You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Caio james <ca...@intric.com> on 2002/07/09 23:49:02 UTC
Virtual Hosts Issue
Hello,
I am using redhat 72 with a self compiled apache 1.3.26 with php421,
mod_ssl, mod_perl, and coldfusion 5.
I have added several virtual hosts on one IP address and those hosts
work as they should. However, when I add a virtual host that is on a
different IP (an IP that is on a virtual interface), apache does not
start.
Using apachectl startssl, the response I get is only:
/usr/local/apache/bin/apachectl startssl: httpd started
Yet, apache is NOT running at all. The configuration does work, however,
if I use the standard start command instead of startssl.
My httpd.conf file is located here if you would like to check it out:
http://65.86.205.132/~caiojames/httpd.conf
Thanks in advance for any help you can give me.
Caio
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Virtual Hosts Issue
Posted by ap...@dinoneil.com.
You need to gather more information. Trial and error will help you to
narrow down what is causing your server to die. From what you have
already reported, it sounds like your server is only dying when using
startssl with your startup script. Looking at a stock apachctl script, I
take note of the following:
HTTPD=/usr/local/apache/bin/httpd
startssl|sslstart|start-SSL)
if [ $RUNNING -eq 1 ]; then
echo "$0 $ARG: httpd (pid $PID) already running"
continue
fi
if $HTTPD -DSSL; then
echo "$0 $ARG: httpd started"
else
echo "$0 $ARG: httpd could not be started"
ERROR=3
fi
;;
If you are starting your server with a similar script, then your script is
running "/usr/local/apache/bin/httpd -DSSL" when startssl is used. You
might want to try this on your own to see what happens.
At this point I am assuming that your httpd process is dying only when
-DSSL is passed via startssl. What does the -DSSL argument do? Hmm,
lets run httpd with --help to see what happens.
/usr/local/apache/bin/httpd --help
Usage: httpd [-D name] [-d directory] [-f file]
[-C "directive"] [-c "directive"]
[-v] [-V] [-h] [-l] [-L] [-S] [-t] [-T] [-F]
Options:
-D name : define a name for use in <IfDefine name> directives
-d directory : specify an alternate initial ServerRoot
-f file : specify an alternate ServerConfigFile
-C "directive" : process directive before reading config files
-c "directive" : process directive after reading config files
-v : show version number
-V : show compile settings
-h : list available command line options (this page)
-l : list compiled-in modules
-L : list available configuration directives
-S : show parsed settings (currently only vhost settings)
-t : run syntax check for config files (with docroot check)
-T : run syntax check for config files (without docroot check)
-F : run main process in foreground, for process supervisors
So if "-D name" defines a name for use in <IfDefine name> directives, then
-DSSL will let you define <IfDefine SSL> containers for configuration
directives.
Looking at your config file, I see that you actually have only a few new
configuration directives within <IfDefine SSL> containers.
<IfDefine SSL>
LoadModule coldfusion_module /opt/coldfusion/webserver/apache/mod_coldfusion.so
LoadModule ssl_module libexec/libssl.so
LoadModule dav_module libexec/libdav.so
LoadModule php4_module libexec/libphp4.so
</IfDefine>
<IfDefine SSL>
AddModule mod_coldfusion.c
AddModule mod_ssl.c
AddModule mod_dav.c
AddModule mod_php4.c
</IfDefine>
<IfDefine SSL>
Listen 80
Listen 443
Listen 65.86.205.132
Listen 65.86.205.135
</IfDefine>
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
It is this set of configurations that is killing you server. I see that
you are loading mod_coldfusion.so, libssl.so, libdav.so, and libphp4.so
only when you use startssl. Your other directives seem pretty innocuous
to me, so I would focus on your modules. From here you need to narrow the
problem down.
My guess is that your SSL module was somehow compiled with a conflict with
one of your other modules. Try loading these modules one at a time to see
which are causing your server to die. You may also want to check to see
if any of you these modules were are also compiled with some form of SSL
support.
Tom
On Wed, 10 Jul 2002, Caio James wrote:
> Here is the error that shows up in my error_log when I attempt to start
> apache with 2 name based virtual hosts on 2 separate IPs:
>
> [Tue Jul 9 14:53:51 2002] [notice] caught SIGTERM, shutting down
> [Tue Jul 9 14:53:57 2002] [notice] Apache/1.3.26 (Unix) mod_perl/1.27
> PHP/4.2.1 DAV/1.0.3 mod_ssl/2.8.10 OpenSSL/0.9.6b configured -- resuming
> normal operations
> [Tue Jul 9 14:53:57 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
>
> This might as well be Swahili to me. I recognize some of the terms, but the
> meaning of the error is not clear to me.
>
> Thanks,
>
> Caio
>
> > From: <ap...@dinoneil.com>
> > Reply-To: users@httpd.apache.org
> > Date: Tue, 9 Jul 2002 17:59:38 -0700 (PDT)
> > To: <us...@httpd.apache.org>
> > Subject: Re: Virtual Hosts Issue
> >
> >
> > There are a couple of issues that you might be experiencing.
> >
> > Firstly, when you start apachectl with the startssl parameter, your
> > apachectl script is probably starting the apache daemon with the -DSSL
> > option. This tells apache to define a name for use in <IfDefine name>
> > directives. Your httpd.conf file probably looks something like this:
> >
> > <IfDefine SSL>
> > LoadModule ssl_module libexec/libssl.so
> > </IfDefine>
> > .
> > .
> > .
> > <IfDefine SSL>
> > AddModule mod_ssl.c
> > </IfDefine>
> >
> > This tells apache that if it was started with the SSL option defined
> > (-DSSL) then execute the directive within this IfDefine container. So
> > when you use startssl, apache is probably trying to load your SSL module
> > and failing for some reason. Your error_log will hopefully tell you what
> > is happening. You could also try running "httpd -DSSL" by hand to see
> > what might be wrong. If you get a segmentation fault, then you probably
> > have a conflict between your SSL module and another module. You might try
> > commenting out unused modules to find the problem. It is also possible
> > that you have other configurations within <IfDefine SSL> containers that
> > are breaking your server config only when they are included due to the use
> > of startssl.
> >
> > The next problem you may be up against is the use of SSL with name-based
> > vhosts. You say that you are running several virtual hosts on one IP
> > address, which implies that you are using name-based vhosts (unless you
> > are running them off of different ports). If your goal is to have these
> > same vhosts each accessible via SSL, then you have a terminal problem.
> > Keep in mind that name based vhosts depend on the Host: header sent by the
> > client in the HTTP message. Due to the nature of HTTP over SSL, the SSL
> > portion of the connection is set up first. The hostname of your web site
> > will be sent to the client within your SSL server certificate and before
> > the HTTP request (with Host: header) is even sent to the server. Because
> > of this, your SSL configurations will essentially turn your name based
> > vhost configurations back into a regular IP based vhost config. And, if
> > memory serves me correctly, all of you name based vhosts on that IP
> > address will be merged together, essentially causing repeated directives
> > to overwrite one another.
> >
> > Hope this helps,
> > Tom
> >
> >
> > On Tue, 9 Jul 2002, Caio james wrote:
> >
> >> Hello,
> >>
> >> I am using redhat 72 with a self compiled apache 1.3.26 with php421,
> >> mod_ssl, mod_perl, and coldfusion 5.
> >>
> >> I have added several virtual hosts on one IP address and those hosts
> >> work as they should. However, when I add a virtual host that is on a
> >> different IP (an IP that is on a virtual interface), apache does not
> >> start.
> >>
> >> Using apachectl startssl, the response I get is only:
> >>
> >> /usr/local/apache/bin/apachectl startssl: httpd started
> >>
> >> Yet, apache is NOT running at all. The configuration does work, however,
> >> if I use the standard start command instead of startssl.
> >>
> >> My httpd.conf file is located here if you would like to check it out:
> >>
> >> http://65.86.205.132/~caiojames/httpd.conf
> >>
> >> Thanks in advance for any help you can give me.
> >>
> >> Caio
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Virtual Hosts Issue
Posted by Caio James <ca...@intric.com>.
Here is the error that shows up in my error_log when I attempt to start
apache with 2 name based virtual hosts on 2 separate IPs:
[Tue Jul 9 14:53:51 2002] [notice] caught SIGTERM, shutting down
[Tue Jul 9 14:53:57 2002] [notice] Apache/1.3.26 (Unix) mod_perl/1.27
PHP/4.2.1 DAV/1.0.3 mod_ssl/2.8.10 OpenSSL/0.9.6b configured -- resuming
normal operations
[Tue Jul 9 14:53:57 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
This might as well be Swahili to me. I recognize some of the terms, but the
meaning of the error is not clear to me.
Thanks,
Caio
> From: <ap...@dinoneil.com>
> Reply-To: users@httpd.apache.org
> Date: Tue, 9 Jul 2002 17:59:38 -0700 (PDT)
> To: <us...@httpd.apache.org>
> Subject: Re: Virtual Hosts Issue
>
>
> There are a couple of issues that you might be experiencing.
>
> Firstly, when you start apachectl with the startssl parameter, your
> apachectl script is probably starting the apache daemon with the -DSSL
> option. This tells apache to define a name for use in <IfDefine name>
> directives. Your httpd.conf file probably looks something like this:
>
> <IfDefine SSL>
> LoadModule ssl_module libexec/libssl.so
> </IfDefine>
> .
> .
> .
