Help to secure my FreeBSD/Apache installation
Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, php 5.3.3) and I server some websites from it, most of them using Joomla or Wordpress CMS. I recently had a security breach where someone used a hole in an older Joomla version and was able to install a php script called webadmin.php. From that the person was able to browse all folders and view all files - and change them... not nice! Apache runs using the www user (std installation) and all virtualhosts share the same user, but are placed in different directories. I need some help and pointers to what I can do to strengthen security and to atleast prevent someone from writing to the filesystem and browse all directories and files. (allthough joomla needs some folders to be chmod 777) I'm thinking about installing apache2-mpm-itk or similare to jail each site into its own directory and run each virtualhost as its own user. Is this a good idea? Thankful for answers and pointers! All the best - Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help to secure my FreeBSD/Apache installation
Hi, Reference: From: Andy Wodfer wod...@gmail.com Date: Wed, 17 Jul 2013 23:11:27 +0200 Andy Wodfer wrote: Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, To quote front page of http://www.freebsd.org: * Production: 9.1 * Legacy: 8.4 My net. con. is too slow right now to check this for you, but look yourself, I bet FreeBSD-8.1 was long ago declared by security-officer@ as not supported as too old, php 5.3.3) and I server some websites from it, most of them using Joomla or Wordpress CMS. I recently had a security breach where someone used a hole in an older Joomla version and was able to install a php script called webadmin.php. From that the person was able to browse all folders and view all files - and change them... not nice! Apache runs using the www user (std installation) and all virtualhosts share the same user, but are placed in different directories. I need some help and pointers to what I can do to strengthen security and to atleast prevent someone from writing to the filesystem and browse all directories and files. (allthough joomla needs some folders to be chmod 777) I'm thinking about installing apache2-mpm-itk or similare to jail each site into its own directory and run each virtualhost as its own user. Is this a good idea? Thankful for answers and pointers! All the best - Andy Upgrade to 8.4 or 9.1, Reinstall new versions of all ports, cd /usr/ports/ports-mgmt/portaudit ; make install ; rehash ; portaudit ; # (Which is in 9.1 not in 8.2) port-audit Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with . Send plain text. No quoted-printable, HTML, base64, multipart/alternative. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help to secure my FreeBSD/Apache installation
Hi, Reference: From: Julian H. Stacey j...@berklix.com Date: Wed, 17 Jul 2013 23:38:51 +0200 Julian H. Stacey wrote: Hi, Reference: From: Andy Wodfer wod...@gmail.com Date: Wed, 17 Jul 2013 23:11:27 +0200 Andy Wodfer wrote: Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, To quote front page of http://www.freebsd.org: * Production: 9.1 * Legacy: 8.4 My net. con. is too slow right now to check this for you, but look yourself, I bet FreeBSD-8.1 was long ago declared by security-officer@ as not supported as too old, Re version numbers: Your 8.1 STABLE does not exist ! Only 8 Stable, 8.1-RELEASE, 8.2-RELEASE, etc. http://www.freebsd.org/security/unsupported.html 8.1 8.2 not supported. http://www.freebsd.org/security/index.html#sup 9.1-RELEASE has /usr/ports/www/apache22/work/httpd-2.2.23 Upgrade to 8.4 or 9.1, Reinstall new versions of all ports, cd /usr/ports/ports-mgmt/portaudit ; make install ; rehash ; portaudit ; # (Which is in 9.1 not in 8.2) port-audit Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with . Send plain text. No quoted-printable, HTML, base64, multipart/alternative. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help to secure my FreeBSD/Apache installation
On Wed, 17 Jul 2013 23:11:27 +0200, Andy Wodfer wrote: Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, php 5.3.3) and I server some websites from it, most of them using Joomla or Wordpress CMS. Those are typical (and known) attack vectors. Make sure you're always up to date regarding fixes! I recently had a security breach where someone used a hole in an older Joomla version and was able to install a php script called webadmin.php. From that the person was able to browse all folders and view all files - and change them... not nice! This implies you cannot know in how far your system has been compromized. I'd suggest a new installation. Make backups of user files and configurations. Make sure you audit them (so you won't re-install a possible backdoor after a clean install). I need some help and pointers to what I can do to strengthen security and to atleast prevent someone from writing to the filesystem and browse all directories and files. (allthough joomla needs some folders to be chmod 777) I'm thinking about installing apache2-mpm-itk or similare to jail each site into its own directory and run each virtualhost as its own user. Is this a good idea? At least it is a _working_ idea. If it is actually a good idea depends on many different factors. Jails are a good means of separation. Sometimes, using simple user accounts is sufficient, but especially regarding complex web content (such as CMS, stuff that involves PHP and whatnot) the more security you can add, the better it is. Also install portaudit to check for security fixes that have been made available for the software you're running. Apply restrictions as hard as possible. If programs want write access to specific directories, try to make then writable per uer accounts, not within the global tree structure (or even within system directories). The nobody user can also be helpful (regarding on what you are running). If you can separate the different CMSs and sites, a possible security breach will be restricted to that only instance. It can be taken down without affecting the other sites. But also: Educate your users. In order to do that, use money. Make them pay. ;-) PS. Allow me a short addition, I know people will beat me with a pointed stick for mentioning it, but: There are no folders. This term is wrong. What you mean are called directories. A folder is the name of one visual representation (among others) of a directory in a graphical user interface. It _is_ not a directory and it is not similar to one. It's comparable to the relation of the handbrake light in your car's dashboard vs. the real handbrake. Don't claim your handbrake light isn't working when in fact your handbrake is broken. :-) Bottom line: Directory correct, folder plain wrong. You don't call files sheets of paper either. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
On Sat, Sep 15, 2012 at 8:30 PM, Solmin Vladimir v...@celicom.ru wrote: Hi! Im using apache 2.2.22_6 with make options in /etc/make.conf # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 WITH_SUEXEC=YES SUEXEC_DOCROOT= /www SUEXEC_USERDIR= /www/*/cgi-bin SUEXEC_LOGFILE= /var/log/suexec.log WITH_APACHE_PERF_TUNING=yes .endif But after svn co /usr/ports today i'm see next: $portupgrade -arR ** Port marked as IGNORE: www/apache22: is marked as broken: WITH/WITHOUT parameters are obsolete. The port use the new options NG framework. Please read http://wiki.freebsd.org/Ports/**Options/OptionsNGhttp://wiki.freebsd.org/Ports/Options/OptionsNG but a don't understand how i must set SUEXEC_DOCROOT, SUEXEC_USERDIR and SUEXEC_LOGFILE in NG framework format... Please help show me how I have read that instruction and I am also not clear with what the correct syntax is for /etc/make.conf. I have come up with this: # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 ${APACHE22}_SET=SUEXEC ${APACHE22}_SET=SUEXEC_DOCROOT /www ${APACHE22}_SET=SUEXEC_USERDIR /www/*/cgi-bin ${APACHE22}_SET=SUEXEC_LOGFILE /var/log/suexec.log .endif I cant say if that's how it should be, but I think:-) Hopefully, Chris can help us understand the syntax better. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
