EasyApache 3 broke httpd

[djbob2]

Hey,
I configured EasyApache with Apache 2.2, PHP 5, mod_security, and su_php. EasyApache built them, and httpd starts, but now it won't serve webpages for some reason. cPanel/WHM work fine. Anybody know what's up?

Thanks.

[NexGenUK]

first off, you probably have the safecgi option enabled - I encountered a very similar issue - when you goto save and build etc, goto the advanced option, and in the php build options ensure that safecgi is not enabled, (also making sure the rest of the module line up is correct), then build; afterwards ensure ZendOptimizer is up to date, then it should work.

[cPanelTodd]

Please post any errors you receive in /usr/local/apache/logs/error_log when accessing a page. This will help determine where the problem may be.

[djbob2]

Thanks for the replies everyone
Here's an update on the situation: I have compiled the same options with Apache 2.0, but now half of all PHP files aren't served... better than before, at least!

first off, you probably have the safecgi option enabled - I encountered a very similar issue - when you goto save and build etc, goto the advanced option, and in the php build options ensure that safecgi is not enabled, (also making sure the rest of the module line up is correct), then build; afterwards ensure ZendOptimizer is up to date, then it should work.

You're right! When you choose Apache 2.2, that option is automatically selected. However, is this the definite cause? When I built with Apache 2.2, not only did PHP files not work, but neither did HTML files. Did you experience similiar issues? Thanks for your help!

Please post any errors you receive in /usr/local/apache/logs/error_log when accessing a page. This will help determine where the problem may be.

Hello Todd,
Here is a significant portion of my error_log. I have highlighted different parts for easy reading.

Preliminary Build - this is an earlier build(?) that can be ignored. Is provided to evidence inaccurate times in following error.
Confusing error - time does not match the rest of log chronologically and error reappears after builds.
First Apache 2.2 build - Frontpage, Mod SuPHP, UniqueId, Mod Bandwidth, Mod Mono, Mod Perl, Mod Security, PHP 5.2.4 + many PHP modifications. Other options are default.
Second Apache 2.2 build - Same as above, without Mod Mono.
Third Apache 2.2 build - Probably same as above. Profile file available here: http://www.heliohost.org/general_config.yaml.
Successful Apache 2.0 build - Frontpage, Mod SuPHP, UniqueId, Mod Bandwidth, Mod Mono, Mod Perl, Mod Security, PHP 5.2.4 + many PHP modifications (same as first Apache 2.2 build). Other options are default. Profile file available here: http://www.heliohost.org/plainBuild.yaml.

Code:

