238 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
MiB Mem :  16006.4 total,  15259.6 free,251.0 used,495.8 buff/cache
MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15466.5 avail Mem
```
Ubuntu 20 during test:
```
Total DISK READ: 0.00 B/s | Total DISK WRITE: 3.47 M/s
Current DISK READ:   0.00 B/s | Current DISK WRITE:   0.00 B/s
```
```
top - 12:35:17 up 6 min,  1 user,  load average: 6.91, 2.99, 1.16
Tasks: 232 total,   3 running, 229 sleeping,   0 stopped,   0 zombie
%Cpu(s):  9.0 us, 21.3 sy,  0.0 ni, 64.4 id,  0.0 wa,  0.0 hi,  5.3 si,  0.1 st
MiB Mem :  16006.4 total,  14672.6 free,358.1 used,975.7 buff/cache
MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15353.9 avail Mem

```
Ubuntu 18 idle:
```
Total DISK READ :   0.00 B/s | Total DISK WRITE :   0.00 B/s
Actual DISK READ:   0.00 B/s | Actual DISK WRITE:   0.00 B/s
```
```
top - 12:46:31 up 1 min,  1 user,  load average: 0.56, 0.30, 0.11
Tasks: 226 total,   1 running, 112 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 16422552 total, 15861664 free,   204228 used,   356660 buff/cache
KiB Swap:  4194300 total,  4194300 free,0 used. 15936820 avail Mem
```
Ubuntu 18 during test:
```
top - 12:47:07 up 1 min,  1 user,  load average: 0.55, 0.31, 0.12
Tasks: 241 total,   1 running, 127 sleeping,   0 stopped,   0 zombie
%Cpu(s): 11.3 us, 17.0 sy,  0.0 ni, 68.3 id,  0.0 wa,  0.0 hi,  3.3 si,  0.1 st
KiB Mem : 16422552 total, 15687480 free,   329456 used,   405616 buff/cache
KiB Swap:  4194300 total,  4194300 free,0 used. 15809620 avail Mem
```
```
Total DISK READ :   0.00 B/s | Total DISK WRITE :   4.76 M/s
Actual DISK READ:   0.00 B/s | Actual DISK WRITE:   0.00 B/s
```


Mateusz Kempski

On Tue, 23 May 2023 at 12:13, Deepak Goel  wrote:
>
> can you please post top, iotop results for both apache 18/20?
>
> On Tue, 23 May 2023, 17:33 Mateusz Kempski,  
> wrote:
>>
>> On Ubuntu 20 with apache in stock settings + my mpm event config:
>> ```
>> ab -k -t 900 -c 1000 -n 100 http://ubuntu20/
>> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
>> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
>> Licensed to The Apache Software Foundation, http://www.apache.org/
>>
>> Benchmarking 10.1.3.3 (be patient)
>> Completed 10 requests
>> Completed 20 requests
>> Completed 30 requests
>> Completed 40 requests
>> Completed 50 requests
>> Completed 60 requests
>> Completed 70 requests
>> Completed 80 requests
>> Completed 90 requests
>> Completed 100 requests
>> Finished 100 requests
>>
>>
>> Server Software:Apache/2.4.41
>> Server Hostname:10.1.3.3
>> Server Port:80
>>
>> Document Path:  /
>> Document Length:10918 bytes
>>
>> Concurrency Level:  1000
>> Time taken for tests:   19.528 seconds
>> Complete requests:  100
>> Failed requests:234371
>>   (Connect: 0, Receive: 0, Length: 231339, Exceptions: 3032)
>> Write errors:   0
>> Keep-Alive requests:768663
>> Total transferred:  8630779988 bytes
>> HTML transferred:   8392262634 bytes
>> Requests per second:51207.31 [#/sec] (mean)
>> Time per request:   19.528 [ms] (mean)
>> Time per request:   0.020 [ms] (mean, across all concurrent requests)
>> Transfer rate:  431600.59 [Kbytes/sec] received
>>
>> Connection Times (ms)
>>  min  mean[+/-sd] median   max
>> Connect:07  69.0  03022
>> Processing: 0   12  22.6  92028
>> Waiting:06  15.8  42023
>> Total:  0   19  73.8  93038
>>
>> Percentage of the requests served within a certain time (ms)
>>  50%  9
>>  66% 13
>>  75% 16
>>  80% 19
>>  90% 30
>>  95% 46
>>  98% 56
>>  99%215
>> 100%   3038 (longest request)
>> ```
>>
>> On Ubuntu 18 with apache in stock settings + my mpm event config.
>> There is ~15 thousands length fails on the first run after apache
>> restart then it stays in 100-1k range:
>> ```
>> ab -k -t 900 -c 1000 -n 100 http://ubuntu18/
>> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
>> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
>> Licensed to The Apache Software Foundation, http://www.apache.org/
>>
>> Benchmarking 10.1.3.3 (be patient)
>> Completed 10 requests
>> Completed 20 requests
>> Completed 30 requests
>> Completed 40 requests
>> Completed 50 requests
>> Completed 60 requests
>> 

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Deepak Goel]

can you please post top, iotop results for both apache 18/20?

On Tue, 23 May 2023, 17:33 Mateusz Kempski, 
wrote:

> On Ubuntu 20 with apache in stock settings + my mpm event config:
> ```
> ab -k -t 900 -c 1000 -n 100 http://ubuntu20/
> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
> Licensed to The Apache Software Foundation, http://www.apache.org/
>
> Benchmarking 10.1.3.3 (be patient)
> Completed 10 requests
> Completed 20 requests
> Completed 30 requests
> Completed 40 requests
> Completed 50 requests
> Completed 60 requests
> Completed 70 requests
> Completed 80 requests
> Completed 90 requests
> Completed 100 requests
> Finished 100 requests
>
>
> Server Software:Apache/2.4.41
> Server Hostname:10.1.3.3
> Server Port:80
>
> Document Path:  /
> Document Length:10918 bytes
>
> Concurrency Level:  1000
> Time taken for tests:   19.528 seconds
> Complete requests:  100
> Failed requests:234371
>   (Connect: 0, Receive: 0, Length: 231339, Exceptions: 3032)
> Write errors:   0
> Keep-Alive requests:768663
> Total transferred:  8630779988 bytes
> HTML transferred:   8392262634 bytes
> Requests per second:51207.31 [#/sec] (mean)
> Time per request:   19.528 [ms] (mean)
> Time per request:   0.020 [ms] (mean, across all concurrent requests)
> Transfer rate:  431600.59 [Kbytes/sec] received
>
> Connection Times (ms)
>  min  mean[+/-sd] median   max
> Connect:07  69.0  03022
> Processing: 0   12  22.6  92028
> Waiting:06  15.8  42023
> Total:  0   19  73.8  93038
>
> Percentage of the requests served within a certain time (ms)
>  50%  9
>  66% 13
>  75% 16
>  80% 19
>  90% 30
>  95% 46
>  98% 56
>  99%215
> 100%   3038 (longest request)
> ```
>
> On Ubuntu 18 with apache in stock settings + my mpm event config.
> There is ~15 thousands length fails on the first run after apache
> restart then it stays in 100-1k range:
> ```
> ab -k -t 900 -c 1000 -n 100 http://ubuntu18/
> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
> Licensed to The Apache Software Foundation, http://www.apache.org/
>
> Benchmarking 10.1.3.3 (be patient)
> Completed 10 requests
> Completed 20 requests
> Completed 30 requests
> Completed 40 requests
> Completed 50 requests
> Completed 60 requests
> Completed 70 requests
> Completed 80 requests
> Completed 90 requests
> Completed 100 requests
> Finished 100 requests
>
>
> Server Software:Apache/2.4.29
> Server Hostname:10.1.3.3
> Server Port:80
>
> Document Path:  /
> Document Length:10918 bytes
>
> Concurrency Level:  1000
> Time taken for tests:   17.221 seconds
> Complete requests:  100
> Failed requests:636
>   (Connect: 0, Receive: 0, Length: 636, Exceptions: 0)
> Write errors:   0
> Keep-Alive requests:990158
> Total transferred:  11220454865 bytes
> HTML transferred:   10911056152 bytes
> Requests per second:58067.59 [#/sec] (mean)
> Time per request:   17.221 [ms] (mean)
> Time per request:   0.017 [ms] (mean, across all concurrent requests)
> Transfer rate:  636274.18 [Kbytes/sec] received
>
> Connection Times (ms)
>  min  mean[+/-sd] median   max
> Connect:00  17.4  01020
> Processing: 0   17  11.3 17 377
> Waiting:08   9.0  9 368
> Total:  0   17  21.6 171389
>
> Percentage of the requests served within a certain time (ms)
>  50% 17
>  66% 18
>  75% 18
>  80% 19
>  90% 20
>  95% 23
>  98% 28
>  99% 36
> 100%   1389 (longest request)
> ```
>
> Mateusz Kempski
> On Mon, 22 May 2023 at 13:05, Deepak Goel  wrote:
> >
> >
> >
> > On Mon, 22 May 2023, 17:58 Mateusz Kempski,
>  wrote:
> >>
> >> @Yann Ylavic:
> >> There seems to be no difference in configuration file except for some
> comments:
> >> ```
> >> diff -Bbde /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.rocky
> >> 8a
> >> # See the httpd.conf(5) man page for more information on this
> configuration,
> >> # and httpd.service(8) on using and configuring the httpd service.
> >> #
> >> .
> >> ```
> >> I will paste complete Rocky config for completeness at the end of this
> message.
> >> EnableMMAP and EnableSendfile are set to on, differently to defaults
> >> specified in comments. This is default system configuration present on
> >> both Rocky 8 and Centos 7. I removed httpd and all config files and
> >> installed it again to make sure.
> >> ```
> >> # Defaults if commented: EnableMMAP On, EnableSendfile Off
> >> #
> >> #EnableMMAP off
> 

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

On Ubuntu 20 with apache in stock settings + my mpm event config:
```
ab -k -t 900 -c 1000 -n 100 http://ubuntu20/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.1.3.3 (be patient)
Completed 10 requests
Completed 20 requests
Completed 30 requests
Completed 40 requests
Completed 50 requests
Completed 60 requests
Completed 70 requests
Completed 80 requests
Completed 90 requests
Completed 100 requests
Finished 100 requests


Server Software:Apache/2.4.41
Server Hostname:10.1.3.3
Server Port:80

Document Path:  /
Document Length:10918 bytes

Concurrency Level:  1000
Time taken for tests:   19.528 seconds
Complete requests:  100
Failed requests:234371
  (Connect: 0, Receive: 0, Length: 231339, Exceptions: 3032)
Write errors:   0
Keep-Alive requests:768663
Total transferred:  8630779988 bytes
HTML transferred:   8392262634 bytes
Requests per second:51207.31 [#/sec] (mean)
Time per request:   19.528 [ms] (mean)
Time per request:   0.020 [ms] (mean, across all concurrent requests)
Transfer rate:  431600.59 [Kbytes/sec] received

Connection Times (ms)
 min  mean[+/-sd] median   max
Connect:07  69.0  03022
Processing: 0   12  22.6  92028
Waiting:06  15.8  42023
Total:  0   19  73.8  93038

Percentage of the requests served within a certain time (ms)
 50%  9
 66% 13
 75% 16
 80% 19
 90% 30
 95% 46
 98% 56
 99%215
100%   3038 (longest request)
```

On Ubuntu 18 with apache in stock settings + my mpm event config.
There is ~15 thousands length fails on the first run after apache
restart then it stays in 100-1k range:
```
ab -k -t 900 -c 1000 -n 100 http://ubuntu18/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.1.3.3 (be patient)
Completed 10 requests
Completed 20 requests
Completed 30 requests
Completed 40 requests
Completed 50 requests
Completed 60 requests
Completed 70 requests
Completed 80 requests
Completed 90 requests
Completed 100 requests
Finished 100 requests


Server Software:Apache/2.4.29
Server Hostname:10.1.3.3
Server Port:80

Document Path:  /
Document Length:10918 bytes

Concurrency Level:  1000
Time taken for tests:   17.221 seconds
Complete requests:  100
Failed requests:636
  (Connect: 0, Receive: 0, Length: 636, Exceptions: 0)
Write errors:   0
Keep-Alive requests:990158
Total transferred:  11220454865 bytes
HTML transferred:   10911056152 bytes
Requests per second:58067.59 [#/sec] (mean)
Time per request:   17.221 [ms] (mean)
Time per request:   0.017 [ms] (mean, across all concurrent requests)
Transfer rate:  636274.18 [Kbytes/sec] received

Connection Times (ms)
 min  mean[+/-sd] median   max
Connect:00  17.4  01020
Processing: 0   17  11.3 17 377
Waiting:08   9.0  9 368
Total:  0   17  21.6 171389

Percentage of the requests served within a certain time (ms)
 50% 17
 66% 18
 75% 18
 80% 19
 90% 20
 95% 23
 98% 28
 99% 36
100%   1389 (longest request)
```

Mateusz Kempski
On Mon, 22 May 2023 at 13:05, Deepak Goel  wrote:
>
>
>
> On Mon, 22 May 2023, 17:58 Mateusz Kempski,  
> wrote:
>>
>> @Yann Ylavic:
>> There seems to be no difference in configuration file except for some 
>> comments:
>> ```
>> diff -Bbde /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.rocky
>> 8a
>> # See the httpd.conf(5) man page for more information on this configuration,
>> # and httpd.service(8) on using and configuring the httpd service.
>> #
>> .
>> ```
>> I will paste complete Rocky config for completeness at the end of this 
>> message.
>> EnableMMAP and EnableSendfile are set to on, differently to defaults
>> specified in comments. This is default system configuration present on
>> both Rocky 8 and Centos 7. I removed httpd and all config files and
>> installed it again to make sure.
>> ```
>> # Defaults if commented: EnableMMAP On, EnableSendfile Off
>> #
>> #EnableMMAP off
>> EnableSendfile on
>> ```
>>
>> Both systems return:
>> ```
>> ulimit -n
>> 1024
>> ```
>> There is no custom config for httpd:
>> ```
>> stat /etc/systemd/system/httpd.service.d
>> stat: cannot stat ‘/etc/systemd/system/httpd.service.d’: No such file
>> or directory
>> ```
>> systemd itself seems to not apply any limit on both systems:
>> ```
>> grep LimitNOFILE /etc/systemd/system.conf
>> 

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

Looks like I did not respond to the right thread so I paste my
response below. If you got it twice my apologies.

There seems to be no difference in configuration file except for some comments:
```
diff -Bbde /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.roc
ky
8a
# See the httpd.conf(5) man page for more information on this configuration,
# and httpd.service(8) on using and configuring the httpd service.
#
.
```
I will paste complete Rocky config for completeness at the end of this message.
EnableMMAP and EnableSendfile are set to on, differently to defaults
specified in comments. This is default system configuration present on
both Rocky 8 and Centos 7. I removed httpd and all config files and
installed it again to make sure.
```
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
```

Both systems return:
```
ulimit -n
1024
```
There is no custom config for httpd:
```
stat /etc/systemd/system/httpd.service.d
stat: cannot stat ‘/etc/systemd/system/httpd.service.d’: No such file
or directory
```
systemd itself seems to not apply any limit on both systems:
```
grep LimitNOFILE /etc/systemd/system.conf
#DefaultLimitNOFILE=
```

After enabling trace there is a lot of messenges about too many open
connections and killing keepalive connections. Example snippet:
```
[Mon May 22 11:57:40.146451 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(1808): Too many open connections (73), not
accepting new conns in
this process
[Mon May 22 11:57:40.146455 2023] [mpm_event:trace1] [pid 7710:tid
139800984155904] event.c(1811): Idle workers: 0
[Mon May 22 11:57:40.146457 2023] [mpm_event:trace1] [pid 7710:tid
139800984155904] event.c(1574): All workers are busy or dying, will
close 2 keep-alive co
nnections
[Mon May 22 11:57:40.146526 2023] [mpm_event:debug] [pid 7379:tid
139801403561728] event.c(492): AH00457: Accepting new connections
again: 50 active conns (
27 lingering/0 clogged/0 suspended), 7 idle workers
[Mon May 22 11:57:40.146686 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] event.c(1808): Too many open connections (86), not
accepting new conns in
this process
[Mon May 22 11:57:40.146698 2023] [mpm_event:trace1] [pid 7511:tid
139800849938176] event.c(1811): Idle workers: 11
[Mon May 22 11:57:40.146701 2023] [mpm_event:trace1] [pid 7511:tid
139800849938176] event.c(1574): All workers are busy or dying, will
close 34 keep-alive c
onnections
[Mon May 22 11:57:40.146701 2023] [mpm_event:trace1] [pid 7644:tid
139801336452864] event.c(1574): All workers are busy or dying, will
close 2 keep-alive co
nnections
[Mon May 22 11:57:40.146812 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] event.c(492): AH00457: Accepting new connections
again: 85 active conns (
52 lingering/0 clogged/0 suspended), 6 idle workers
[Mon May 22 11:57:40.146955 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(492): AH00457: Accepting new connections
again: 73 active conns (
58 lingering/0 clogged/0 suspended), 9 idle workers
[Mon May 22 11:57:40.148250 2023] [mpm_event:debug] [pid 7162:tid
139800841545472] event.c(492): AH00457: Accepting new connections
again: 48 active conns (
25 lingering/0 clogged/0 suspended), 2 idle workers
[Mon May 22 11:57:40.148562 2023] [mpm_event:debug] [pid 7162:tid
139800841545472] event.c(1808): Too many open connections (48), not
accepting new conns in
this process
[Mon May 22 11:57:40.148573 2023] [mpm_event:trace1] [pid 7162:tid
139800841545472] event.c(1811): Idle workers: 0
[Mon May 22 11:57:40.148921 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(1808): Too many open connections (70), not
accepting new conns in
this process
[Mon May 22 11:57:40.148930 2023] [mpm_event:trace1] [pid 7710:tid
139800984155904] event.c(1811): Idle workers: 1
[Mon May 22 11:57:40.149594 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] event.c(1808): Too many open connections (69), not
accepting new conns in
this process
[Mon May 22 11:57:40.149603 2023] [mpm_event:trace1] [pid 7511:tid
139800849938176] event.c(1811): Idle workers: 1
[Mon May 22 11:57:40.149630 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(492): AH00457: Accepting new connections
again: 61 active conns (
38 lingering/0 clogged/0 suspended), 2 idle workers
[Mon May 22 11:57:40.149776 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(1808): Too many open connections (63), not
accepting new conns in
this process
[Mon May 22 11:57:40.149782 2023] [mpm_event:trace1] [pid 7710:tid
139800984155904] event.c(1811): Idle workers: 0
[Mon May 22 11:57:40.149882 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(492): AH00457: Accepting new connections
again: 61 active conns (
38 lingering/0 clogged/0 suspended), 2 idle workers
[Mon May 22 11:57:40.149913 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] event.c(492): AH00457: Accepting new connections
again: 63 active conns (
40 lingering/0 clogged/0 suspended), 2 

Re: [users@httpd] Apache VirtualHost Config Tool management

[rbowen]

On Thu, 2023-04-27 at 12:53 +0200, Carlos García Gómez wrote:
> Hello,
>  
> I am looking for a tool that makes it easier for me to manage the all
>  virtual hosts that I have configured.
>  
> Some tool that allows me to have a database of all the virtual hosts
> and that allows me to edit their configuration at any given time.
>  
> Is there anything implemented in LDAP, MySQL or some library that
> allows me to parse the configuration and edit it with some frontend?
>  
> I know I'm looking for something complicated but thanks for your
> comments


There are several modules that come with Apache httpd for simplifying
vhost config without introducing any third-party tools.

What I personally use is mod_macro to define a standard vhost layout,
and then all I need in my main configuration file is:

Use VHostMacro domainnamehere.com

Documentation here:
https://httpd.apache.org/docs/2.4/mod/mod_macro.html along with an
example of how you'd use this for vhosts.

Another option is mod_vhost_alias -
https://httpd.apache.org/docs/2.4/mod/mod_vhost_alias.html - I'm not a
big fan, but some people like it.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Deepak Goel]

On Mon, 22 May 2023, 17:58 Mateusz Kempski, 
wrote:

> @Yann Ylavic:
> There seems to be no difference in configuration file except for some
> comments:
> ```
> diff -Bbde /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.rocky
> 8a
> # See the httpd.conf(5) man page for more information on this
> configuration,
> # and httpd.service(8) on using and configuring the httpd service.
> #
> .
> ```
> I will paste complete Rocky config for completeness at the end of this
> message.
> EnableMMAP and EnableSendfile are set to on, differently to defaults
> specified in comments. This is default system configuration present on
> both Rocky 8 and Centos 7. I removed httpd and all config files and
> installed it again to make sure.
> ```
> # Defaults if commented: EnableMMAP On, EnableSendfile Off
> #
> #EnableMMAP off
> EnableSendfile on
> ```
>
> Both systems return:
> ```
> ulimit -n
> 1024
> ```
> There is no custom config for httpd:
> ```
> stat /etc/systemd/system/httpd.service.d
> stat: cannot stat ‘/etc/systemd/system/httpd.service.d’: No such file
> or directory
> ```
> systemd itself seems to not apply any limit on both systems:
> ```
> grep LimitNOFILE /etc/systemd/system.conf
> #DefaultLimitNOFILE=
> ```
>
> After enabling trace there is a lot of messenges about too many open
> connections and killing keepalive connections. Example snippet:
> ```
> [Mon May 22 11:57:40.146451 2023] [mpm_event:debug] [pid 7710:tid
> 139800984155904] event.c(1808): Too many open connections (73), not
> accepting new conns in
> this process
> [Mon May 22 11:57:40.146455 2023] [mpm_event:trace1] [pid 7710:tid
> 139800984155904] event.c(1811): Idle workers: 0
> [Mon May 22 11:57:40.146457 2023] [mpm_event:trace1] [pid 7710:tid
> 139800984155904] event.c(1574): All workers are busy or dying, will
> close 2 keep-alive co
> nnections
> [Mon May 22 11:57:40.146526 2023] [mpm_event:debug] [pid 7379:tid
> 139801403561728] event.c(492): AH00457: Accepting new connections
> again: 50 active conns (
> 27 lingering/0 clogged/0 suspended), 7 idle workers
> [Mon May 22 11:57:40.146686 2023] [mpm_event:debug] [pid 7511:tid
> 139800849938176] event.c(1808): Too many open connections (86), not
> accepting new conns in
> this process
> [Mon May 22 11:57:40.146698 2023] [mpm_event:trace1] [pid 7511:tid
> 139800849938176] event.c(1811): Idle workers: 11
> [Mon May 22 11:57:40.146701 2023] [mpm_event:trace1] [pid 7511:tid
> 139800849938176] event.c(1574): All workers are busy or dying, will
> close 34 keep-alive c
> onnections
> [Mon May 22 11:57:40.146701 2023] [mpm_event:trace1] [pid 7644:tid
> 139801336452864] event.c(1574): All workers are busy or dying, will
> close 2 keep-alive co
> nnections
> [Mon May 22 11:57:40.146812 2023] [mpm_event:debug] [pid 7511:tid
> 139800849938176] event.c(492): AH00457: Accepting new connections
> again: 85 active conns (
> 52 lingering/0 clogged/0 suspended), 6 idle workers
> [Mon May 22 11:57:40.146955 2023] [mpm_event:debug] [pid 7710:tid
> 139800984155904] event.c(492): AH00457: Accepting new connections
> again: 73 active conns (
> 58 lingering/0 clogged/0 suspended), 9 idle workers
> [Mon May 22 11:57:40.148250 2023] [mpm_event:debug] [pid 7162:tid
> 139800841545472] event.c(492): AH00457: Accepting new connections
> again: 48 active conns (
> 25 lingering/0 clogged/0 suspended), 2 idle workers
> [Mon May 22 11:57:40.148562 2023] [mpm_event:debug] [pid 7162:tid
> 139800841545472] event.c(1808): Too many open connections (48), not
> accepting new conns in
> this process
> [Mon May 22 11:57:40.148573 2023] [mpm_event:trace1] [pid 7162:tid
> 139800841545472] event.c(1811): Idle workers: 0
> [Mon May 22 11:57:40.148921 2023] [mpm_event:debug] [pid 7710:tid
> 139800984155904] event.c(1808): Too many open connections (70), not
> accepting new conns in
> this process
> [Mon May 22 11:57:40.148930 2023] [mpm_event:trace1] [pid 7710:tid
> 139800984155904] event.c(1811): Idle workers: 1
> [Mon May 22 11:57:40.149594 2023] [mpm_event:debug] [pid 7511:tid
> 139800849938176] event.c(1808): Too many open connections (69), not
> accepting new conns in
> this process
> [Mon May 22 11:57:40.149603 2023] [mpm_event:trace1] [pid 7511:tid
> 139800849938176] event.c(1811): Idle workers: 1
> [Mon May 22 11:57:40.149630 2023] [mpm_event:debug] [pid 7710:tid
> 139800984155904] event.c(492): AH00457: Accepting new connections
> again: 61 active conns (
> 38 lingering/0 clogged/0 suspended), 2 idle workers
> [Mon May 22 11:57:40.149776 2023] [mpm_event:debug] [pid 7710:tid
> 139800984155904] event.c(1808): Too many open connections (63), not
> accepting new conns in
> this process
> [Mon May 22 11:57:40.149782 2023] [mpm_event:trace1] [pid 7710:tid
> 139800984155904] event.c(1811): Idle workers: 0
> [Mon May 22 11:57:40.149882 2023] [mpm_event:debug] [pid 7710:tid
> 139800984155904] event.c(492): AH00457: Accepting new connections
> again: 61 active conns (
> 38 lingering/0 clogged/0 suspended), 2 idle workers
> [Mon May 22 