On 16 September 2012 07:19, Odhiambo Washington odhia...@gmail.com wrote: On Sat, Sep 15, 2012 at 8:30 PM, Solmin Vladimir v...@celicom.ru wrote: Hi! Im using apache 2.2.22_6 with make options in /etc/make.conf # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 WITH_SUEXEC=YES SUEXEC_DOCROOT= /www SUEXEC_USERDIR= /www/*/cgi-bin SUEXEC_LOGFILE= /var/log/suexec.log WITH_APACHE_PERF_TUNING=yes .endif But after svn co /usr/ports today i'm see next: $portupgrade -arR ** Port marked as IGNORE: www/apache22: is marked as broken: WITH/WITHOUT parameters are obsolete. The port use the new options NG framework. Please read http://wiki.freebsd.org/Ports/Options/OptionsNG but a don't understand how i must set SUEXEC_DOCROOT, SUEXEC_USERDIR and SUEXEC_LOGFILE in NG framework format... Please help show me how I have read that instruction and I am also not clear with what the correct syntax is for /etc/make.conf. I have come up with this: # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 ${APACHE22}_SET=SUEXEC ${APACHE22}_SET=SUEXEC_DOCROOT /www ${APACHE22}_SET=SUEXEC_USERDIR /www/*/cgi-bin ${APACHE22}_SET=SUEXEC_LOGFILE /var/log/suexec.log .endif I cant say if that's how it should be, but I think:-) Hopefully, Chris can help us understand the syntax better. Thanks for copying me in, I'm not on this list. You're very close! You need to use ${UNIQUENAME}_SET, and to find the UNIQUENAME you need to; [crees@pegasus]~% cd /usr/ports/www/apache22 [crees@pegasus]/usr/ports/www/apache22% make -VUNIQUENAME apache22 Now we know it's apache22, we can use: # (No need to bother with .if ${.CURDIR} any more) apache22_SET+= SUEXEC SUEXEC_DOCROOT= /www SUEXEC_USERDIR= /www/*/cgi-bin SUEXEC_LOGFILE= /var/log/suexec.log I'm not sure what APACHE_PERF_TUNING is; you may find it's been deprecated. Check with apache@ about that. If I've somehow missed that, you can just add it to the apache22_SET list: apache22_SET+= SUEXEC APACHE_PERF_TUNING Hope that helps! Chris (corresponding to WITHOUT is ${UNIQUENAME}_UNSET) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
Hi Chris, Thanks for this. Hopefully, you can modify the Wiki to have this information and even examples:) Personally, I use `make config` and have never needed to do much with /etc/make.conf as regards the ports. On Sun, Sep 16, 2012 at 11:17 AM, Chris Rees cr...@freebsd.org wrote: On 16 September 2012 07:19, Odhiambo Washington odhia...@gmail.com wrote: On Sat, Sep 15, 2012 at 8:30 PM, Solmin Vladimir v...@celicom.ru wrote: Hi! Im using apache 2.2.22_6 with make options in /etc/make.conf # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 WITH_SUEXEC=YES SUEXEC_DOCROOT= /www SUEXEC_USERDIR= /www/*/cgi-bin SUEXEC_LOGFILE= /var/log/suexec.log WITH_APACHE_PERF_TUNING=yes .endif But after svn co /usr/ports today i'm see next: $portupgrade -arR ** Port marked as IGNORE: www/apache22: is marked as broken: WITH/WITHOUT parameters are obsolete. The port use the new options NG framework. Please read http://wiki.freebsd.org/Ports/Options/OptionsNG but a don't understand how i must set SUEXEC_DOCROOT, SUEXEC_USERDIR and SUEXEC_LOGFILE in NG framework format... Please help show me how I have read that instruction and I am also not clear with what the correct syntax is for /etc/make.conf. I have come up with this: # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 ${APACHE22}_SET=SUEXEC ${APACHE22}_SET=SUEXEC_DOCROOT /www ${APACHE22}_SET=SUEXEC_USERDIR /www/*/cgi-bin ${APACHE22}_SET=SUEXEC_LOGFILE /var/log/suexec.log .endif I cant say if that's how it should be, but I think:-) Hopefully, Chris can help us understand the syntax better. Thanks for copying me in, I'm not on this list. You're very close! You need to use ${UNIQUENAME}_SET, and to find the UNIQUENAME you need to; [crees@pegasus]~% cd /usr/ports/www/apache22 [crees@pegasus]/usr/ports/www/apache22% make -VUNIQUENAME apache22 Now we know it's apache22, we can use: # (No need to bother with .if ${.CURDIR} any more) apache22_SET+= SUEXEC SUEXEC_DOCROOT= /www SUEXEC_USERDIR= /www/*/cgi-bin SUEXEC_LOGFILE= /var/log/suexec.log I'm not sure what APACHE_PERF_TUNING is; you may find it's been deprecated. Check with apache@ about that. If I've somehow missed that, you can just add it to the apache22_SET list: apache22_SET+= SUEXEC APACHE_PERF_TUNING Hope that helps! Chris (corresponding to WITHOUT is ${UNIQUENAME}_UNSET) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
On 16 September 2012 09:32, Odhiambo Washington odhia...@gmail.com wrote: Hi Chris, Thanks for this. Hopefully, you can modify the Wiki to have this information and even examples:) There are examples on the Wiki page already, but in a confusing order. I've put in a link, and a tip on how to find UNIQUENAME. Personally, I use `make config` and have never needed to do much with /etc/make.conf as regards the ports. True, but some people like to share their make.conf around machines :) Chris On Sun, Sep 16, 2012 at 11:17 AM, Chris Rees cr...@freebsd.org wrote: On 16 September 2012 07:19, Odhiambo Washington odhia...@gmail.com wrote: On Sat, Sep 15, 2012 at 8:30 PM, Solmin Vladimir v...@celicom.ru wrote: Hi! Im using apache 2.2.22_6 with make options in /etc/make.conf # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 WITH_SUEXEC=YES SUEXEC_DOCROOT= /www SUEXEC_USERDIR= /www/*/cgi-bin SUEXEC_LOGFILE= /var/log/suexec.log WITH_APACHE_PERF_TUNING=yes .endif But after svn co /usr/ports today i'm see next: $portupgrade -arR ** Port marked as IGNORE: www/apache22: is marked as broken: WITH/WITHOUT parameters are obsolete. The port use the new options NG framework. Please read http://wiki.freebsd.org/Ports/Options/OptionsNG but a don't understand how i must set SUEXEC_DOCROOT, SUEXEC_USERDIR and SUEXEC_LOGFILE in NG framework format... Please help show me how I have read that instruction and I am also not clear with what the correct syntax is for /etc/make.conf. I have come up with this: # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 ${APACHE22}_SET=SUEXEC ${APACHE22}_SET=SUEXEC_DOCROOT /www ${APACHE22}_SET=SUEXEC_USERDIR /www/*/cgi-bin ${APACHE22}_SET=SUEXEC_LOGFILE /var/log/suexec.log .endif I cant say if that's how it should be, but I think:-) Hopefully, Chris can help us understand the syntax better. Thanks for copying me in, I'm not on this list. You're very close! You need to use ${UNIQUENAME}_SET, and to find the UNIQUENAME you need to; [crees@pegasus]~% cd /usr/ports/www/apache22 [crees@pegasus]/usr/ports/www/apache22% make -VUNIQUENAME apache22 Now we know it's apache22, we can use: # (No need to bother with .if ${.CURDIR} any more) apache22_SET+= SUEXEC SUEXEC_DOCROOT= /www SUEXEC_USERDIR= /www/*/cgi-bin SUEXEC_LOGFILE= /var/log/suexec.log I'm not sure what APACHE_PERF_TUNING is; you may find it's been deprecated. Check with apache@ about that. If I've somehow missed that, you can just add it to the apache22_SET list: apache22_SET+= SUEXEC APACHE_PERF_TUNING Hope that helps! Chris (corresponding to WITHOUT is ${UNIQUENAME}_UNSET) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
