Apache 2 with SSL dies
Hi all,
I experienced a power cut so I thought I better check that my web sites
had come back up. I was surprised to discover that they had not, nor had
my backup server. If the reboot is the only reason I found out about this
then there may be a grave error waiting to happen to others.
I finally isolated why Apache 2 kept dying straight after starting up.
There is this obtuse final error message in my ssl_server.log:
[Fri Oct 18 20:39:50 2002] [info] Init: Initializing OpenSSL library
[Fri Oct 18 20:39:50 2002] [info] Init: Seeding PRNG with 512 bytes of entropy
[Fri Oct 18 20:39:50 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Oct 18 20:39:54 2002] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Oct 18 20:39:54 2002] [info] Init: Initializing (virtual) servers for SSL
[Fri Oct 18 20:39:54 2002] [info] Server: Apache/2.0.43, Interface: mod_ssl/2.0.43, Library: OpenSSL/0.9.6g
[Fri Oct 18 20:39:54 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
[Fri Oct 18 20:39:54 2002] [info] Init: Initializing OpenSSL library
[Fri Oct 18 20:39:54 2002] [info] Init: Seeding PRNG with 512 bytes of entropy
[Fri Oct 18 20:39:54 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Oct 18 20:40:07 2002] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Oct 18 20:40:07 2002] [error] Cannot allocate shared memory: (17)File exists
I got the sites back up by moving ssl.conf and ssl.load out of
mods-enabled and by commenting out any mention of SSL in sites-enabled.
I'm running a proxy and main server on the same computer. This has been
working fine for the last couple of months. Some package upgrade has
broken SSL support. I have tried downgrading a number of packages without
success.
It might help you to understand the server config by looking at ssl.conf:
<IfDefine proxy>
SSLSessionCache shm:/var/log/apache2/ssl_scache_proxy(128000)
SSLMutex file:/var/log/apache2/ssl_mutex_proxy
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
ErrorLog /var/log/apache2/ssl_proxy.log
LogLevel info
</IfDefine>
<IfDefine server>
SSLSessionCache shm:/var/log/apache2/ssl_scache_server(128000)
SSLMutex file:/var/log/apache2/ssl_mutex_server
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
ErrorLog /var/log/apache2/ssl_server.log
LogLevel info
</IfDefine>
Exactly the same order of info and the same final error is also found in
ssl_proxy.log.
I currently have installed:
# dpkg -l apache2-mpm-worker apache2-common libapr0 libssl0.9.6
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-===================-===================-======================================================
ii apache2-mpm-worker 2.0.43-1 High speed threaded model for Apache2
ii apache2-common 2.0.43-1 Next generation, scalable, extendable web server
ii libapr0 2.0.43-1 The Apache Portable Runtime
ii libssl0.9.6 0.9.6c-2.woody.1 SSL shared libraries
I've also upgraded libssl0.9.6 to 0.9.6g-6 and it makes no difference.
Perhaps that's the cause of the file exists error message?
Here are the last log messages since when it used to work:
[Sat Oct 12 15:57:30 2002] [warn] child process 274 still did not exit, sending a SIGTERM
[Sat Oct 12 15:57:30 2002] [warn] child process 274 still did not exit, sending a SIGTERM
[Sat Oct 12 15:57:32 2002] [info] removed PID file /var/run/apache2_server.pid (pid=248)
[Sat Oct 12 15:57:32 2002] [notice] caught SIGTERM, shutting down
[Sat Oct 12 15:57:44 2002] [info] Init: Initializing OpenSSL library
[Sat Oct 12 15:57:44 2002] [info] Init: Seeding PRNG with 512 bytes of entropy
[Sat Oct 12 15:57:44 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sat Oct 12 15:57:53 2002] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sat Oct 12 15:57:53 2002] [info] Init: Initializing (virtual) servers for SSL
[Sat Oct 12 15:57:53 2002] [info] Server: Apache/2.0.43, Interface: mod_ssl/2.0.43, Library: OpenSSL
/0.9.6g
[Sat Oct 12 15:57:53 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
[Sat Oct 12 15:57:53 2002] [info] Init: Initializing OpenSSL library
[Sat Oct 12 15:57:54 2002] [info] Init: Seeding PRNG with 512 bytes of entropy
[Sat Oct 12 15:57:54 2002] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sat Oct 12 15:58:00 2002] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sat Oct 12 15:58:00 2002] [info] Shared memory session cache initialised
[Sat Oct 12 15:58:00 2002] [info] Init: Initializing (virtual) servers for SSL
[Sat Oct 12 15:58:00 2002] [info] Server: Apache/2.0.43, Interface: mod_ssl/2.0.43, Library: OpenSSL
/0.9.6g
[Sat Oct 12 15:58:00 2002] [notice] Apache/2.0.43 (Debian GNU/Linux) mod_ssl/2.0.43 OpenSSL/0.9.6g c
onfigured -- resuming normal operations
[Sat Oct 12 15:58:00 2002] [info] Server built: Oct 8 2002 21:59:47
You can see it was still working after I upgraded to 2.0.43 (but this was
just a package upgrade, not a reboot)
So there is a 6 day gap before the reboot that includes a few upgrades.
Here is a list of potentially relevant packages from
/var/cache/apt/archives that may have been upgraded over that time:
-rw-r--r-- 1 root root 66372 Oct 16 21:32 libpgsql2_7.2.3-0.2_i386.deb
-rw-r--r-- 1 root root 426188 Oct 16 21:32 pgaccess_7.2.3-0.2_i386.deb
-rw-r--r-- 1 root root 66314 Oct 15 21:17 libpgsql2_7.2.3-0.1_i386.deb
-rw-r--r-- 1 root root 426154 Oct 15 21:17 pgaccess_7.2.3-0.1_i386.deb
-rw-r--r-- 1 root root 1937048 Oct 15 16:02 python2.2_2.2.2-1_i386.deb
-rw-r--r-- 1 root root 14730 Oct 14 01:17 initrd-tools_0.1.33_all.deb
-rw-r--r-- 1 root root 256930 Oct 12 04:17 libfreetype6_2.1.2-8_i386.deb
-rw-r--r-- 1 root root 14636 Oct 11 23:47 initrd-tools_0.1.32_all.deb
-rw-r--r-- 1 root root 1934146 Oct 11 10:32 python2.2_2.2.1.91-1_i386.deb
-rw-r--r-- 1 root root 724406 Oct 9 17:32 openssl_0.9.6g-9_i386.deb
-rw-r--r-- 1 root root 1955218 Oct 9 10:47 apache2-common_2.0.43-1_i386.deb
-rw-r--r-- 1 root root 202910 Oct 9 10:47 apache2-mpm-worker_2.0.43-1_i386.deb
-rw-r--r-- 1 root root 107296 Oct 9 10:47 libapr0_2.0.43-1_i386.deb
-rw-r--r-- 1 root root 724362 Oct 8 23:17 openssl_0.9.6g-8_i386.deb
-rw-r--r-- 1 root root 724296 Oct 7 02:02 openssl_0.9.6g-7_i386.deb
-rw-r--r-- 1 root root 14466 Oct 7 00:32 initrd-tools_0.1.31_all.deb
Regards,
Adam
Reply to: