Re: [users@httpd] How do I choose the best settings for the Apache Server?

2023-09-15 Thread Mike Dewhirst 

On 15/09/2023 8:14 pm, Jason Long wrote:

Hello,
Thank you so much.
Can you share an ideal Apache configuration file? Something like a 
template.


Not saying this is ideal but I went through an iterative set of confs 
and came to the following for a 4GB VM which seems to be OK in a lightly 
loaded scenario.


# event MPM
# ServerLimit: Upper limit on configurable number of processes (default 16)
# StartServers: initial number of server processes to start (default 3)
# MinSpareThreads: minimum number of worker threads which are kept spare 
(default 75)
# MaxSpareThreads: maximum number of worker threads which are kept spare 
(default 250)
# ThreadLimit: upper limit on the configurable number of threads per 
child process (default 64)
# ThreadsPerChild: constant number of worker threads in each server 
process (default 25)
# MaxRequestWorkers: maximum number of worker threads 
(ServerLimit*ThreadsPerChild)

# MaxConnectionsPerChild: maximum number of requests a server process serves
##
# After reading 
https://www.liquidweb.com/kb/apache-performance-tuning-apache-mpm-modules/


    ServerLimit 32
    StartServers    16
    MinSpareThreads 400
#    MaxSpareThreads 250 increase == 
MaxRequestWorkers dferra...@apache.org

    MaxSpareThreads 800
    ThreadLimit 64
    ThreadsPerChild 50
    AsyncRequestWorkerFactor    2
    MaxRequestWorkers   800
    MaxConnectionsPerChild  0


##
# First stab after reading Apache docs
#
#    ServerLimit            16
#    StartServers            3
#    MinSpareThreads            75
#    MaxSpareThreads            250
#    ThreadLimit            750
#    ThreadsPerChild            250
#    AsyncRequestWorkerFactor    2
#    MaxRequestWorkers        1000
#    MaxConnectionsPerChild        0
#
# Original
#
#    StartServers    2
#    MinSpareThreads 25
#    MaxSpareThreads 75
#    ThreadLimit 64
#    ThreadsPerChild 25
#    MaxRequestWorkers   150
#    MaxConnectionsPerChild  0
#








On Fri, Sep 15, 2023 at 1:17 AM, Stormy
 wrote:
On 2023-09-14 16:01, Jason Long wrote:
> Hello,
> Thanks again.
> How about the other parameters? For example, how can I estimate
the best
> value for "MaxRequestsPerChild", "ThreadsPerChild" and etc.?

What is wrong with the default values? Why do you want to "estimate"?
Have you tried different values? If so, what was the
upside/downside of
your trials? Logs? Stats?

You say somewhere below that your server "uses WordPress, so it
also has
PHP and MySQL."  Fine, these are services (memory and CPU cycles)
outside the scope of Apache/httpd which just "serves" what it is
given
to "serve."

As an example, I have just rewritten a quite big (474 Gb) WP
website in
html5 with minimal php and js. Result: client output identical,
Apache
throughput just over 90% lower. YMMV

Good luck,
Paul
>
>
>    On Thu, Sep 14, 2023 at 10:27 PM, Frank Gingras
>     wrote:
>    Just comment out the LoadModule line for prefork, and
uncomment the
>    line for event.
>
>    There is no "template"; you just need to tweak event to spawn
more
>    workers if needed, but the default settings should be fine
for small
>    volumes.
>
>    The prefork mpm should really be avoided at this point, as it
spawns
>    a separate process for every single HTTP request.
>
>    On Thu, Sep 14, 2023 at 2:47 PM Jason Long
>     wrote:
>
>        Hello,
>        Thanks again.
>        So, I must remove the "mpm_prefork_module" section. Am I
right?
>
>        Can you show me an Apache configuration template for use with
>        Wordpress?
>
>        When I must use "mpm_prefork_module"?
>
>
>            On Thu, Sep 14, 2023 at 4:24 PM, Frank Gingras
>            mailto:thu...@apache.org>> wrote:
>            500MB of RAM for the httpd processes, yes. The rest
of the
>            RAM will go towards php and MySQL.
>
>            Since wordpress is involved, you'll want to use the event
>            mpm (nor prefork, nor event), proxy_fcgi and php-fpm.
See:
>
> https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
>           

>
>
>
>            On Thu, Sep 14, 2023 at 6:21 AM Jason Long
>            mailto:hack3r...@yahoo.com>> wrote:
>
>                Hello,
>                Thank you so much for your reply.
>                Can you tell me more about "It should run well under
>                500MB even with thousands of workers."

Re: [users@httpd] Error AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

2022-11-27 Thread Mike Dewhirst 

On 28/11/2022 12:09 pm, Mike Dewhirst wrote:

On 26/11/2022 11:41 am, Mike Dewhirst wrote:

On 24/11/2022 6:48 pm, Daniel Ferradal wrote:
Some script is probably hogging the workers and not letting them 
close so if you must, just restart, but judging by the amount of 
traffic you seem to have at the time I would truncate in logrotate 
and not restart or reload the server at all.


I run a Python script on the production machine to delete the entire 
site (including directory structure) then redeploy everything from 
the repo whenever anything changes.


On the basis that Apache (mod-wsgi) only reads the files once on 
reload, if they also had the dead finger of my script or perhaps the 
Python interpreter hanging on, that may well have "hogged" the workers.


That script now restarts Apache instead of reload.

I have now adjusted the logrotate script to avoid reload/restart 
logging status as follows:


/var/log/apache2/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    copytruncate
    sharedscripts
    prerotate
    if [ -d /etc/logrotate.d/httpd-prerotate ]; then
    run-parts /etc/logrotate.d/httpd-prerotate
    fi
    endscript
    postrotate
    if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
    invoke-rc.d apache2 status 2>&1 | logger -t apache2.logrotate
    fi
    endscript
}


... and left the mpm-event settings as follows:


    ServerLimit 32 # Thanks 
Eric Covener

    StartServers    16
    MinSpareThreads 400
    MaxSpareThreads 250
    ThreadLimit 64
    ThreadsPerChild 50
    AsyncRequestWorkerFactor    2
    MaxRequestWorkers   800
    MaxConnectionsPerChild  0


I restarted the entire machine

Next logrotate is 00:00 UTC -- I'll report tomorrow.


Zero bytes in the error log since Saturday when I sent the above email.

That covers the period with copytruncate in the Apache logrotate conf.

I haven't updated the site so no restarts from me.

I'll adjust the deployment script back to reload instead of restart 
before my next deployment and report back.


Errors recommence as follows:

... not an error but the reload after a deployment script run...

[Mon Nov 28 01:17:06.605572 2022] [mpm_event:notice] [pid 920:tid 
140638735415168] AH00493: SIGUSR1 received.  Doing graceful restart
[Mon Nov 28 01:17:06.699315 2022] [mpm_event:notice] [pid 920:tid 
140638735415168] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 
mod_wsgi/4.9.0 Python/3.10 configured -- resuming normal operations
[Mon Nov 28 01:17:06.699345 2022] [core:notice] [pid 920:tid 
140638735415168] AH00094: Command line: '/usr/sbin/apache2'


... lengthy period ensues with no errors followed by another deployment 
reload ...


[Mon Nov 28 03:16:44.368563 2022] [mpm_event:notice] [pid 920:tid 
140638735415168] AH00493: SIGUSR1 received.  Doing graceful restart
[Mon Nov 28 03:16:44.502990 2022] [mpm_event:notice] [pid 920:tid 
140638735415168] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 
mod_wsgi/4.9.0 Python/3.10 configured -- resuming normal operations
[Mon Nov 28 03:16:44.503027 2022] [core:notice] [pid 920:tid 
140638735415168] AH00094: Command line: '/usr/sbin/apache2'


... another deployment script reload after a period with no errors ...

[Mon Nov 28 04:08:02.215591 2022] [mpm_event:notice] [pid 920:tid 
140638735415168] AH00493: SIGUSR1 received.  Doing graceful restart
[Mon Nov 28 04:08:02.319672 2022] [mpm_event:notice] [pid 920:tid 
140638735415168] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 
mod_wsgi/4.9.0 Python/3.10 configured -- resuming normal operations
[Mon Nov 28 04:08:02.319713 2022] [core:notice] [pid 920:tid 
140638735415168] AH00094: Command line: '/usr/sbin/apache2'


... but two seconds later ...

[Mon Nov 28 04:08:04.324587 2022] [mpm_event:error] [pid 920:tid 
140638735415168] AH03490: scoreboard is full, not at 
MaxRequestWorkers.Increase ServerLimit.


... followed by more of the same at approximately 1 second intervals ...

[Mon Nov 28 04:15:30.915730 2022] [mpm_event:error] [pid 920:tid 
140638735415168] AH03490: scoreboard is full, not at 
MaxRequestWorkers.Increase ServerLimit.


About to revert my deployment script to restart Apache instead of reload ...

Not sure what else I can do?

Cheers

Mike





Cheers

Mike

--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.


--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came fro

Re: [users@httpd] Error AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

2022-11-27 Thread Mike Dewhirst 

On 26/11/2022 11:41 am, Mike Dewhirst wrote:

On 24/11/2022 6:48 pm, Daniel Ferradal wrote:
Some script is probably hogging the workers and not letting them 
close so if you must, just restart, but judging by the amount of 
traffic you seem to have at the time I would truncate in logrotate 
and not restart or reload the server at all.


I run a Python script on the production machine to delete the entire 
site (including directory structure) then redeploy everything from the 
repo whenever anything changes.


On the basis that Apache (mod-wsgi) only reads the files once on 
reload, if they also had the dead finger of my script or perhaps the 
Python interpreter hanging on, that may well have "hogged" the workers.


That script now restarts Apache instead of reload.

I have now adjusted the logrotate script to avoid reload/restart 
logging status as follows:


/var/log/apache2/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    copytruncate
    sharedscripts
    prerotate
    if [ -d /etc/logrotate.d/httpd-prerotate ]; then
    run-parts /etc/logrotate.d/httpd-prerotate
    fi
    endscript
    postrotate
    if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
    invoke-rc.d apache2 status 2>&1 | logger -t apache2.logrotate
    fi
    endscript
}


... and left the mpm-event settings as follows:


    ServerLimit 32 # Thanks 
Eric Covener

    StartServers    16
    MinSpareThreads 400
    MaxSpareThreads 250
    ThreadLimit 64
    ThreadsPerChild 50
    AsyncRequestWorkerFactor    2
    MaxRequestWorkers   800
    MaxConnectionsPerChild  0


I restarted the entire machine

Next logrotate is 00:00 UTC -- I'll report tomorrow.


Zero bytes in the error log since Saturday when I sent the above email.

That covers the period with copytruncate in the Apache logrotate conf.

I haven't updated the site so no restarts from me.

I'll adjust the deployment script back to reload instead of restart 
before my next deployment and report back.



Cheers

Mike

--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.


--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature

Re: [users@httpd] Error AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

2022-11-25 Thread Mike Dewhirst 

On 24/11/2022 6:48 pm, Daniel Ferradal wrote:
Some script is probably hogging the workers and not letting them close 
so if you must, just restart, but judging by the amount of traffic you 
seem to have at the time I would truncate in logrotate and not restart 
or reload the server at all.


I run a Python script on the production machine to delete the entire 
site (including directory structure) then redeploy everything from the 
repo whenever anything changes.


On the basis that Apache (mod-wsgi) only reads the files once on reload, 
if they also had the dead finger of my script or perhaps the Python 
interpreter hanging on, that may well have "hogged" the workers.


That script now restarts Apache instead of reload.

I have now adjusted the logrotate script to avoid reload/restart logging 
status as follows:


/var/log/apache2/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    copytruncate
    sharedscripts
    prerotate
    if [ -d /etc/logrotate.d/httpd-prerotate ]; then
    run-parts /etc/logrotate.d/httpd-prerotate
    fi
    endscript
    postrotate
    if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
    invoke-rc.d apache2 status 2>&1 | logger -t apache2.logrotate
    fi
    endscript
}


... and left the mpm-event settings as follows:


    ServerLimit 32 # Thanks 
Eric Covener

    StartServers    16
    MinSpareThreads 400
    MaxSpareThreads 250
    ThreadLimit 64
    ThreadsPerChild 50
    AsyncRequestWorkerFactor    2
    MaxRequestWorkers   800
    MaxConnectionsPerChild  0


I restarted the entire machine

Next logrotate is 00:00 UTC -- I'll report tomorrow.

Cheers

Mike

--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature

Re: [users@httpd] Error AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

2022-11-24 Thread Mike Dewhirst 
Daniel - thanks for that. Just looked at copytruncate and that seems a good 
strategy. I'll restart Apache in the morning and try the truncate option over 
the weekend when I can keep an eye on it.CheersMike--(Unsigned mail from my 
phone)
 Original message From: Daniel Ferradal  
Date: 24/11/22  18:48  (GMT+10:00) To: "" 
 Subject: Re: [users@httpd] Error AH03490: scoreboard 
is full, not at MaxRequestWorkers.Increase ServerLimit Some script is probably 
hogging the workers and not letting them close so if you must, just restart, 
but judging by the amount of traffic you seem to have at the time I would 
truncate in logrotate and not restart or reload the server at all.El jue, 24 
nov 2022 2:38, Mike Dewhirst  escribió:
  

  
  
On 24/11/2022 12:13 pm, Eric Covener
  wrote:


  
Should I adjust /etc/logrotate.d/apache2 to restart instead of reload?

  
  How many entries for Apache logs are there, and how frequently do they
rotate in logrotated?


There are three Apache website logs and they rotate daily. Here is
the script

# /etc/logrotate.d/apache2

/var/log/apache2/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 0660 root adm
    sharedscripts
    prerotate
    if [ -d /etc/logrotate.d/httpd-prerotate ]; then
    run-parts /etc/logrotate.d/httpd-prerotate
    fi
    endscript
    postrotate
    if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
    invoke-rc.d apache2 reload 2>&1 | logger -t
apache2.logrotate
    fi
    endscript
}

# /etc/cron.daily/apache2

#!/bin/sh

# run htcacheclean if set to 'cron' mode

set -e
set -u

type htcacheclean > /dev/null 2>&1 || exit 0
[ -e /etc/default/apache-htcacheclean ] || exit 0


# edit /etc/default/apache-htcacheclean to change this
HTCACHECLEAN_MODE=daemon
HTCACHECLEAN_RUN=auto
HTCACHECLEAN_SIZE=300M
HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
HTCACHECLEAN_OPTIONS=""

. /etc/default/apache-htcacheclean

[ "$HTCACHECLEAN_MODE" = "cron" ] || exit 0

htcacheclean ${HTCACHECLEAN_OPTIONS}    \
    -p${HTCACHECLEAN_PATH}    \
    -l${HTCACHECLEAN_SIZE}




  I think there's a trick to batch them if there's very many. But it
sounds like it's constantly doing rotation.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org





-- 
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.

Re: [users@httpd] Error AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

2022-11-23 Thread Mike Dewhirst 

On 24/11/2022 12:13 pm, Eric Covener wrote:

Should I adjust /etc/logrotate.d/apache2 to restart instead of reload?

How many entries for Apache logs are there, and how frequently do they
rotate in logrotated?


There are three Apache website logs and they rotate daily. Here is the 
script


# /etc/logrotate.d/apache2

/var/log/apache2/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 0660 root adm
    sharedscripts
    prerotate
    if [ -d /etc/logrotate.d/httpd-prerotate ]; then
    run-parts /etc/logrotate.d/httpd-prerotate
    fi
    endscript
    postrotate
    if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
    invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
    fi
    endscript
}

# /etc/cron.daily/apache2

#!/bin/sh

# run htcacheclean if set to 'cron' mode

set -e
set -u

type htcacheclean > /dev/null 2>&1 || exit 0
[ -e /etc/default/apache-htcacheclean ] || exit 0


# edit /etc/default/apache-htcacheclean to change this
HTCACHECLEAN_MODE=daemon
HTCACHECLEAN_RUN=auto
HTCACHECLEAN_SIZE=300M
HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
HTCACHECLEAN_OPTIONS=""

. /etc/default/apache-htcacheclean

[ "$HTCACHECLEAN_MODE" = "cron" ] || exit 0

htcacheclean ${HTCACHECLEAN_OPTIONS}    \
    -p${HTCACHECLEAN_PATH}    \
    -l${HTCACHECLEAN_SIZE}





I think there's a trick to batch them if there's very many. But it
sounds like it's constantly doing rotation.

-
To unsubscribe, e-mail:users-unsubscr...@httpd.apache.org
For additional commands, e-mail:users-h...@httpd.apache.org




--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature

Re: [users@httpd] Error AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

2022-11-23 Thread Mike Dewhirst 

On 23/11/2022 10:40 am, Mike Dewhirst wrote:

On 23/11/2022 10:31 am, Eric Covener wrote:



On Tue, Nov 22, 2022 at 6:15 PM Mike Dewhirst  
wrote:


Can anyone suggest some mpm_event.conf settings for a lightly
loaded DigitalOcean Ubuntu 2022.04 LTS droplet with 8GB of RAM
and a "dedicated CPU"?

I just had to restart Apache which crashed around 22:22 UTC.
There is 8Mb of the above error in the log.

This is the plain Apache2 error.log rather than the named website
error log which only shows expected errors such as reCaptcha errors.

It seems to have started filling the scoreboard 24 minutes after
logrotate. The first ten log entries after logrotate are ...

[Tue Nov 22 00:00:01.934987 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00489: Apache/2.4.52 (Ubuntu)
OpenSSL/3.0.2 mod_wsgi/4.9.0 Python/3.10 configured -- resuming
normal operations
[Tue Nov 22 00:00:01.935032 2022] [core:notice] [pid 49892:tid
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:20:13.411015 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00493: SIGUSR1 received.  Doing
graceful restart
[Tue Nov 22 00:20:13.514771 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00489: Apache/2.4.52 (Ubuntu)
OpenSSL/3.0.2 mod_wsgi/4.9.0 Python/3.10 configured -- resuming
normal operations
[Tue Nov 22 00:20:13.514804 2022] [core:notice] [pid 49892:tid
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:23:57.862865 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00493: SIGUSR1 received.  Doing
graceful restart
[Tue Nov 22 00:23:57.937161 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00489: Apache/2.4.52 (Ubuntu)
OpenSSL/3.0.2 mod_wsgi/4.9.0 Python/3.10 configured -- resuming
normal operations
[Tue Nov 22 00:23:57.937192 2022] [core:notice] [pid 49892:tid
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:23:59.938800 2022] [mpm_event:error] [pid
49892:tid 140450581641088] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.
[Tue Nov 22 00:24:00.939954 2022] [mpm_event:error] [pid
49892:tid 140450581641088] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.


With event, ServerLimit should be larger than 
MaxRequestWorkers/ThreadsPerChild not equal to it. It only matters 
when processes exit and are replaced.
This allows slow to exit processes to be managed alongside their 
replacement processes.


...


ServerLimit 16

    StartServers    16
    MinSpareThreads 400
    MaxSpareThreads 250
    ThreadLimit 64
    ThreadsPerChild 50
    AsyncRequestWorkerFactor    2
    MaxRequestWorkers   800
    MaxConnectionsPerChild  0



I would start with ServerLimit 24 or 32. Nothing has to change along 
with it.


Many thanks Eric. 32 it is!


Just crashed again.

Should I adjust /etc/logrotate.d/apache2 to restart instead of reload?

Looks like a simple interim repair.

Thanks

Mike



Cheers

Mike



--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature

Re: [users@httpd] Error AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

2022-11-22 Thread Mike Dewhirst 

On 23/11/2022 10:31 am, Eric Covener wrote:



On Tue, Nov 22, 2022 at 6:15 PM Mike Dewhirst  
wrote:


Can anyone suggest some mpm_event.conf settings for a lightly
loaded DigitalOcean Ubuntu 2022.04 LTS droplet with 8GB of RAM and
a "dedicated CPU"?

I just had to restart Apache which crashed around 22:22 UTC. There
is 8Mb of the above error in the log.

This is the plain Apache2 error.log rather than the named website
error log which only shows expected errors such as reCaptcha errors.

It seems to have started filling the scoreboard 24 minutes after
logrotate. The first ten log entries after logrotate are ...

[Tue Nov 22 00:00:01.934987 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00489: Apache/2.4.52 (Ubuntu)
OpenSSL/3.0.2 mod_wsgi/4.9.0 Python/3.10 configured -- resuming
normal operations
[Tue Nov 22 00:00:01.935032 2022] [core:notice] [pid 49892:tid
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:20:13.411015 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00493: SIGUSR1 received. Doing
graceful restart
[Tue Nov 22 00:20:13.514771 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00489: Apache/2.4.52 (Ubuntu)
OpenSSL/3.0.2 mod_wsgi/4.9.0 Python/3.10 configured -- resuming
normal operations
[Tue Nov 22 00:20:13.514804 2022] [core:notice] [pid 49892:tid
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:23:57.862865 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00493: SIGUSR1 received. Doing
graceful restart
[Tue Nov 22 00:23:57.937161 2022] [mpm_event:notice] [pid
49892:tid 140450581641088] AH00489: Apache/2.4.52 (Ubuntu)
OpenSSL/3.0.2 mod_wsgi/4.9.0 Python/3.10 configured -- resuming
normal operations
[Tue Nov 22 00:23:57.937192 2022] [core:notice] [pid 49892:tid
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:23:59.938800 2022] [mpm_event:error] [pid 49892:tid
140450581641088] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.
[Tue Nov 22 00:24:00.939954 2022] [mpm_event:error] [pid 49892:tid
140450581641088] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.


With event, ServerLimit should be larger than 
MaxRequestWorkers/ThreadsPerChild not equal to it. It only matters 
when processes exit and are replaced.
This allows slow to exit processes to be managed alongside their 
replacement processes.


...


ServerLimit 16

    StartServers    16
    MinSpareThreads 400
    MaxSpareThreads 250
    ThreadLimit 64
    ThreadsPerChild 50
    AsyncRequestWorkerFactor    2
    MaxRequestWorkers   800
    MaxConnectionsPerChild  0



I would start with ServerLimit 24 or 32. Nothing has to change along 
with it.


Many thanks Eric. 32 it is!

Cheers

Mike



--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature

[users@httpd] Error AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit

2022-11-22 Thread Mike Dewhirst 
Can anyone suggest some mpm_event.conf settings for a lightly loaded 
DigitalOcean Ubuntu 2022.04 LTS droplet with 8GB of RAM and a "dedicated 
CPU"?


