Date: Tue, 5 Oct 2010 16:19:03 +0100 From: David Southwell <david@vizion2000.net> To: freebsd-apache@freebsd.org Subject: Re: apache22 not starting - please help decipher a possible clue! Message-ID: <201010051619.03514.david@vizion2000.net> In-Reply-To: <201010041728.57372.david@vizion2000.net> References: <201009202025.04075.david@vizion2000.net> <AANLkTinMNtSzUKCWOqOH=uWR8SOQJKv_BfhHsfO8KFEP@mail.gmail.com> <201010041728.57372.david@vizion2000.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Phan Quoc Hien <phanquochien@gmail.com> wrote: > > On Mon, Oct 4, 2010 at 5:50 PM, David Southwell <david@vizion2000.net> > > wrote: > > > Difficulties with apache starting after recent upgrade. > > > > > > I have included some information which may be relevant; > > > > > > Some guidance would be appreciated as I cannot get the web server to > > > run. > > > > > > It seems that something must have changed with the latest upgrade as > > > there were no changes to the config. > > > Syntax is ok: > > > > > > dns1# /usr/local/sbin/apachectl -t > > > Syntax OK > > > dns1# > > > > > > > > > I have rebuilt apache22 but apache does not start as evidenced below: > > > > > > dns1# /usr/local/sbin/apachectl start > > > [Mon Oct 04 10:42:07 2010] [warn] (2)No such file or directory: Failed > > > to enable the 'dataready' Accept Filter > > > [Mon Oct 04 10:42:07 2010] [warn] (2)No such file or directory: Failed > > > to enable the 'dataready' Accept Filter > > > > > > [NOTE > > > > > > dns1# grep accf /boot/defaults/loader.conf > > > accf_data_load="NO" # Wait for data accept filter > > > accf_http_load="NO" # Wait for full HTTP request accept > > > filter However > > > but /boot/loader.conf includes the following line: > > > accf_http_load="YES" > > > > > > dns1# kldload accf_http > > > kldload: can't load accf_http: File exists > > > dns1# > > > > > > Is something weird happening here? > > > NOTE END ] > > > > > > Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog) > > > Some of your private key files are encrypted for security reasons. > > > In order to read them you have to provide the pass phrases. > > > [ NOTE I am using a self issued CA certificate which has been working > > > fine] Server www.vizion2000.net:443 (RSA) > > > Enter pass phrase: > > > > > > OK: Pass Phrase Dialog successful. > > > > > > dns1# ps -aux |grep httpd > > > root 64784 0.0 0.0 5892 1284 p1 D+ 10:42AM 0:00.00 grep > > > httpd dns1# /usr/local/sbin/apachectl restart > > > httpd not running, trying to start > > > [Mon Oct 04 10:42:41 2010] [warn] (2)No such file or directory: Failed > > > to enable the 'dataready' Accept Filter > > > [Mon Oct 04 10:42:41 2010] [warn] (2)No such file or directory: Failed > > > to enable the 'dataready' Accept Filter > > > Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog) > > > Some of your private key files are encrypted for security reasons. > > > In order to read them you have to provide the pass phrases. > > > > > > Server www.vizion2000.net:443 (RSA) > > > Enter pass phrase: > > > > > > OK: Pass Phrase Dialog successful. > > > dns1# > > > _____________________ > > > > > > Testing openssl seems to indicate certificate is fine. > > > dns1# openssl x509 -in www.vizion2000.net.crt -noout -subject > > > subject= /C=UK/ST=South Gloucestershire/L=Kingswood/O=Vizion > > > Communications/OU=IT/CN=www.vizion2000.net/emailAddress=david@vizion200 > > > 0. net dns1# > > > > Best regards, > > Mr.Hien > > Hi! > > Please add > > accf_data_load="YES" to /boot/loader.conf > > > > or try > > > > kldload accf_data.ko > > > > and run kldstat | grep accf to check it loaded? > > Thanks for the follow up. > > running kldload does deal with the data ready issue but has no effect on > the main server start problem. Below is the the output from attempt to > start the server in httpd-error.log: > > Can anyone suggest how I might trace why the server is not starting? > > Thanks in advance > David > ___________________________ > httpd-error.log > _______________________ > [NOTE: First three lines were entered into the log prior to shutting down > the system and doing a restart so the output from an initial loading > sequence into httpd-error.log could be precisely identified.] > test from here > ############################### > ################################ > [Mon Oct 04 16:25:38 2010] [info] Init: Seeding PRNG with 144 bytes of > entropy [Mon Oct 04 16:25:38 2010] [info] Loading certificate & private > key of SSL- aware server > [Mon Oct 04 16:25:38 2010] [info] Init: Requesting pass phrase via builtin > terminal dialog > [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_pphrase.c(476): encrypted RSA > private key - pass phrase requested > [Mon Oct 04 16:26:29 2010] [info] Init: Wiped out the queried pass phrases > from memory > [Mon Oct 04 16:26:29 2010] [info] Init: Generating temporary RSA private > keys (512/1024 bits) > [Mon Oct 04 16:26:29 2010] [info] Init: Generating temporary DH parameters > (512/1024 bits) > [Mon Oct 04 16:26:29 2010] [info] Init: Initializing (virtual) servers for > SSL [Mon Oct 04 16:26:29 2010] [info] Configuring server for SSL protocol > [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(465): Creating new > SSL context (protocols: SSLv2, SSLv3, TLSv1) > [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(661): Configuring > permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL] > [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(420): Configuring TLS > extension handling > [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(792): Configuring RSA > server certificate > [Mon Oct 04 16:26:29 2010] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Mon Oct 04 16:26:29 2010] [debug] ssl_engine_init.c(831): Configuring RSA > server private key > [Mon Oct 04 16:26:29 2010] [info] mod_ssl/2.2.16 compiled against Server: > Apache/2.2.16, Library: OpenSSL/1.0.0a > [Mon Oct 04 16:26:29 2010] [info] mod_unique_id: using ip addr 62.49.197.50 > [Mon Oct 04 16:26:30 2010] [info] Init: Seeding PRNG with 144 bytes of > entropy [Mon Oct 04 16:26:30 2010] [info] Loading certificate & private > key of SSL- aware server > [Mon Oct 04 16:26:30 2010] [info] www.vizion2000.net:443 reusing existing > RSA private key on restart > [Mon Oct 04 16:26:30 2010] [info] Init: Generating temporary RSA private > keys (512/1024 bits) > [Mon Oct 04 16:26:30 2010] [info] Init: Generating temporary DH parameters > (512/1024 bits) > [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(253): shmcb_init > allocated 512000 bytes of shared memory > [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(272): for 511920 > bytes (512000 including header), recommending 32 subcaches, 133 indexes > each [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(306): > shmcb_init_memory choices follow > [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(308): subcache_num = > 32 [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(310): > subcache_size = 15992 > [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(312): > subcache_data_offset = 3208 > [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(314): > subcache_data_size = 12784 > [Mon Oct 04 16:26:30 2010] [debug] ssl_scache_shmcb.c(316): index_num = 133 > [Mon Oct 04 16:26:30 2010] [info] Shared memory session cache initialised > [Mon Oct 04 16:26:30 2010] [info] Init: Initializing (virtual) servers for > SSL [Mon Oct 04 16:26:30 2010] [info] Configuring server for SSL protocol > [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(465): Creating new > SSL context (protocols: SSLv2, SSLv3, TLSv1) > [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(661): Configuring > permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL] > [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(420): Configuring TLS > extension handling > [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(792): Configuring RSA > server certificate > [Mon Oct 04 16:26:30 2010] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Mon Oct 04 16:26:30 2010] [debug] ssl_engine_init.c(831): Configuring RSA > server private key > [Mon Oct 04 16:26:30 2010] [info] mod_ssl/2.2.16 compiled against Server: > Apache/2.2.16, Library: OpenSSL/1.0.0a > > Photographic Artist > Permanent Installations & Design > Creative Imagery and Advanced Digital Techniques > High Dynamic Range Photography & Official Portraiture > Combined darkroom & digital creations > & Systems Adminstrator for the vizion2000.net network > _______________________________________________ > freebsd-apache@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-apache > To unsubscribe, send any mail to "freebsd-apache-unsubscribe@freebsd.org" OK ssome more data. I ran ktrace /usr/local/sbin/apachectl start After running kdump I got the following from the evry end of the ktrace.out file: 3568 sh CALL dup2(0xb,0x1) 3568 sh RET dup2 1 3568 sh CALL close(0xb) 3568 sh RET close 0 3568 sh CALL dup2(0xc,0x2) 3568 sh RET dup2 2 3568 sh CALL close(0xc) 3568 sh RET close 0 3568 sh CALL getrlimit(RLIMIT_NOFILE,0x7fffffffe260) 3568 sh RET getrlimit 0 3568 sh CALL setrlimit(RLIMIT_NOFILE,0x7fffffffe260) 3568 sh RET setrlimit 0 3568 sh CALL read(0xa,0x5204c0,0x3ff) 3568 sh GIO fd 10 read 380 bytes " is no longer supported. echo Please edit httpd.conf to include the SSL configuration settings echo and then use "apachectl start". ERROR=2 ;; configtest) $HTTPD -t ERROR=$? ;; status) $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ;; fullstatus) $LYNX $STATUSURL ;; *) $HTTPD $ARGV ERROR=$? esac exit $ERROR " 3568 sh RET read 380/0x17c 3568 sh CALL fork 3568 sh RET fork 3585/0xe01 3568 sh CALL getpgrp 3568 sh RET getpgrp 3568/0xdf0 3568 sh CALL wait4(0xffffffff,0x7fffffffe1cc,WUNTRACED,0) 3568 sh RET wait4 3585/0xe01 3568 sh CALL exit(0) dns1# dns1# pwd /usr/home/david/trace _________________ This seems to indicate there is something now amiss with my ssl setup. Can anyone guide me here Thanks in advance David Photographic Artist Permanent Installations & Design Creative Imagery and Advanced Digital Techniques High Dynamic Range Photography & Official Portraiture Combined darkroom & digital creations & Systems Adminstrator for the vizion2000.net network
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010051619.03514.david>