On Sun, Sep 16, 2012 at 11:47 AM, Chris Rees cr...@freebsd.org wrote: On 16 September 2012 09:32, Odhiambo Washington odhia...@gmail.com wrote: Hi Chris, Thanks for this. Hopefully, you can modify the Wiki to have this information and even examples:) There are examples on the Wiki page already, but in a confusing order. I've put in a link, and a tip on how to find UNIQUENAME. Personally, I use `make config` and have never needed to do much with /etc/make.conf as regards the ports. True, but some people like to share their make.conf around machines :) Chris My machines are all identical too, except for parameters related to $hostname, DNS and passwords. I mostly used /usr/local/etc/pkgtools.conf before, then `make config` and now I believe I am gonna switch to /etc/make.conf but only where I must finely customize. One thing has crossed my mind now: What happens with make -DWITH_* in this new development of optionsNG?? I have manually built ports that way before. And what about those who want to use portinstall -m WITH_OPTx=1 WITH_OPTy=1, etc? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
On 16 September 2012 10:20, Odhiambo Washington odhia...@gmail.com wrote: On Sun, Sep 16, 2012 at 11:47 AM, Chris Rees cr...@freebsd.org wrote: On 16 September 2012 09:32, Odhiambo Washington odhia...@gmail.com wrote: Hi Chris, Thanks for this. Hopefully, you can modify the Wiki to have this information and even examples:) There are examples on the Wiki page already, but in a confusing order. I've put in a link, and a tip on how to find UNIQUENAME. Personally, I use `make config` and have never needed to do much with /etc/make.conf as regards the ports. True, but some people like to share their make.conf around machines :) Chris My machines are all identical too, except for parameters related to $hostname, DNS and passwords. I mostly used /usr/local/etc/pkgtools.conf before, then `make config` and now I believe I am gonna switch to /etc/make.conf but only where I must finely customize. One thing has crossed my mind now: What happens with make -DWITH_* in this new development of optionsNG?? I have manually built ports that way before. And what about those who want to use portinstall -m WITH_OPTx=1 WITH_OPTy=1, etc? Still works fine for nearly all ports, but just for apache ports there appears to be subtle problems with the logic since it's so complicated. That's why Olli chose to disable the WITH_ option style for Apache, and I think it was the right decision. I would suggest you learn the new (just as simple) syntax and see how you get on with it :) Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
On Sun, Sep 16, 2012 at 12:25 PM, Chris Rees cr...@freebsd.org wrote: On 16 September 2012 10:20, Odhiambo Washington odhia...@gmail.com wrote: On Sun, Sep 16, 2012 at 11:47 AM, Chris Rees cr...@freebsd.org wrote: On 16 September 2012 09:32, Odhiambo Washington odhia...@gmail.com wrote: Hi Chris, Thanks for this. Hopefully, you can modify the Wiki to have this information and even examples:) There are examples on the Wiki page already, but in a confusing order. I've put in a link, and a tip on how to find UNIQUENAME. Personally, I use `make config` and have never needed to do much with /etc/make.conf as regards the ports. True, but some people like to share their make.conf around machines :) Chris My machines are all identical too, except for parameters related to $hostname, DNS and passwords. I mostly used /usr/local/etc/pkgtools.conf before, then `make config` and now I believe I am gonna switch to /etc/make.conf but only where I must finely customize. One thing has crossed my mind now: What happens with make -DWITH_* in this new development of optionsNG?? I have manually built ports that way before. And what about those who want to use portinstall -m WITH_OPTx=1 WITH_OPTy=1, etc? Still works fine for nearly all ports, but just for apache ports there appears to be subtle problems with the logic since it's so complicated. That's why Olli chose to disable the WITH_ option style for Apache, and I think it was the right decision. I would suggest you learn the new (just as simple) syntax and see how you get on with it :) Chris I was thinking this optionsNG has already been adopted for all ports. Thanks for the examples though. They are good enough for me to learn the ropes.. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
On 16 September 2012 10:37, Odhiambo Washington odhia...@gmail.com wrote: On Sun, Sep 16, 2012 at 12:25 PM, Chris Rees cr...@freebsd.org wrote: On 16 September 2012 10:20, Odhiambo Washington odhia...@gmail.com wrote: On Sun, Sep 16, 2012 at 11:47 AM, Chris Rees cr...@freebsd.org wrote: On 16 September 2012 09:32, Odhiambo Washington odhia...@gmail.com wrote: Hi Chris, Thanks for this. Hopefully, you can modify the Wiki to have this information and even examples:) There are examples on the Wiki page already, but in a confusing order. I've put in a link, and a tip on how to find UNIQUENAME. Personally, I use `make config` and have never needed to do much with /etc/make.conf as regards the ports. True, but some people like to share their make.conf around machines :) Chris My machines are all identical too, except for parameters related to $hostname, DNS and passwords. I mostly used /usr/local/etc/pkgtools.conf before, then `make config` and now I believe I am gonna switch to /etc/make.conf but only where I must finely customize. One thing has crossed my mind now: What happens with make -DWITH_* in this new development of optionsNG?? I have manually built ports that way before. And what about those who want to use portinstall -m WITH_OPTx=1 WITH_OPTy=1, etc? Still works fine for nearly all ports, but just for apache ports there appears to be subtle problems with the logic since it's so complicated. That's why Olli chose to disable the WITH_ option style for Apache, and I think it was the right decision. I would suggest you learn the new (just as simple) syntax and see how you get on with it :) Chris I was thinking this optionsNG has already been adopted for all ports. Thanks for the examples though. They are good enough for me to learn the ropes.. Both syntaxes will work with old and new-style port OPTIONS. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.22_8
On Sun, 16 Sep 2012 09:17:55 +0100 Chris Rees articulated: You need to use ${UNIQUENAME}_SET, and to find the UNIQUENAME you need to; [crees@pegasus]~% cd /usr/ports/www/apache22 [crees@pegasus]/usr/ports/www/apache22% make -VUNIQUENAME apache22 Now we know it's apache22, we can use: I tried this with postfix and the postfix-current port and both returned the same unique name. Is that to be expected? I would have though that two different ports would return different unique names. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ The trouble with a lot of self-made men is that they worship their creator. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
apache 2.2.22_8
Hi! Im using apache 2.2.22_6 with make options in /etc/make.conf # apache22 .if ${.CURDIR} == ${PORTSDIR}/www/apache22 WITH_SUEXEC=YES SUEXEC_DOCROOT= /www SUEXEC_USERDIR= /www/*/cgi-bin SUEXEC_LOGFILE= /var/log/suexec.log WITH_APACHE_PERF_TUNING=yes .endif But after svn co /usr/ports today i'm see next: $portupgrade -arR ** Port marked as IGNORE: www/apache22: is marked as broken: WITH/WITHOUT parameters are obsolete. The port use the new options NG framework. Please read http://wiki.freebsd.org/Ports/Options/OptionsNG but a don't understand how i must set SUEXEC_DOCROOT, SUEXEC_USERDIR and SUEXEC_LOGFILE in NG framework format... Please help show me how ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
apache webdav svn locking issues
I've got a webdav setup on apache using svn, and all seems well until I use openoffice and it comes up with locking issues. I can mount the webdav drive and use locking to stop the io errors in openoffice, but it still tells me it is locked and can only be opened read only. I've checked thoroughly and there is no .~lock file, but in the apache logs it says it returned a 423 error when the file is queried. Apparently openoffice requests again, and finds no .~lock file (404). I'm assuming svn provides the locking data, correct? Anyone know the incantations to clear it? Cheers ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
On Mon, Aug 20, 2012 at 11:42 PM, John R. Levine jo...@iecc.com wrote: Good thought, I just did that. Results: php5.3: works fine as far as I can tell php5.4: fails in random ways This suggests there is a bug in 5.4 which only is apparent on FreeBSD 8.x. I note that the packages for 8.x have gone away on the distribution server, so I expect they're not regression testing 8.x any more Packages?? It's better for you to use the ports tree! Ahem. If you will review the messages to which you were responding, you will note that yes, I did build everything from the ports tree. My point is that since they're not building 8.3 packages any more, they're not validating updated ports against 8.3 any more. Sorry, you confused me there a little, by talking about packages. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
Le 21 août 2012 à 04:10, John Levine a écrit : Are you running pecl-APC? If so, what version? There's a major issue with the latest. Hmmn, that might have been it. I backed down to 5.3, but when I have a chance I'll try 5.4 again without APC. Tried it without APC, didn't help. We're back to the theory that there's something in PHP 5.4.5 that builds OK on 9.0 but not on 8.x. I suggest that you start with a fresh php.ini file in order to have up to date values. If you have compiled it with cli, you can post the output of php -v here so we can figure out more precisely what is going on with your install… I am running PHP 5.4.5 on 7.4 without problem - I had problem upon install, but they all came from php.ini not beeing up to date (AFAIR). Thx. R's, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
bsd wrote: Le 21 août 2012 à 04:10, John Levine a écrit : Are you running pecl-APC? If so, what version? There's a major issue with the latest. Hmmn, that might have been it. I backed down to 5.3, but when I have a chance I'll try 5.4 again without APC. Tried it without APC, didn't help. We're back to the theory that there's something in PHP 5.4.5 that builds OK on 9.0 but not on 8.x. I suggest that you start with a fresh php.ini file in order to have up to date values. If you have compiled it with cli, you can post the output of php -v here so we can figure out more precisely what is going on with your install… I am running PHP 5.4.5 on 7.4 without problem - I had problem upon install, but they all came from php.ini not beeing up to date (AFAIR). I have seen at one time or another a problem with the order modules were loaded in php.ini occur. One thing I noticed is if/when this happens you see modules completely fail to load in the error log, as opposed to module(s) that do load but then segfault when called by PHP code. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache 2.2 and php 5.4.5 failing on freebsd 8.3
I have a fully patche amd64 freebsd 8.3 server with apache 2.2 and PHP 5.4.5. In the past day, php scripts have started failing with a variety of random errors, they hang, errors claiming that builtins like require_once() are not found, and other stuff. I don't see any pattern. I also can't figure out what's changed. I update the ports fairly often, but none of the recent updates were for apache or PHP. I've done all the usual voodoo repair: I have rebuilt apache, php, and all the php modules from source, and rebooted, and it didn't help. Does this sound familiar? Any suggestions beyond what I've already done? R's, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
On Mon, Aug 20, 2012 at 7:46 PM, John Levine jo...@iecc.com wrote: I have a fully patche amd64 freebsd 8.3 server with apache 2.2 and PHP 5.4.5. In the past day, php scripts have started failing with a variety of random errors, they hang, errors claiming that builtins like require_once() are not found, and other stuff. I don't see any pattern. I also can't figure out what's changed. I update the ports fairly often, but none of the recent updates were for apache or PHP. I've done all the usual voodoo repair: I have rebuilt apache, php, and all the php modules from source, and rebooted, and it didn't help. Does this sound familiar? Any suggestions beyond what I've already done? Did you also rebuilt lang/php5-extensions for the modules you need? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
I've done all the usual voodoo repair: I have rebuilt apache, php, and all the php modules from source, and rebooted, and it didn't help. Did you also rebuilt lang/php5-extensions for the modules you need? Uh, yes, I said that I did. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
On Mon, Aug 20, 2012 at 10:18 PM, John R. Levine jo...@iecc.com wrote: I've done all the usual voodoo repair: I have rebuilt apache, php, and all the php modules from source, and rebooted, and it didn't help. Did you also rebuilt lang/php5-extensions for the modules you need? Uh, yes, I said that I did. Then perhaps you should downgrade to lang/php53 and lang/php53-extensions and compare the results! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
Then perhaps you should downgrade to lang/php53 and lang/php53-extensions and compare the results! Good thought, I just did that. Results: php5.3: works fine as far as I can tell php5.4: fails in random ways This suggests there is a bug in 5.4 which only is apparent on FreeBSD 8.x. I note that the packages for 8.x have gone away on the distribution server, so I expect they're not regression testing 8.x any more Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
On 20 Aug 2012 16:46:13 - John Levine articulated: I have a fully patche amd64 freebsd 8.3 server with apache 2.2 and PHP 5.4.5. In the past day, php scripts have started failing with a variety of random errors, they hang, errors claiming that builtins like require_once() are not found, and other stuff. I don't see any pattern. I also can't figure out what's changed. I update the ports fairly often, but none of the recent updates were for apache or PHP. I've done all the usual voodoo repair: I have rebuilt apache, php, and all the php modules from source, and rebooted, and it didn't help. Does this sound familiar? Any suggestions beyond what I've already done? What is the output of php --version? I had a similar problem a little over a year ago. I finally had to do a pkg_delete of every php port on my system. I then used portmanager, although you could use portupgrade as well to do a fresh install of php. I rebooted and every thing worked fine. For some unknown reason, attempting to do a deinstall and re-install just failed to alleviate the problem. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
On Mon, Aug 20, 2012 at 11:02 PM, John R. Levine jo...@iecc.com wrote: Then perhaps you should downgrade to lang/php53 and lang/php53-extensions and compare the results! Good thought, I just did that. Results: php5.3: works fine as far as I can tell php5.4: fails in random ways This suggests there is a bug in 5.4 which only is apparent on FreeBSD 8.x. I note that the packages for 8.x have gone away on the distribution server, so I expect they're not regression testing 8.x any more Packages?? It's better for you to use the ports tree! Anyway, good that you are back up again.I hope you do know that php54 breaks so much compatibility with code that was written for php53 and below. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
Are you running pecl-APC? If so, what version? There's a major issue with the latest. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
Good thought, I just did that. Results: php5.3: works fine as far as I can tell php5.4: fails in random ways This suggests there is a bug in 5.4 which only is apparent on FreeBSD 8.x. I note that the packages for 8.x have gone away on the distribution server, so I expect they're not regression testing 8.x any more Packages?? It's better for you to use the ports tree! Ahem. If you will review the messages to which you were responding, you will note that yes, I did build everything from the ports tree. My point is that since they're not building 8.3 packages any more, they're not validating updated ports against 8.3 any more. R's, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