I just had to restart Apache which crashed around 22:22 UTC. There is 
8Mb of the above error in the log.


This is the plain Apache2 error.log rather than the named website error 
log which only shows expected errors such as reCaptcha errors.


It seems to have started filling the scoreboard 24 minutes after 
logrotate. The first ten log entries after logrotate are ...


[Tue Nov 22 00:00:01.934987 2022] [mpm_event:notice] [pid 49892:tid 
140450581641088] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 
mod_wsgi/4.9.0 Python/3.10 configured -- resuming normal operations
[Tue Nov 22 00:00:01.935032 2022] [core:notice] [pid 49892:tid 
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:20:13.411015 2022] [mpm_event:notice] [pid 49892:tid 
140450581641088] AH00493: SIGUSR1 received.  Doing graceful restart
[Tue Nov 22 00:20:13.514771 2022] [mpm_event:notice] [pid 49892:tid 
140450581641088] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 
mod_wsgi/4.9.0 Python/3.10 configured -- resuming normal operations
[Tue Nov 22 00:20:13.514804 2022] [core:notice] [pid 49892:tid 
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:23:57.862865 2022] [mpm_event:notice] [pid 49892:tid 
140450581641088] AH00493: SIGUSR1 received.  Doing graceful restart
[Tue Nov 22 00:23:57.937161 2022] [mpm_event:notice] [pid 49892:tid 
140450581641088] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 
mod_wsgi/4.9.0 Python/3.10 configured -- resuming normal operations
[Tue Nov 22 00:23:57.937192 2022] [core:notice] [pid 49892:tid 
140450581641088] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 22 00:23:59.938800 2022] [mpm_event:error] [pid 49892:tid 
140450581641088] AH03490: scoreboard is full, not at 
MaxRequestWorkers.Increase ServerLimit.
[Tue Nov 22 00:24:00.939954 2022] [mpm_event:error] [pid 49892:tid 
140450581641088] AH03490: scoreboard is full, not at 
MaxRequestWorkers.Increase ServerLimit.


Then later ...

[Tue Nov 22 22:28:52.526681 2022] [mpm_event:error] [pid 75:tid 
140011041032064] AH03490: scoreboard is full, not at 
MaxRequestWorkers.Increase ServerLimit.
[Tue Nov 22 22:28:52.526899 2022] [mpm_event:notice] [pid 75:tid 
140011041032064] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Nov 22 22:28:55.888384 2022] [core:warn] [pid 75:tid 
140011041032064] AH00045: child process 113420 still did not exit, 
sending a SIGTERM


... more of the same ...

[Tue Nov 22 22:28:59.893773 2022] [core:warn] [pid 75:tid 
140011041032064] AH00045: child process 113426 still did not exit, 
sending a SIGTERM
[Tue Nov 22 22:29:01.896130 2022] [core:error] [pid 75:tid 
140011041032064] AH00046: child process 113420 still did not exit, 
sending a SIGKILL


... more of the same ...

[Tue Nov 22 22:29:01.896389 2022] [core:error] [pid 75:tid 
140011041032064] AH00046: child process 113426 still did not exit, 
sending a SIGKILL


... I assume this is where I said restart ...

[Tue Nov 22 22:29:03.09 2022] [mpm_event:notice] [pid 122709:tid 
139966049515392] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 
mod_wsgi/4.9.0 Python/3.10 configured -- resuming normal operations
[Tue Nov 22 22:29:03.055753 2022] [core:notice] [pid 122709:tid 
139966049515392] AH00094: Command line: '/usr/sbin/apache2'


... and no errors since.

Below is the server-status after restart and below that is my current 
mpm_event.conf


Many thanks

Mike

Server Version: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 mod_wsgi/4.9.0 
Python/3.10


Server MPM: event
Server Built: 2022-09-30T04:09:50



Current Time: Tuesday, 22-Nov-2022 22:41:35 UTC
Restart Time: Tuesday, 22-Nov-2022 22:29:03 UTC
Parent Server Config. Generation: 1
Parent Server MPM Generation: 0
Server uptime: 12 minutes 32 seconds
Server load: 0.00 0.00 0.00
Total accesses: 14 - Total Traffic: 121 kB - Total Duration: 10274
CPU Usage: u10.91 s.38 cu0 cs0 - 1.5% CPU load
.0186 requests/sec - 164 B/second - 8.6 kB/request - 733.857 ms/request
1 requests currently being processed, 449 idle workers

SlotPID StoppingConnections Threads Async 
connections
total   accepting   busyidlewriting keep-alive  closing
0   122713  no  0   yes 0   50  0   0   0
1   122714  no  0   yes 0   50  0   0   0
2   122715  no  0   yes 0   50  0   0   0
3   122716  no  0   yes 0   50  0   0   0
4   122717  no  0   yes 0   50  0   0   0
5   123029  no  0   yes 0   50  0   0   0
6   123082  no  0   yes 0   50  0   0   0
7   123083  no  0   yes 1   49

Re: [users@httpd] Is Apache 2.4.7 newer than 2.4.54

2022-11-02 Thread Mike Dewhirst 

Further to things working, I just saw the following entry in syslog ...

Nov  2 23:53:59 xx apachectl[70750]: AH00513: WARNING: MaxRequestWorkers of 
400 is not an integer multiple of ThreadsPerChild of 250, decreasing to nearest 
multiple 250, for a maximum of 1 servers.


Could you please comment on the following changes I just made to 
mpm_event.conf ...




     ServerLimit 16
     StartServers    3
     MinSpareThreads 75
     MaxSpareThreads 250
     ThreadLimit 750# 500   
     ThreadsPerChild 250
     AsyncRequestWorkerFactor    2
     MaxRequestWorkers   1000   # 400
     MaxConnectionsPerChild  0



Thanks

Mike


On 30/10/2022 3:14 pm, Mike Dewhirst wrote:

On 28/10/2022 10:42 am, Mike Dewhirst wrote:

On 27/10/2022 2:55 am, Frank Gingras wrote:
The defaults in the docs really cater to a low-traffic server; 
perhaps there should be a note to that effect.


On Wed, 26 Oct 2022 at 01:47, Mike Dewhirst  
wrote:


On 26/10/2022 12:45 pm, Frank Gingras wrote:

You could temporarily increase your ThreadsPerChild, as 25 is
extremely low and increases the chances of that bug occurring.


Thanks Frank

These are the adjustments I made ...

    ThreadLimit 500 #64
    ThreadsPerChild 250 #25



This seems to have worked ...

Server uptime: 1 day 17 hours 23 minutes 47 seconds


Server uptime: 3 days 21 hours 57 minutes 33 seconds

Sadly I have to restart the machine for security updates so I'll have 
to start the count again. But it is looking good!




Many thanks Frank


:-)




Mike



The server is not heavily used other than by script-kiddies
looking for php hacks. My next project is to find some way to
black-hole anything with php or wp in the request. Maybe a
redirect to google or something.



I'd have to find out what fix applies to this bug, and why your
installation is still vulnerable. Perhaps your distro used
backports.


I can't answer such questions.

But the defaults were very restrictive originally - set by
DigitalOcean I suppose. I changed them to the defaults specified
in the Apache docs - per the comment lines in my original post.

Thanks for responding so quickly.

Cheers

mike



On Tue, 25 Oct 2022 at 20:02, Mike Dewhirst
 wrote:

My Apache 2.4.52 is crashing with a bug apparently
eliminated in 2.4.7.

Server Version: Apache/2.4.52 (Ubuntu 2022.04) OpenSSL/3.0.2
mod_wsgi/4.9.0 Python/3.10
Server MPM: event
Server Built: 2022-06-14T12:30:21

DigitalOcean droplet 8GB memory, dedicated CPU.

The log says ...
[Mon Oct 24 04:50:35.867241 2022] [mpm_event:error] [pid
904:tid
140622640994176] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.

mpm-event.conf ...
# event MPM
# ServerLimit: Upper limit on configurable number of
processes (default 16)
# StartServers: initial number of server processes to start
(default 3)
# MinSpareThreads: minimum number of worker threads which
are kept spare
(default 75)
# MaxSpareThreads: maximum number of worker threads which
are kept spare
(default 250)
# ThreadLimit: upper limit on the configurable number of
threads per
child process (default 64)
# ThreadsPerChild: constant number of worker threads in
each server
process (default 25)
# MaxRequestWorkers: maximum number of worker threads
(ServerLimit*ThreadsPerChild)
# MaxConnectionsPerChild: maximum number of requests a
server process serves

     ServerLimit            16
     StartServers            3
     MinSpareThreads            75
     MaxSpareThreads            250
     ThreadLimit            64
     ThreadsPerChild            25
     AsyncRequestWorkerFactor    2
     MaxRequestWorkers        400
     MaxConnectionsPerChild        0






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-- 
Signed email is an absolute defence against phishing. This email has

been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.




--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key y

Re: [users@httpd] Is Apache 2.4.7 newer than 2.4.54

2022-10-29 Thread Mike Dewhirst 

On 28/10/2022 10:42 am, Mike Dewhirst wrote:

On 27/10/2022 2:55 am, Frank Gingras wrote:
The defaults in the docs really cater to a low-traffic server; 
perhaps there should be a note to that effect.


On Wed, 26 Oct 2022 at 01:47, Mike Dewhirst  
wrote:


On 26/10/2022 12:45 pm, Frank Gingras wrote:

You could temporarily increase your ThreadsPerChild, as 25 is
extremely low and increases the chances of that bug occurring.


Thanks Frank

These are the adjustments I made ...

    ThreadLimit 500 #64
    ThreadsPerChild 250 #25



This seems to have worked ...

Server uptime: 1 day 17 hours 23 minutes 47 seconds


Server uptime: 3 days 21 hours 57 minutes 33 seconds

Sadly I have to restart the machine for security updates so I'll have to 
start the count again. But it is looking good!




Many thanks Frank


:-)




Mike



The server is not heavily used other than by script-kiddies
looking for php hacks. My next project is to find some way to
black-hole anything with php or wp in the request. Maybe a
redirect to google or something.



I'd have to find out what fix applies to this bug, and why your
installation is still vulnerable. Perhaps your distro used
backports.


I can't answer such questions.

But the defaults were very restrictive originally - set by
DigitalOcean I suppose. I changed them to the defaults specified
in the Apache docs - per the comment lines in my original post.

Thanks for responding so quickly.

Cheers

mike



On Tue, 25 Oct 2022 at 20:02, Mike Dewhirst
 wrote:

My Apache 2.4.52 is crashing with a bug apparently
eliminated in 2.4.7.

Server Version: Apache/2.4.52 (Ubuntu 2022.04) OpenSSL/3.0.2
mod_wsgi/4.9.0 Python/3.10
Server MPM: event
Server Built: 2022-06-14T12:30:21

DigitalOcean droplet 8GB memory, dedicated CPU.

The log says ...
[Mon Oct 24 04:50:35.867241 2022] [mpm_event:error] [pid
904:tid
140622640994176] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.

mpm-event.conf ...
# event MPM
# ServerLimit: Upper limit on configurable number of
processes (default 16)
# StartServers: initial number of server processes to start
(default 3)
# MinSpareThreads: minimum number of worker threads which
are kept spare
(default 75)
# MaxSpareThreads: maximum number of worker threads which
are kept spare
(default 250)
# ThreadLimit: upper limit on the configurable number of
threads per
child process (default 64)
# ThreadsPerChild: constant number of worker threads in each
server
process (default 25)
# MaxRequestWorkers: maximum number of worker threads
(ServerLimit*ThreadsPerChild)
# MaxConnectionsPerChild: maximum number of requests a
server process serves

     ServerLimit            16
     StartServers            3
     MinSpareThreads            75
     MaxSpareThreads            250
     ThreadLimit            64
     ThreadsPerChild            25
     AsyncRequestWorkerFactor    2
     MaxRequestWorkers        400
     MaxConnectionsPerChild        0






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-- 
Signed email is an absolute defence against phishing. This email has

been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.




--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.


--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature

Re: [users@httpd] Is Apache 2.4.7 newer than 2.4.54

2022-10-27 Thread Mike Dewhirst 

On 27/10/2022 2:55 am, Frank Gingras wrote:
The defaults in the docs really cater to a low-traffic server; perhaps 
there should be a note to that effect.


On Wed, 26 Oct 2022 at 01:47, Mike Dewhirst  wrote:

On 26/10/2022 12:45 pm, Frank Gingras wrote:

You could temporarily increase your ThreadsPerChild, as 25 is
extremely low and increases the chances of that bug occurring.


Thanks Frank

These are the adjustments I made ...

    ThreadLimit 500 #64
    ThreadsPerChild 250 #25



This seems to have worked ...

Server uptime: 1 day 17 hours 23 minutes 47 seconds

Many thanks Frank

Mike



The server is not heavily used other than by script-kiddies
looking for php hacks. My next project is to find some way to
black-hole anything with php or wp in the request. Maybe a
redirect to google or something.



I'd have to find out what fix applies to this bug, and why your
installation is still vulnerable. Perhaps your distro used backports.


I can't answer such questions.

But the defaults were very restrictive originally - set by
DigitalOcean I suppose. I changed them to the defaults specified
in the Apache docs - per the comment lines in my original post.

Thanks for responding so quickly.

Cheers

mike



On Tue, 25 Oct 2022 at 20:02, Mike Dewhirst
 wrote:

My Apache 2.4.52 is crashing with a bug apparently eliminated
in 2.4.7.

Server Version: Apache/2.4.52 (Ubuntu 2022.04) OpenSSL/3.0.2
mod_wsgi/4.9.0 Python/3.10
Server MPM: event
Server Built: 2022-06-14T12:30:21

DigitalOcean droplet 8GB memory, dedicated CPU.

The log says ...
[Mon Oct 24 04:50:35.867241 2022] [mpm_event:error] [pid 904:tid
140622640994176] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.

mpm-event.conf ...
# event MPM
# ServerLimit: Upper limit on configurable number of
processes (default 16)
# StartServers: initial number of server processes to start
(default 3)
# MinSpareThreads: minimum number of worker threads which are
kept spare
(default 75)
# MaxSpareThreads: maximum number of worker threads which are
kept spare
(default 250)
# ThreadLimit: upper limit on the configurable number of
threads per
child process (default 64)
# ThreadsPerChild: constant number of worker threads in each
server
process (default 25)
# MaxRequestWorkers: maximum number of worker threads
(ServerLimit*ThreadsPerChild)
# MaxConnectionsPerChild: maximum number of requests a server
process serves

     ServerLimit            16
     StartServers            3
     MinSpareThreads            75
     MaxSpareThreads            250
     ThreadLimit            64
     ThreadsPerChild            25
     AsyncRequestWorkerFactor    2
     MaxRequestWorkers        400
     MaxConnectionsPerChild        0






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-- 
Signed email is an absolute defence against phishing. This email has

been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.




--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature

Re: [users@httpd] Is Apache 2.4.7 newer than 2.4.54

2022-10-25 Thread Mike Dewhirst 

On 26/10/2022 12:45 pm, Frank Gingras wrote:
You could temporarily increase your ThreadsPerChild, as 25 is 
extremely low and increases the chances of that bug occurring.


Thanks Frank

These are the adjustments I made ...

    ThreadLimit 500 #64
    ThreadsPerChild 250 #25

The server is not heavily used other than by script-kiddies looking for 
php hacks. My next project is to find some way to black-hole anything 
with php or wp in the request. Maybe a redirect to google or something.




I'd have to find out what fix applies to this bug, and why your 
installation is still vulnerable. Perhaps your distro used backports.


I can't answer such questions.

But the defaults were very restrictive originally - set by DigitalOcean 
I suppose. I changed them to the defaults specified in the Apache docs - 
per the comment lines in my original post.


Thanks for responding so quickly.

Cheers

mike



On Tue, 25 Oct 2022 at 20:02, Mike Dewhirst  wrote:

My Apache 2.4.52 is crashing with a bug apparently eliminated in
2.4.7.

Server Version: Apache/2.4.52 (Ubuntu 2022.04) OpenSSL/3.0.2
mod_wsgi/4.9.0 Python/3.10
Server MPM: event
Server Built: 2022-06-14T12:30:21

DigitalOcean droplet 8GB memory, dedicated CPU.

The log says ...
[Mon Oct 24 04:50:35.867241 2022] [mpm_event:error] [pid 904:tid
140622640994176] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.

mpm-event.conf ...
# event MPM
# ServerLimit: Upper limit on configurable number of processes
(default 16)
# StartServers: initial number of server processes to start
(default 3)
# MinSpareThreads: minimum number of worker threads which are kept
spare
(default 75)
# MaxSpareThreads: maximum number of worker threads which are kept
spare
(default 250)
# ThreadLimit: upper limit on the configurable number of threads per
child process (default 64)
# ThreadsPerChild: constant number of worker threads in each server
process (default 25)
# MaxRequestWorkers: maximum number of worker threads
(ServerLimit*ThreadsPerChild)
# MaxConnectionsPerChild: maximum number of requests a server
process serves

     ServerLimit            16
     StartServers            3
     MinSpareThreads            75
     MaxSpareThreads            250
     ThreadLimit            64
     ThreadsPerChild            25
     AsyncRequestWorkerFactor    2
     MaxRequestWorkers        400
     MaxConnectionsPerChild        0






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature

[users@httpd] Is Apache 2.4.7 newer than 2.4.54

2022-10-25 Thread Mike Dewhirst 

My Apache 2.4.52 is crashing with a bug apparently eliminated in 2.4.7.

Server Version: Apache/2.4.52 (Ubuntu 2022.04) OpenSSL/3.0.2 
mod_wsgi/4.9.0 Python/3.10

Server MPM: event
Server Built: 2022-06-14T12:30:21

DigitalOcean droplet 8GB memory, dedicated CPU.

The log says ...
[Mon Oct 24 04:50:35.867241 2022] [mpm_event:error] [pid 904:tid 
140622640994176] AH03490: scoreboard is full, not at 
MaxRequestWorkers.Increase ServerLimit.


mpm-event.conf ...
# event MPM
# ServerLimit: Upper limit on configurable number of processes (default 16)
# StartServers: initial number of server processes to start (default 3)
# MinSpareThreads: minimum number of worker threads which are kept spare 
(default 75)
# MaxSpareThreads: maximum number of worker threads which are kept spare 
(default 250)
# ThreadLimit: upper limit on the configurable number of threads per 
child process (default 64)
# ThreadsPerChild: constant number of worker threads in each server 
process (default 25)
# MaxRequestWorkers: maximum number of worker threads 
(ServerLimit*ThreadsPerChild)

# MaxConnectionsPerChild: maximum number of requests a server process serves

    ServerLimit            16
    StartServers            3
    MinSpareThreads            75
    MaxSpareThreads            250
    ThreadLimit            64
    ThreadsPerChild            25
    AsyncRequestWorkerFactor    2
    MaxRequestWorkers        400
    MaxConnectionsPerChild        0






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [EMAIL PROTECTED] Newbie Help

2006-03-29 Thread Mike Dewhirst 

John Barrett wrote:

Hi,
I am hoping somebody could point me to a good book for learning how  to 
configure Apache 2?


I bought Apache Security by Ivan Ristic published by O'Reilly. I too am 
a newbie and I found it excellent.


I am brand new to using Apache. I just got a mac powerbook, but want  to 
use apache 2 over the default of Apache 1.3.
Therefore, I want to learn how to make Apache 2 run the system. I did  a 
package install so it installed Apache 2 in a different location.


You can install it wherever you like on Linux or Windows. I don't know 
much about Mac except that it runs on a version of Unix (BSD?) which 
probably means you can put it wherever you like on a Mac too.


Good luck

Mike



Thanks,
John

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] serving pdf

2006-03-06 Thread Mike Dewhirst 

Boyle Owen wrote:

-Original Message-
From: Mike Dewhirst [mailto:[EMAIL PROTECTED] 
Sent: Sonntag, 5. März 2006 06:17

To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] serving pdf

How do I serve pdf output from python scripts directly to the user's 
browser?



The main thing is to set the mime type header so that the browser knows what to 
expect, eg:

Content-type: application/pdf

It would also help if the extension is ".pdf" (The content-type is supposed to 
be authoritative but some browsers get mixed up if the extension doesn't match it).


Owen

Thanks heaps. I'm on to it.

Mike




Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 




I know I can write the output to a pdf file and then serve an 
intermediate page containing a link or button for the user to 
click but 
I want to bypass that step.


The pdf output contains info the user wants to remain private so it 
would be brilliant to avoid writing it as a file then linking 
to it. I 
suppose I could delete the file afterwards if I'm forced to 
go that way.


Also, we don't want the user to be able to alter the content 
hence html 
output - although easy - is not the way to go.


Thanks for hints or links to more info. Professor Google 
hasn't been so 
helpful so far.


Mike

-
The official User-To-User support forum of the Apache HTTP 
Server Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] serving pdf

2006-03-04 Thread Mike Dewhirst 
How do I serve pdf output from python scripts directly to the user's 
browser?


I know I can write the output to a pdf file and then serve an 
intermediate page containing a link or button for the user to click but 
I want to bypass that step.


The pdf output contains info the user wants to remain private so it 
would be brilliant to avoid writing it as a file then linking to it. I 
suppose I could delete the file afterwards if I'm forced to go that way.


Also, we don't want the user to be able to alter the content hence html 
output - although easy - is not the way to go.


Thanks for hints or links to more info. Professor Google hasn't been so 
helpful so far.


Mike

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Internet Web Server/Client Guru needed!!

2005-11-23 Thread Mike Dewhirst 

bruce wrote:

Hi...


Try Ivan Ristic's Apache Security published by O'Reilly. Ivan says on 
page 82 that SSL with both server and client authentication is the only 
solution to MITM attacks.


I would start with his book then seek out a guru. I'd know much better 
what to ask. I think Apache Security is brilliant.


Good luck

Mike



I'm working on a project, and need to know if there's anyone who's a guru
with Web Server/Client interactions. Basically, I'm trying to get a much
better/deeper understanding of the HTTP protocols defining the information
that is sent/transfered between the web server/client browser apps.

I'm also interested in understanding what the various information is that
gets transfered between the apps, as well as understanding what information
can be spoofed/altered on the client side, as it goes back to the server.

I know about the querystring information (post/get/request/etc...). I'm more
interested in the information that can be sent/viewed behind the scenes like
header, ip addresses, mac addresses, machine IDs, etc... I'm also trying to
understand just how much information can be seen by the web srever, from the
browser/client app. At the same time, I'm curious as to just what the web
server can get from the client app. All of this applies to me trying to get
a better understanding of 'man in the middle attacks' as they apply to
server/browser communications.

Searching google isn't getting me what i really want!!

So, if you have the skills/expertise in this area, and you're willing to
talk to me for a few minutes, I'd appreciate it. As stated, the underlying
reason for the questions is to get a better understanding of 'man in the
middle attacks' as this applies to web server apps.

Thanks

bruce
[EMAIL PROTECTED]



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] [SOLVED] basic auth config

2005-11-16 Thread Mike Dewhirst 

Mike Dewhirst wrote:

Mike Dewhirst wrote:


Boyle Owen wrote:


-Original Message-
From: Mike Dewhirst [mailto:[EMAIL PROTECTED]




Some people are convinced the Earth is flat but that don't make it so 
:-) By far the most likely reason for your problem still is that 
apache is misconfigured.


My deepest most dyslexic apologies for wasting your bandwidth. The error 
log gave me the answer /svr/... is not /srv/...


Sorry one and all

Mike




You are still right and I am up a gum tree.

I can edit my Basic Auth entry realm and see it change in the userid 
dialog in the browser so I at least know SuSE Linux 9.1, Apache 2.0.53 
is reading what I write. However none of my password attempts work. I 
even started a spurious thread (sorry!) before checking the error_log.


httpd -t returns Syntax OK

Here are some relevant error_log entries ...

[Thu Nov 17 11:02:37 2005] [error] [client 192.168.0.29] Could not fetch 
resource information.  [301, #0]
[Thu Nov 17 11:02:37 2005] [error] [client 192.168.0.29] (84)Invalid or 
incomplete multibyte or wide character: Requests for a collection must 
have a trailing slash on the URI.  [301, #0]


This was another machine which I used to access one of the subversion 
repositories successfully. I didn't know it produced these errors until 
I checked for the basic auth errors below!




[Thu Nov 17 11:14:27 2005] [error] [client 192.168.0.38] (2)No such file 
or directory: Could not open password file: 
/svr/www/data/pwl/academics/memb
[Thu Nov 17 11:14:27 2005] [error] [client 192.168.0.38] user miked not 
found: /auth/mcfs/




That /svr/www/data/pwl/academics/memb password file definitely exists 
and all the permissions are OK (775) and owner of every directory in 
that path and the memb file itself is wwwrun.www


The Basic Auth config is as follows ...

#

Alias /auth/mcfs/srv/www/htdocs/auth/mcfs

#

Order allow,deny
Allow from all

#

AuthType Basic
AuthName "Academics"
AuthUserFile /svr/www/data/pwl/academics/memb
Require valid-user

#

Here are the modules apache loads from 
/etc/apache2/sysconfig.d/loadmodule.conf ...


#
# Files in this directory are created at apache start time by 
/usr/sbin/rcapache2.

# Do not edit them!
#

# as listed in APACHE_MODULES (/etc/sysconfig/apache2)

LoadModule access_module /usr/lib/apache2-prefork/mod_access.so
LoadModule actions_module /usr/lib/apache2-prefork/mod_actions.so
LoadModule alias_module /usr/lib/apache2-prefork/mod_alias.so
LoadModule asis_module /usr/lib/apache2-prefork/mod_asis.so
LoadModule auth_module /usr/lib/apache2-prefork/mod_auth.so
LoadModule autoindex_module /usr/lib/apache2-prefork/mod_autoindex.so
LoadModule cgi_module /usr/lib/apache2-prefork/mod_cgi.so
LoadModule dav_module /usr/lib/apache2-prefork/mod_dav.so
LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module   /usr/lib/apache2/mod_authz_svn.so
LoadModule dir_module /usr/lib/apache2-prefork/mod_dir.so
LoadModule env_module /usr/lib/apache2-prefork/mod_env.so
LoadModule imap_module /usr/lib/apache2-prefork/mod_imap.so
LoadModule include_module /usr/lib/apache2-prefork/mod_include.so
LoadModule log_config_module /usr/lib/apache2-prefork/mod_log_config.so
LoadModule mime_module /usr/lib/apache2-prefork/mod_mime.so
LoadModule negotiation_module /usr/lib/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module /usr/lib/apache2-prefork/mod_setenvif.so
LoadModule status_module /usr/lib/apache2-prefork/mod_status.so
#

As previously indicated, subversion is working perfectly with this 
configuration. It calls for a Basic Auth userid and password which work 
fine and generously let me see the contents of the repositories despite 
the errors shown in the log. However, as you can see, passwords are 
stored elsewhere. Here is the working subversion.conf ...


# subversion
# see /usr/share/doc/packages/subversion for the full documentation
#


Alias /repos/srv/svn/html

#

Options Indexes +Multiviews -FollowSymLinks
IndexOptionsFancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
Order allow,deny
Allow from all

#

DAV svn
SVNParentPath /srv/svn/repos
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "repositories"
AuthUserFile /srv/svn/user_access/auth-file
AuthzSVNAccessFile /srv/svn/user_access/access-policy
Require valid-user


#

I really appreciate your help.

Thanks

Mike








I have a couple of points you might like to consider:

1) Your config structure is complicated (/etc/Apache2/httpd.conf 
includes /etc/Apache2/default_server.conf and 
/etc/Apache2/con

Re: [EMAIL PROTECTED] basic auth config

2005-11-16 Thread Mike Dewhirst 

Mike Dewhirst wrote:

Boyle Owen wrote:


-Original Message-
From: Mike Dewhirst [mailto:[EMAIL PROTECTED]


Some people are convinced the Earth is flat but that don't make it so 
:-) By far the most likely reason for your problem still is that 
apache is misconfigured.


You are still right and I am up a gum tree.

I can edit my Basic Auth entry realm and see it change in the userid 
dialog in the browser so I at least know SuSE Linux 9.1, Apache 2.0.53 
is reading what I write. However none of my password attempts work. I 
even started a spurious thread (sorry!) before checking the error_log.


httpd -t returns Syntax OK

Here are some relevant error_log entries ...

[Thu Nov 17 11:02:37 2005] [error] [client 192.168.0.29] Could not fetch 
resource information.  [301, #0]
[Thu Nov 17 11:02:37 2005] [error] [client 192.168.0.29] (84)Invalid or 
incomplete multibyte or wide character: Requests for a collection must 
have a trailing slash on the URI.  [301, #0]


This was another machine which I used to access one of the subversion 
repositories successfully. I didn't know it produced these errors until 
I checked for the basic auth errors below!




[Thu Nov 17 11:14:27 2005] [error] [client 192.168.0.38] (2)No such file 
or directory: Could not open password file: /svr/www/data/pwl/academics/memb
[Thu Nov 17 11:14:27 2005] [error] [client 192.168.0.38] user miked not 
found: /auth/mcfs/




That /svr/www/data/pwl/academics/memb password file definitely exists 
and all the permissions are OK (775) and owner of every directory in 
that path and the memb file itself is wwwrun.www


The Basic Auth config is as follows ...

#

Alias /auth/mcfs/srv/www/htdocs/auth/mcfs

#

Order allow,deny
Allow from all

#

AuthType Basic
AuthName "Academics"
AuthUserFile /svr/www/data/pwl/academics/memb
Require valid-user

#

Here are the modules apache loads from 
/etc/apache2/sysconfig.d/loadmodule.conf ...


#
# Files in this directory are created at apache start time by 
/usr/sbin/rcapache2.

# Do not edit them!
#

# as listed in APACHE_MODULES (/etc/sysconfig/apache2)

LoadModule access_module 
/usr/lib/apache2-prefork/mod_access.so
LoadModule actions_module 
/usr/lib/apache2-prefork/mod_actions.so
LoadModule alias_module 
/usr/lib/apache2-prefork/mod_alias.so
LoadModule asis_module 
/usr/lib/apache2-prefork/mod_asis.so
LoadModule auth_module 
/usr/lib/apache2-prefork/mod_auth.so
LoadModule autoindex_module 
/usr/lib/apache2-prefork/mod_autoindex.so
LoadModule cgi_module 
/usr/lib/apache2-prefork/mod_cgi.so
LoadModule dav_module 
/usr/lib/apache2-prefork/mod_dav.so

LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module   /usr/lib/apache2/mod_authz_svn.so
LoadModule dir_module 
/usr/lib/apache2-prefork/mod_dir.so
LoadModule env_module 
/usr/lib/apache2-prefork/mod_env.so
LoadModule imap_module 
/usr/lib/apache2-prefork/mod_imap.so
LoadModule include_module 
/usr/lib/apache2-prefork/mod_include.so
LoadModule log_config_module 
/usr/lib/apache2-prefork/mod_log_config.so
LoadModule mime_module 
/usr/lib/apache2-prefork/mod_mime.so
LoadModule negotiation_module 
/usr/lib/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module 
/usr/lib/apache2-prefork/mod_setenvif.so
LoadModule status_module 
/usr/lib/apache2-prefork/mod_status.so

#

As previously indicated, subversion is working perfectly with this 
configuration. It calls for a Basic Auth userid and password which work 
fine and generously let me see the contents of the repositories despite 
the errors shown in the log. However, as you can see, passwords are 
stored elsewhere. Here is the working subversion.conf ...


# subversion
# see /usr/share/doc/packages/subversion for the full documentation
#


Alias /repos/srv/svn/html

#

Options Indexes +Multiviews -FollowSymLinks
IndexOptionsFancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
Order allow,deny
Allow from all

#

DAV svn
SVNParentPath /srv/svn/repos
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "repositories"
AuthUserFile /srv/svn/user_access/auth-file
AuthzSVNAccessFile /srv/svn/user_access/access-policy
Require valid-user


#

I really appreciate your help.

Thanks

Mike








I have a couple of points you might like to consider:

1) Your config structure is complicated (/etc/Apache2/httpd.conf 
includes /etc/Apache2/default_server.conf and 
/etc/Apache2/conf.d/basic_auth.conf... I think?). There's nothing 
wrong in principle with using Include but it does lead to complicated 
configs where the order and po

[EMAIL PROTECTED] passwords for basic auth

2005-11-16 Thread Mike Dewhirst 
How can I force Apache2 to use existing crypt-generated passwords for 
BasicAuth and which are currently working fine on Apache 1.3.


I am going to be migrating a lot of password lists to Apache2 and I'd 
like it to be a silent migration.


Thanks

Mike

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] basic auth config

2005-11-16 Thread Mike Dewhirst 

Boyle Owen wrote:

-Original Message-
From: Mike Dewhirst [mailto:[EMAIL PROTECTED]

I'm convinced Apache 2.0.53 doesn't work as advertised in the 
docs when 
you try to get Basic Auth working without a .htaccess file.



Some people are convinced the Earth is flat but that don't make it so :-) By 
far the most likely reason for your problem still is that apache is 
misconfigured.


Owen and Joshua

You were right - it was misconfigured somehow. I started again with 
copies of the original confs and carefully re-did what had been done 
previously. I don't know what was different but it suddenly started 
giving me 403 errors.


I cranked up Apache 2.0.54 on my Windows laptop and proved that basic 
auth worked there (except for the passwords).


Back with SuSE I moved that basic auth stuff into the main file as Owen 
suggested and tried using an Alias and Location instead of Directory. I 
got nowhere until I accidentally commented out the Alias and the 
Location suddenly worked (see below)


I moved all the bits and pieces back out to the include files the way 
SuSE seems to like it and proved that it still fired up OK. I changed 
the Authname each time and watched it appear correctly in the browser 
dialog.


