SOLVED Problems manually editing apache configurations

[sys_alex]

Hello,

I'm trying to edit our apache configuration editing this file:

/var/cpanel/conf/apache/local

adding this:
---
main:
keepalive:
item:
keepalive: 'Off'

as said in cpanel documentation: Global Configuration - Version 68 Documentation - cPanel Documentation

My problem is that when i rebuild apache configuration and restart the service no changes are made to the actual configuration.

Is there any new way to manually change this?

 

[cPanelKenneth]

The file format of the local file is YAML. At a guess, the manual edits you did are not valid YAML format. Why are you doing the changes manually versus using the GUI to create the file? The GUI will always create the proper format.

 

[sys_alex]

It's for automated installations. The file i used was working fine until maybe a month ago.

So, that file is still the one to change , and my problem is just some syntax error creating the yaml format?

 

[cPanelMichael]

Hello @sys_alex,

If your goal is to replicate the exact Apache/EA4 configuration from one server to another, then you may want to consider using the cpconftool script. It's documented at:

The cpconftool Script - Version 68 Documentation - cPanel Documentation

For example, you'd run the following command to generate a backup

/usr/local/cpanel/bin/cpconftool --backup --modules=cpanel::easy::apache
Backup Successful
/home/whm-config-backup-cpanel__easy__apache-1.0.0-1524677032.tar.gz

You'd then move the backup archive to the destination server and restore it using the following command:

 /usr/local/cpanel/bin/cpconftool --restore=/home/whm-config-backup-cpanel__easy__apache-1.0.0-1524676829.tar.gz --modules=cpanel::easy::apache

However, keep in mind this would backup and restore the following configuration files:

/etc/cpanel/ea4
/var/cpanel/easy
/etc/apache2/conf.d
/etc/apache2/conf
/usr/local/apache/conf
/var/cpanel/secdatadir
/var/cpanel/modsec_cpanel_conf_datastore
/var/cpanel/conf/apache/main
/var/cpanel/conf/apache/local
/usr/local/apache/conf/includes
/var/cpanel/templates/apache*/*local

Thank you.

 

[sys_alex]

One question about that script then: do any of those files you listed have any server specific configuration? Like hostname, ip, etc

If they do have specific information , does the script works around that and adds variables to that kind of data?

 

[cPanelMichael]

Hello @sys_alex,

Here's an example of the files that are included with the Apache backup:

