Bug#267430: apache-ssl fails to start with erronous symlink in directory specified as SSLCACertificatePath
Hello,
Am Di, den 24.08.2004 schrieb Fabio Massimo Di Nitto um 7:34:
> Hi,
> please send us your config files as soon as you can. This looks
> like that your configuration is pointing to a non existing certificate.
i attached the httpd.conf.
I want to point out again, that after deleting a dead symlink from
/etc/ssl/certs/ it worked again.
Although i cannot explain why this gets logged in a _vhosts error.log_,
since this seems to be a global problem. (There is a SSLEnable in one of
the corresponding vhosts config). If there any need for it i can send it
also.
Greets,
Mario
--
Mario Lipinski E-Mail: mario.lipinski@gymszbad.de
Systemadministration Internet: http://www.gymszbad.de
Gymnasium Salzgitter-Bad
### Section 1: Global Environment
#
ServerType standalone
ServerRoot /etc/apache-ssl
LockFile /var/lock/apache-ssl.lock
PidFile /var/run/apache-ssl.pid
ScoreBoardFile /var/run/apache-ssl.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 100
# Dynamic Shared Object (DSO) Support
#
# Please keep this LoadModule: line here, it is needed for installation.
# LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so
# LoadModule env_module /usr/lib/apache/1.3/mod_env.so
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config_ssl.so
LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime_ssl.so
LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule status_module /usr/lib/apache/1.3/mod_status.so
LoadModule info_module /usr/lib/apache/1.3/mod_info.so
# LoadModule includes_module /usr/lib/apache/1.3/mod_include.so
LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so
# LoadModule asis_module /usr/lib/apache/1.3/mod_asis.so
# LoadModule imap_module /usr/lib/apache/1.3/mod_imap.so
# LoadModule action_module /usr/lib/apache/1.3/mod_actions.so
# LoadModule speling_module /usr/lib/apache/1.3/mod_speling.so
# LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth_ssl.so
# LoadModule anon_auth_module /usr/lib/apache/1.3/mod_auth_anon.so
# LoadModule dbm_auth_module /usr/lib/apache/1.3/mod_auth_dbm.so
# LoadModule db_auth_module /usr/lib/apache/1.3/mod_auth_db.so
# LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so
# LoadModule digest_module /usr/lib/apache/1.3/mod_digest.so
# LoadModule cern_meta_module /usr/lib/apache/1.3/mod_cern_meta.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
# LoadModule headers_module /usr/lib/apache/1.3/mod_headers.so
# LoadModule usertrack_module /usr/lib/apache/1.3/mod_usertrack.so
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
# LoadModule sys_auth_module /usr/lib/apache/1.3/mod_auth_sys.so
# LoadModule put_module /usr/lib/apache/1.3/mod_put.so
# LoadModule throttle_module /usr/lib/apache/1.3/mod_throttle.so
LoadModule apache_ssl_module /usr/lib/apache/1.3/libssl.so
# LoadModule allowdev_module /usr/lib/apache/1.3/mod_allowdev.so
# LoadModule eaccess_module /usr/lib/apache/1.3/mod_eaccess.so
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
# LoadModule roaming_module /usr/lib/apache/1.3/mod_roaming.so
# Include /etc/apache-ssl/modules.conf
<IfModule mod_status.c>
ExtendedStatus On
</IfModule>
### Section 2: 'Main' server configuration
Port 80
Listen 80
Listen 443
User www-data
Group www-data
ServerAdmin root@taz.gymszbad.de
ServerName taz.gymszbad.de
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
# "Indexes", "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
Options Indexes FollowSymLinks ExecCGI MultiViews
# "Options", "FileInfo", "AuthConfig", and "Limit"
AllowOverride AuthConfig FileInfo Options
Order allow,deny
Allow from all
</Directory>
<Directory /home/www/>
Options Indexes SymLinksIfOwnerMatch ExecCGI MultiViews
AllowOverride AuthConfig Options FileInfo
Order allow,deny
Allow from all
</Directory>
#<IfModule mod_userdir.c>