[Thu Sep 13 01:39:14 2007] [notice] mod_bw : Version 0.8 - Initialized [0 Confs]
[Thu Sep 13 09:04:13 2007] [error] (24)Too many open files: could not open transfer log file /usr/local/apache/domlogs/rippereh.heliohost.org.
Unable to open logs
[Thu Sep 13 02:35:04 2007] [info] mod_unique_id: using ip addr 64.235.55.102
[Thu Sep 13 02:35:05 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Thu Sep 13 02:35:05 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Thu Sep 13 02:35:05 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Thu Sep 13 02:35:05 2007] [info] Init: Initializing (virtual) servers for SSL
[Thu Sep 13 02:35:05 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
[Thu Sep 13 02:35:05 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[Thu Sep 13 02:35:05 2007] [notice] ModSecurity for Apache 2.1.1 configured
[Thu Sep 13 02:35:07 2007] [info] mod_unique_id: using ip addr 64.235.55.102
[Thu Sep 13 02:35:08 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Thu Sep 13 02:35:08 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Thu Sep 13 02:35:08 2007] [info] Init: Initializing (virtual) servers for SSL
[Thu Sep 13 02:35:08 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
[Thu Sep 13 02:35:08 2007] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 28 bytes)
[Thu Sep 13 02:35:08 2007] [notice] mod_bw : Version 0.8 - Initialized [0 Confs]][Thu Sep 13 20:27:12 2007] [info] mod_unique_id: using ip addr 64.235.55.102
[Thu Sep 13 20:27:13 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Thu Sep 13 20:27:13 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Thu Sep 13 20:27:13 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Thu Sep 13 20:27:13 2007] [info] Init: Initializing (virtual) servers for SSL
[Thu Sep 13 20:27:13 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
[Thu Sep 13 20:27:13 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[Thu Sep 13 20:27:13 2007] [notice] ModSecurity for Apache 2.1.1 configured
[Thu Sep 13 20:27:15 2007] [info] mod_unique_id: using ip addr 64.235.55.102
[Thu Sep 13 20:27:16 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Thu Sep 13 20:27:16 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Thu Sep 13 20:27:16 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Thu Sep 13 20:27:16 2007] [info] Init: Initializing (virtual) servers for SSL
[Thu Sep 13 20:27:16 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
[Thu Sep 13 20:27:16 2007] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 28 bytes)
[Thu Sep 13 20:27:16 2007] [notice] mod_bw : Version 0.8 - Initialized [0 Confs]
[Thu Sep 13 20:56:40 2007] [info] mod_unique_id: using ip addr 64.235.55.102
[Thu Sep 13 20:56:41 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Thu Sep 13 20:56:41 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Thu Sep 13 20:56:41 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Thu Sep 13 20:56:41 2007] [info] Init: Initializing (virtual) servers for SSL
[Thu Sep 13 20:56:41 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
[Thu Sep 13 20:56:41 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[Thu Sep 13 20:56:41 2007] [notice] ModSecurity for Apache 2.1.1 configured
[Thu Sep 13 20:56:44 2007] [info] mod_unique_id: using ip addr 64.235.55.102
[Thu Sep 13 20:56:45 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Thu Sep 13 20:56:45 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Thu Sep 13 20:56:45 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Thu Sep 13 20:56:45 2007] [info] Init: Initializing (virtual) servers for SSL
[Thu Sep 13 20:56:45 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
[Thu Sep 13 20:56:45 2007] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 28 bytes)
[Thu Sep 13 20:56:45 2007] [notice] mod_bw : Version 0.8 - Initialized [0 Confs]
[Fri Sep 14 23:19:54 2007] [error] (24)Too many open files: could not open transfer log file /usr/local/apache/domlogs/rippereh.heliohost.org.
Unable to open logs
[Fri Sep 14 17:04:51 2007] [info] mod_unique_id: using ip addr 64.235.55.102
[Fri Sep 14 17:04:52 2007] [info] Init: Initializing OpenSSL library
[Fri Sep 14 17:04:52 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Sep 14 17:04:52 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Sep 14 17:04:52 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Sep 14 17:04:52 2007] [info] Init: Initializing (virtual) servers for SSL
[Fri Sep 14 17:04:52 2007] [info] mod_ssl/2.0.61 compiled against Server: Apache/2.0.61, Library: OpenSSL/0.9.7a
[Fri Sep 14 17:04:52 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[Fri Sep 14 17:04:52 2007] [notice] ModSecurity for Apache 2.1.1 configured
[Fri Sep 14 17:04:54 2007] [info] mod_unique_id: using ip addr 64.235.55.102
[Fri Sep 14 17:04:55 2007] [info] Init: Initializing OpenSSL library
[Fri Sep 14 17:04:55 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Sep 14 17:04:55 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Sep 14 17:04:55 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Sep 14 17:04:55 2007] [info] Init: Initializing (virtual) servers for SSL
[Fri Sep 14 17:04:55 2007] [info] mod_ssl/2.0.61 compiled against Server: Apache/2.0.61, Library: OpenSSL/0.9.7a
[Fri Sep 14 17:04:55 2007] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 28 bytes)
[Fri Sep 14 17:04:55 2007] [notice] mod_bw : Version 0.8 - Initialized [0 Confs]
[Fri Sep 14 17:04:55 2007] [notice] Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.7a FrontPage/5.0.2.2635 mod_mono/1.2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4 mod_perl/2.0.3 Perl/v5.8.7 configured -- resuming normal operations
[Fri Sep 14 17:04:55 2007] [info] Server built: Sep 14 2007 16:36:57

As I mentioned above, now that I have built Apache 2.0, half of my PHP files are still not being served - I recieve a 500 Server Error every time I try to access one. I have noticed an error that has started to appear in the error log that may or may not have something to do with this issue:

Code:

[Fri Sep 14 17:05:39 2007] [warn] Cannot get media type from 'x-httpd-php5'

Once again, thanks everyone for all your help and I hope we can figure something out

[nyjimbo]

Hey,
I configured EasyApache with Apache 2.2, PHP 5, mod_security, and su_php. EasyApache built them, and httpd starts, but now it won't serve webpages for some reason. cPanel/WHM work fine. Anybody know what's up?

Thanks.

Roughly how many users/accounts are on this server. We used to see this "Too many open files" thing in the past on some machines and had to do some sysctl changes or recompile our kernel to handle it.

