The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EasyApache 3 broke httpd

Discussion in 'EasyApache' started by djbob2, Sep 14, 2007.

  1. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Hey,
    I configured EasyApache with Apache 2.2, PHP 5, mod_security, and su_php. EasyApache built them, and httpd starts, but now it won't serve webpages for some reason. cPanel/WHM work fine. Anybody know what's up?

    Thanks.
     
  2. NexGenUK

    NexGenUK Active Member

    Joined:
    May 7, 2004
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    first off, you probably have the safecgi option enabled - I encountered a very similar issue - when you goto save and build etc, goto the advanced option, and in the php build options ensure that safecgi is not enabled, (also making sure the rest of the module line up is correct), then build; afterwards ensure ZendOptimizer is up to date, then it should work.
     
  3. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    Please post any errors you receive in /usr/local/apache/logs/error_log when accessing a page. This will help determine where the problem may be.
     
  4. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    More Information, As Requested

    Thanks for the replies everyone :)
    Here's an update on the situation: I have compiled the same options with Apache 2.0, but now half of all PHP files aren't served... better than before, at least!

    You're right! When you choose Apache 2.2, that option is automatically selected. However, is this the definite cause? When I built with Apache 2.2, not only did PHP files not work, but neither did HTML files. Did you experience similiar issues? Thanks for your help!

    Hello Todd,
    Here is a significant portion of my error_log. I have highlighted different parts for easy reading.

    Preliminary Build - this is an earlier build(?) that can be ignored. Is provided to evidence inaccurate times in following error.
    Confusing error - time does not match the rest of log chronologically and error reappears after builds.
    First Apache 2.2 build - Frontpage, Mod SuPHP, UniqueId, Mod Bandwidth, Mod Mono, Mod Perl, Mod Security, PHP 5.2.4 + many PHP modifications. Other options are default.
    Second Apache 2.2 build - Same as above, without Mod Mono.
    Third Apache 2.2 build - Probably same as above. Profile file available here: http://www.heliohost.org/general_config.yaml.
    Successful Apache 2.0 build - Frontpage, Mod SuPHP, UniqueId, Mod Bandwidth, Mod Mono, Mod Perl, Mod Security, PHP 5.2.4 + many PHP modifications (same as first Apache 2.2 build). Other options are default. Profile file available here: http://www.heliohost.org/plainBuild.yaml.

    Code:
    [COLOR="Yellow"][[COLOR="Red"]Thu Sep 13 01:39:14 2007[/COLOR]] [notice] mod_bw : Version 0.8 - Initialized [0 Confs][/COLOR]
    [COLOR="Red"][Thu Sep 13 09:04:13 2007] [error] (24)Too many open files: could not open transfer log file /usr/local/apache/domlogs/rippereh.heliohost.org.
    Unable to open logs[/COLOR]
    [COLOR="SeaGreen"][[COLOR="Red"]Thu Sep 13 02:35:04 2007[/COLOR]] [info] mod_unique_id: using ip addr 64.235.55.102
    [Thu Sep 13 02:35:05 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
    [Thu Sep 13 02:35:05 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Thu Sep 13 02:35:05 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Thu Sep 13 02:35:05 2007] [info] Init: Initializing (virtual) servers for SSL
    [Thu Sep 13 02:35:05 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
    [Thu Sep 13 02:35:05 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Thu Sep 13 02:35:05 2007] [notice] ModSecurity for Apache 2.1.1 configured
    [Thu Sep 13 02:35:07 2007] [info] mod_unique_id: using ip addr 64.235.55.102
    [Thu Sep 13 02:35:08 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
    [Thu Sep 13 02:35:08 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Thu Sep 13 02:35:08 2007] [info] Init: Initializing (virtual) servers for SSL
    [Thu Sep 13 02:35:08 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
    [Thu Sep 13 02:35:08 2007] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 28 bytes)
    [Thu Sep 13 02:35:08 2007] [notice] mod_bw : Version 0.8 - Initialized [0 Confs][/COLOR][COLOR="Blue"]][Thu Sep 13 20:27:12 2007] [info] mod_unique_id: using ip addr 64.235.55.102
    [Thu Sep 13 20:27:13 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
    [Thu Sep 13 20:27:13 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Thu Sep 13 20:27:13 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Thu Sep 13 20:27:13 2007] [info] Init: Initializing (virtual) servers for SSL
    [Thu Sep 13 20:27:13 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
    [Thu Sep 13 20:27:13 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Thu Sep 13 20:27:13 2007] [notice] ModSecurity for Apache 2.1.1 configured
    [Thu Sep 13 20:27:15 2007] [info] mod_unique_id: using ip addr 64.235.55.102
    [Thu Sep 13 20:27:16 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
    [Thu Sep 13 20:27:16 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Thu Sep 13 20:27:16 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Thu Sep 13 20:27:16 2007] [info] Init: Initializing (virtual) servers for SSL
    [Thu Sep 13 20:27:16 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
    [Thu Sep 13 20:27:16 2007] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 28 bytes)
    [Thu Sep 13 20:27:16 2007] [notice] mod_bw : Version 0.8 - Initialized [0 Confs][/COLOR]
    [COLOR="DarkOrange"][Thu Sep 13 20:56:40 2007] [info] mod_unique_id: using ip addr 64.235.55.102
    [Thu Sep 13 20:56:41 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
    [Thu Sep 13 20:56:41 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Thu Sep 13 20:56:41 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Thu Sep 13 20:56:41 2007] [info] Init: Initializing (virtual) servers for SSL
    [Thu Sep 13 20:56:41 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
    [Thu Sep 13 20:56:41 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Thu Sep 13 20:56:41 2007] [notice] ModSecurity for Apache 2.1.1 configured
    [Thu Sep 13 20:56:44 2007] [info] mod_unique_id: using ip addr 64.235.55.102
    [Thu Sep 13 20:56:45 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
    [Thu Sep 13 20:56:45 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Thu Sep 13 20:56:45 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Thu Sep 13 20:56:45 2007] [info] Init: Initializing (virtual) servers for SSL
    [Thu Sep 13 20:56:45 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.7a
    [Thu Sep 13 20:56:45 2007] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 28 bytes)
    [[COLOR="red"]Thu Sep 13 20:56:45 2007[/COLOR]] [notice] mod_bw : Version 0.8 - Initialized [0 Confs][/COLOR]
    [COLOR="Red"][Fri Sep 14 23:19:54 2007] [error] (24)Too many open files: could not open transfer log file /usr/local/apache/domlogs/rippereh.heliohost.org.
    Unable to open logs[/COLOR]
    [COLOR="DarkRed"][[COLOR="red"]Fri Sep 14 17:04:51 2007[/COLOR]] [info] mod_unique_id: using ip addr 64.235.55.102
    [Fri Sep 14 17:04:52 2007] [info] Init: Initializing OpenSSL library
    [Fri Sep 14 17:04:52 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
    [Fri Sep 14 17:04:52 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Fri Sep 14 17:04:52 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Fri Sep 14 17:04:52 2007] [info] Init: Initializing (virtual) servers for SSL
    [Fri Sep 14 17:04:52 2007] [info] mod_ssl/2.0.61 compiled against Server: Apache/2.0.61, Library: OpenSSL/0.9.7a
    [Fri Sep 14 17:04:52 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Fri Sep 14 17:04:52 2007] [notice] ModSecurity for Apache 2.1.1 configured
    [Fri Sep 14 17:04:54 2007] [info] mod_unique_id: using ip addr 64.235.55.102
    [Fri Sep 14 17:04:55 2007] [info] Init: Initializing OpenSSL library
    [Fri Sep 14 17:04:55 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
    [Fri Sep 14 17:04:55 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Fri Sep 14 17:04:55 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Fri Sep 14 17:04:55 2007] [info] Init: Initializing (virtual) servers for SSL
    [Fri Sep 14 17:04:55 2007] [info] mod_ssl/2.0.61 compiled against Server: Apache/2.0.61, Library: OpenSSL/0.9.7a
    [Fri Sep 14 17:04:55 2007] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 28 bytes)
    [Fri Sep 14 17:04:55 2007] [notice] mod_bw : Version 0.8 - Initialized [0 Confs]
    [Fri Sep 14 17:04:55 2007] [notice] Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.7a FrontPage/5.0.2.2635 mod_mono/1.2.4 mod_auth_passthrough/2.1 mod_bwlimited/1.4 mod_perl/2.0.3 Perl/v5.8.7 configured -- resuming normal operations
    [Fri Sep 14 17:04:55 2007] [info] Server built: Sep 14 2007 16:36:57[/COLOR]
    As I mentioned above, now that I have built Apache 2.0, half of my PHP files are still not being served - I recieve a 500 Server Error every time I try to access one. I have noticed an error that has started to appear in the error log that may or may not have something to do with this issue:
    Code:
    [Fri Sep 14 17:05:39 2007] [warn] Cannot get media type from 'x-httpd-php5'
    Once again, thanks everyone for all your help and I hope we can figure something out :)
     
  5. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Roughly how many users/accounts are on this server. We used to see this "Too many open files" thing in the past on some machines and had to do some sysctl changes or recompile our kernel to handle it.
     
  6. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    The PHP file that shows us how many accounts we have is currently giving us a 500 error; however, last time I checked there were about 1000 accounts. Thanks :)
     
  7. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    I hate to bump this topic, but this issue is really urgent and I would appreciate a response. It may have slipped the staff's notice since it was posted during the weekened, so maybe it'll come up now. Thanks for your help, everyone :)
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    To get cPanel to see your problem, put in a trouble ticket. Don't wait for them to visit the forums. ;)
     
  9. NexGenUK

    NexGenUK Active Member

    Joined:
    May 7, 2004
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Yes I did, spent 3 days with cPanel support guys getting the right build setup (there isnt yet enough module logic in ea3) - after the php issue was resolved (revised build) and zend was installed it all seemed to work okay.
     
  10. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    I am not sure I am allowed to - I do not directly own a cPanel license. Nevertheless, I will try it.

    Thanks, I'll retry the Apache 2.2 build.
     
  11. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    I'd like to give a big thanks to NexGenUK - your solution did the trick. My configuration is now working with Apache 2.2 :)
    Furthermore, I have figured out most of the 500 server errors were caused by suPHP not allowing execution of PHP files with permission levels that are set too high (ie. 777). I disabled this through the suPHP configuration file (/opt/suphp/etc/suphp.conf).
    However, one issue remains. My PHP signup script (stored in /usr/local/cpanel/base/scripts/) cannot be executed from my vhost. The path is alias'd. The error I recieve makes sense:
    However, I cannot find a way to disable this check for this particular situation. Anybody have any suggestions? There is an option in suphp.conf that seems like exactly what I need, but for some reason it has no effect.
    As you can see, it is set to false, yet the check is still done. Any suggestions? Thanks :)
     
  12. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    What's the value for docroot in your suphp.conf? The default is docroot=/home which would disallow serving documents from outside that location. It also disallows use of symlinks.
     
  13. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    I tried "/home:/usr/local/cpanel/base/scripts/" and that didn't help. Also, the location is not a symlink. Any other ideas? Thanks :)
     
    #13 djbob2, Sep 19, 2007
    Last edited: Sep 19, 2007
  14. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Looks like the suphp docroot does not support multiple entries. I have temporarily set the docroot to "/"; however, this is insecure. Is there a workaround for this that anyone knows about? I googled this, and I found a source edit that could fix the issue. However, I will need to slip this code edit in after EasyApache updates its source files and before it compiles them. Does anyone know if this is possible?

    Thanks!
     
  15. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    3
    Trophy Points:
    18
    A few thing you might want to consider:

    By that do you mean reinstalling zend optimizer like it says might need done at the end of the build?

    kind of defeats the point of suPHP to allow 777 doesn't it?

    That is odd, what does
    http://suphp.org
    say about configuring it the way you want?

    Basically though the Ideas of suPHP is to secure PHP (sort of) if you really want to run it insecurely then you need to configure it as per the docs or not use it.
     
  16. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    3
    Trophy Points:
    18
    for ea3 we'll take all tickets, anything to help folks transition ok and get any kinks ironed out ASAP :)
     
  17. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    No - I mean removing the SafeCGI option under PHP modules in the advanced view.

    Hmm... how so? Doesn't 777 just dictate whether or not certain users/groups can read/write/execute files/folders? AFAIK, suPHP sets a PHP script to a specific user associated with the vhost the script was loaded from - this way, permission levels are limited to that user's permissions. Maybe with 777 PHP scripts can modify other scripts and then execute them, but that's what open_basedir is for, right?

    Not much... the code edit I mentioned earlier was one I found on their mailing list.

    777 isn't terribly insecure, as far as I can tell... however, I may be wrong, as I don't know too much about suPHP. Thanks for your help Dan! :)

    Much appreciated :)
     
  18. rachweb

    rachweb Well-Known Member

    Joined:
    Jun 26, 2004
    Messages:
    268
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    amsterdam
    The reasons why 777 doesn't work is because it isn't save to run that. The permissions 755 is much saver and secure. With suphp you can see wich user is causing the (security) problems like spam, dossattack....
     
  19. djbob2

    djbob2 Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Yes, but are the permission levels linked with suPHP that much? You claim a security risk to 777, but I challenge that assumption - although I admit that such permission levels are less secure, I am not sure that they cause vulnerabilites. If you have a properly protected server than you should be fine, even with 777 permissions.
     
  20. rachweb

    rachweb Well-Known Member

    Joined:
    Jun 26, 2004
    Messages:
    268
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    amsterdam
    You can only run 644 for files and 755 for directory's with suphp. THe problem with 777 is that everyone has the right to execute/write something. If there is a bug/issue in the php script then it possible that a hacker or something else can use that bug to download a scripts. That scripts can make damage on your server, run dossattack or anything else.
     
Loading...

Share This Page