John R. Levine wrote: Then perhaps you should downgrade to lang/php53 and lang/php53-extensions and compare the results! Good thought, I just did that. Results: php5.3: works fine as far as I can tell php5.4: fails in random ways This suggests there is a bug in 5.4 which only is apparent on FreeBSD 8.x. I note that the packages for 8.x have gone away on the distribution server, so I expect they're not regression testing 8.x any more [snip] I had pretty much the same experience. I run apache22 with the event mpm in conjunction with php-fm, utilizing mod_fastcgi to connect the two. This is so I can have a threaded web server and separate it from questionable thread-safe PHP code. I had built PHP with the threading option, and with 5.4.x I had flaky segfaults in some modules. I suspected at the time that there were regressions in thread-safety in more than one module but had zero time to deal with it. I went back down to 5.3.xx just as you and have had no trouble since. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
Are you running pecl-APC? If so, what version? There's a major issue with the latest. Hmmn, that might have been it. I backed down to 5.3, but when I have a chance I'll try 5.4 again without APC. R's, John
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
Are you running pecl-APC? If so, what version? There's a major issue with the latest. Hmmn, that might have been it. I backed down to 5.3, but when I have a chance I'll try 5.4 again without APC. Tried it without APC, didn't help. We're back to the theory that there's something in PHP 5.4.5 that builds OK on 9.0 but not on 8.x. R's, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache FCGI in a a jail under FBSD 9 won't start due to shared memory creation error
On Aug 9, 2012, at 9:41 AM, Fbsd8 wrote: Chad Leigh Shire.Net LLC wrote: On Aug 7, 2012, at 10:31 AM, Mark Felder wrote: jail_sysvipc_allow=YES in rc.conf should do it. Hmm I added that and rebooted the jail host system. However, the setting in sysctl security.jail.sysvipc_allowed is still 0 after the reboot # sysctl -a | grep sysvipc security.jail.param.allow.sysvipc: 0 security.jail.sysvipc_allowed: 0 # I can set security.jail.sysvipc_allowed to 1 manually. However, even after doing that, the original fcgi problem happens when starting apache2.2 with mod_fcgid in the configuration and being loaded [Tue Aug 07 13:09:12 2012] [emerg] (78)Function not implemented: mod_fcgid: Can't create shared memory for size 1192488 bytes Thanks! Chad Since you manually installed apache22 and mod_fcgid from up-stream sources maybe you missed something. As a test create another jail and install the package versions of apache22 and mod_fcgid and see if that will start ok. If it does them you know you missed something in your hand job version. Hi Thanks for the suggestion. I don't think, however, that anything is missing with my from-source compilations. I have been running self-compiled apaches for 15 years and have also done mod_fcgid in the past as well without issue (but not inside a jail). I don't think it is a matter of sw missing, but of system parameters or similar.' Thanks Chad
Re: Apache FCGI in a a jail under FBSD 9 won't start due to shared memory creation error
Chad Leigh Shire.Net LLC wrote: On Aug 7, 2012, at 10:31 AM, Mark Felder wrote: jail_sysvipc_allow=YES in rc.conf should do it. Hmm I added that and rebooted the jail host system. However, the setting in sysctl security.jail.sysvipc_allowed is still 0 after the reboot # sysctl -a | grep sysvipc security.jail.param.allow.sysvipc: 0 security.jail.sysvipc_allowed: 0 # I can set security.jail.sysvipc_allowed to 1 manually. However, even after doing that, the original fcgi problem happens when starting apache2.2 with mod_fcgid in the configuration and being loaded [Tue Aug 07 13:09:12 2012] [emerg] (78)Function not implemented: mod_fcgid: Can't create shared memory for size 1192488 bytes Thanks! Chad Since you manually installed apache22 and mod_fcgid from up-stream sources maybe you missed something. As a test create another jail and install the package versions of apache22 and mod_fcgid and see if that will start ok. If it does them you know you missed something in your hand job version. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache FCGI in a a jail under FBSD 9 won't start due to shared memory creation error
Hi. I'll try this again. I run systems using FreeBSD 9.0 FreeBSD utah.XXXcom 9.0-STABLE FreeBSD 9.0-STABLE #1: Wed Mar 21 15:22:14 MDT 2012 chad@underhill:/usr/obj/usr/src/sys/UNDERHILL-XEN amd64 and on those systems run a bunch of jails. I have Apache 2.2 built and running in the jail in question, and recently had need to add mod_fcgid to it. NOTE that the Apache and mod_fcgid were not installed through ports or packages. I download the source and build myself (for various reasons). Apache inside the Jail, with mod_fcgid enabled will not start: [Mon Jul 23 10:59:35 2012] [emerg] (78)Function not implemented: mod_fcgid: Can't create shared memory for size 1192488 bytes I did a search on this and found that I would probably need a system kernel parameter changed from 0 - 1 security.jail.sysvipc_allowed So I did that. (And restarted the jail). However, I still get the same error when trying to start apache. I noticed a similar parameter security.jail.param.allow.sysvipc but cannot change this at run time and did not find anything useful about what this parameter is for using a search engine. (As an aside, how would I change security.jail.sysvipc_allowed and also security.jail.param.allow.sysvipc at boot time? I added them both to /boot/loader.conf but they did not get changed at boot and I had to do the security.jail.sysvipc_allowed one again on the command line -- I have some vfs type kernel state variables set there and they stick) I would appreciate some help with getting things set up so that I can run apache with mod_fcgid under my Jails on FBSD 9. Thanks! Chad
Re: Apache FCGI in a a jail under FBSD 9 won't start due to shared memory creation error
jail_sysvipc_allow=YES in rc.conf should do it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache FCGI in a a jail under FBSD 9 won't start due to shared memory creation error
On Aug 7, 2012, at 10:31 AM, Mark Felder wrote: jail_sysvipc_allow=YES in rc.conf should do it. Hmm I added that and rebooted the jail host system. However, the setting in sysctl security.jail.sysvipc_allowed is still 0 after the reboot # sysctl -a | grep sysvipc security.jail.param.allow.sysvipc: 0 security.jail.sysvipc_allowed: 0 # I can set security.jail.sysvipc_allowed to 1 manually. However, even after doing that, the original fcgi problem happens when starting apache2.2 with mod_fcgid in the configuration and being loaded [Tue Aug 07 13:09:12 2012] [emerg] (78)Function not implemented: mod_fcgid: Can't create shared memory for size 1192488 bytes Thanks! Chad
Apache FCGI in a a jail under FBSD 9 won't start due to shared memory creation error
Hi I run systems using FreeBSD 9.0 FreeBSD utah.XXXcom 9.0-STABLE FreeBSD 9.0-STABLE #1: Wed Mar 21 15:22:14 MDT 2012 chad@underhill:/usr/obj/usr/src/sys/UNDERHILL-XEN amd64 and on those systems run a bunch of jails. I have Apache 2.2 built and running in the jail in question, and recently had need to add mod_fcgid to it. NOTE that the Apache and mod_fcgid were not installed through ports or packages. I download the source and build myself (for various reasons). Apache inside the Jail, with mod_fcgid enabled will not start: [Mon Jul 23 10:59:35 2012] [emerg] (78)Function not implemented: mod_fcgid: Can't create shared memory for size 1192488 bytes I did a search on this and found that I would probably need a system kernel parameter changed from 0 - 1 security.jail.sysvipc_allowed So I did that. (And restarted the jail). However, I still get the same error when trying to start apache. I noticed a similar parameter security.jail.param.allow.sysvipc but cannot change this at run time and did not find anything useful about what this parameter is for using a search engine. (As an aside, how would I change security.jail.sysvipc_allowed and also security.jail.param.allow.sysvipc at boot time? I added them both to /boot/loader.conf but they did not get changed at boot and I had to do the security.jail.sysvipc_allowed one again on the command line -- I have some vfs type kernel state variables set there and they stick) I would appreciate some help with getting things set up so that I can run apache with mod_fcgid under my Jails on FBSD 9. Thanks! Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache vs. nginx
I'm the admin for a small hobby website (Stovebolt.com - about 7 million hits/mo). We're fixin to buy a new server, and since I have to start from scratch (install FreeBSD and all the needed ports), I'm wondering if anyone on this list has switched from Apache to nginx. it depends of your needs. with lot traffic website (your classify as that) it doesn't matter really. apache do some things that nginx doesn't, like .htaccess, no idea if you need them or not. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache vs. nginx
On Jul 18, 2012 5:19 AM, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: I'm the admin for a small hobby website (Stovebolt.com - about 7 million hits/mo). We're fixin to buy a new server, and since I have to start from scratch (install FreeBSD and all the needed ports), I'm wondering if anyone on this list has switched from Apache to nginx. it depends of your needs. This is a fantastic statement (I'm being serious, not facetious), because it really does. For specific purposes - serving static content with few bells and whistles, dedicated PHP application servers for custom apps and stuff like Drupal, I can't see ever going back to Apache. The nginx configs are too clean and too simple. For a large site with more complex authentication and access restriction needs that are handled by the web server, I wouldn't drift from Apache - not because I think nginx couldn't handle it but because I don't know if it could and because I am less comfortable with saying I did it properly with nginx than saying the same thing about Apache. kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache vs. nginx
On 7/17/12 4:40 PM, Paul Schmehl wrote: I'm the admin for a small hobby website (Stovebolt.com - about 7 million hits/mo). We're fixin to buy a new server, and since I have to start from scratch (install FreeBSD and all the needed ports), I'm wondering if anyone on this list has switched from Apache to nginx. If you have, what has your experience been like? Was the change relatively easy? (I'm not intimidated by technical details. I've been running FreeBSD on these servers for about 12 years now.) Was the performance better? (We've not been having any problems with Apache to this point.) Is there sufficient support from addon apps to run a site with a php-driven forum? I have. 1/ regarding the difficulty of the switch It depends on whether or not you're running code parsing programs like CGI and PHP. It also depends on whether or not you're using apache rewrite rules. 2/ regarding performance I'm much more satisfied by nginx than I was by apache. I find it runs smoother, it's not vulnerable to slowloris... 3/ regarding functionality In constrast with Wojciech Puchar's email, I'd like to point out that while nginx doesn't support .htaccess files, you can still customize your vhosts to add authentication and such. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache vs. nginx
Thanks, Chuck. That's very useful input. --On July 17, 2012 10:40:30 AM -0700 Chuck Swiger cswi...@mac.com wrote: On Jul 17, 2012, at 7:40 AM, Paul Schmehl wrote: I'm the admin for a small hobby website (Stovebolt.com - about 7 million hits/mo). We're fixin to buy a new server, and since I have to start from scratch (install FreeBSD and all the needed ports), I'm wondering if anyone on this list has switched from Apache to nginx. If you have, what has your experience been like? Was the change relatively easy? (I'm not intimidated by technical details. I've been running FreeBSD on these servers for about 12 years now.) Was the performance better? (We've not been having any problems with Apache to this point.) Is there sufficient support from addon apps to run a site with a php-driven forum? I've compared them; since I know Apache...rather well, switching to nginx didn't strike me as a useful change at any of the sites for which I've setup or managed their webservers. You have to invoke external scripts like a PHP forum via FastCGI (what nginx calls ngx_http_fastcgi_module); using and tuning FastCGI separately from the webserver itself definitely has some advantages, but those same advantages can be obtained in Apache by using mod_fcgi instead of using mod_php directly. Apache is bulkier per process than nginx but has more modules and config options available for it; nginx seems to have been tuned more for server farms hosting a lot of low-volume vanity domains, so it has minimal overhead, implements IP-based and name-based virtual hosting eloquently, implements bandwidth rate controls as a core functionality, etc. I cannot recall encountering a circumstance where the base performance of the webserver itself turned out to be the primary criterion for website performance; sites are almost always constrained by bandwidth and/or the performance of the dynamic scripts, database backend, etc-- and not by the webserver's ability to serve static resources. Regards, -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson There are some ideas so wrong that only a very intelligent person could believe in them. George Orwell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
apache PHP suhosin load
On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for compatibility with existing applications, but the most recent version in the php52 branch $ php --version PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May 7 2012 08:45:58) From time to time, I notice in a top output, that a huge number of httpd daemons are being started, making the load rapidly increase to levels of 5, 10, 15, ... and very slow interactive respons ... Stopping apache makes the load rapidly decrease to a normal level. I noticed at the console, at stopping apache, several messages such as Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file '/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php', line 654) (the file value differs, but it's always suhosin .. canany mismatch - heap overflow detected) My PHP has following options set # cd /usr/ports/lang/php52 My PHP has following options set # cd /usr/ports/lang/php52 # make showconfig === The following configuration options are available for php52-5.2.17_8: CLI=on: Build CLI version CGI=on: Build CGI version APACHE=on: Build Apache module DEBUG=off: Enable debug SUHOSIN=on: Enable Suhosin protection system (not for jails) MULTIBYTE=off: Enable zend multibyte support IPV6=on: Enable ipv6 support MAILHEAD=off: Enable mail header patch REDIRECT=off: Enable force-cgi-redirect support (CGI only) DISCARD=off: Enable discard-path support (CGI only) FASTCGI=on: Enable fastcgi support (CGI only) FPM=off: Enable fastcgi process manager (CGI only) PATHINFO=on: Enable path-info-check support (CGI only) LINKTHR=off: Link thread lib (for threaded extensions) Is that heap overlow causing the trouble? Has suhosin to do something with it? How to solve? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache PHP suhosin load
On 21 Jun 2012, at 08:34, n dhert ndhert...@gmail.com wrote: On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for compatibility with existing applications, but the most recent version in the php52 branch $ php --version PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May 7 2012 08:45:58) From time to time, I notice in a top output, that a huge number of httpd daemons are being started, making the load rapidly increase to levels of 5, 10, 15, ... and very slow interactive respons ... Stopping apache makes the load rapidly decrease to a normal level. I noticed at the console, at stopping apache, several messages such as Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file '/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php', line 654) (the file value differs, but it's always suhosin .. canany mismatch - heap overflow detected) My PHP has following options set # cd /usr/ports/lang/php52 My PHP has following options set # cd /usr/ports/lang/php52 # make showconfig === The following configuration options are available for php52-5.2.17_8: CLI=on: Build CLI version CGI=on: Build CGI version APACHE=on: Build Apache module DEBUG=off: Enable debug SUHOSIN=on: Enable Suhosin protection system (not for jails) MULTIBYTE=off: Enable zend multibyte support IPV6=on: Enable ipv6 support MAILHEAD=off: Enable mail header patch REDIRECT=off: Enable force-cgi-redirect support (CGI only) DISCARD=off: Enable discard-path support (CGI only) FASTCGI=on: Enable fastcgi support (CGI only) FPM=off: Enable fastcgi process manager (CGI only) PATHINFO=on: Enable path-info-check support (CGI only) LINKTHR=off: Link thread lib (for threaded extensions) Is that heap overlow causing the trouble? Has suhosin to do something with it? How to solve? For starters, I would suggest moving away from apace and towards nginx + fastcgi php. A friend had a small dedicated server with a vbulletin forum overloaded with addons, and apache/php were bringing the server to high load levels, 10-20ish. I've moved him to nginx and the server hardly ever goes above 1 now. Additionally, nginx is immune to Slowloris attacks, while apache is not. Only after migrating to nginx would I investigate of the suhosin problem still exists.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache PHP suhosin load
n dhert wrote: On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for compatibility with existing applications, but the most recent version in the php52 branch $ php --version PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May 7 2012 08:45:58) From time to time, I notice in a top output, that a huge number of httpd daemons are being started, making the load rapidly increase to levels of 5, 10, 15, ... and very slow interactive respons ... Stopping apache makes the load rapidly decrease to a normal level. I noticed at the console, at stopping apache, several messages such as Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file '/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php', line 654) (the file value differs, but it's always suhosin .. canany mismatch - heap overflow detected) My PHP has following options set # cd /usr/ports/lang/php52 My PHP has following options set # cd /usr/ports/lang/php52 # make showconfig === The following configuration options are available for php52-5.2.17_8: CLI=on: Build CLI version CGI=on: Build CGI version APACHE=on: Build Apache module DEBUG=off: Enable debug SUHOSIN=on: Enable Suhosin protection system (not for jails) MULTIBYTE=off: Enable zend multibyte support IPV6=on: Enable ipv6 support MAILHEAD=off: Enable mail header patch REDIRECT=off: Enable force-cgi-redirect support (CGI only) DISCARD=off: Enable discard-path support (CGI only) FASTCGI=on: Enable fastcgi support (CGI only) FPM=off: Enable fastcgi process manager (CGI only) PATHINFO=on: Enable path-info-check support (CGI only) LINKTHR=off: Link thread lib (for threaded extensions) Is that heap overlow causing the trouble? Has suhosin to do something with it? Most likely - yes. I noticed in your config above you built and installed the Apache PHP module in addition to CGI/FastCGI. If you are running Apache in a FastCGI mode you should check and make sure the following is indeed commented out like below: #LoadModule php5_modulelibexec/apache22/libphp5.so The general purpose meaning of this error is that PHP has detected some form of memory corruption. But as to why/what exactly it doesn't help much. The general way I used to look at Apache and PHP problems was to isolate pieces. Like only loading the core PHP and no extensions by renaming the extensions.ini to extensions.ini.bak. This is bound to cause problems as most PHP apps today require a certain basic number of modules enabled in order to work. 2 things to troubleshoot looking for a bad module: comment each out one at a time and restart. When you comment out the bad one you will no longer see the error. Another second item to be aware of is sometimes certain module combinations need to be loaded in extensions.ini in a specific order. Figuring out this order can be nightmarish, should it ever actaully be found to be a problem. Long time ago someone wrote a script to automate this. I seem to have a distant memory that back in early PHP 5.2.x days I had a problem with the mcrypt module. Maybe try commenting that one out first. If you don't need it leave it that way. I also seem to have experienced this error a second time, and it was from a bad interaction between Suhosin patch and two other build options being enabled, one was the Mailhead and I don't remember what the other one was(maybe it was IPv6). I found when I disabled these 2 things I could build with the Suhosin patch and stuff ran correctly. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Ports: Apache openoffice build eats all /usr and fails
Rebuilding and upgrading to apache openoffice on my main desktop fails because the procedure consumes all my 17 gbs of available /usr space, which still is not enough apparently. The build routine says 11gb is more than enough. Libreoffice will not build on this machine for some reason so at this point that is not an alternative. Anyone here have ideas what is wrong ( some nob must be turned the wrong way ;) ) Blessed be... Kenneth Hatteland ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail recommended permissions for apache/php server
On 12/04/2012 02:49, Polytropon wrote: On Wed, 11 Apr 2012 23:57:51 +, Ian Lord wrote: I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. No, not change to, but you can _add_ apache (or whatever is originating the error) to the smmsp group. Add it to smmsp:*:25: in /etc/group. You should not be changing the ownership and permissions on any of the directories used by sendmail(8), or the group membership of any of the groups used by sendmail. Not even if you think you know what you are doing. This is extremely security sensitive, and getting it wrong means at minimum unprivileged users can forge e-mails untraceably[*]. There is no reason for apache to have any sort of write permissions to /var/spool/clientmqueue -- that should only be accessible to sendmail, and sendmail is the only program that should ever use it. To the OP -- can you execute sendmail outside PHP? If you can use mail(1) to send a test e-mail, then sendmail should be fine. Note: test this as an unprivileged user. What are the permissions on /usr/libexec/sendmail/sendmail ? They should look like this: % ls -la /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root smmsp 662136 Apr 1 08:38 /usr/libexec/sendmail/sendmail If that all checks out, then the problem is with PHP rather than your sendmail installation. There are several different ways PHP might be programmed to send e-mail; perhaps you could describe how your particular application tries to do it? Cheers, Matthew [*] So what? you might think. Until you get an e-mail request from your boss to provide sensitive information to some contractor you don't really know. -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Sendmail recommended permissions for apache/php server