# UserDir public_html
#</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.html index.htm index.php index.php4 index.php3 index.phtml index.shtml index.cgi index.pl index.sh index.py index.tcl
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
UseCanonicalName Off
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/misc/file/magic.mime
</IfModule>
HostnameLookups Off
ErrorLog /var/log/apache-ssl/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %T %v" full
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %P %T" debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /var/log/apache-ssl/access.log combined
ServerSignature EMail
ServerTokens Full
Alias /icons/ /usr/share/apache/icons/
<Directory /usr/share/apache/icons>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_autoindex.c>
IndexOptions FancyIndexing NameWidth=*
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/deb.gif .deb
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
AddDescription "GZIP compressed document" .gz
AddDescription "tar archive" .tar
AddDescription "GZIP compressed tar archive" .tgz
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER.html HEADER.txt README.html README.txt RCS CVS *,v *,t
</IfModule>
<IfModule mod_mime.c>
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage lb .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cs .cz
<IfModule mod_negotiation.c>
LanguagePriority de en fr da nl et el it ja pl pt pt-br lb ca es sv
</IfModule>
AddType application/x-httpd-php .php .php4 .php3 .phtml
AddType application/x-httpd-php-source .phps
AddType application/x-tar .tgz
AddType image/bmp .bmp
AddType text/x-hdml .hdml
AddHandler cgi-script .cgi .sh .pl .py .tcl
</IfModule>
AddDefaultCharset on
# Customizable error response (Apache style)
# these come in three flavors
#
# 1) plain text
#ErrorDocument 500 "The server made a boo boo.
# n.b. the (") marks it as text, it does not get output
#
# 2) local redirects
#ErrorDocument 404 /missing.html
# to redirect to local URL /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# N.B.: You can redirect to a script or a document using server-side-includes.
#
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
# N.B.: Many of the environment variables associated with the original
# request will *not* be available to such a script.
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
# If the perl module is installed, this will be enabled.
#<IfModule mod_perl.c>
# Alias /perl/ /var/www/perl/
# <Location /perl>
# SetHandler perl-script
# PerlHandler Apache::Registry
# Options +ExecCGI
# </Location>
#</IfModule>
<Location /server-status>
SetHandler server-status
Order allow,deny
Allow from all
</Location>
<Location /server-info>
SetHandler server-info
Order allow,deny
Allow from all
</Location>
### BEGINN SSL STUFF ###
SSLDisable
SSLCacheServerPath /usr/lib/apache-ssl/gcache
SSLCacheServerPort /var/run/gcache_port
SSLSessionCacheTimeout 15
SSLCACertificatePath /etc/ssl/certs/
SSLCertificateFile /etc/ssl/certs/taz.gymszbad.de.pem
SSLCertificateKeyFile /etc/ssl/private/taz.gymszbad.de.key
# Set SSLVerifyClient to:
# 0 if no certicate is required
# 1 if the client may present a valid certificate
# 2 if the client must present a valid certificate
# 3 if the client may present a valid certificate but it is not required to
# have a valid CA
#SSLVerifyClient 0
#SSLVerifyDepth 10
#SSLFakeBasicAuth
CustomLog /var/log/apache-ssl/ssl.log "%t %{version}c %{cipher}c %{clientcert}c"
### END SSL STUFF ###
Include other/
### Section 3: Virtual Hosts
#
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost _default_:80>
</VirtualHost>
<VirtualHost _default_:443>
SSLEnable
</VirtualHost>
Include vhosts/
#
# Directives to allow use of AWStats as a CGI
#
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/bugzilla">
Options +ExecCGI
AllowOverride Limit
DirectoryIndex index.cgi
</Directory>
#Include /etc/apache-ssl/conf.d/
Reply to: