Configuring Apache httpd on Fedora 22

Problem

Configure Apache httpd to  (temporarily) run out of a ServerRoot other than the default which is /etc/httpd.

Solution

Create the file /etc/systemd/system/httpd.service containing:

.include /lib/systemd/system/httpd.service
Environment="OPTIONS=-d /local/project/onstage/httpd"

Quotes go around the outside

Referenced

References

Actualities

/etc/sysconfig/httpd

#
# This file is no longer used to configure additional environment variables
# for the httpd process.
#
# It has been replaced by systemd. If you want to customize, the best
# way is to create a file "/etc/systemd/system/httpd.service",
# containing
#   .include /lib/systemd/system/httpd.service
#   ...make your changes here...
# For more info about custom unit files, see How do I set automatic login on a virtual console terminal?

# To set OPTIONS environment variable which was set in this file
# in older versions, you need to create a file named
# "/etc/systemd/system/httpd.service" containing:
#       .include /lib/systemd/system/httpd.service
#       [Service]
#       #
#       # To pass additional options (for instance, -D definitions) to the
#       # httpd binary at startup, set OPTIONS here.
#       #
#       Environment=OPTIONS=-DMY_DEFINE

# Note: With previous versions of httpd, the MPM could be changed by
# editing an "HTTPD" variable here.  With the current version, that
# variable is now ignored.  The MPM is a loadable module, and the
# choice of MPM can be changed by editing the configuration file
# /etc/httpd/conf.modules.d/00-mpm.conf.

Systemd Configuration of Apache httpd

$ find /lib/systemd/system/httpd.s*
/lib/systemd/system/httpd.service
/lib/systemd/system/httpd.service.d
/lib/systemd/system/httpd.socket
/lib/systemd/system/httpd.socket.d

/lib/systemd/system/httpd.service

# It's not recommended to modify this file in-place, because it will be
# overwritten during package upgrades.  If you want to customize, the best
# way is to create a file "/etc/systemd/system/httpd.service",
# containing
#   .include /lib/systemd/system/httpd.service
#   ...make your changes here...
# For more info about custom unit files, see
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F

# For example, to pass additional options (for instance, -D definitions) to the
# httpd binary at startup, you need to create a file named
# "/etc/systemd/system/httpd.service" containing:
#	.include /lib/systemd/system/httpd.service
#	[Service]
#	Environment=OPTIONS=-DMY_DEFINE

[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=notify
Environment=LANG=C

ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
# Send SIGWINCH for graceful stop
KillSignal=SIGWINCH
KillMode=mixed
PrivateTmp=true

[Install]
WantedBy=multi-user.target

SOLVED: httpd gives [error] (EAI 2)Name or service not known: Could not resolve host name *s — ignoring!

Indications

$ httpd -t -d `: need a full path ; cd ./opened/httpd; pwd` -f conf/httpd.conf
[thu Jan 01 01:01:01 2015] [error] (EAI 2)Name or service not known: Could not resolve host name *s -- ignoring

Diagnosis

One of the VirtualHost stanzas mentions the hostname *s

Remediation

Fix that. What was intended was * (star)

Actualities

<VirtualHost *s:9999>
SSLEngine On
ServerName www.example.com
DocumentRoot /var/www/html
...etc...
</VirtualHost>

and, as-repaired

Index: com.example.conf
===================================================================
--- com.example.conf    (revision 1234)
+++ com.example.conf    (working copy)
@@ -53,7 +53,7 @@
...etc...
-<VirtualHost *s:9999>
+<VirtualHost *:9999>
SSLEngine Off
ServerName www.example.com
DocumentRoot /var/www/html
...etc...

SOLVED: POST fails in SSL with ‘request body exceeds maximum size (131072) for SSL buffer’

tl;dr

  1. Turn KeepAlive to On
  2. Set SSLRenegBufferSize to a very large value

Condition

  • Large media uploads fail in WordPress
  • Where “large” is over 128K.

Configuration

Diagnostics

The apache log files indicate this problem with lines of the form

request body exceeds maximum size (131072) for SSL buffer, referer: https://example.com/wp-admin/media-new.php
could not buffer message body to allow SSL renegotiation to proceed, referer: https://example.com/wp-admin/media-new.php

Solution

  • Ensure that a GET occurs before the POST such that SSL renegotiation does not occur in the same SSL session.
  • Thus KeepAlive is required..
  • Ensure that the KeepAlive interval is respected between the GET and the POST.
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30

Refereces

Background

Archaeological order … more original materials deeper down the stack…

SOLVED: What causes “Oops, no RSA or DSA server certificate found for ‘servername.tld:0′”

tl;dr => the error message has nothing at all to do with the problem and is horrendously misdirective.

Remediation

  • Disable every single VirtualHost stanza
  • Prove that the server starts with no VirtualHost stanzas at all.
  • Foreach VirtualHoststanza
    • Enable the VirtualHost
    • Restart the server
  • You have identified the VirtualHost stanza containing the problem.

Expectations

  • That SSLEngine On has been omitted from one or more VirtualHost stanzas.
  • That the ServerName or ServerAlias is incorrect or duplicated with another stanza.

References

dbd-modules | mod_log_dbd, mod_vhost_dbd (Apache CustomLog to an SQL database)

dbd-modules – writing Apache logs straight into a (SQL) database

Mentions

Configuration

The CustomLog format must be a comma-separated list of mod_log_config “%” directives.