Here are my actual working results ...

# With Alias uncommented  gives Error 403
# With Alias commented out  basic auth works
#
# Alias /auth/mcfs/ "/svr/www/htdocs/auth/mcfs/"


AuthType Basic
AuthName "Academix"
AuthUserFile /svr/www/data/pwl/academics/memb
Require valid-user


# With both Alias and  commented and
#  uncommented Basic auth just doesn't
# happen - although it does in Windows Apache2
#
#
#AuthType Basic
#AuthName "Academix"
#AuthUserFile /svr/www/data/pwl/academics/memb
#Require valid-user
#
#

I have a problem with passwords but I'll start another thread for that.

Thanks again

Mike





I have a couple of points you might like to consider:

1) Your config structure is complicated (/etc/Apache2/httpd.conf includes /etc/Apache2/default_server.conf and /etc/Apache2/conf.d/basic_auth.conf... I think?). There's nothing wrong in principle with using Include but it does lead to complicated configs where the order and positioning of the Include statements becomes vitally important. Your "directive having no effect" problem is typical of a misconfiguration in such a set up. As an exercise, open up a copy of the main config file in an editor and then, using cut'n'paste, replace the Includes with the actual contents of the subsidiary config files. This will produce a single, flat config which is what apache sees. Read that - does it seem to make sense? 


Having said that, I believe you have moved the Auth directives into the main 
config and they are still apparently ignored.

2) You are still a bit ambiguous about how apache is started... I get the impression that you routinely start it using "apache2ctl start". But when you test it 
to see if the syntax error is reported, you use "./httpd". Look inside apache2ctl (it is just a shell script) - does it have a "-f" argument to 
"httpd"? If so, this is the config file apache uses. When you start with "./httpd" on the command line, apache uses a compiled-in path to the config 
file. To see this, do "./httpd -V" and check the lines "HTTPD_ROOT" and "SERVER_CONFIG_FILE". Is this the same as in "apache2ctl"?

3) Could it be that there are two virtual hosts leading to the same content? 
Eg, if you set up VH1 and VH2 with the same (or overlapping) docroots and then 
put all your Auth directives under VH2, they would be ignored if the URL 
actually led to the content via VH1. This could happen if you screwed up the 
ServerName in VH2 (because then, apache serves any unidentified request from 
VH1 by default)...

4) Do you have a "Satisfy Any" directive anywhere in any config file? You stated earlier 
that you didn't understand this directive so it shouldn't be in use anywhere. If it is, you realise 
that it switches off password challenges from "Allowed" users...


I can get it to request a userid and password with AllowOverride 
AuthConfig and using a .htaccess file.



This is a definate indication that apache is either not reading the file 
containing these directives or the directory block containing them is not being 
read when parsing the request (ie, the request is going through a different VH).

As a final thought, just to convince yourself that apache does work as advertised, make a 
little hello_world website. Just one file (index.html) containing "hello world" 
in one dir (eg /tmp/hello_world). Config file:

/tmp/hw.conf contains:

DocumentRoot /tmp/hello_world

  Allow from all


(leave everything else as default)

and start it with:

./httpd -f /tmp/hw.conf

Test it (http://local

Re: [EMAIL PROTECTED] basic auth config

2005-11-14 Thread Mike Dewhirst 

Boyle Owen wrote:

-Original Message-
From: Mike Dewhirst [mailto:[EMAIL PROTECTED]

I'm convinced Apache 2.0.53 doesn't work as advertised in the 
docs when 
you try to get Basic Auth working without a .htaccess file.



Some people are convinced the Earth is flat but that don't make it so :-) By 
far the most likely reason for your problem still is that apache is 
misconfigured.


Owen

What I meant was I'm convinced I can't get it work :(  :) But you've 
inspired me to try again.


I inherited that complicated config structure from SuSE. My Windows XP 
Apache config is in single file and much easier to follow. It will take 
me a while because it's bedtime now and I've got appointments all day 
tomorrow. But I'll report back as accurately as I can.


Thanks for helping.

Regards

mike



I have a couple of points you might like to consider:

1) Your config structure is complicated (/etc/Apache2/httpd.conf includes /etc/Apache2/default_server.conf and /etc/Apache2/conf.d/basic_auth.conf... I think?). There's nothing wrong in principle with using Include but it does lead to complicated configs where the order and positioning of the Include statements becomes vitally important. Your "directive having no effect" problem is typical of a misconfiguration in such a set up. As an exercise, open up a copy of the main config file in an editor and then, using cut'n'paste, replace the Includes with the actual contents of the subsidiary config files. This will produce a single, flat config which is what apache sees. Read that - does it seem to make sense? 


Having said that, I believe you have moved the Auth directives into the main 
config and they are still apparently ignored.

2) You are still a bit ambiguous about how apache is started... I get the impression that you routinely start it using "apache2ctl start". But when you test it 
to see if the syntax error is reported, you use "./httpd". Look inside apache2ctl (it is just a shell script) - does it have a "-f" argument to 
"httpd"? If so, this is the config file apache uses. When you start with "./httpd" on the command line, apache uses a compiled-in path to the config 
file. To see this, do "./httpd -V" and check the lines "HTTPD_ROOT" and "SERVER_CONFIG_FILE". Is this the same as in "apache2ctl"?

3) Could it be that there are two virtual hosts leading to the same content? 
Eg, if you set up VH1 and VH2 with the same (or overlapping) docroots and then 
put all your Auth directives under VH2, they would be ignored if the URL 
actually led to the content via VH1. This could happen if you screwed up the 
ServerName in VH2 (because then, apache serves any unidentified request from 
VH1 by default)...

4) Do you have a "Satisfy Any" directive anywhere in any config file? You stated earlier 
that you didn't understand this directive so it shouldn't be in use anywhere. If it is, you realise 
that it switches off password challenges from "Allowed" users...


I can get it to request a userid and password with AllowOverride 
AuthConfig and using a .htaccess file.



This is a definate indication that apache is either not reading the file 
containing these directives or the directory block containing them is not being 
read when parsing the request (ie, the request is going through a different VH).

As a final thought, just to convince yourself that apache does work as advertised, make a 
little hello_world website. Just one file (index.html) containing "hello world" 
in one dir (eg /tmp/hello_world). Config file:

/tmp/hw.conf contains:

DocumentRoot /tmp/hello_world

  Allow from all


(leave everything else as default)

and start it with:

./httpd -f /tmp/hw.conf

Test it (http://localhost/)

Now add the Auth directives to the Directory block above. Does it work now?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 






Which brings me to a followup question ...

It doesn't like the passwords in the password file. They work 
fine under 
Apache 1.3 on my ISP's Linux server. I used htpasswd to create the 
passwords.


Is there way to force Apache2 to use DES or whatever Apache 1.3 is 
comfortable with?


Thanks for being there

Mike


Mike Dewhirst wrote:


Joshua Slive wrote:



On 11/12/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:



Does apache2ctl confirm that httpd actually reads that 


file on startup?




Depends on how httpd normally gets started.  If it is started using
apache2ctl, then that is a good indication.



OK - on investigation it ain't apachectl. It is httpd. I 


ran httpd -t 


and it complained about FooBar Nonsense too.

So - we are definitely reading the conf files. That means ...

1. I'm not reaching the right directory - Yes I am. 100% sure.

2. Some sort of caching? 10

Re: [EMAIL PROTECTED] basic auth config

2005-11-13 Thread Mike Dewhirst 

Joshua

I'm convinced Apache 2.0.53 doesn't work as advertised in the docs when 
you try to get Basic Auth working without a .htaccess file.


I can get it to request a userid and password with AllowOverride 
AuthConfig and using a .htaccess file.


Which brings me to a followup question ...

It doesn't like the passwords in the password file. They work fine under 
Apache 1.3 on my ISP's Linux server. I used htpasswd to create the 
passwords.


Is there way to force Apache2 to use DES or whatever Apache 1.3 is 
comfortable with?


Thanks for being there

Mike


Mike Dewhirst wrote:

Joshua Slive wrote:


On 11/12/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:



Does apache2ctl confirm that httpd actually reads that file on startup?




Depends on how httpd normally gets started.  If it is started using
apache2ctl, then that is a good indication.



OK - on investigation it ain't apachectl. It is httpd. I ran httpd -t 
and it complained about FooBar Nonsense too.


So - we are definitely reading the conf files. That means ...

1. I'm not reaching the right directory - Yes I am. 100% sure.

2. Some sort of caching? 100% no way. I've tried four different browsers 
on three different machines.


3. Apache is reading the conf but ignoring the directive for some reason

What else do I need for Basic Auth to work?

As it happens, I have subversion running via apache on that machine and 
when I access it from a foreign machine it asks me to authenticate. I 
have copied subversion.conf below. Maybe I should copy that?


Modules? I deleted all files in /etc/apache2/sysconfig.d and restarted 
the computer whereupon we got a brand-new loadmodule.conf ...


#
# Files in this directory are created at apache start time by 
/usr/sbin/rcapache2.

# Do not edit them!
#

# as listed in APACHE_MODULES (/etc/sysconfig/apache2)

LoadModule access_module /usr/lib/apache2-prefork/mod_access.so
LoadModule actions_module /usr/lib/apache2-prefork/mod_actions.so
LoadModule alias_module /usr/lib/apache2-prefork/mod_alias.so
LoadModule asis_module /usr/lib/apache2-prefork/mod_asis.so
LoadModule auth_module /usr/lib/apache2-prefork/mod_auth.so
LoadModule autoindex_module /usr/lib/apache2-prefork/mod_autoindex.so
LoadModule cgi_module /usr/lib/apache2-prefork/mod_cgi.so
LoadModule dav_module /usr/lib/apache2-prefork/mod_dav.so
LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module   /usr/lib/apache2/mod_authz_svn.so
LoadModule dir_module /usr/lib/apache2-prefork/mod_dir.so
LoadModule env_module /usr/lib/apache2-prefork/mod_env.so
LoadModule imap_module /usr/lib/apache2-prefork/mod_imap.so
LoadModule include_module /usr/lib/apache2-prefork/mod_include.so
LoadModule log_config_module /usr/lib/apache2-prefork/mod_log_config.so
LoadModule mime_module /usr/lib/apache2-prefork/mod_mime.so
LoadModule negotiation_module /usr/lib/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module /usr/lib/apache2-prefork/mod_setenvif.so
#


Here is /etc/apache2/conf.d/subversion.conf

# see /usr/share/doc/packages/subversion for the full documentation
#



##
## project related HTML files
##

  Alias /repos/srv/svn/html


Options Indexes +Multiviews -FollowSymLinks
IndexOptionsFancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize

order allow,deny
allow from all


   DAV svn
   SVNParentPath /srv/svn/repos
   AuthzSVNAccessFile /srv/svn/user_access/access-policy
   #
   # how to authenticate users
   AuthType Basic
   AuthName "repositories"
   AuthUserFile /srv/svn/user_access/auth-file
   Require valid-user
   #

   # move 'Require valid-user' to here
   # to provide public read only access
   # and require a valid user for GET etc below
   
  #
   











Joshua.

-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] basic auth config

2005-11-12 Thread Mike Dewhirst 

Joshua Slive wrote:

On 11/12/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:



Does apache2ctl confirm that httpd actually reads that file on startup?



Depends on how httpd normally gets started.  If it is started using
apache2ctl, then that is a good indication.


OK - on investigation it ain't apachectl. It is httpd. I ran httpd -t 
and it complained about FooBar Nonsense too.


So - we are definitely reading the conf files. That means ...

1. I'm not reaching the right directory - Yes I am. 100% sure.

2. Some sort of caching? 100% no way. I've tried four different browsers 
on three different machines.


3. Apache is reading the conf but ignoring the directive for some reason

What else do I need for Basic Auth to work?

As it happens, I have subversion running via apache on that machine and 
when I access it from a foreign machine it asks me to authenticate. I 
have copied subversion.conf below. Maybe I should copy that?


Modules? I deleted all files in /etc/apache2/sysconfig.d and restarted 
the computer whereupon we got a brand-new loadmodule.conf ...


#
# Files in this directory are created at apache start time by 
/usr/sbin/rcapache2.

# Do not edit them!
#

# as listed in APACHE_MODULES (/etc/sysconfig/apache2)

LoadModule access_module 
/usr/lib/apache2-prefork/mod_access.so
LoadModule actions_module 
/usr/lib/apache2-prefork/mod_actions.so
LoadModule alias_module 
/usr/lib/apache2-prefork/mod_alias.so
LoadModule asis_module 
/usr/lib/apache2-prefork/mod_asis.so
LoadModule auth_module 
/usr/lib/apache2-prefork/mod_auth.so
LoadModule autoindex_module 
/usr/lib/apache2-prefork/mod_autoindex.so
LoadModule cgi_module 
/usr/lib/apache2-prefork/mod_cgi.so
LoadModule dav_module 
/usr/lib/apache2-prefork/mod_dav.so

LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module   /usr/lib/apache2/mod_authz_svn.so
LoadModule dir_module 
/usr/lib/apache2-prefork/mod_dir.so
LoadModule env_module 
/usr/lib/apache2-prefork/mod_env.so
LoadModule imap_module 
/usr/lib/apache2-prefork/mod_imap.so
LoadModule include_module 
/usr/lib/apache2-prefork/mod_include.so
LoadModule log_config_module 
/usr/lib/apache2-prefork/mod_log_config.so
LoadModule mime_module 
/usr/lib/apache2-prefork/mod_mime.so
LoadModule negotiation_module 
/usr/lib/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module 
/usr/lib/apache2-prefork/mod_setenvif.so

#


Here is /etc/apache2/conf.d/subversion.conf

# see /usr/share/doc/packages/subversion for the full documentation
#



##
## project related HTML files
##

  Alias /repos/srv/svn/html


Options Indexes +Multiviews -FollowSymLinks
IndexOptionsFancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize

order allow,deny
allow from all


   DAV svn
   SVNParentPath /srv/svn/repos
   AuthzSVNAccessFile /srv/svn/user_access/access-policy
   #
   # how to authenticate users
   AuthType Basic
   AuthName "repositories"
   AuthUserFile /srv/svn/user_access/auth-file
   Require valid-user
   #

   # move 'Require valid-user' to here
   # to provide public read only access
   # and require a valid user for GET etc below
   
  #
   











Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] basic auth config

2005-11-11 Thread Mike Dewhirst 

Joshua Slive wrote:

2) looking at the wrong config file;



Lets go back to what Nick asked you.  Your answer to him was
ambiguous.  When you put some random garbage in the config file (like
a directive FooBar that doesn't exist) and restarted the server, did
you or did you not receive an error message saying that there was a
syntax error.  If not, you are not editting the correct config file.



OK - I didn't get enough time to go back to square one but I stuck some 
garbage back into /etc/apache2/conf.d/basic_auth.conf as follows ...



Deny from all
AuthType Basic
AuthName "MCFS Academics"
AuthUserFile /svr/www/data/pwl/academics/memb
Require valid-user
FooBar Nonsense


... and then tried ...

# /usr/sbin/apache2ctl configtest
Syntax error on line 7 of /etc/apache2/conf.d/basic_auth.conf:
Invalid command 'FooBar', perhaps mis-spelled or defined by a module not 
included in the server configuration

#

Does apache2ctl confirm that httpd actually reads that file on startup?

Mike






Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] basic auth config

2005-11-10 Thread Mike Dewhirst 

Joshua Slive wrote:

On 11/10/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:



2) looking at the wrong config file;

Not sure about that. I'm gunna strip things back and try to start from
scratch.



Lets go back to what Nick asked you.  Your answer to him was
ambiguous.  When you put some random garbage in the config file (like
a directive FooBar that doesn't exist) and restarted the server, did
you or did you not receive an error message saying that there was a
syntax error.  If not, you are not editting the correct config file.


I had to go out when I wrote 'I'm gunna ...' (above) and I have just got 
back after a tough day.


I did put some klslxlkfgdskhg garbage in and nothing strange happened. 
Nothing showed up in the error_log. I totally agree with your deduction 
that I'm editing the wrong file and I'll tip-toe through all the changes 
I made since day one and see if I can see a foo poops which might have 
caused it.


Thanks again

Mike



Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] basic auth config

2005-11-10 Thread Mike Dewhirst 

Joshua Slive wrote:

On 11/10/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:


They are identical. There was no trailing slash but sticking that in
made no difference anyway so I took it out again.



It would help if you gave us the exact error message.  Sometimes a few
hundred more eyes can find things that you missed.




Note - I have left out swathes of shutting down and resuming where I 
tried different things as explained originally


[Fri Nov 11 07:51:59 2005] [error] [client 192.168.0.38] File does not 
exist: /srv/www/htdocs/auth/mcfs/x.html

[Fri Nov 11 07:55:21 2005] [notice] SIGHUP received.  Attempting to restart
[Fri Nov 11 07:55:21 2005] [notice] Apache/2.0.53 (Linux/SUSE) 
configured -- resuming normal operations
[Fri Nov 11 07:56:03 2005] [error] [client 192.168.0.38] File does not 
exist: /srv/www/htdocs/auth/mcfs/x.html
[Fri Nov 11 08:38:27 2005] [error] [client 192.168.0.22] File does not 
exist: /srv/www/htdocs/auth/mcfs/x.html







When you say "made no difference", I'm assuming that the problem is
that you get no prompt for authentication and are given the file
directly? 


True

 And this is true even trying from a different computer (to

eliminate possible caching problems)?


192.168.0.22 is my desktop WinXP
192.168.0.38 is my laptop WinXP



Try putting "Deny from all" in that directory block to see if that has
an effect.  


Nothing apparent.

If it doesn't, you are most likely either

1) using the wrong directory;

Definitely OK

2) looking at the wrong config file;

Not sure about that. I'm gunna strip things back and try to start from 
scratch.


or 3) not reaching the server from the client because of some caching 
issue.


Defintely not caching

Thanks

Mike



Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] basic auth config

2005-11-10 Thread Mike Dewhirst 

Joshua Slive wrote:

On 11/10/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:


Nick Kew wrote:


On Thursday 10 November 2005 09:56, Mike Dewhirst wrote:




In /etc/Apache2/conf.d - basic_auth.conf which only contains ...



Check that that's being included.  Put some random junk in -
if you don't get a syntax error, that's the problem.


I did that but everything seemed as previously. I then put the contents
of basic_auth.conf into default_server.conf but no joy. Then I put it it
in httpd.conf and still nothing.




Next try requesting a non-existent file in that directory and check
what the error_log says about the actual path it is looking at.  See
if that path corresponds to the path in your  section.


They are identical. There was no trailing slash but sticking that in 
made no difference anyway so I took it out again.


Thanks

:(

Mike



Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] basic auth config

2005-11-10 Thread Mike Dewhirst 

Nick Kew wrote:

On Thursday 10 November 2005 09:56, Mike Dewhirst wrote:



In /etc/Apache2/conf.d - basic_auth.conf which only contains ...



Check that that's being included.  Put some random junk in -
if you don't get a syntax error, that's the problem.


I did that but everything seemed as previously. I then put the contents 
of basic_auth.conf into default_server.conf but no joy. Then I put it it 
in httpd.conf and still nothing.











# forbid access to the entire filesystem by default




You didn't quote any Satisfy directive.  I should put Satisfy All
in there to make it a system-wide default.


Did that too. Didn't understand it but it didn't seem to do anything. 
I'll head for bed and see whether my brain works in the morning.


Thanks Nick

Mike








-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] basic auth config

2005-11-10 Thread Mike Dewhirst 
I'm attempting to set up basic auth without .htaccess files and cannot 
see where I'm going wrong. I haven't tried it with .htaccess because I 
don't particularly want to use them.


I have read the mod_auth and Authorization and Access Control docs as 
well as Chapter 2 of Ivan Ristic's Apache Security. I'm not claiming I 
have actually understood everything I read but I think I've done what is 
required.


In addition, I checked that all the directories nominated are correct. I 
also restarted the computer (SuSE 9.1) as well as the server (2.0.53) 
and the browser on a networked machine. Several times.


The actual problem is that I can browse to a file in the directory and 
it it comes up without requesting authorization.


The config info I have been tweaking is listed below.

Thanks for any advice.

Regards

mike

...

In /etc/Apache2/conf.d - basic_auth.conf which only contains ...


AuthType Basic
AuthName "MCFS Action"
AuthUserFile /svr/www/data/pwl/action/memb
Require valid-user


All *.conf files in that directory are definitely processed by Apache. I 
know this because the Subversion.conf file is in there and that works 
well. Apache is working perfectly - the problem is mine.


Here is an edited extract of my /etc/Apache2/httpd.conf ...

# forbid access to the entire filesystem by default

Options None
AllowOverride None
Order deny,allow
Deny from all

#

Here is an edited extract of my /etc/Apache2/default_server.conf ...

#
DocumentRoot "/srv/www/htdocs"
#

Options None
AllowOverride None
Order allow,deny
Allow from all



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Access log stops [Thanks]

2005-08-07 Thread Mike Dewhirst 

Joshua Slive wrote:

On 8/7/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:


Including CoreDumpDirectory (/var/log/Apache2/ set to wwwrun and www
group and user) didn't collect any info. That directory remains empty to
this day.



You need to set ulimit and possibly kernel parameters to make sure
that the user running apache (generally root) can dump core.




Here is the last set of accesses in access_log before it goes silent ...



I have never heard of any bug in apache that would cause access logs
not to be written.  The most likely cause is a bad configuration. 
Check your CustomLog directives.


Spot on. access_log has restarted.

I (or Kate or Kwrite) had inadvertently inserted a carriage-return in 
the conf file at that point. I went through everything and found a few 
more word-wrapped lines with hard returns and fixed them.


I'm about to retry mod_python

Thanks heaps

mike



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Access log stops - might be a mod_python symptom

2005-08-07 Thread Mike Dewhirst 
My Apache2.0.53-5.1 on SuSE 9.1 has stopped logging accesses. Can anyone 
help please? (TIA)


Apache is running fine for my Subversion repositories which are also 
being accessed by other people.


It happened on 25 July which I think is contemporaneous with my attempts 
to include mod_python. Joshua suggested I set the CoreDumpDirectory in 
httpd.conf to catch a bug because including mod_python in the list 
clobbered Subversion and Apache's children threw tantrums. As it 
happened time escaped me; I needed Subversion so I removed mod_python 
and put repositories back on-line.