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

@Yann Ylavic:
There seems to be no difference in configuration file except for some comments:
```
diff -Bbde /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.rocky
8a
# See the httpd.conf(5) man page for more information on this configuration,
# and httpd.service(8) on using and configuring the httpd service.
#
.
```
I will paste complete Rocky config for completeness at the end of this message.
EnableMMAP and EnableSendfile are set to on, differently to defaults
specified in comments. This is default system configuration present on
both Rocky 8 and Centos 7. I removed httpd and all config files and
installed it again to make sure.
```
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
```

Both systems return:
```
ulimit -n
1024
```
There is no custom config for httpd:
```
stat /etc/systemd/system/httpd.service.d
stat: cannot stat ‘/etc/systemd/system/httpd.service.d’: No such file
or directory
```
systemd itself seems to not apply any limit on both systems:
```
grep LimitNOFILE /etc/systemd/system.conf
#DefaultLimitNOFILE=
```

After enabling trace there is a lot of messenges about too many open
connections and killing keepalive connections. Example snippet:
```
[Mon May 22 11:57:40.146451 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(1808): Too many open connections (73), not
accepting new conns in
this process
[Mon May 22 11:57:40.146455 2023] [mpm_event:trace1] [pid 7710:tid
139800984155904] event.c(1811): Idle workers: 0
[Mon May 22 11:57:40.146457 2023] [mpm_event:trace1] [pid 7710:tid
139800984155904] event.c(1574): All workers are busy or dying, will
close 2 keep-alive co
nnections
[Mon May 22 11:57:40.146526 2023] [mpm_event:debug] [pid 7379:tid
139801403561728] event.c(492): AH00457: Accepting new connections
again: 50 active conns (
27 lingering/0 clogged/0 suspended), 7 idle workers
[Mon May 22 11:57:40.146686 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] event.c(1808): Too many open connections (86), not
accepting new conns in
this process
[Mon May 22 11:57:40.146698 2023] [mpm_event:trace1] [pid 7511:tid
139800849938176] event.c(1811): Idle workers: 11
[Mon May 22 11:57:40.146701 2023] [mpm_event:trace1] [pid 7511:tid
139800849938176] event.c(1574): All workers are busy or dying, will
close 34 keep-alive c
onnections
[Mon May 22 11:57:40.146701 2023] [mpm_event:trace1] [pid 7644:tid
139801336452864] event.c(1574): All workers are busy or dying, will
close 2 keep-alive co
nnections
[Mon May 22 11:57:40.146812 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] event.c(492): AH00457: Accepting new connections
again: 85 active conns (
52 lingering/0 clogged/0 suspended), 6 idle workers
[Mon May 22 11:57:40.146955 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(492): AH00457: Accepting new connections
again: 73 active conns (
58 lingering/0 clogged/0 suspended), 9 idle workers
[Mon May 22 11:57:40.148250 2023] [mpm_event:debug] [pid 7162:tid
139800841545472] event.c(492): AH00457: Accepting new connections
again: 48 active conns (
25 lingering/0 clogged/0 suspended), 2 idle workers
[Mon May 22 11:57:40.148562 2023] [mpm_event:debug] [pid 7162:tid
139800841545472] event.c(1808): Too many open connections (48), not
accepting new conns in
this process
[Mon May 22 11:57:40.148573 2023] [mpm_event:trace1] [pid 7162:tid
139800841545472] event.c(1811): Idle workers: 0
[Mon May 22 11:57:40.148921 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(1808): Too many open connections (70), not
accepting new conns in
this process
[Mon May 22 11:57:40.148930 2023] [mpm_event:trace1] [pid 7710:tid
139800984155904] event.c(1811): Idle workers: 1
[Mon May 22 11:57:40.149594 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] event.c(1808): Too many open connections (69), not
accepting new conns in
this process
[Mon May 22 11:57:40.149603 2023] [mpm_event:trace1] [pid 7511:tid
139800849938176] event.c(1811): Idle workers: 1
[Mon May 22 11:57:40.149630 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(492): AH00457: Accepting new connections
again: 61 active conns (
38 lingering/0 clogged/0 suspended), 2 idle workers
[Mon May 22 11:57:40.149776 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(1808): Too many open connections (63), not
accepting new conns in
this process
[Mon May 22 11:57:40.149782 2023] [mpm_event:trace1] [pid 7710:tid
139800984155904] event.c(1811): Idle workers: 0
[Mon May 22 11:57:40.149882 2023] [mpm_event:debug] [pid 7710:tid
139800984155904] event.c(492): AH00457: Accepting new connections
again: 61 active conns (
38 lingering/0 clogged/0 suspended), 2 idle workers
[Mon May 22 11:57:40.149913 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] event.c(492): AH00457: Accepting new connections
again: 63 active conns (
40 lingering/0 clogged/0 suspended), 2 idle workers
[Mon May 22 11:57:40.150210 2023] [mpm_event:debug] [pid 7511:tid
139800849938176] 

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Deepak Goel]

Hi

1. Please post the test results completely. (Sorry but, saying there is no
difference does not help).
2. The memory used in Rocky is comparatively higher than Centos (About
30Meg or so). Also the buff/cache is approx 10 times higher in Rocky than
in Centos.
3. Please also post iotop results too.

P.S: I hope the top commands is run identical for both Rocky and Centos.

Deepak
"The greatness of a nation can be judged by the way its animals are treated
- Mahatma Gandhi"

+91 73500 12833
deic...@gmail.com

Facebook: https://www.facebook.com/deicool
LinkedIn: www.linkedin.com/in/deicool

"Plant a Tree, Go Green"

Make In India : http://www.makeinindia.com/home



On Mon, May 22, 2023 at 4:28 PM Mateusz Kempski
 wrote:

> I tested again with settings:
> ```
> KeepAliveTimeout 300
> MaxKeepAliveRequests 0
> ```
> but there was no difference in results barring normal diffs run-to-run.
>
> Below is the top of top from both servers when idle and during test.
>
> Rocky 8 no load:
> ```
> top - 10:49:23 up 4 min,  1 user,  load average: 3.27, 2.56, 1.10
> Tasks: 254 total,   2 running, 252 sleeping,   0 stopped,   0 zombie
> %Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
> 0.0 st
> MiB Mem :  15824.7 total,  10682.4 free,283.5 used,   4858.8 buff/cache
> MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15259.3 avail Mem
> ```
> Rocky 8 during test:
> ```
> top - 10:50:29 up 5 min,  1 user,  load average: 4.33, 2.80, 1.28
> Tasks: 232 total,   2 running, 230 sleeping,   0 stopped,   0 zombie
> %Cpu(s): 13.7 us, 16.9 sy,  0.0 ni, 63.9 id,  0.0 wa,  0.0 hi,  5.4 si,
> 0.1 st
> MiB Mem :  15824.7 total,   9863.0 free,529.3 used,   5432.3 buff/cache
> MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15012.2 avail Mem
> ```
> Centos 7 no load:
> ```
> top - 10:52:17 up 0 min,  1 user,  load average: 0.00, 0.00, 0.00
> Tasks: 201 total,   1 running, 200 sleeping,   0 stopped,   0 zombie
> %Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
> 0.0 st
> KiB Mem : 16264300 total, 15831896 free,   297124 used,   135280 buff/cache
> KiB Swap:0 total,0 free,0 used. 15720740 avail Mem
> ```
> Centos 7 during test:
> ```
> top - 10:53:21 up 1 min,  1 user,  load average: 0.62, 0.16, 0.05
> Tasks: 218 total,   3 running, 215 sleeping,   0 stopped,   0 zombie
> %Cpu(s): 17.6 us, 18.9 sy,  0.0 ni, 60.4 id,  0.0 wa,  0.0 hi,  3.1 si,
> 0.1 st
> KiB Mem : 16264300 total, 14973128 free,   503104 used,   788068 buff/cache
> KiB Swap:0 total,0 free,0 used. 15459544 avail Mem
> ```
>
> On Mon, 22 May 2023 at 10:34, Deepak Goel  wrote:
> >
> > Hi
> >
> > I can see about 8000+ requests have timed out in 'Rocky'. This is mostly
> due to Apache, which is unable to handle the load. Is it possible to
> increase the parameter "KeepAliveTimeout" (and other KeepAlive parameters).
> >
> > Is it also possible for you to post the hardware utilisations for the 2
> different servers (Centos & Rocky)?
> >
> > Deepak
> > "The greatness of a nation can be judged by the way its animals are
> treated - Mahatma Gandhi"
> >
> > +91 73500 12833
> > deic...@gmail.com
> >
> > Facebook: https://www.facebook.com/deicool
> > LinkedIn: www.linkedin.com/in/deicool
> >
> > "Plant a Tree, Go Green"
> >
> > Make In India : http://www.makeinindia.com/home
> >
> >
> > On Mon, May 22, 2023 at 3:49 PM Mateusz Kempski
>  wrote:
> >>
> >> Hi all,
> >> I have two identical VMs - 16GB RAM, 16 vCPUs. One is fresh Centos 7
> >> install, the other is fresh Rocky 8. I installed httpd (on Centos 7
> >> it's version 2.4.6 and on Rocky 8 it's 2.4.37), configured them to
> >> point to the same static default html file and enabled mpm event on
> >> Centos (mpm event is default on Rocky). Then I added following options
> >> to default config on both servers:
> >> ```
> >> 
> >> ThreadsPerChild 25
> >> StartServers 3
> >> ServerLimit 120
> >> MinSpareThreads 75
> >> MaxSpareThreads 3000
> >> MaxRequestWorkers 3000
> >> MaxConnectionsPerChild 0
> >> 
> >> ```
> >> After this is done I performed ab tests with keepalive using different
> >> Centos 7 VM in the same local network. Can you help me understand
> >> these results? On Centos I am able to complete 1 milion requests at
> >> 1000 concurrent connections with little to no errors, however with
> >> version 2.4.37 on Rocky I get a lot of failed requests due to length
> >> and exceptions. Served content is static so I am assuming this is
> >> because keepalive connections are closed by the server. I tried
> >> various configurations of KeeAaliveTimeout, MaxKeepAliveRequests,
> >> AsyncRequestWorkerFactor and other mpm_event options but I got no
> >> better results. The only thing that seems to improve the stability of
> >> keepalive connections is setting threads and servers to the moon for
> >> example:
> >> ```
> >> 
> >> ThreadsPerChild 50
> >> StartServers 120
> >> ServerLimit 120
> >> MinSpareThreads 6000
> >> 

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Yann Ylavic]

Hi,

On Mon, May 22, 2023 at 12:19 PM Mateusz Kempski
 wrote:
>
> Then I added following options
> to default config on both servers:
> ```
> 
> ThreadsPerChild 25
> StartServers 3
> ServerLimit 120
> MinSpareThreads 75
> MaxSpareThreads 3000
> MaxRequestWorkers 3000
> MaxConnectionsPerChild 0
> 
> ```

What is the difference between the two configurations (besides
identical MPM parameters)? Things like EnableMMAP and EnableSendfile
matter too for instance.

Do the two systems have the same `ulimit -n` (or LimitNOFILE in
systemd) for httpd?

Also, do you see errors in the error_log file? Maybe "LogLevel
mpm_event:trace1" could help see what happens while not being too
verbose.


Regards;
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

I tested again with settings:
```
KeepAliveTimeout 300
MaxKeepAliveRequests 0
```
but there was no difference in results barring normal diffs run-to-run.

Below is the top of top from both servers when idle and during test.

Rocky 8 no load:
```
top - 10:49:23 up 4 min,  1 user,  load average: 3.27, 2.56, 1.10
Tasks: 254 total,   2 running, 252 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
MiB Mem :  15824.7 total,  10682.4 free,283.5 used,   4858.8 buff/cache
MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15259.3 avail Mem
```
Rocky 8 during test:
```
top - 10:50:29 up 5 min,  1 user,  load average: 4.33, 2.80, 1.28
Tasks: 232 total,   2 running, 230 sleeping,   0 stopped,   0 zombie
%Cpu(s): 13.7 us, 16.9 sy,  0.0 ni, 63.9 id,  0.0 wa,  0.0 hi,  5.4 si,  0.1 st
MiB Mem :  15824.7 total,   9863.0 free,529.3 used,   5432.3 buff/cache
MiB Swap:  0.0 total,  0.0 free,  0.0 used.  15012.2 avail Mem
```
Centos 7 no load:
```
top - 10:52:17 up 0 min,  1 user,  load average: 0.00, 0.00, 0.00
Tasks: 201 total,   1 running, 200 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 16264300 total, 15831896 free,   297124 used,   135280 buff/cache
KiB Swap:0 total,0 free,0 used. 15720740 avail Mem
```
Centos 7 during test:
```
top - 10:53:21 up 1 min,  1 user,  load average: 0.62, 0.16, 0.05
Tasks: 218 total,   3 running, 215 sleeping,   0 stopped,   0 zombie
%Cpu(s): 17.6 us, 18.9 sy,  0.0 ni, 60.4 id,  0.0 wa,  0.0 hi,  3.1 si,  0.1 st
KiB Mem : 16264300 total, 14973128 free,   503104 used,   788068 buff/cache
KiB Swap:0 total,0 free,0 used. 15459544 avail Mem
```

On Mon, 22 May 2023 at 10:34, Deepak Goel  wrote:
>
> Hi
>
> I can see about 8000+ requests have timed out in 'Rocky'. This is mostly due 
> to Apache, which is unable to handle the load. Is it possible to increase the 
> parameter "KeepAliveTimeout" (and other KeepAlive parameters).
>
> Is it also possible for you to post the hardware utilisations for the 2 
> different servers (Centos & Rocky)?
>
> Deepak
> "The greatness of a nation can be judged by the way its animals are treated - 
> Mahatma Gandhi"
>
> +91 73500 12833
> deic...@gmail.com
>
> Facebook: https://www.facebook.com/deicool
> LinkedIn: www.linkedin.com/in/deicool
>
> "Plant a Tree, Go Green"
>
> Make In India : http://www.makeinindia.com/home
>
>
> On Mon, May 22, 2023 at 3:49 PM Mateusz Kempski 
>  wrote:
>>
>> Hi all,
>> I have two identical VMs - 16GB RAM, 16 vCPUs. One is fresh Centos 7
>> install, the other is fresh Rocky 8. I installed httpd (on Centos 7
>> it's version 2.4.6 and on Rocky 8 it's 2.4.37), configured them to
>> point to the same static default html file and enabled mpm event on
>> Centos (mpm event is default on Rocky). Then I added following options
>> to default config on both servers:
>> ```
>> 
>> ThreadsPerChild 25
>> StartServers 3
>> ServerLimit 120
>> MinSpareThreads 75
>> MaxSpareThreads 3000
>> MaxRequestWorkers 3000
>> MaxConnectionsPerChild 0
>> 
>> ```
>> After this is done I performed ab tests with keepalive using different
>> Centos 7 VM in the same local network. Can you help me understand
>> these results? On Centos I am able to complete 1 milion requests at
>> 1000 concurrent connections with little to no errors, however with
>> version 2.4.37 on Rocky I get a lot of failed requests due to length
>> and exceptions. Served content is static so I am assuming this is
>> because keepalive connections are closed by the server. I tried
>> various configurations of KeeAaliveTimeout, MaxKeepAliveRequests,
>> AsyncRequestWorkerFactor and other mpm_event options but I got no
>> better results. The only thing that seems to improve the stability of
>> keepalive connections is setting threads and servers to the moon for
>> example:
>> ```
>> 
>> ThreadsPerChild 50
>> StartServers 120
>> ServerLimit 120
>> MinSpareThreads 6000
>> MaxSpareThreads 6000
>> MaxRequestWorkers 6000
>> MaxConnectionsPerChild 0
>> 
>> ```
>> However it stills throws more errors (~8k) than 2.4.6 on the first set
>> of settings. This problem occurs only when using keepalive. There are
>> no errors when using ab without -k option, although speed is lower.  I
>> can replicate this issue on newest httpd build from source (2.4.57).
>> What is causing this difference of behavior? How can I achieve
>> performance from 2.4.6 on 2.4.37 / 2.4.57 without throwing much more
>> resources at httpd? These errors seems to be a root cause of a problem
>> we have with 502 errors thrown from downstream reverse proxy server
>> when httpd kills keepalive connection prematurely and the proxy is
>> trying to use this connection.
>>
>> Below results of ab tests:
>>
>> Centos 7 VM:
>> ```
>> ab -k -t 900 -c 1000 -n 100 http://centos/
>> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
>> 

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Deepak Goel]

Hi

I can see about 8000+ requests have timed out in 'Rocky'. This is mostly
due to Apache, which is unable to handle the load. Is it possible to
increase the parameter "KeepAliveTimeout" (and other KeepAlive parameters).

Is it also possible for you to post the hardware utilisations for the 2
different servers (Centos & Rocky)?

Deepak
"The greatness of a nation can be judged by the way its animals are treated
- Mahatma Gandhi"

+91 73500 12833
deic...@gmail.com

Facebook: https://www.facebook.com/deicool
LinkedIn: www.linkedin.com/in/deicool

"Plant a Tree, Go Green"

Make In India : http://www.makeinindia.com/home


On Mon, May 22, 2023 at 3:49 PM Mateusz Kempski
 wrote:

> Hi all,
> I have two identical VMs - 16GB RAM, 16 vCPUs. One is fresh Centos 7
> install, the other is fresh Rocky 8. I installed httpd (on Centos 7
> it's version 2.4.6 and on Rocky 8 it's 2.4.37), configured them to
> point to the same static default html file and enabled mpm event on
> Centos (mpm event is default on Rocky). Then I added following options
> to default config on both servers:
> ```
> 
> ThreadsPerChild 25
> StartServers 3
> ServerLimit 120
> MinSpareThreads 75
> MaxSpareThreads 3000
> MaxRequestWorkers 3000
> MaxConnectionsPerChild 0
> 
> ```
> After this is done I performed ab tests with keepalive using different
> Centos 7 VM in the same local network. Can you help me understand
> these results? On Centos I am able to complete 1 milion requests at
> 1000 concurrent connections with little to no errors, however with
> version 2.4.37 on Rocky I get a lot of failed requests due to length
> and exceptions. Served content is static so I am assuming this is
> because keepalive connections are closed by the server. I tried
> various configurations of KeeAaliveTimeout, MaxKeepAliveRequests,
> AsyncRequestWorkerFactor and other mpm_event options but I got no
> better results. The only thing that seems to improve the stability of
> keepalive connections is setting threads and servers to the moon for
> example:
> ```
> 
> ThreadsPerChild 50
> StartServers 120
> ServerLimit 120
> MinSpareThreads 6000
> MaxSpareThreads 6000
> MaxRequestWorkers 6000
> MaxConnectionsPerChild 0
> 
> ```
> However it stills throws more errors (~8k) than 2.4.6 on the first set
> of settings. This problem occurs only when using keepalive. There are
> no errors when using ab without -k option, although speed is lower.  I
> can replicate this issue on newest httpd build from source (2.4.57).
> What is causing this difference of behavior? How can I achieve
> performance from 2.4.6 on 2.4.37 / 2.4.57 without throwing much more
> resources at httpd? These errors seems to be a root cause of a problem
> we have with 502 errors thrown from downstream reverse proxy server
> when httpd kills keepalive connection prematurely and the proxy is
> trying to use this connection.
>
> Below results of ab tests:
>
> Centos 7 VM:
> ```
> ab -k -t 900 -c 1000 -n 100 http://centos/
> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
> Licensed to The Apache Software Foundation, http://www.apache.org/
>
> Benchmarking 10.1.3.3 (be patient)
> Completed 10 requests
> Completed 20 requests
> Completed 30 requests
> Completed 40 requests
> Completed 50 requests
> Completed 60 requests
> Completed 70 requests
> Completed 80 requests
> Completed 90 requests
> Completed 100 requests
> Finished 100 requests
>
>
> Server Software:Apache/2.4.6
> Server Hostname:10.1.3.3
> Server Port:80
>
> Document Path:  /
> Document Length:7620 bytes
>
> Concurrency Level:  1000
> Time taken for tests:   15.285 seconds
> Complete requests:  100
> Failed requests:67
>   (Connect: 0, Receive: 0, Length: 67, Exceptions: 0)
> Write errors:   0
> Keep-Alive requests:990567
> Total transferred:  7919057974 bytes
> HTML transferred:   7619489460 bytes
> Requests per second:65422.95 [#/sec] (mean)
> Time per request:   15.285 [ms] (mean)
> Time per request:   0.015 [ms] (mean, across all concurrent requests)
> Transfer rate:  505945.41 [Kbytes/sec] received
>
> Connection Times (ms)
>  min  mean[+/-sd] median   max
> Connect:00   4.7  01042
> Processing: 3   15  16.8 13 467
> Waiting:0   14  16.2 13 433
> Total:  3   15  17.7 131081
>
> Percentage of the requests served within a certain time (ms)
>  50% 13
>  66% 15
>  75% 16
>  80% 17
>  90% 21
>  95% 23
>  98% 32
>  99% 44
> 100%   1081 (longest request)
> ```
>
> Rocky 8 VM:
> ```
> ab -k -t 900 -c 1000 -n 100 http://rocky/
> This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
> Licensed to The Apache Software Foundation, 

[users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

[Mateusz Kempski]

Hi all,
I have two identical VMs - 16GB RAM, 16 vCPUs. One is fresh Centos 7
install, the other is fresh Rocky 8. I installed httpd (on Centos 7
it's version 2.4.6 and on Rocky 8 it's 2.4.37), configured them to
point to the same static default html file and enabled mpm event on
Centos (mpm event is default on Rocky). Then I added following options
to default config on both servers:
```

ThreadsPerChild 25
StartServers 3
ServerLimit 120
MinSpareThreads 75
MaxSpareThreads 3000
MaxRequestWorkers 3000
MaxConnectionsPerChild 0

```
After this is done I performed ab tests with keepalive using different
Centos 7 VM in the same local network. Can you help me understand
these results? On Centos I am able to complete 1 milion requests at
1000 concurrent connections with little to no errors, however with
version 2.4.37 on Rocky I get a lot of failed requests due to length
and exceptions. Served content is static so I am assuming this is
because keepalive connections are closed by the server. I tried
various configurations of KeeAaliveTimeout, MaxKeepAliveRequests,
AsyncRequestWorkerFactor and other mpm_event options but I got no
better results. The only thing that seems to improve the stability of
keepalive connections is setting threads and servers to the moon for
example:
```