> <IfDefine SSL>
> AddModule mod_ssl.c
> </IfDefine>
>
> This tells apache that if it was started with the SSL option defined
> (-DSSL) then execute the directive within this IfDefine container. So
> when you use startssl, apache is probably trying to load your SSL module
> and failing for some reason. Your error_log will hopefully tell you what
> is happening. You could also try running "httpd -DSSL" by hand to see
> what might be wrong. If you get a segmentation fault, then you probably
> have a conflict between your SSL module and another module. You might try
> commenting out unused modules to find the problem. It is also possible
> that you have other configurations within <IfDefine SSL> containers that
> are breaking your server config only when they are included due to the use
> of startssl.
>
> The next problem you may be up against is the use of SSL with name-based
> vhosts. You say that you are running several virtual hosts on one IP
> address, which implies that you are using name-based vhosts (unless you
> are running them off of different ports). If your goal is to have these
> same vhosts each accessible via SSL, then you have a terminal problem.
> Keep in mind that name based vhosts depend on the Host: header sent by the
> client in the HTTP message. Due to the nature of HTTP over SSL, the SSL
> portion of the connection is set up first. The hostname of your web site
> will be sent to the client within your SSL server certificate and before
> the HTTP request (with Host: header) is even sent to the server. Because
> of this, your SSL configurations will essentially turn your name based
> vhost configurations back into a regular IP based vhost config. And, if
> memory serves me correctly, all of you name based vhosts on that IP
> address will be merged together, essentially causing repeated directives
> to overwrite one another.
>
> Hope this helps,
> Tom
>
>
> On Tue, 9 Jul 2002, Caio james wrote:
>
>> Hello,
>>
>> I am using redhat 72 with a self compiled apache 1.3.26 with php421,
>> mod_ssl, mod_perl, and coldfusion 5.
>>
>> I have added several virtual hosts on one IP address and those hosts
>> work as they should. However, when I add a virtual host that is on a
>> different IP (an IP that is on a virtual interface), apache does not
>> start.
>>
>> Using apachectl startssl, the response I get is only:
>>
>> /usr/local/apache/bin/apachectl startssl: httpd started
>>
>> Yet, apache is NOT running at all. The configuration does work, however,
>> if I use the standard start command instead of startssl.
>>
>> My httpd.conf file is located here if you would like to check it out:
>>
>> http://65.86.205.132/~caiojames/httpd.conf
>>
>> Thanks in advance for any help you can give me.
>>
>> Caio
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Virtual Hosts Issue
Posted by ap...@dinoneil.com.
There are a couple of issues that you might be experiencing.
Firstly, when you start apachectl with the startssl parameter, your
apachectl script is probably starting the apache daemon with the -DSSL
option. This tells apache to define a name for use in <IfDefine name>
directives. Your httpd.conf file probably looks something like this:
<IfDefine SSL>
LoadModule ssl_module libexec/libssl.so
</IfDefine>
.
.
.
<IfDefine SSL>
AddModule mod_ssl.c
</IfDefine>
This tells apache that if it was started with the SSL option defined
(-DSSL) then execute the directive within this IfDefine container. So
when you use startssl, apache is probably trying to load your SSL module
and failing for some reason. Your error_log will hopefully tell you what
is happening. You could also try running "httpd -DSSL" by hand to see
what might be wrong. If you get a segmentation fault, then you probably
have a conflict between your SSL module and another module. You might try
commenting out unused modules to find the problem. It is also possible
that you have other configurations within <IfDefine SSL> containers that
are breaking your server config only when they are included due to the use
of startssl.
The next problem you may be up against is the use of SSL with name-based
vhosts. You say that you are running several virtual hosts on one IP
address, which implies that you are using name-based vhosts (unless you
are running them off of different ports). If your goal is to have these
same vhosts each accessible via SSL, then you have a terminal problem.
Keep in mind that name based vhosts depend on the Host: header sent by the
client in the HTTP message. Due to the nature of HTTP over SSL, the SSL
portion of the connection is set up first. The hostname of your web site
will be sent to the client within your SSL server certificate and before
the HTTP request (with Host: header) is even sent to the server. Because
of this, your SSL configurations will essentially turn your name based
vhost configurations back into a regular IP based vhost config. And, if
memory serves me correctly, all of you name based vhosts on that IP
address will be merged together, essentially causing repeated directives
to overwrite one another.
Hope this helps,
Tom
On Tue, 9 Jul 2002, Caio james wrote:
> Hello,
>
> I am using redhat 72 with a self compiled apache 1.3.26 with php421,
> mod_ssl, mod_perl, and coldfusion 5.
>
> I have added several virtual hosts on one IP address and those hosts
> work as they should. However, when I add a virtual host that is on a
> different IP (an IP that is on a virtual interface), apache does not
> start.
>
> Using apachectl startssl, the response I get is only:
>
> /usr/local/apache/bin/apachectl startssl: httpd started
>
> Yet, apache is NOT running at all. The configuration does work, however,
> if I use the standard start command instead of startssl.
>
> My httpd.conf file is located here if you would like to check it out:
>
> http://65.86.205.132/~caiojames/httpd.conf
>
> Thanks in advance for any help you can give me.
>
> Caio
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org