Including CoreDumpDirectory (/var/log/Apache2/ set to wwwrun and www 
group and user) didn't collect any info. That directory remains empty to 
this day.


Today when I discovered that the access log had stopped (error log is 
OK) I removed the CoreDumpDirectory directive and restarted Apache, 
access Subversion from a remote machine and checked to find no access 
entries.


I stopped Apache, deleted access_log and tried again but it would not 
even recreate the access log.


I stopped the machine and restarted with the same results.

Thank you for any help - more detail below.

Mike


Here are my existing (since 24 July) modules ...

# 05410 added dav, dav_svn and authz_svn
# 05724 removed last module in list - php4
# 05724 apppended python  - prevented subversion from working
# 05724 removed python  - subversion now working
APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dav 
dav_svn authz_svn dir env expires include log_config mime negotiation 
setenvif ssl userdir"


Here is the last set of accesses in access_log before it goes silent ...

192.168.0.37 - miked [25/Jul/2005:23:36:36 -0700] "PROPFIND 
/repos/xfiles/xwiz/wip95 HTTP/1.1" 207 704 "-" "SVN/1.1.4 (r13838) 
neon/0.24.7"
192.168.0.37 - miked [25/Jul/2005:23:36:37 -0700] "PROPFIND 
/repos/xfiles/!svn/vcc/default HTTP/1.1" 207 408 "-" "SVN/1.1.4 (r13838) 
neon/0.24.7"
192.168.0.37 - miked [25/Jul/2005:23:36:37 -0700] "PROPFIND 
/repos/xfiles/!svn/bln/194 HTTP/1.1" 207 463 "-" "SVN/1.1.4 (r13838) 
neon/0.24.7"
192.168.0.37 - miked [25/Jul/2005:23:36:38 -0700] "PROPFIND 
/repos/xfiles/xwiz/wip95 HTTP/1.1" 207 704 "-" "SVN/1.1.4 (r13838) 
neon/0.24.7"
192.168.0.37 - miked [25/Jul/2005:23:36:38 -0700] "REPORT 
/repos/xfiles/!svn/vcc/default HTTP/1.1" 200 643 "-" "SVN/1.1.4 (r13838) 
neon/0.24.7"


-0700 means my SuSE box had a dud time setting because Melbourne 
Australia should be -1000 but hey ... that should made local time around 
16:36. It is now fixed and showing the correct time.


Here is the complete error log from a few entries before the above 
guessed 16:36 time to the end of the day (sorry for the bandwidth 
consumption) ...


[Mon Jul 25 15:16:13 2005] [notice] caught SIGTERM, shutting down
[Mon Jul 25 15:25:48 2005] [warn] Init: Session Cache is not configured 
[hint: SSLSessionCache]
[Mon Jul 25 15:25:48 2005] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec2)
[Mon Jul 25 15:25:48 2005] [notice] mod_python: Creating 32 session 
mutexes based on 150 max processes and 0 max threads.
[Mon Jul 25 15:25:48 2005] [notice] Apache/2.0.53 (Linux/SUSE) 
configured -- resuming normal operations
[Mon Jul 25 15:32:19 2005] [notice] child pid 3102 exit signal 
Segmentation fault (11)
[Mon Jul 25 15:32:32 2005] [notice] child pid 3103 exit signal 
Segmentation fault (11)
[Mon Jul 25 15:42:32 2005] [notice] child pid 3104 exit signal 
Segmentation fault (11)

# assuming the access log was working prior to this ... hour or so gap
[Mon Jul 25 17:26:31 2005] [notice] child pid 3105 exit signal 
Segmentation fault (11)
[Mon Jul 25 17:54:46 2005] [notice] child pid 3106 exit signal 
Segmentation fault (11)
[Mon Jul 25 17:58:53 2005] [warn] child process 3797 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 3940 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 4120 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 4157 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 3784 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 3797 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 3940 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 4120 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 4157 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:53 2005] [warn] child process 3784 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:54 2005] [warn] child process 3797 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:54 2005] [warn] child process 3940 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:54 2005] [warn] child process 4120 still did not exit, 
sending a SIGTERM
[Mon Jul 25 17:58:54 2005] [warn] child process 4157 still did not exit,

Re: [EMAIL PROTECTED] mod_python stops subversion

2005-07-25 Thread Mike Dewhirst 

Joshua Slive wrote:

On 7/25/05, Mike Dewhirst <[EMAIL PROTECTED]> wrote:


I got a hint from the subversion list that I could maybe post this here.
Any advice appreciated.

Overview

I just added mod_python to apache2 and my subversion repositories are no
longer accessible via TortoiseSVN. Update returns the following error ...

PROPFIND request failed on '/repos/xfiles/wip95'
PROPFIND of '/repos/xfiles/wip95': Could not read status line:
connection was closed by server. (http://svn.domain.com)

I can remove the offending module and everything works again.




[Mon Jul 25 12:15:57 2005] [notice] child pid 3110 exit signal
Segmentation fault (11)



Well, this means there is definitely a bug someplace.  The easiest way
to find it would be to find the core dump (see the CoreDumpDirectory
directive) 


Having checked the docs I decided to make it /var/log/apache2/coredump 
and put the directive at the end of httpd.conf.


I noticed that the log directory is owned by root and the group is root 
as well. The logs themselves are rw-r--r--. They contain data so does 
this mean Apache writes its logs with root privileges?


/etc/apache2/uid.conf indicates wwwrun and www as the userid and group 
and the first directive in httpd.conf is Include /etc/apache2/uid.conf.


Does this mean something is broken?



and get a backtrace to see who is at fault.


Should I (I'll try it) include mod_backtrace in the list of modules?

Thanks

Mike




Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] mod_python stops subversion

2005-07-24 Thread Mike Dewhirst 
I got a hint from the subversion list that I could maybe post this here. 
Any advice appreciated.


Overview

I just added mod_python to apache2 and my subversion repositories are no
longer accessible via TortoiseSVN. Update returns the following error ...

PROPFIND request failed on '/repos/xfiles/wip95'
PROPFIND of '/repos/xfiles/wip95': Could not read status line:
connection was closed by server. (http://svn.domain.com)

I can remove the offending module and everything works again.

Questions

1. Is it possible for Apache to serve both?

2. If so, where do I start looking for help?

Thanks

Mike

Information (sorry for the verbosity)

Server

SuSE 9.1
Subversion 1.1.3-7.1
Apache 2.0.53-5.1
mod_python 3.1.3-37.6

SuSE claims all package dependencies are OK

Client

Windows XP Pro SP1 and fully updated (except for SP2)
TortoiseSVN 1.1.5, Build 2990, UNICODE
Subversion 1.1.4,
apr 0.9.5
apr-iconv 0.9.5
apr-utils 0.9.5
berkeley db 4.2.52
neon 0.24.7
OpenSSL 0.9.7e 25 Oct 2004
zlib 1.2.2

Here is the bit I edit to add or remove mod_python ...


# 05724 -> removed last module in list - php4
# 05724 -> apppended python
APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dav
dav_svn authz_svn dir env expires include log_config mime negotiation
setenvif ssl suexec userdir python"


When it is added this is written by Apache  ...

#
# Files in this directory are created at apache start time by
/usr/sbin/rcapache2.
# Do not edit them!
#
# as listed in APACHE_MODULES (/etc/sysconfig/apache2)
LoadModule access_module
/usr/lib/apache2-prefork/mod_access.so
LoadModule actions_module
/usr/lib/apache2-prefork/mod_actions.so
LoadModule alias_module
/usr/lib/apache2-prefork/mod_alias.so
LoadModule auth_module
/usr/lib/apache2-prefork/mod_auth.so
LoadModule auth_dbm_module
/usr/lib/apache2-prefork/mod_auth_dbm.so
LoadModule autoindex_module
/usr/lib/apache2-prefork/mod_autoindex.so
LoadModule cgi_module
/usr/lib/apache2-prefork/mod_cgi.so
LoadModule dav_module
/usr/lib/apache2-prefork/mod_dav.so
LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module   /usr/lib/apache2/mod_authz_svn.so
LoadModule dir_module
/usr/lib/apache2-prefork/mod_dir.so
LoadModule env_module
/usr/lib/apache2-prefork/mod_env.so
LoadModule expires_module
/usr/lib/apache2-prefork/mod_expires.so
LoadModule include_module
/usr/lib/apache2-prefork/mod_include.so
LoadModule log_config_module
/usr/lib/apache2-prefork/mod_log_config.so
LoadModule mime_module
/usr/lib/apache2-prefork/mod_mime.so
LoadModule negotiation_module
/usr/lib/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module
/usr/lib/apache2-prefork/mod_setenvif.so
LoadModule ssl_module
/usr/lib/apache2-prefork/mod_ssl.so
LoadModule suexec_module
/usr/lib/apache2-prefork/mod_suexec.so
LoadModule userdir_module
/usr/lib/apache2-prefork/mod_userdir.so
LoadModule python_module  /usr/lib/apache2/mod_python.so
#


Here is the result after restarting Apache ...


[Mon Jul 25 12:11:46 2005] [warn] Init: Session Cache is not configured
[hint: SSLSessionCache]
[Mon Jul 25 12:11:46 2005] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec2)
[Mon Jul 25 12:11:47 2005] [notice] mod_python: Creating 32 session
mutexes based on 150 max processes and 0 max threads.
[Mon Jul 25 12:11:47 2005] [notice] Apache/2.0.53 (Linux/SUSE)
configured -- resuming normal operations

# and when trying to update a working copy via TortoiseSVN

[Mon Jul 25 12:15:57 2005] [notice] child pid 3110 exit signal
Segmentation fault (11)




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] mod_python configuration problem

2005-07-24 Thread Mike Dewhirst 
I'm having trouble configuring mod_python and have struck a black hole 
of ignorance.


I want httpd2  to rewrite its files in /etc/apache2/sysconfig.d so I can 
see that the changes I am making in /etc/sysconfig/apache2 are actually 
happening. I am shutting down and starting up between changes.


I tried renaming /etc/apache2/sysconfig.d to /etc/apache2/sysconfigx.x 
and creating a new empty /etc/apache2/sysconfig.d but it doesn't seem to 
to want to recreate the contents.


Should it?

Any help appreciated

Thanks

Mike


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [users@httpd] win 2K install problem

2005-05-18 Thread Mike Dewhirst 
Matt Daniel wrote:
sorry did not finish the sentence 
I have installed the same software, on the same network on another machine I have that is a WinXp and less "modern"  and that works fine, so I assume there is no network rights type problems

 

-Original Message-
From: Matt Daniel 
Sent: Thursday, 19 May 2005 2:15 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] win 2K install problem


Hi 

I am trying to install apache 2 on my win 2k machine and the install gets stuck on 
"Creating shortcuts". 
IIRC, you can opt to avoid "Creating shortcuts"
Maybe that will let it complete (optimism pays sometimes :) )
Mike
The install will stall with the bar graph all most at the end and will then time out. 

I have installed the same software, on the same network on another machine I have that is a WinXp and less "modern" 

I have tried install for both all users and current user. 
I have shut all programs down 
I have rebooted 

Is there something I could have running that could affect the install ? 

Thanks 
Matt 

Installing on a work network. 
On my local PC 
I have admin rights to the PC 
The PC 
Dell Precision 340 
2.2 GHz 
1 Gig Ram 
C: 1x18 Gig SCSI 
D: 1x120 Gig EIDE 
X: CD-RW 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]