[djbob2]

Roughly how many users/accounts are on this server. We used to see this "Too many open files" thing in the past on some machines and had to do some sysctl changes or recompile our kernel to handle it.

The PHP file that shows us how many accounts we have is currently giving us a 500 error; however, last time I checked there were about 1000 accounts. Thanks

[djbob2]

I hate to bump this topic, but this issue is really urgent and I would appreciate a response. It may have slipped the staff's notice since it was posted during the weekened, so maybe it'll come up now. Thanks for your help, everyone

[Infopro]

To get cPanel to see your problem, put in a trouble ticket. Don't wait for them to visit the forums.

[NexGenUK]

You're right! When you choose Apache 2.2, that option is automatically selected. However, is this the definite cause? When I built with Apache 2.2, not only did PHP files not work, but neither did HTML files. Did you experience similiar issues? Thanks for your help!

Yes I did, spent 3 days with cPanel support guys getting the right build setup (there isnt yet enough module logic in ea3) - after the php issue was resolved (revised build) and zend was installed it all seemed to work okay.

[djbob2]

To get cPanel to see your problem, put in a trouble ticket. Don't wait for them to visit the forums.

I am not sure I am allowed to - I do not directly own a cPanel license. Nevertheless, I will try it.

Yes I did, spent 3 days with cPanel support guys getting the right build setup (there isnt yet enough module logic in ea3) - after the php issue was resolved (revised build) and zend was installed it all seemed to work okay.

Thanks, I'll retry the Apache 2.2 build.

[djbob2]

I'd like to give a big thanks to NexGenUK - your solution did the trick. My configuration is now working with Apache 2.2
Furthermore, I have figured out most of the 500 server errors were caused by suPHP not allowing execution of PHP files with permission levels that are set too high (ie. 777). I disabled this through the suPHP configuration file (/opt/suphp/etc/suphp.conf).
However, one issue remains. My PHP signup script (stored in /usr/local/cpanel/base/scripts/) cannot be executed from my vhost. The path is alias'd. The error I recieve makes sense:

Script "/usr/local/cpanel/base/scripts/signup.php" resolving to "/usr/local/cpanel/base/scripts/signup.php" not within configured docroot

However, I cannot find a way to disable this check for this particular situation. Anybody have any suggestions? There is an option in suphp.conf that seems like exactly what I need, but for some reason it has no effect.

; Check whether script is within DOCUMENT_ROOT
; Does NOT perform this check on included scripts.
; i.e. include_once("/test3.php"); works even though it's in the root directory
check_vhost_docroot=false

As you can see, it is set to false, yet the check is still done. Any suggestions? Thanks

[cpanelkenneth]

What's the value for docroot in your suphp.conf? The default is docroot=/home which would disallow serving documents from outside that location. It also disallows use of symlinks.

[djbob2]

I tried "/home:/usr/local/cpanel/base/scripts/" and that didn't help. Also, the location is not a symlink. Any other ideas? Thanks

[djbob2]

Looks like the suphp docroot does not support multiple entries. I have temporarily set the docroot to "/"; however, this is insecure. Is there a workaround for this that anyone knows about? I googled this, and I found a source edit that could fix the issue. However, I will need to slip this code edit in after EasyApache updates its source files and before it compiles them. Does anyone know if this is possible?

Thanks!

[cpdan]

A few thing you might want to consider:

I'd like to give a big thanks to NexGenUK - your solution did the trick. My configuration is now working with Apache 2.2

By that do you mean reinstalling zend optimizer like it says might need done at the end of the build?

Furthermore, I have figured out most of the 500 server errors were caused by suPHP not allowing execution of PHP files with permission levels that are set too high (ie. 777). I disabled this through the suPHP configuration file (/opt/suphp/etc/suphp.conf).

kind of defeats the point of suPHP to allow 777 doesn't it?

However, one issue remains. My PHP signup script (stored in /usr/local/cpanel/base/scripts/) cannot be executed from my vhost. The path is alias'd. The error I recieve makes sense:

However, I cannot find a way to disable this check for this particular situation. Anybody have any suggestions? There is an option in suphp.conf that seems like exactly what I need, but for some reason it has no effect.

As you can see, it is set to false, yet the check is still done. Any suggestions? Thanks

That is odd, what does
http://suphp.org
say about configuring it the way you want?

Basically though the Ideas of suPHP is to secure PHP (sort of) if you really want to run it insecurely then you need to configure it as per the docs or not use it.