Taavi wrote: > Hmm, it shouldn't give any warnings, unless you have multiple > virtualhosts on the same ip/port (you can't use name-based virtualhosts > with ssl anyway).
> On my CentOS 5 box, if I set NameVirtualhost on a ip/port that's used > for SSL, I basically get the same thing. Checking it with wireshark > shows that the browser and server start communicating over ssl, but then > the server randomly responds with a plain html error (this probably > creates the "ssl_error_rx_record_too_long" error you see on the browser > because it tries to parse this as ssl). Not sure why it does that, but > removing the Namevirtualhost on that port seemed to resolve this issue. Well, I've had an interesting turn of events. I'm not quite sure why its started working again. I spent a good few days trying to get it working with mod_ssl, but it wasn't working right as described - so I started using pound as a temporary resolve. After your post, I tried again with this in my apache virtualhost conf. <VirtualHost 1.2.3.4:443> ServerName www.example.co.uk ServerEnvironment example #MinSpareProcessors 4 MaxProcessors 10 DocumentRoot /domains/example.co.uk/http/ ServerAlias *.example.co.uk ServerAlias example.co.uk SSLEngine On SSLCertificateFile /domains/example.co.uk/ssl_keys/example.crt SSLCertificateKeyFile /domains/example.co.uk/ssl_keys/example.key #SetEnvIf User-Agent ..*MSIE.*. nokeepalive ssl-unclean-shutdown </VirtualHost> And now it works perfect! I have no idea why, but it is working perfect again, so pound has been stripped off (for now). > Would it be possible that you compile peruser with debugging enabled (by > uncommenting the MPM_PERUSER_DEBUG in peruser.c) and attach the debug > log about these seg faulting children? Note that the debug creates > pretty much IO load on the server, so I wouldn't suggest running it for > along time. Again, I have no idea why, but I tried again this morning, put the particular user in question back into a chroot to test it - and it works fine! I am beyond confused! So, fingers crossed, everything is working well. We have 1 bug remaining now and it stems from when apache is restarted, it doesn't do it every time, its more at random, but around 20% of all restarts will fail to come back up again. Here's 5 lines of output around the error from the apache2 log. Its obviously something to do with the NumServers being set - but as far as I can see, this isn't a setting I can change in peruser? We have 52 server environments on the server. The closest thing I could find was, ServerLimit 300 MaxClients 150 Here is the log output: 11555365-sh: host: command not found 11555393-sh: host: command not found 11555421-[Thu Jun 04 19:59:40 2009] [notice] SIGHUP received. Attempting to restart 11555562-Syntax error on line 250 of /etc/apache2/peruser.conf: 11555617:Trying to use more server environments than NumServers. Increase NumServers in your config file. 11555715-[Thu Jun 04 19:59:44 2009] [info] Init: Seeding PRNG with 656 bytes of entropy 11555794-[Thu Jun 04 19:59:44 2009] [info] Init: Generating temporary RSA private keys (512/1024 bits) 11555888-[Thu Jun 04 19:59:44 2009] [info] Init: Generating temporary DH parameters (512/1024 bits) 11555979-[Thu Jun 04 19:59:44 2009] [info] Init: Initializing (virtual) servers for SSL 11556058-[Thu Jun 04 19:59:44 2009] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g I've changed the serverlimit to 500 to see if it has any effect. _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