# tar -zxvf whm-config-backup-cpanel__easy__apache-1.0.0-1524842077.tar.gz
./
./version
./cpanel/
./cpanel/easy/
./cpanel/easy/apache/
./cpanel/easy/apache/modsec_settings.json
./cpanel/easy/apache/tweak/
./cpanel/easy/apache/tweak/cpanel.config
./cpanel/easy/apache/other/
./cpanel/easy/apache/other/main
./cpanel/easy/apache/other/local
./cpanel/easy/apache/config/
./cpanel/easy/apache/config/modsec_cpanel_conf_datastore
./cpanel/easy/apache/modsec_vendor.json
./cpanel/easy/apache/etc/
./cpanel/easy/apache/etc/apache2/
./cpanel/easy/apache/etc/apache2/conf/
./cpanel/easy/apache/etc/apache2/conf/httpd.conf
./cpanel/easy/apache/etc/apache2/conf/magic
./cpanel/easy/apache/etc/apache2/conf/mime.types
./cpanel/easy/apache/etc/apache2/conf/httpd.conf,v
./cpanel/easy/apache/etc/apache2/conf/httpd.conf.datastore
./cpanel/easy/apache/etc/apache2/conf.d/
./cpanel/easy/apache/etc/apache2/conf.d/includes/
./cpanel/easy/apache/etc/apache2/conf.d/includes/account_suspensions.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/errordocument.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/post_virtualhost_1.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/post_virtualhost_2.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/post_virtualhost_global.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/pre_main_1.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/pre_main_2.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/pre_main_global.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/pre_virtualhost_1.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/pre_virtualhost_2.conf
./cpanel/easy/apache/etc/apache2/conf.d/includes/pre_virtualhost_global.conf
./cpanel/easy/apache/etc/apache2/conf.d/README
./cpanel/easy/apache/etc/apache2/conf.d/autoindex.conf
./cpanel/easy/apache/etc/apache2/conf.d/cperror.conf
./cpanel/easy/apache/etc/apache2/conf.d/http2.conf
./cpanel/easy/apache/etc/apache2/conf.d/modsec/
./cpanel/easy/apache/etc/apache2/conf.d/modsec/modsec2.user.conf
./cpanel/easy/apache/etc/apache2/conf.d/modsec/modsec2.cpanel.conf.PREVIOUS
./cpanel/easy/apache/etc/apache2/conf.d/modsec/modsec2.cpanel.conf
./cpanel/easy/apache/etc/apache2/conf.d/modsec2.conf
./cpanel/easy/apache/etc/apache2/conf.d/php.conf
./cpanel/easy/apache/etc/apache2/conf.d/ssl.crt/
./cpanel/easy/apache/etc/apache2/conf.d/ssl.crt/server.crt
./cpanel/easy/apache/etc/apache2/conf.d/ssl.key/
./cpanel/easy/apache/etc/apache2/conf.d/ssl.key/server.key
./cpanel/easy/apache/etc/apache2/conf.d/php.version
./cpanel/easy/apache/etc/cpanel/
./cpanel/easy/apache/etc/cpanel/ea4/
./cpanel/easy/apache/etc/cpanel/ea4/profiles/
./cpanel/easy/apache/etc/cpanel/ea4/profiles/cpanel/
./cpanel/easy/apache/etc/cpanel/ea4/profiles/cpanel/allphp-opcache.json
./cpanel/easy/apache/etc/cpanel/ea4/profiles/cpanel/allphp.json
./cpanel/easy/apache/etc/cpanel/ea4/profiles/cpanel/default.json
./cpanel/easy/apache/etc/cpanel/ea4/profiles/cpanel/mpm_itk.json
./cpanel/easy/apache/etc/cpanel/ea4/profiles/cpanel/nophp.json
./cpanel/easy/apache/etc/cpanel/ea4/profiles/cpanel/rubypassenger.json
./cpanel/easy/apache/etc/cpanel/ea4/profiles/cpanel/worker.json
./cpanel/easy/apache/etc/cpanel/ea4/profiles/custom/
./cpanel/easy/apache/etc/cpanel/ea4/profiles/custom/cpconftool_current_profile.json
./cpanel/easy/apache/etc/cpanel/ea4/recommendations/
./cpanel/easy/apache/etc/cpanel/ea4/recommendations/ea-php54-php/
./cpanel/easy/apache/etc/cpanel/ea4/recommendations/ea-php54-php/dso.json
./cpanel/easy/apache/etc/cpanel/ea4/recommendations/ea-php55-php
./cpanel/easy/apache/etc/cpanel/ea4/recommendations/ea-php56-php
./cpanel/easy/apache/etc/cpanel/ea4/recommendations/ea-php70-php
./cpanel/easy/apache/etc/cpanel/ea4/recommendations/ea-php71-php
./cpanel/easy/apache/etc/cpanel/ea4/is_ea4
./cpanel/easy/apache/etc/cpanel/ea4/paths.conf
./cpanel/easy/apache/etc/cpanel/ea4/php.conf
./cpanel/easy/apache/etc/cpanel/ea4/php.conf.cache
./cpanel/easy/apache/usr/
./cpanel/easy/apache/usr/local/
./cpanel/easy/apache/usr/local/apache/
./cpanel/easy/apache/usr/local/apache/conf/
./cpanel/easy/apache/usr/local/apache/conf/mime.types
./cpanel/easy/apache/usr/local/apache/conf/httpd.conf
./cpanel/easy/apache/usr/local/apache/conf/includes
./cpanel/easy/apache/usr/local/apache/conf/php.conf
./cpanel/easy/apache/conf_includes/
./cpanel/easy/apache/conf_includes/account_suspensions.conf
./cpanel/easy/apache/conf_includes/errordocument.conf
./cpanel/easy/apache/conf_includes/post_virtualhost_1.conf
./cpanel/easy/apache/conf_includes/post_virtualhost_2.conf
./cpanel/easy/apache/conf_includes/post_virtualhost_global.conf
./cpanel/easy/apache/conf_includes/pre_main_1.conf
./cpanel/easy/apache/conf_includes/pre_main_2.conf
./cpanel/easy/apache/conf_includes/pre_main_global.conf
./cpanel/easy/apache/conf_includes/pre_virtualhost_1.conf
./cpanel/easy/apache/conf_includes/pre_virtualhost_2.conf
./cpanel/easy/apache/conf_includes/pre_virtualhost_global.conf
./cpanel/easy/apache/var/
./cpanel/easy/apache/var/cpanel/
./cpanel/easy/apache/var/cpanel/secdatadir/
./cpanel/easy/apache/version

It's possible some of these files will include server specific values, yes. It's generally better used when you are migrating accounts from one server to another. If you just want the contents of the /var/cpanel/conf/apache/local file, have you considered simply copying the file as opposed to manually modifying it with a text editor?

Thank you.

 

[sys_alex]

Thing is , we are actually copying the file, but when doing an apache rebuild that file is ignored for new configuration.

We didn't have this problem before, just recently, and i was wondering if something changed in version 68 about this file or how it's used.

 

[cPanelMichael]

Hello @sys_alex,

Could you post the full contents of the local file that you are using, as well as the full steps you are taking to add it to the new server?

Thank you.

 

[sys_alex]

Sure, file contents at the end of the post.

to deploy i just copy this file to /var/cpanel/conf/apache/local and rebuild & restart apache

---
main:
  directory:
    options:
      directive: options
      item:
        options: ExecCGI FollowSymLinks IncludesNOEXEC Indexes
  directoryindex:
    item:
      directoryindex: index.php index.php5 index.php4 index.php3 index.perl index.pl index.plx index.ppl index.cgi index.jsp index.jp index.phtml index.shtml index.xhtml index.html index.htm index.wml Default.html Default.htm default.html default.htm home.html home.htm index.js raiola.html
  fileetag:
    item:
      fileetag: None
  keepalive:
    item:
      keepalive: 'Off'
  keepalivetimeout:
    item:
      keepalivetimeout: 5
  loglevel:
    item:
      loglevel: warn
  maxclients:
    item:
      maxclients: 499
  maxkeepaliverequests:
    item:
      maxkeepaliverequests: 100
  maxrequestsperchild:
    item:
      maxrequestsperchild: 4000
  maxspareservers:
    item:
      maxspareservers: 10
  minspareservers:
    item:
      minspareservers: 5
  optimize_htaccess:
    item:
      optimize_htaccess: search_homedir_below
  root_options:
    item:
      root_options:
        ExecCGI: 1
        FollowSymLinks: 1
        Includes: 0
        IncludesNOEXEC: 1
        Indexes: 1
        MultiViews: 0
        SymLinksIfOwnerMatch: 0
  serverlimit:
    item:
      serverlimit: 500
  serversignature:
    item:
      serversignature: 'Off'
  servertokens:
    item:
      servertokens: ProductOnly
  sslciphersuite:
    item:
      sslciphersuite: sslciphersuite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  sslprotocol:
    item:
      sslprotocol: All -SSLv2 -SSLv3
  startservers:
    item:
      startservers: 5
  timeout:
    item:
      timeout: 15
  traceenable:
    item:
      traceenable: 'Off'

 

[cPanelMichael]

sslciphersuite:
item:
sslciphersuite: sslciphersuite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

Hello @sys_alex,

You have a duplicate entry for sslciphersuite under "item" in the text quoted above. Removing the duplicate entry should solve the problem.

Thank you.

 

[sys_alex]

It works! Such a stupid mistake and what pains it caused

Thank you

 

[cPanelMichael]

Hello,

I'm glad to see the issue is now solved. Thank you for updating us with the outcome.