ThreadsPerChild 50
StartServers 120
ServerLimit 120
MinSpareThreads 6000
MaxSpareThreads 6000
MaxRequestWorkers 6000
MaxConnectionsPerChild 0

```
However it stills throws more errors (~8k) than 2.4.6 on the first set
of settings. This problem occurs only when using keepalive. There are
no errors when using ab without -k option, although speed is lower.  I
can replicate this issue on newest httpd build from source (2.4.57).
What is causing this difference of behavior? How can I achieve
performance from 2.4.6 on 2.4.37 / 2.4.57 without throwing much more
resources at httpd? These errors seems to be a root cause of a problem
we have with 502 errors thrown from downstream reverse proxy server
when httpd kills keepalive connection prematurely and the proxy is
trying to use this connection.

Below results of ab tests:

Centos 7 VM:
```
ab -k -t 900 -c 1000 -n 100 http://centos/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.1.3.3 (be patient)
Completed 10 requests
Completed 20 requests
Completed 30 requests
Completed 40 requests
Completed 50 requests
Completed 60 requests
Completed 70 requests
Completed 80 requests
Completed 90 requests
Completed 100 requests
Finished 100 requests


Server Software:Apache/2.4.6
Server Hostname:10.1.3.3
Server Port:80

Document Path:  /
Document Length:7620 bytes

Concurrency Level:  1000
Time taken for tests:   15.285 seconds
Complete requests:  100
Failed requests:67
  (Connect: 0, Receive: 0, Length: 67, Exceptions: 0)
Write errors:   0
Keep-Alive requests:990567
Total transferred:  7919057974 bytes
HTML transferred:   7619489460 bytes
Requests per second:65422.95 [#/sec] (mean)
Time per request:   15.285 [ms] (mean)
Time per request:   0.015 [ms] (mean, across all concurrent requests)
Transfer rate:  505945.41 [Kbytes/sec] received

Connection Times (ms)
 min  mean[+/-sd] median   max
Connect:00   4.7  01042
Processing: 3   15  16.8 13 467
Waiting:0   14  16.2 13 433
Total:  3   15  17.7 131081

Percentage of the requests served within a certain time (ms)
 50% 13
 66% 15
 75% 16
 80% 17
 90% 21
 95% 23
 98% 32
 99% 44
100%   1081 (longest request)
```

Rocky 8 VM:
```
ab -k -t 900 -c 1000 -n 100 http://rocky/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.1.3.11 (be patient)
Completed 10 requests
Completed 20 requests
Completed 30 requests
Completed 40 requests
Completed 50 requests
Completed 60 requests
Completed 70 requests
Completed 80 requests
Completed 90 requests
Completed 100 requests
Finished 100 requests


Server Software:Apache/2.4.37
Server Hostname:10.1.3.11
Server Port:80

Document Path:  /
Document Length:7620 bytes

Concurrency Level:  1000
Time taken for tests:   19.101 seconds
Complete requests:  100
Failed requests:93159
  (Connect: 0, Receive: 0, Length: 85029, Exceptions: 8130)
Write errors:   0
Keep-Alive requests:912753
Total transferred:  7248228337 bytes
HTML transferred:   6973694460 bytes
Requests per second:52352.12 [#/sec] (mean)
Time per request:   19.101 [ms] 

Re: [users@httpd] Getting Apache Started on a New Server

[Kevin Huntly]

the timeout from systemd is likely permissions related - e.g. apache can't
write it's pid file (normally the case)

On Sun, May 21, 2023, 15:12 Frank Gingras  wrote:

> For those, you'll have to ask your distro community. You can start httpd
> with `apachectl start` in a normal environment.
>
> On Sun, May 21, 2023 at 12:56 PM John Iliffe 
> wrote:
>
>> Hi Frank:
>>
>> I finally got Apache to start but it seems to be running in the
>> foreground.  Not
>> sure why but the default httpd.service file results in:
>>
>> root  110531  110286  0 12:42 pts/000:00:00 systemctl start httpd
>> root  110533   1  0 12:42 ?00:00:00 /usr/sbin/httpd
>> -DFOREGROUND
>> apache110535  110533  0 12:42 ?00:00:00 /usr/sbin/httpd
>> -DFOREGROUND
>> apache110536  110533  0 12:42 ?00:00:00 /usr/sbin/httpd
>> -DFOREGROUND
>> apache110537  110533  0 12:42 ?00:00:00 /usr/sbin/httpd
>> -DFOREGROUND
>> John  110768  110738  0 12:43 pts/100:00:00 grep --color=auto
>> httpd
>>
>> I could diddle the service file I suppose to fix that, but what would they
>> likely by trying to accomplish with this command line on a service?
>> Apache
>> seems to be active to the extent that I can connect to the default named
>> virtual
>> host. Eventually everything fails with the (Linux) error message:
>>
>> [root@prod02 conf]# systemctl status httpd
>> × httpd.service - The Apache HTTP Server
>>  Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled;
>> vendor
>> preset: disabled)
>> Drop-In: /usr/lib/systemd/system/httpd.service.d
>>  └─php-fpm.conf
>>  Active: failed (Result: timeout) since Sun 2023-05-21 12:52:02 EDT;
>> 2min
>> 12s ago
>>Docs: man:httpd.service(8)
>> Process: 110818 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
>> (code=exited, status=0/SUCCESS)
>>Main PID: 110818 (code=exited, status=0/SUCCESS)
>> CPU: 75ms
>>
>> May 21 12:50:31 prod02 systemd[1]: Starting The Apache HTTP Server...
>> May 21 12:52:01 prod02 systemd[1]: httpd.service: start operation timed
>> out.
>> Terminating.
>> May 21 12:52:02 prod02 systemd[1]: httpd.service: Failed with result
>> 'timeout'.
>> May 21 12:52:02 prod02 systemd[1]: Failed to start The Apache HTTP Server.
>>
>>
>> Regards,
>>
>> John
>> ==
>> On Sat, 2023-05-20 at 18:46 -0400, Frank Gingras wrote:
>> > What is the new error?
>> >
>> > On Sat, May 20, 2023 at 5:24 PM John Iliffe 
>> wrote:
>> > > Thanks Frank.
>> > >
>> > > Hasn't started yet but at least the problem has moved to another line
>> :-)
>> > >
>> > > Regards,
>> > >
>> > > John
>> > > ==
>> > > On Sat, 2023-05-20 at 14:48 -0400, Frank Gingras wrote:
>> > > > You need a mpm to start httpd. I recommend using the event mpm, so
>> just
>> > > > load
>> > > > the appropriate module.
>> > > >
>> > > > On Sat, May 20, 2023 at 2:27 PM John Iliffe 
>> wrote:
>> > > > > Rocky Linux 9.0, new install
>> > > > > Rocky distro version of Apache/httpd
>> > > > >
>> > > > > As recommended I used the distro's download httpd and that has
>> lead me
>> > > > > into
>> > > > > a
>> > > > > week's worth of chasing phantoms.
>> > > > >
>> > > > > Specifically, I copied the httpd.conf file from the old server
>> > > > > (Apache.2.4.25)
>> > > > > to the new server and after clearing all the path problems
>> (Apache is
>> > > > > spread
>> > > > > all
>> > > > > over the file tree instead of in one compact area under
>> /usr/apache...
>> > > > > as
>> > > > > previously) I still can't get httpd to start.  The error I can't
>> seem to
>> > > > > resolve
>> > > > > is:
>> > > > >
>> > > > > AH00534: httpd: Configuration error: No MPM loaded.
>> > > > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Main process
>> exited,
>> > > > > code=exited, status=1/FAILURE
>> > > > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Failed with
>> result
>> > > > > 'exit-
>> > > > > code'.
>> > > > > May 20 13:42:22 prod02 systemd[1]: Failed to start The Apache HTTP
>> > > > > Server.
>> > > > >
>> > > > > As I understand it I shouldn't need an MPM running because
>> everything is
>> > > > > proxy'd
>> > > > > to php-fpm (which IS running and has created all necessary pools)
>> using
>> > > > > config
>> > > > > lines like:
>> > > > > "^/.*\.php(/.*)?$" fcgi://127.0.0.1:90xx/httpd/
>> > > > > one '' for each virtual host.  There are sockets 9002 - 9011
>> in use,
>> > > > > excluding 9010 that originally refused to bind to php-fpm and
>> I'll try
>> > > > > to
>> > > > > debug
>> > > > > later.  Also I have been informed that I should now be using Unix
>> Domain
>> > > > > sockets
>> > > > > and I will resolve that whenever I can get Apache running stably.
>> > > > >
>> > > > > The config file DOES load mod_proxy_fcgi so as I understand it
>> this
>> > > > > should
>> > > > > work
>> > > > > properly:
>> > > > > 140:LoadModule proxy_module modules/mod_proxy.so
>> > > > > 141:LoadModule proxy_connect_module 

Re: [users@httpd] Getting Apache Started on a New Server

[Frank Gingras]

For those, you'll have to ask your distro community. You can start httpd
with `apachectl start` in a normal environment.

On Sun, May 21, 2023 at 12:56 PM John Iliffe  wrote:

> Hi Frank:
>
> I finally got Apache to start but it seems to be running in the
> foreground.  Not
> sure why but the default httpd.service file results in:
>
> root  110531  110286  0 12:42 pts/000:00:00 systemctl start httpd
> root  110533   1  0 12:42 ?00:00:00 /usr/sbin/httpd
> -DFOREGROUND
> apache110535  110533  0 12:42 ?00:00:00 /usr/sbin/httpd
> -DFOREGROUND
> apache110536  110533  0 12:42 ?00:00:00 /usr/sbin/httpd
> -DFOREGROUND
> apache110537  110533  0 12:42 ?00:00:00 /usr/sbin/httpd
> -DFOREGROUND
> John  110768  110738  0 12:43 pts/100:00:00 grep --color=auto httpd
>
> I could diddle the service file I suppose to fix that, but what would they
> likely by trying to accomplish with this command line on a service?  Apache
> seems to be active to the extent that I can connect to the default named
> virtual
> host. Eventually everything fails with the (Linux) error message:
>
> [root@prod02 conf]# systemctl status httpd
> × httpd.service - The Apache HTTP Server
>  Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled;
> vendor
> preset: disabled)
> Drop-In: /usr/lib/systemd/system/httpd.service.d
>  └─php-fpm.conf
>  Active: failed (Result: timeout) since Sun 2023-05-21 12:52:02 EDT;
> 2min
> 12s ago
>Docs: man:httpd.service(8)
> Process: 110818 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
> (code=exited, status=0/SUCCESS)
>Main PID: 110818 (code=exited, status=0/SUCCESS)
> CPU: 75ms
>
> May 21 12:50:31 prod02 systemd[1]: Starting The Apache HTTP Server...
> May 21 12:52:01 prod02 systemd[1]: httpd.service: start operation timed
> out.
> Terminating.
> May 21 12:52:02 prod02 systemd[1]: httpd.service: Failed with result
> 'timeout'.
> May 21 12:52:02 prod02 systemd[1]: Failed to start The Apache HTTP Server.
>
>
> Regards,
>
> John
> ==
> On Sat, 2023-05-20 at 18:46 -0400, Frank Gingras wrote:
> > What is the new error?
> >
> > On Sat, May 20, 2023 at 5:24 PM John Iliffe 
> wrote:
> > > Thanks Frank.
> > >
> > > Hasn't started yet but at least the problem has moved to another line
> :-)
> > >
> > > Regards,
> > >
> > > John
> > > ==
> > > On Sat, 2023-05-20 at 14:48 -0400, Frank Gingras wrote:
> > > > You need a mpm to start httpd. I recommend using the event mpm, so
> just
> > > > load
> > > > the appropriate module.
> > > >
> > > > On Sat, May 20, 2023 at 2:27 PM John Iliffe 
> wrote:
> > > > > Rocky Linux 9.0, new install
> > > > > Rocky distro version of Apache/httpd
> > > > >
> > > > > As recommended I used the distro's download httpd and that has
> lead me
> > > > > into
> > > > > a
> > > > > week's worth of chasing phantoms.
> > > > >
> > > > > Specifically, I copied the httpd.conf file from the old server
> > > > > (Apache.2.4.25)
> > > > > to the new server and after clearing all the path problems (Apache
> is
> > > > > spread
> > > > > all
> > > > > over the file tree instead of in one compact area under
> /usr/apache...
> > > > > as
> > > > > previously) I still can't get httpd to start.  The error I can't
> seem to
> > > > > resolve
> > > > > is:
> > > > >
> > > > > AH00534: httpd: Configuration error: No MPM loaded.
> > > > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Main process
> exited,
> > > > > code=exited, status=1/FAILURE
> > > > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Failed with
> result
> > > > > 'exit-
> > > > > code'.
> > > > > May 20 13:42:22 prod02 systemd[1]: Failed to start The Apache HTTP
> > > > > Server.
> > > > >
> > > > > As I understand it I shouldn't need an MPM running because
> everything is
> > > > > proxy'd
> > > > > to php-fpm (which IS running and has created all necessary pools)
> using
> > > > > config
> > > > > lines like:
> > > > > "^/.*\.php(/.*)?$" fcgi://127.0.0.1:90xx/httpd/
> > > > > one '' for each virtual host.  There are sockets 9002 - 9011
> in use,
> > > > > excluding 9010 that originally refused to bind to php-fpm and I'll
> try
> > > > > to
> > > > > debug
> > > > > later.  Also I have been informed that I should now be using Unix
> Domain
> > > > > sockets
> > > > > and I will resolve that whenever I can get Apache running stably.
> > > > >
> > > > > The config file DOES load mod_proxy_fcgi so as I understand it this
> > > > > should
> > > > > work
> > > > > properly:
> > > > > 140:LoadModule proxy_module modules/mod_proxy.so
> > > > > 141:LoadModule proxy_connect_module modules/mod_proxy_connect.so
> > > > > 143:LoadModule proxy_http_module modules/mod_proxy_http.so
> > > > > 144:LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
> > > > >
> > > > > Apache's error log has nothing.  Previously, the "It Works!"
> version
> > > > > provided by
> > > > > the distro did log startup messages properly 

Re: [users@httpd] Getting Apache Started on a New Server

[John Iliffe]

Hi Frank:

I finally got Apache to start but it seems to be running in the foreground.  Not
sure why but the default httpd.service file results in:

root  110531  110286  0 12:42 pts/000:00:00 systemctl start httpd
root  110533   1  0 12:42 ?00:00:00 /usr/sbin/httpd -DFOREGROUND
apache110535  110533  0 12:42 ?00:00:00 /usr/sbin/httpd -DFOREGROUND
apache110536  110533  0 12:42 ?00:00:00 /usr/sbin/httpd -DFOREGROUND
apache110537  110533  0 12:42 ?00:00:00 /usr/sbin/httpd -DFOREGROUND
John  110768  110738  0 12:43 pts/100:00:00 grep --color=auto httpd

I could diddle the service file I suppose to fix that, but what would they
likely by trying to accomplish with this command line on a service?  Apache
seems to be active to the extent that I can connect to the default named virtual
host. Eventually everything fails with the (Linux) error message:

[root@prod02 conf]# systemctl status httpd
× httpd.service - The Apache HTTP Server
 Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor
preset: disabled)
Drop-In: /usr/lib/systemd/system/httpd.service.d
 └─php-fpm.conf
 Active: failed (Result: timeout) since Sun 2023-05-21 12:52:02 EDT; 2min
12s ago
   Docs: man:httpd.service(8)
Process: 110818 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
(code=exited, status=0/SUCCESS)
   Main PID: 110818 (code=exited, status=0/SUCCESS)
CPU: 75ms

May 21 12:50:31 prod02 systemd[1]: Starting The Apache HTTP Server...
May 21 12:52:01 prod02 systemd[1]: httpd.service: start operation timed out.
Terminating.
May 21 12:52:02 prod02 systemd[1]: httpd.service: Failed with result 'timeout'.
May 21 12:52:02 prod02 systemd[1]: Failed to start The Apache HTTP Server.


Regards,

John
==
On Sat, 2023-05-20 at 18:46 -0400, Frank Gingras wrote:
> What is the new error?
> 
> On Sat, May 20, 2023 at 5:24 PM John Iliffe  wrote:
> > Thanks Frank.
> > 
> > Hasn't started yet but at least the problem has moved to another line :-)
> > 
> > Regards,
> > 
> > John
> > ==
> > On Sat, 2023-05-20 at 14:48 -0400, Frank Gingras wrote:
> > > You need a mpm to start httpd. I recommend using the event mpm, so just
> > > load
> > > the appropriate module.
> > > 
> > > On Sat, May 20, 2023 at 2:27 PM John Iliffe  wrote:
> > > > Rocky Linux 9.0, new install
> > > > Rocky distro version of Apache/httpd
> > > > 
> > > > As recommended I used the distro's download httpd and that has lead me
> > > > into
> > > > a
> > > > week's worth of chasing phantoms. 
> > > > 
> > > > Specifically, I copied the httpd.conf file from the old server
> > > > (Apache.2.4.25)
> > > > to the new server and after clearing all the path problems (Apache is
> > > > spread
> > > > all
> > > > over the file tree instead of in one compact area under /usr/apache...
> > > > as
> > > > previously) I still can't get httpd to start.  The error I can't seem to
> > > > resolve
> > > > is:
> > > > 
> > > > AH00534: httpd: Configuration error: No MPM loaded.
> > > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Main process exited,
> > > > code=exited, status=1/FAILURE
> > > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Failed with result
> > > > 'exit-
> > > > code'.
> > > > May 20 13:42:22 prod02 systemd[1]: Failed to start The Apache HTTP
> > > > Server.
> > > > 
> > > > As I understand it I shouldn't need an MPM running because everything is
> > > > proxy'd
> > > > to php-fpm (which IS running and has created all necessary pools) using
> > > > config
> > > > lines like:
> > > > "^/.*\.php(/.*)?$" fcgi://127.0.0.1:90xx/httpd/
> > > > one '' for each virtual host.  There are sockets 9002 - 9011 in use,
> > > > excluding 9010 that originally refused to bind to php-fpm and I'll try
> > > > to
> > > > debug
> > > > later.  Also I have been informed that I should now be using Unix Domain
> > > > sockets
> > > > and I will resolve that whenever I can get Apache running stably.
> > > > 
> > > > The config file DOES load mod_proxy_fcgi so as I understand it this
> > > > should
> > > > work
> > > > properly:
> > > > 140:LoadModule proxy_module modules/mod_proxy.so
> > > > 141:LoadModule proxy_connect_module modules/mod_proxy_connect.so
> > > > 143:LoadModule proxy_http_module modules/mod_proxy_http.so
> > > > 144:LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
> > > > 
> > > > Apache's error log has nothing.  Previously, the "It Works!" version
> > > > provided by
> > > > the distro did log startup messages properly here.
> > > > 
> > > > Has anyone any ideas where to look?  Without Apache running it is fairly
> > > > hard to
> > > > debug it as I can't ask it what it thinks it is doing!  
> > > > 
> > > > Help appreciated,
> > > > 
> > > > John
> > > > ==
> > > > 
> > > > -
> > > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > > For additional commands, 

Re: [users@httpd] Getting Apache Started on a New Server

[John Iliffe]

Hi Frank:

Looks like I have path problems because I am now getting the error:

[Sun May 21 12:21:45.613390 2023] [mime:error] [pid 110214:tid 110214] (2)No
such file or directory: AH01597: could not open mime types config file
/etc/httpd/conf/mime.types.

The problem here, and in retrospect I should have recreated the config file, is
that the old server had everything under /usr/apache-2.4.25/  so it was easy to
find everything related to Apache.  As I mentioned in a previous post, Rocky has
everything spread around the directory tree so I have to first find it is
missing and then do a search.  Since server maintenance really isn't my job, or
core skill, I am having to do it in such "spare time" as I have.  That's why
getting a reply to your very prompt answers sometimes is a bit slow for which I
apologize.  I also have Selinux giving me the gears periodically.  Doesn't help
that I have two httpd/config directories, /etc/httpd/conf/ and
/etc/httpd/conf.d/ and I'm not certain which one is being used so I'm keeping
them both identical.

Thanks for your patience.

John
==
On Sat, 2023-05-20 at 18:46 -0400, Frank Gingras wrote:
> What is the new error?
> 
> On Sat, May 20, 2023 at 5:24 PM John Iliffe  wrote:
> > Thanks Frank.
> > 
> > Hasn't started yet but at least the problem has moved to another line :-)
> > 
> > Regards,
> > 
> > John
> > ==
> > On Sat, 2023-05-20 at 14:48 -0400, Frank Gingras wrote:
> > > You need a mpm to start httpd. I recommend using the event mpm, so just
> > > load
> > > the appropriate module.
> > > 
> > > On Sat, May 20, 2023 at 2:27 PM John Iliffe  wrote:
> > > > Rocky Linux 9.0, new install
> > > > Rocky distro version of Apache/httpd
> > > > 
> > > > As recommended I used the distro's download httpd and that has lead me
> > > > into
> > > > a
> > > > week's worth of chasing phantoms. 
> > > > 
> > > > Specifically, I copied the httpd.conf file from the old server
> > > > (Apache.2.4.25)
> > > > to the new server and after clearing all the path problems (Apache is
> > > > spread
> > > > all
> > > > over the file tree instead of in one compact area under /usr/apache...
> > > > as
> > > > previously) I still can't get httpd to start.  The error I can't seem to
> > > > resolve
> > > > is:
> > > > 
> > > > AH00534: httpd: Configuration error: No MPM loaded.
> > > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Main process exited,
> > > > code=exited, status=1/FAILURE
> > > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Failed with result
> > > > 'exit-
> > > > code'.
> > > > May 20 13:42:22 prod02 systemd[1]: Failed to start The Apache HTTP
> > > > Server.
> > > > 
> > > > As I understand it I shouldn't need an MPM running because everything is
> > > > proxy'd
> > > > to php-fpm (which IS running and has created all necessary pools) using
> > > > config
> > > > lines like:
> > > > "^/.*\.php(/.*)?$" fcgi://127.0.0.1:90xx/httpd/
> > > > one '' for each virtual host.  There are sockets 9002 - 9011 in use,
> > > > excluding 9010 that originally refused to bind to php-fpm and I'll try
> > > > to
> > > > debug
> > > > later.  Also I have been informed that I should now be using Unix Domain
> > > > sockets
> > > > and I will resolve that whenever I can get Apache running stably.
> > > > 
> > > > The config file DOES load mod_proxy_fcgi so as I understand it this
> > > > should
> > > > work
> > > > properly:
> > > > 140:LoadModule proxy_module modules/mod_proxy.so
> > > > 141:LoadModule proxy_connect_module modules/mod_proxy_connect.so
> > > > 143:LoadModule proxy_http_module modules/mod_proxy_http.so
> > > > 144:LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
> > > > 
> > > > Apache's error log has nothing.  Previously, the "It Works!" version
> > > > provided by
> > > > the distro did log startup messages properly here.
> > > > 
> > > > Has anyone any ideas where to look?  Without Apache running it is fairly
> > > > hard to
> > > > debug it as I can't ask it what it thinks it is doing!  
> > > > 
> > > > Help appreciated,
> > > > 
> > > > John
> > > > ==
> > > > 
> > > > -
> > > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > > For additional commands, e-mail: users-h...@httpd.apache.org
> > > > 
> > 
> > 
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Getting Apache Started on a New Server

[Frank Gingras]

What is the new error?