CustomLog   logs/access.sql     "%h, %l, %u, %{%Y-%m-%d %H:%M:%S}t, %r, %>s, %b"
DBDLog      logs/access.sql    "INSERT INTO log_table (Host, Rname, User, Tstmp, Request, Status, Bytes) VALUES (%s, %s, %s, %s, %s, %s, %s)"

Via: backfill

Broken

DBDLog can use the name of a statement as its SQL parameter. This name must have been previously defined by a DBDPrepareSQL directive. For example:

LogFormat      "%V, %r"  dbFormat
DBDPrepareSQL  "INSERT INTO log_table (Server, Url) VALUES (%s, %s)"  dbLog
...
CustomLog logs/access.sql  dbFormat
DBDLog    logs/access.sql  dbLog  UseNULLs

This functionality seems to never have been implemented. What the code actually does in this instance is to take the label (dbLog) and attempt to prepare that as a SQL statement on-site. Of course that fails as it isn’t proper SQL. Your /var/log/httpd/error_log will show a critical failure as follows:

[Wed Jan 21 09:38:43.830818 2015] [dbd:error] [pid 11383] (20014)Internal error: AH00632: failed to prepare SQL statements: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'dbLog' at line 1
[Wed Jan 21 09:38:43.831314 2015] [dbd:error] [pid 11383] (20014)Internal error: AH00633: failed to initialise
[Wed Jan 21 09:38:43.831378 2015] [dbd:crit] [pid 11383] (20014)Internal error: AH00636: child init failed!

The workaround is to state the SQL statemen at the site of the DBDLog rather than to try to reference a statement that was prepared by mod_dbd in its DBDPrepareSQL statement.
The code that does not implement this functionality is around line 399 of mod_log_dbd.c.

/* process DBDLog directive */
static const char *setAccessLogQuery(cmd_parms *cmd, void *mconfig, 
                                     const char *name, const char *sql, const char *usenull)
{   
    static long label_num = 0;
    log_dbd_file *file = apr_pcalloc(cmd->pool, sizeof(log_dbd_file));
    log_dbd_svr_conf *conf = 
        (log_dbd_svr_conf *) ap_get_module_config(cmd->server->module_config,
                                              &log_dbd_module);
    if (!dbd_prepare_fn || !dbd_acquire_fn)
        return "mod_dbd must be enabled to use mod_log_dbd";

    if (!log_set_writer_init_fn || !log_set_writer_fn) 
        return "mod_log_config must be enabled to use mod_log_dbd";

    file->stmt_sql = sql;
    file->stmt_label = apr_pstrcat(cmd->pool, "log_dbd_", 
                                   apr_ltoa(cmd->pool, ++label_num), NULL);
    dbd_prepare_fn(cmd->server, sql, file->stmt_label);

    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
        "mod_log_dbd: Prepared query (stmt: %s) from: %s",
        file->stmt_label, sql);

    apr_hash_set(conf->files, name, APR_HASH_KEY_STRING, file);

    if (usenull) {
        if(!apr_strnatcasecmp(usenull, "UseNULLs"))
            file->useNull = 1;
        else
             return apr_pstrcat(cmd->pool, "mod_log_dbd: unrecognized option: ",
                                    usenull, NULL);
    }
    return NULL;
}

Building

Instructions

General Recipe

apxs -c mod_vhost_dbd.c
apxs -i mod_vhost_dbd.la
apxs -c mod_log_dbd.c
apxs -i mod_log_dbd.la

Actual Recipe

Executed on Fedora 16, with Apache v2.2.

$ cd /views
$ mkdir com.googlecode.dbd-modules
$ cd com.googlecode.dbd-modules
$ unzip ./dbd-modules-1.0.6.zip 
Archive:  /dbd-modules-1.0.6.zip
  inflating: Makefile.win            
  inflating: mod_log_dbd.c           
  inflating: mod_log_dbd.rc          
  inflating: mod_vhost_dbd.c         
  inflating: mod_vhost_dbd.rc        
  inflating: COPYING                 
  inflating: NOTICE                  
$ apxs -c mod_log_dbd.c
/usr/lib/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables  -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -pthread -I/usr/include/httpd  -I/usr/include/apr-1   -I/usr/include/apr-1   -c -o mod_log_dbd.lo mod_log_dbd.c && touch mod_log_dbd.slo
mod_log_dbd.c: In function 'esq':
mod_log_dbd.c:99:5: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
mod_log_dbd.c: In function 'write_log':
mod_log_dbd.c:338:29: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
mod_log_dbd.c:256:23: warning: variable 'rconf' set but not used [-Wunused-but-set-variable]
mod_log_dbd.c: In function 'log_writer_init':
mod_log_dbd.c:367:19: warning: unused variable 'file' [-Wunused-variable]
/usr/lib/apr-1/build/libtool --silent --mode=link gcc -o mod_log_dbd.la  -rpath /usr/lib/httpd/modules -module -avoid-version    mod_log_dbd.lo
$ sudo apxs -i mod_log_dbd.la
/usr/lib/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib/apr-1/build/libtool' mod_log_dbd.la /usr/lib/httpd/modules
/usr/lib/apr-1/build/libtool --mode=install cp mod_log_dbd.la /usr/lib/httpd/modules/
libtool: install: cp .libs/mod_log_dbd.so /usr/lib/httpd/modules/mod_log_dbd.so
libtool: install: cp .libs/mod_log_dbd.lai /usr/lib/httpd/modules/mod_log_dbd.la
libtool: install: cp .libs/mod_log_dbd.a /usr/lib/httpd/modules/mod_log_dbd.a
libtool: install: chmod 644 /usr/lib/httpd/modules/mod_log_dbd.a
libtool: install: ranlib /usr/lib/httpd/modules/mod_log_dbd.a
libtool: finish: PATH="/sbin:/bin:/usr/sbin:/usr/bin:/sbin" ldconfig -n /usr/lib/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/lib/httpd/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib/httpd/modules/mod_log_dbd.so