Difference between revisions of "CentOS 8.x apache troubleshooting"

From Notes_Wiki
m
m
 
Line 1: Line 1:
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x web servers]] > [[CentOS 8.x apache web server]] > [[CentOS 8.x apache troubleshooting]]
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x web servers]] > [[CentOS 8.x apache web server]] > [[CentOS 8.x apache troubleshooting]]


==Apache fails to start with unable to bind to port 443==
=Apache fails to start with unable to bind to port 443=
It is possible that apache fails to start with unable to bind to port 443 error.  In such cases if we look at  
It is possible that apache fails to start with unable to bind to port 443 error.  In such cases if we look at  
<pre>
<pre>
Line 28: Line 28:
* https://forums.cpanel.net/threads/apache-failing-to-start-unable-to-bind-to-port-443.292052/  
* https://forums.cpanel.net/threads/apache-failing-to-start-unable-to-bind-to-port-443.292052/  


=Disable logging of internal dummy connections=
Sometimes due to the way apache tries to keep processes alive we may see messages such as:
<pre>
::1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)"
127.0.0.1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)"
</pre>
in /var/log/httpd/access_log file.  Since these are very frequent there might be one log line per second for these internal connections leading to I/O and disk space usage without any corresponding advantage.  To prevent this logging we can use:
# Find line similar to one below in /etc/httpd/conf/httpd.conf file:
#:<pre>
#:: CustomLog /var/log/httpd/access_log combined
#:</pre>
# Add '''one of the two''' below lines before the CustomLog line in configuration based on whether the logs are comming from 127.0.0.1 or ::1
#:<pre>
#:: SetEnvIf Remote_Addr "127.0.0.1" dontlog
#:: SetEnvIf Remote_Addr "::1" dontlog
#:</pre>
# Modify the CustomLog line as follows
#:<pre>
#:: CustomLog /var/log/httpd/access_log combined env=!dontlog
#:</pre>
# Reload apache configuration
#:<pre>
#:: systemctl reload httpd
#:</pre>
# Look at common log file and validate that internal dummy connections are no longer being logged.
Refer:
* https://electrictoolbox.com/apache-stop-logging-internal-dummy-connection/






[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x web servers]] > [[CentOS 8.x apache web server]] > [[CentOS 8.x apache troubleshooting]]
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x web servers]] > [[CentOS 8.x apache web server]] > [[CentOS 8.x apache troubleshooting]]

Latest revision as of 04:09, 15 October 2023

Home > CentOS > CentOS 8.x > CentOS 8.x web servers > CentOS 8.x apache web server > CentOS 8.x apache troubleshooting

Apache fails to start with unable to bind to port 443

It is possible that apache fails to start with unable to bind to port 443 error. In such cases if we look at

ss -alnpt | grep 443

We can see which program is listening on port 443 already and try to stop it. However, it is possible to receive this error even when:

  • There is no program listening on port 443
  • There is no SELinux based blocking
  • You are trying to start apache as root user (Not related to Linux permissions for port numbers less than 1024).

It was found that this can happen when there are multiple:

Listen 443

at different places in apache configuration. For example one such line could be there in custom SSL certificate configuration file and one such could be there in /etc/httpd/conf.d/ssl.conf.

Hence to look for duplicate "Listen 443" use:

cd /etc/httpd
grep -r -i "listen" conf conf.d

If you find "Listen 443" at more than one place and then one of them needs to be commented to be able to start properly.


Refer:


Disable logging of internal dummy connections

Sometimes due to the way apache tries to keep processes alive we may see messages such as:

::1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)"
127.0.0.1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)"

in /var/log/httpd/access_log file. Since these are very frequent there might be one log line per second for these internal connections leading to I/O and disk space usage without any corresponding advantage. To prevent this logging we can use:

  1. Find line similar to one below in /etc/httpd/conf/httpd.conf file:
    CustomLog /var/log/httpd/access_log combined
  2. Add one of the two below lines before the CustomLog line in configuration based on whether the logs are comming from 127.0.0.1 or ::1
    SetEnvIf Remote_Addr "127.0.0.1" dontlog
    SetEnvIf Remote_Addr "::1" dontlog
  3. Modify the CustomLog line as follows
    CustomLog /var/log/httpd/access_log combined env=!dontlog
  4. Reload apache configuration
    systemctl reload httpd
  5. Look at common log file and validate that internal dummy connections are no longer being logged.

Refer:


Home > CentOS > CentOS 8.x > CentOS 8.x web servers > CentOS 8.x apache web server > CentOS 8.x apache troubleshooting