On Sat, May 20, 2023 at 5:24 PM John Iliffe  wrote:

> Thanks Frank.
>
> Hasn't started yet but at least the problem has moved to another line :-)
>
> Regards,
>
> John
> ==
> On Sat, 2023-05-20 at 14:48 -0400, Frank Gingras wrote:
> > You need a mpm to start httpd. I recommend using the event mpm, so just
> load
> > the appropriate module.
> >
> > On Sat, May 20, 2023 at 2:27 PM John Iliffe 
> wrote:
> > > Rocky Linux 9.0, new install
> > > Rocky distro version of Apache/httpd
> > >
> > > As recommended I used the distro's download httpd and that has lead me
> into
> > > a
> > > week's worth of chasing phantoms.
> > >
> > > Specifically, I copied the httpd.conf file from the old server
> > > (Apache.2.4.25)
> > > to the new server and after clearing all the path problems (Apache is
> spread
> > > all
> > > over the file tree instead of in one compact area under /usr/apache...
> as
> > > previously) I still can't get httpd to start.  The error I can't seem
> to
> > > resolve
> > > is:
> > >
> > > AH00534: httpd: Configuration error: No MPM loaded.
> > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Main process exited,
> > > code=exited, status=1/FAILURE
> > > May 20 13:42:22 prod02 systemd[1]: httpd.service: Failed with result
> 'exit-
> > > code'.
> > > May 20 13:42:22 prod02 systemd[1]: Failed to start The Apache HTTP
> Server.
> > >
> > > As I understand it I shouldn't need an MPM running because everything
> is
> > > proxy'd
> > > to php-fpm (which IS running and has created all necessary pools) using
> > > config
> > > lines like:
> > > "^/.*\.php(/.*)?$" fcgi://127.0.0.1:90xx/httpd/
> > > one '' for each virtual host.  There are sockets 9002 - 9011 in
> use,
> > > excluding 9010 that originally refused to bind to php-fpm and I'll try
> to
> > > debug
> > > later.  Also I have been informed that I should now be using Unix
> Domain
> > > sockets
> > > and I will resolve that whenever I can get Apache running stably.
> > >
> > > The config file DOES load mod_proxy_fcgi so as I understand it this
> should
> > > work
> > > properly:
> > > 140:LoadModule proxy_module modules/mod_proxy.so
> > > 141:LoadModule proxy_connect_module modules/mod_proxy_connect.so
> > > 143:LoadModule proxy_http_module modules/mod_proxy_http.so
> > > 144:LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
> > >
> > > Apache's error log has nothing.  Previously, the "It Works!" version
> > > provided by
> > > the distro did log startup messages properly here.
> > >
> > > Has anyone any ideas where to look?  Without Apache running it is
> fairly
> > > hard to
> > > debug it as I can't ask it what it thinks it is doing!
> > >
> > > Help appreciated,
> > >
> > > John
> > > ==
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > For additional commands, e-mail: users-h...@httpd.apache.org
> > >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Getting Apache Started on a New Server

[John Iliffe]

Thanks Frank.

Hasn't started yet but at least the problem has moved to another line :-)

Regards,

John
==
On Sat, 2023-05-20 at 14:48 -0400, Frank Gingras wrote:
> You need a mpm to start httpd. I recommend using the event mpm, so just load
> the appropriate module.
> 
> On Sat, May 20, 2023 at 2:27 PM John Iliffe  wrote:
> > Rocky Linux 9.0, new install
> > Rocky distro version of Apache/httpd
> > 
> > As recommended I used the distro's download httpd and that has lead me into
> > a
> > week's worth of chasing phantoms. 
> > 
> > Specifically, I copied the httpd.conf file from the old server
> > (Apache.2.4.25)
> > to the new server and after clearing all the path problems (Apache is spread
> > all
> > over the file tree instead of in one compact area under /usr/apache... as
> > previously) I still can't get httpd to start.  The error I can't seem to
> > resolve
> > is:
> > 
> > AH00534: httpd: Configuration error: No MPM loaded.
> > May 20 13:42:22 prod02 systemd[1]: httpd.service: Main process exited,
> > code=exited, status=1/FAILURE
> > May 20 13:42:22 prod02 systemd[1]: httpd.service: Failed with result 'exit-
> > code'.
> > May 20 13:42:22 prod02 systemd[1]: Failed to start The Apache HTTP Server.
> > 
> > As I understand it I shouldn't need an MPM running because everything is
> > proxy'd
> > to php-fpm (which IS running and has created all necessary pools) using
> > config
> > lines like:
> > "^/.*\.php(/.*)?$" fcgi://127.0.0.1:90xx/httpd/
> > one '' for each virtual host.  There are sockets 9002 - 9011 in use,
> > excluding 9010 that originally refused to bind to php-fpm and I'll try to
> > debug
> > later.  Also I have been informed that I should now be using Unix Domain
> > sockets
> > and I will resolve that whenever I can get Apache running stably.
> > 
> > The config file DOES load mod_proxy_fcgi so as I understand it this should
> > work
> > properly:
> > 140:LoadModule proxy_module modules/mod_proxy.so
> > 141:LoadModule proxy_connect_module modules/mod_proxy_connect.so
> > 143:LoadModule proxy_http_module modules/mod_proxy_http.so
> > 144:LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
> > 
> > Apache's error log has nothing.  Previously, the "It Works!" version
> > provided by
> > the distro did log startup messages properly here.
> > 
> > Has anyone any ideas where to look?  Without Apache running it is fairly
> > hard to
> > debug it as I can't ask it what it thinks it is doing!  
> > 
> > Help appreciated,
> > 
> > John
> > ==
> > 
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Getting Apache Started on a New Server

[Frank Gingras]

You need a mpm to start httpd. I recommend using the event mpm, so just
load the appropriate module.

On Sat, May 20, 2023 at 2:27 PM John Iliffe  wrote:

> Rocky Linux 9.0, new install
> Rocky distro version of Apache/httpd
>
> As recommended I used the distro's download httpd and that has lead me
> into a
> week's worth of chasing phantoms.
>
> Specifically, I copied the httpd.conf file from the old server
> (Apache.2.4.25)
> to the new server and after clearing all the path problems (Apache is
> spread all
> over the file tree instead of in one compact area under /usr/apache... as
> previously) I still can't get httpd to start.  The error I can't seem to
> resolve
> is:
>
> AH00534: httpd: Configuration error: No MPM loaded.
> May 20 13:42:22 prod02 systemd[1]: httpd.service: Main process exited,
> code=exited, status=1/FAILURE
> May 20 13:42:22 prod02 systemd[1]: httpd.service: Failed with result 'exit-
> code'.
> May 20 13:42:22 prod02 systemd[1]: Failed to start The Apache HTTP Server.
>
> As I understand it I shouldn't need an MPM running because everything is
> proxy'd
> to php-fpm (which IS running and has created all necessary pools) using
> config
> lines like:
> "^/.*\.php(/.*)?$" fcgi://127.0.0.1:90xx/httpd/
> one '' for each virtual host.  There are sockets 9002 - 9011 in use,
> excluding 9010 that originally refused to bind to php-fpm and I'll try to
> debug
> later.  Also I have been informed that I should now be using Unix Domain
> sockets
> and I will resolve that whenever I can get Apache running stably.
>
> The config file DOES load mod_proxy_fcgi so as I understand it this should
> work
> properly:
> 140:LoadModule proxy_module modules/mod_proxy.so
> 141:LoadModule proxy_connect_module modules/mod_proxy_connect.so
> 143:LoadModule proxy_http_module modules/mod_proxy_http.so
> 144:LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
>
> Apache's error log has nothing.  Previously, the "It Works!" version
> provided by
> the distro did log startup messages properly here.
>
> Has anyone any ideas where to look?  Without Apache running it is fairly
> hard to
> debug it as I can't ask it what it thinks it is doing!
>
> Help appreciated,
>
> John
> ==
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

[users@httpd] Getting Apache Started on a New Server

[John Iliffe]

Rocky Linux 9.0, new install
Rocky distro version of Apache/httpd

As recommended I used the distro's download httpd and that has lead me into a
week's worth of chasing phantoms. 

Specifically, I copied the httpd.conf file from the old server (Apache.2.4.25)
to the new server and after clearing all the path problems (Apache is spread all
over the file tree instead of in one compact area under /usr/apache... as
previously) I still can't get httpd to start.  The error I can't seem to resolve
is:

AH00534: httpd: Configuration error: No MPM loaded.
May 20 13:42:22 prod02 systemd[1]: httpd.service: Main process exited,
code=exited, status=1/FAILURE
May 20 13:42:22 prod02 systemd[1]: httpd.service: Failed with result 'exit-
code'.
May 20 13:42:22 prod02 systemd[1]: Failed to start The Apache HTTP Server.

As I understand it I shouldn't need an MPM running because everything is proxy'd
to php-fpm (which IS running and has created all necessary pools) using config
lines like:
"^/.*\.php(/.*)?$" fcgi://127.0.0.1:90xx/httpd/
one '' for each virtual host.  There are sockets 9002 - 9011 in use,
excluding 9010 that originally refused to bind to php-fpm and I'll try to debug
later.  Also I have been informed that I should now be using Unix Domain sockets
and I will resolve that whenever I can get Apache running stably.

The config file DOES load mod_proxy_fcgi so as I understand it this should work
properly:
140:LoadModule proxy_module modules/mod_proxy.so
141:LoadModule proxy_connect_module modules/mod_proxy_connect.so
143:LoadModule proxy_http_module modules/mod_proxy_http.so
144:LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

Apache's error log has nothing.  Previously, the "It Works!" version provided by
the distro did log startup messages properly here.

Has anyone any ideas where to look?  Without Apache running it is fairly hard to
debug it as I can't ask it what it thinks it is doing!  

Help appreciated,

John
==

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] pwauth to external server

[Frank Gingras]

This comes to mind:

https://code.google.com/archive/p/mod-auth-external/wikis/AuthNZ.wiki

On Wed, May 17, 2023 at 12:48 PM Adam Weremczuk 
wrote:

> Hi all,
>
> I run some old Bugzilla 3.6.11 (https://www.bugzilla.org) on SERVER1
> (Debian 7 / Apache 2.2.22 / MySQL 5.5.31).
>
> The following authentication works locally:
>
> AuthType Basic
> AuthPAM_Enabled on
> AuthBasicAuthoritative off
> AuthUserFile /dev/null
>
> I have migrated Bugzilla to a modern stack on SERVER2 (Debian 11 /
> Apache 2.4.56 / MariaDB 10.5.19) but struggle with authentication.
>
> Is it possible to use pwauth to consult usernames/passwords on SERVER1
> from SERVER2 by IP?
>
> What other authentication options do I have?
>
> I would rather avoid doing things such as copying usernames and
> passwords across.
>
> Regards,
> Adam
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

[users@httpd] pwauth to external server

[Adam Weremczuk]

Hi all,

I run some old Bugzilla 3.6.11 (https://www.bugzilla.org) on SERVER1 
(Debian 7 / Apache 2.2.22 / MySQL 5.5.31).


The following authentication works locally:

AuthType Basic
AuthPAM_Enabled on
AuthBasicAuthoritative off
AuthUserFile /dev/null

I have migrated Bugzilla to a modern stack on SERVER2 (Debian 11 / 
Apache 2.4.56 / MariaDB 10.5.19) but struggle with authentication.


Is it possible to use pwauth to consult usernames/passwords on SERVER1 
from SERVER2 by IP?


What other authentication options do I have?

I would rather avoid doing things such as copying usernames and 
passwords across.


Regards,
Adam


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd]

[Frank Gingras]

Well, we can't guess that you provided the wrong path. Hence the
recommendation for better filesystem locations.

On Mon, May 15, 2023 at 10:03 AM Marc  wrote:

> /tmp is just an example. Files are located elsewhere, actually at a
> location where the rest should not be available/accessible. I only want to
> 'redirect' this file.
>
> >
> > You want to use  instead. I also strongly recommend
> > storing your images in another path.
> >
> > On Mon, May 15, 2023 at 3:48 AM Marc  >  > wrote:
> >
> >
> >
> >
> >   > >
> >   > > How do I get that the file (docroot)/images/favicon.ico is not
> > loaded
> >   > from the disk but instead from the /tmp/os-favicon.ico?
> >   >
> >   > Use the Alias directive.
> >   > https://httpd.apache.org/docs/2.4/urlmapping.html
> >   >
> >
> >   Hmmm, so I am ending up with somwthing like this. Is that really
> > the best way to do this?
> >
> >61 Alias "/images/favicon.ico" "/tmp/os-
> > favicon.ico"
> >62 
> >63 Require all granted
> >64 
> >
> >
>
>

RE: [users@httpd]

[Marc]

/tmp is just an example. Files are located elsewhere, actually at a location 
where the rest should not be available/accessible. I only want to 'redirect' 
this file.

> 
> You want to use  instead. I also strongly recommend
> storing your images in another path.
> 
> On Mon, May 15, 2023 at 3:48 AM Marc   > wrote:
> 
> 
> 
> 
>   > >
>   > > How do I get that the file (docroot)/images/favicon.ico is not
> loaded
>   > from the disk but instead from the /tmp/os-favicon.ico?
>   >
>   > Use the Alias directive.
>   > https://httpd.apache.org/docs/2.4/urlmapping.html
>   >
> 
>   Hmmm, so I am ending up with somwthing like this. Is that really
> the best way to do this?
> 
>61 Alias "/images/favicon.ico" "/tmp/os-
> favicon.ico"
>62 
>63 Require all granted
>64 
> 
> 

Re: [users@httpd]

[Frank Gingras]

You want to use  instead. I also strongly recommend storing
your images in another path.

On Mon, May 15, 2023 at 3:48 AM Marc  wrote:

>
>
> > >
> > > How do I get that the file (docroot)/images/favicon.ico is not loaded
> > from the disk but instead from the /tmp/os-favicon.ico?
> >
> > Use the Alias directive.
> > https://httpd.apache.org/docs/2.4/urlmapping.html
> >
>
> Hmmm, so I am ending up with somwthing like this. Is that really the best
> way to do this?
>
>  61 Alias "/images/favicon.ico" "/tmp/os-favicon.ico"
>  62 
>  63 Require all granted
>  64 
>
>

[users@httpd]

[Roman Gelfand]

RE: [users@httpd]

[Marc]

> >
> > How do I get that the file (docroot)/images/favicon.ico is not loaded
> from the disk but instead from the /tmp/os-favicon.ico?
> 
> Use the Alias directive.
> https://httpd.apache.org/docs/2.4/urlmapping.html
> 

Hmmm, so I am ending up with somwthing like this. Is that really the best way 
to do this?

 61 Alias "/images/favicon.ico" "/tmp/os-favicon.ico"
 62 
 63 Require all granted
 64 

Re: [users@httpd]

[Eric Covener]

On Sat, May 13, 2023 at 11:03 AM Marc  wrote:
>
> How do I get that the file (docroot)/images/favicon.ico is not loaded from 
> the disk but instead from the /tmp/os-favicon.ico?

Use the Alias directive. https://httpd.apache.org/docs/2.4/urlmapping.html

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd]

[Marc]

How do I get that the file (docroot)/images/favicon.ico is not loaded from the 
disk but instead from the /tmp/os-favicon.ico?


"/tmp/os-favicon.ico"
  

https://httpd.apache.org/docs/2.4/mod/core.html#files
Is this te best manual?? "# Insert stuff that applies to cat.html here" is not 
very helpful. How should ever be able to learn/read this from the 
documentation???

Re: [users@httpd] Help with mod_rewrite

[Marc Serra]

For your information, seems now works adding this rules as the first rules ...

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(gb|es|ca|fr)/ [NC]
RewriteRule . /  [R,L]



Missatge de Frank Gingras  del dia dj., 20 d’abr.
2023 a les 16:12:
>
> The best way to tackle this complex set of rules is to use your development 
> server, clone the directives, comment out everything and uncomment a few 
> rules at a time.
>
> While you do this, see if you still have a loop (test with curl, not a 
> browser), examine the log entries, and then uncomment another rule. Repeat 
> until the loop appears.
>
> If you have a specific question about one log entry, do ask it.
>
> On Thu, Apr 20, 2023 at 2:18 AM Marc Serra  wrote:
>>
>> Thank's for answer Frank,
>>
>> A simple https://www.domain.tld/gb/ query generates a thousand lines
>> log file (attached). I'm really lost, I dont' know what I'm looking
>> for in the log file.
>>
>>
>>
>> Missatge de Frank Gingras  del dia dc., 19 d’abr.
>> 2023 a les 20:19:
>> >
>> > I would start with the rewrite log in your development environment, if you 
>> > can't change the configuration on the live server.
>> >
>> > I would also look to replace this entire mess with a FallbackResource 
>> > directive.
>> >
>> > On Tue, Apr 18, 2023 at 6:32 AM Marc Serra  wrote:
>> >>
>> >> Hi,
>> >>
>> >> A few weeks ago we renewed our prestashop website.
>> >>
>> >> One of the new features is the support for multiple languages.
>> >>
>> >> A typical home URL are...
>> >> https://www.domain.tld/gb/ for english
>> >> https://www.domain.tld/es/ for spanish
>> >> etc.
>> >>
>> >> A typical product URL are...
>> >> https://www.domain.tld/gb/PRODUCT_CATEGORY_FRIENDLY_URL/PRODUCT_CODE-PRODUCT_URL_FRIENDLY_DESCRIPTION.html
>> >> for english
>> >> https://www.domain.tld/es/PRODUCT_CATEGORY_FRIENDLY_URL/PRODUCT_CODE-PRODUCT_URL_FRIENDLY_DESCRIPTION.html
>> >> for spanish
>> >> etc.
>> >>
>> >> Our old URL wasn't contain the language, for example:
>> >> https://www.domain.tld/.html for home
>> >> https://www.domain.tld/PRODUCT_CATEGORY_FRIENDLY_URL/PRODUCT_CODE-PRODUCT_URL_FRIENDLY_DESCRIPTION.html
>> >> for product
>> >> etc.
>> >>
>> >> I'm trying to save the old URL and move to our default language (gb
>> >> for example).
>> >>
>> >> For start, I added the following two lines at the beginning of the
>> >> htaccess file. I try to redirect any URL not starting with /gb/ to the
>> >> english home page instead of 404 page ...
>> >>
>> >> RewriteCond %{REQUEST_URI} !^/gb/
>> >> RewriteRule ^.*$ /gb/ [L]
>> >>
>> >> # Followed by the prestashop default rules ...
>> >>
>> >> RewriteRule . - [E=REWRITEBASE:/]
>> >> RewriteRule ^api(?:/(.*))?$
>> >> %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]
>> >>
>> >> # Images
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule 
>> >> ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule 
>> >> ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule 
>> >> ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule 
>> >> ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg
>> >> [L]
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
>> >> RewriteCond %{HTTP_HOST} ^www.domain.tld$
>> >> RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$
>> >> %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
>> >> # AlphaImageLoader for IE and fancybox
>> >> RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$
>> >> js/jquery/plugins/fancybox/images/$1.$2 [L]
>> >>
>> >> # Dispatcher
>> >> RewriteCond %{REQUEST_FILENAME} -s [OR]
>> >> RewriteCond %{REQUEST_FILENAME} -l [OR]
>> >> RewriteCond %{REQUEST_FILENAME} -d
>> >> RewriteRule ^.*$ - [NC,L]
>> >> RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
>> >>
>> >>
>> >>
>> >> But when I visit 

Re: [users@httpd] Unclear RewriteCond docs

[sebb]

On Mon, 8 May 2023 at 19:00, Eric Covener  wrote:
>
> On Mon, May 8, 2023 at 1:22 PM sebb  wrote:
> >
> > Another issue is that there is no link to the syntax to be used for
> > the various conditions.
> >
> > For example, how does on express a file/path test or a string comparison?
> > AFAICT the only example is for a regex, though that is not made explicit.
>
> Are you still in the intro document?

yes.

> The comprehensive doc is
> https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond

Although there is a link to the full doc, it could be made more explicit.

Also the intro says "the second argument is a regular expression that
must match the variable". This is not the whole story. It would help
to be explicit in the text that there are 3 types of condition, at
which point a link to the full docs would be useful.

> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Unclear RewriteCond docs

[Eric Covener]

On Mon, May 8, 2023 at 1:22 PM sebb  wrote:
>
> Another issue is that there is no link to the syntax to be used for
> the various conditions.
>
> For example, how does on express a file/path test or a string comparison?
> AFAICT the only example is for a regex, though that is not made explicit.

Are you still in the intro document?

The comprehensive doc is
https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Unclear RewriteCond docs

[sebb]

Another issue is that there is no link to the syntax to be used for
the various conditions.

For example, how does on express a file/path test or a string comparison?
AFAICT the only example is for a regex, though that is not made explicit.

Sebb

On Mon, 8 May 2023 at 15:38, Daniel Gruno  wrote:
>
> On 2023-05-08 09:33, Eric Covener wrote:
> > On Mon, May 8, 2023 at 10:29 AM Daniel Gruno  wrote:
> >>
> >> On 2023-05-08 08:44, Eric Covener wrote:
> >>> On Mon, May 8, 2023 at 9:41 AM Frank Gingras  wrote:
> 
>  Sebb,
> 
>  Are you sure about that? I would verify before we venture to clarify the 
>  docs.
> >>>
> >>> I think sebb is right, I've occasionally had to try to weirdly
> >>> propagate it or delay/combine it.
> >>>
> >>> In a rule or condition, the captures of the preceding condition is 
> >>> available
> >>
> >> Only if the next condition is a regex condition. A literal string
> >> comparison condition will not reset the previous captures. And yeah, you
> >> can use the teststring value to add back your captures from the previous
> >> condition:
> >>
> >> # Get key value into %1
> >> RewriteCond %{QUERY_STRING} "key=(.+)"
> >> # Append query string with %1, get key value back into %1, bar value into 
> >> %2
> >> RewriteCond %1::%{QUERY_STRING} "^(.+)::.*bar=(.+)"
> >> # Literal comparison, doesn't change backrefs:
> >> RewriteCond %2 ="foo"
> >> RewriteRule .* http://foo.bar/%1/%2
> >
> > Ah, cool and tricky to document in an "intro".  Maybe we can make sure
> > the gory details are right elsewhere, and caution that it's more
> > complicated with multiple conditions in the intro example.
>
> Yeah, you can actually use this to accept and parse query string
> key/value pairs given in an arbitrary order, but as you say, it gets
> complex real fast - I am having to resort to making RewriteCond macros
> to accomplish this without having to write 200 lines of config :)
>
> We do have a page dedicated to advanced usage examples, maybe I can add
> something to that page.
>
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Unclear RewriteCond docs

[Daniel Gruno]

On 2023-05-08 09:33, Eric Covener wrote:

On Mon, May 8, 2023 at 10:29 AM Daniel Gruno  wrote:


On 2023-05-08 08:44, Eric Covener wrote:

On Mon, May 8, 2023 at 9:41 AM Frank Gingras  wrote:


Sebb,

Are you sure about that? I would verify before we venture to clarify the docs.


I think sebb is right, I've occasionally had to try to weirdly
propagate it or delay/combine it.

In a rule or condition, the captures of the preceding condition is available


Only if the next condition is a regex condition. A literal string
comparison condition will not reset the previous captures. And yeah, you
can use the teststring value to add back your captures from the previous
condition:

# Get key value into %1
RewriteCond %{QUERY_STRING} "key=(.+)"
# Append query string with %1, get key value back into %1, bar value into %2
RewriteCond %1::%{QUERY_STRING} "^(.+)::.*bar=(.+)"
# Literal comparison, doesn't change backrefs:
RewriteCond %2 ="foo"
RewriteRule .* http://foo.bar/%1/%2


Ah, cool and tricky to document in an "intro".  Maybe we can make sure
the gory details are right elsewhere, and caution that it's more
complicated with multiple conditions in the intro example.


Yeah, you can actually use this to accept and parse query string 
key/value pairs given in an arbitrary order, but as you say, it gets 
complex real fast - I am having to resort to making RewriteCond macros 
to accomplish this without having to write 200 lines of config :)


We do have a page dedicated to advanced usage examples, maybe I can add 
something to that page.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Unclear RewriteCond docs

[Eric Covener]

On Mon, May 8, 2023 at 10:29 AM Daniel Gruno  wrote:
>
> On 2023-05-08 08:44, Eric Covener wrote:
> > On Mon, May 8, 2023 at 9:41 AM Frank Gingras  wrote:
> >>
> >> Sebb,
> >>
> >> Are you sure about that? I would verify before we venture to clarify the 
> >> docs.
> >
> > I think sebb is right, I've occasionally had to try to weirdly
> > propagate it or delay/combine it.
> >
> > In a rule or condition, the captures of the preceding condition is available
>
> Only if the next condition is a regex condition. A literal string
> comparison condition will not reset the previous captures. And yeah, you
> can use the teststring value to add back your captures from the previous
> condition:
>
> # Get key value into %1
> RewriteCond %{QUERY_STRING} "key=(.+)"
> # Append query string with %1, get key value back into %1, bar value into %2
> RewriteCond %1::%{QUERY_STRING} "^(.+)::.*bar=(.+)"
> # Literal comparison, doesn't change backrefs:
> RewriteCond %2 ="foo"
> RewriteRule .* http://foo.bar/%1/%2

Ah, cool and tricky to document in an "intro".  Maybe we can make sure
the gory details are right elsewhere, and caution that it's more
complicated with multiple conditions in the intro example.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org