Difference between revisions of "CentOS 8.x apache troubleshooting"
m |
m |
||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x web servers]] > [[CentOS 8.x apache web server]] > [[CentOS 8.x apache troubleshooting]] | [[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x web servers]] > [[CentOS 8.x apache web server]] > [[CentOS 8.x apache troubleshooting]] | ||
=Apache fails to start with unable to bind to port 443= | |||
It is possible that apache fails to start with unable to bind to port 443 error. In such cases if we look at | It is possible that apache fails to start with unable to bind to port 443 error. In such cases if we look at | ||
<pre> | <pre> | ||
Line 28: | Line 28: | ||
* https://forums.cpanel.net/threads/apache-failing-to-start-unable-to-bind-to-port-443.292052/ | * https://forums.cpanel.net/threads/apache-failing-to-start-unable-to-bind-to-port-443.292052/ | ||
=Disable logging of internal dummy connections= | |||
Sometimes due to the way apache tries to keep processes alive we may see messages such as: | |||
<pre> | |||
::1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)" | |||
127.0.0.1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)" | |||
</pre> | |||
in /var/log/httpd/access_log file. Since these are very frequent there might be one log line per second for these internal connections leading to I/O and disk space usage without any corresponding advantage. To prevent this logging we can use: | |||
# Find line similar to one below in /etc/httpd/conf/httpd.conf file: | |||
#:<pre> | |||
#:: CustomLog /var/log/httpd/access_log combined | |||
#:</pre> | |||
# Add '''one of the two''' below lines before the CustomLog line in configuration based on whether the logs are comming from 127.0.0.1 or ::1 | |||
#:<pre> | |||
#:: SetEnvIf Remote_Addr "127.0.0.1" dontlog | |||
#:: SetEnvIf Remote_Addr "::1" dontlog | |||
#:</pre> | |||
# Modify the CustomLog line as follows | |||
#:<pre> | |||
#:: CustomLog /var/log/httpd/access_log combined env=!dontlog | |||
#:</pre> | |||
# Reload apache configuration | |||
#:<pre> | |||
#:: systemctl reload httpd | |||
#:</pre> | |||
# Look at common log file and validate that internal dummy connections are no longer being logged. | |||
Refer: | |||
* https://electrictoolbox.com/apache-stop-logging-internal-dummy-connection/ | |||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x web servers]] > [[CentOS 8.x apache web server]] > [[CentOS 8.x apache troubleshooting]] | [[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x web servers]] > [[CentOS 8.x apache web server]] > [[CentOS 8.x apache troubleshooting]] |
Latest revision as of 04:09, 15 October 2023
Home > CentOS > CentOS 8.x > CentOS 8.x web servers > CentOS 8.x apache web server > CentOS 8.x apache troubleshooting
Apache fails to start with unable to bind to port 443
It is possible that apache fails to start with unable to bind to port 443 error. In such cases if we look at
ss -alnpt | grep 443
We can see which program is listening on port 443 already and try to stop it. However, it is possible to receive this error even when:
- There is no program listening on port 443
- There is no SELinux based blocking
- You are trying to start apache as root user (Not related to Linux permissions for port numbers less than 1024).
It was found that this can happen when there are multiple:
Listen 443
at different places in apache configuration. For example one such line could be there in custom SSL certificate configuration file and one such could be there in /etc/httpd/conf.d/ssl.conf.
Hence to look for duplicate "Listen 443" use:
cd /etc/httpd grep -r -i "listen" conf conf.d
If you find "Listen 443" at more than one place and then one of them needs to be commented to be able to start properly.
Refer:
Disable logging of internal dummy connections
Sometimes due to the way apache tries to keep processes alive we may see messages such as:
::1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)" 127.0.0.1 - - [11/Oct/2010:13:02:47 +1300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g (internal dummy connection)"
in /var/log/httpd/access_log file. Since these are very frequent there might be one log line per second for these internal connections leading to I/O and disk space usage without any corresponding advantage. To prevent this logging we can use:
- Find line similar to one below in /etc/httpd/conf/httpd.conf file:
- CustomLog /var/log/httpd/access_log combined
- Add one of the two below lines before the CustomLog line in configuration based on whether the logs are comming from 127.0.0.1 or ::1
- SetEnvIf Remote_Addr "127.0.0.1" dontlog
- SetEnvIf Remote_Addr "::1" dontlog
- Modify the CustomLog line as follows
- CustomLog /var/log/httpd/access_log combined env=!dontlog
- Reload apache configuration
- systemctl reload httpd
- Look at common log file and validate that internal dummy connections are no longer being logged.
Refer:
Home > CentOS > CentOS 8.x > CentOS 8.x web servers > CentOS 8.x apache web server > CentOS 8.x apache troubleshooting