On Thu, 12 Apr 2012 08:17:33 +0100, Matthew Seaman wrote: On 12/04/2012 02:49, Polytropon wrote: On Wed, 11 Apr 2012 23:57:51 +, Ian Lord wrote: I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. No, not change to, but you can _add_ apache (or whatever is originating the error) to the smmsp group. Add it to smmsp:*:25: in /etc/group. You should not be changing the ownership and permissions on any of the directories used by sendmail(8), or the group membership of any of the groups used by sendmail. Not even if you think you know what you are doing. This is extremely security sensitive, and getting it wrong means at minimum unprivileged users can forge e-mails untraceably[*]. You're right - as long as sendmail works properly (and is invoked by whatever means sends e-mail out of apache / PHP), the present group settings and permissions should be okay. Sendmail will then properly run as the smmsp group member which will enable it to properly access the queue directory. There is no reason for apache to have any sort of write permissions to /var/spool/clientmqueue -- that should only be accessible to sendmail, and sendmail is the only program that should ever use it. I'm not aware of why a program should directly access the mail queues, but maybe that's a special PHP feature. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Sendmail recommended permissions for apache/php server
You should not be changing the ownership and permissions on any of the directories used by sendmail(8), or the group membership of any of the groups used by sendmail. Not even if you think you know what you are doing. This is extremely security sensitive, and getting it wrong means at minimum unprivileged users can forge e-mails untraceably[*]. That's what I thought, I found it to work but preferred to ask on the list since it didn't make sense to me :) To the OP -- can you execute sendmail outside PHP? If you can use mail(1) to send a test e-mail, then sendmail should be fine. Note: test this as an unprivileged user. No it doesn't work, just tried it: %mail -s Hello lo...@msdi.ca Hello ! . EOT %WARNING: RunAsUser for MSP ignored, check group ids (egid=0, want=25) can not chdir(/var/spool/clientmqueue/): Permission denied Program mode requires special privileges, e.g., root or TrustedUser. Apr 12 08:47:08 dev sendmail[94980]: NOQUEUE: SYSERR(msdi): can not chdir(/var/spool/clientmqueue/): Permission denied What are the permissions on /usr/libexec/sendmail/sendmail ? They should look like this: % ls -la /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root smmsp 662136 Apr 1 08:38 /usr/libexec/sendmail/sendmail # ls -al /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root wheel 707160 Jan 3 02:57 /usr/libexec/sendmail/sendmail So the group is wrong... I changed it from wheel to smmsp and everything works fine now ! Thanks a lot for the fix, but this server is a clean install of 9.0-RELEASE that I installed about 2-3 months ago. I never changed the permission myself on that file so I guess there is something wrong that would need to be fixed (unless it's already fixed in newer versions). Thanks again ~~ Ian Lord MSD Informatique 143 Rue des Fauvettes St-Colomban (Québec) J5K 0E2 Tél: (514) 776-MSDI - (514) 776-6734 Sans Frais: 1(877) 776-MSDI - 1(877) 776-6734 http://www.msdi.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail recommended permissions for apache/php server
On 12/04/2012 14:40, Ian Lord wrote: What are the permissions on /usr/libexec/sendmail/sendmail ? They should look like this: % ls -la /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root smmsp 662136 Apr 1 08:38 /usr/libexec/sendmail/sendmail # ls -al /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root wheel 707160 Jan 3 02:57 /usr/libexec/sendmail/sendmail So the group is wrong... I changed it from wheel to smmsp and everything works fine now ! Thanks a lot for the fix, but this server is a clean install of 9.0-RELEASE that I installed about 2-3 months ago. I never changed the permission myself on that file so I guess there is something wrong that would need to be fixed (unless it's already fixed in newer versions). I haven't had any similar problems on 9.0 systems I've installed so I don't think it is an obvious and universal bug in the system installer. It might be the case that you did something differently -- if you can reproduce the effect, and if it's not by doing something daft like 'oh, and here is where we recursively chgrp the whole filesystem for no apparent reason' then please do send a PR with the details. If you want to ensure that almost everything has the correct ownership and permissions, then you can use mtree(8). eg. # cd / # mtree -Ue -f /etc/mtree/BSD.root.dist # mtree -Ue -f /etc/mtree/BSD.sendmail.dist # cd /usr # mtree -Ue -f /etc/mtree/BSD.usr.dist # cd /usr/include # mtree -Ue -f /etc/mtree/BSD.include.dist # cd /var # mtree -Ue -f /etc/mtree/BSD.var.dist ... although now I come to look at it, this won't actually fix the group ownership on /usr/libexec/sendmail/sendmail for example. For that, you'ld probably have to use the system sources or the installation media. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Sendmail recommended permissions for apache/php server
Hi, I am trying to use sendmail to send emails from a php script (I tried phpmailer and mail function with the same result). I always got messages like Could not execute: /usr/sbin/sendmail Sendmail is World executable: # ls -l /usr/sbin/sendmail lrwxr-xr-x 1 root wheel 21 Jan 3 02:57 /usr/sbin/sendmail - /usr/sbin/mailwrapper So I've checked into /var/log/messages and found this: Apr 11 18:09:44 dev sendmail[38340]: NOQUEUE: SYSERR(www): can not chdir(/var/spool/clientmqueue/): Permission denied I've checked permissions on the /var/spool/clientmqueue/ directory # ls -al /var/spool/clientmqueue/ drwxrwx--- 2 smmsp smmsp 3 Apr 11 19:01 . So I saw that only the user and group smmsp could write to this directory. I presumed the apache user should have access to it so I added www to the smmsp directory. I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. Chmodding 777 the /var/spool/clientmqueue/ fixed the problem, I can now send emails, but I wonder if this is the way to fix the issue correctly. Is that the official fix or did I missed some configuration somewhere ? Sending emails from php using mail or sendmail should be something working out of the box I guess, I doubt we're supposed to change permissions to make it work Any help would be appreciated. Regards ~~ Ian Lord MSD Informatique 143 Rue des Fauvettes St-Colomban (Québec) J5K 0E2 Tél: (514) 776-MSDI - (514) 776-6734 Sans Frais: 1(877) 776-MSDI - 1(877) 776-6734 http://www.msdi.cahttp://www.msdi.ca/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail recommended permissions for apache/php server
On Wed, 11 Apr 2012 23:57:51 +, Ian Lord wrote: I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. No, not change to, but you can _add_ apache (or whatever is originating the error) to the smmsp group. Add it to smmsp:*:25: in /etc/group. See the error message above: can not write to queue directory /var/spool/clientmqueue/ Check: % ls -ld /var/spool/clientmqueue drwxrwx--- 2 smmsp smmsp 512 Apr 12 03:12 /var/spool/clientmqueue/ ^^^ This directory can be read, written and entered/searched by _members_ of the smmsp group. Back to the error message: (RunAsGid=0, required=25) It is indicated that group #25 (smmsp) is the required GID, not 0. And: Permission denied which is the logical conclusion. Conclusion: You must make sure that whatever needs to access this directory is in the smmsp group (25). Chmodding 777 the /var/spool/clientmqueue/ fixed the problem, I can now send emails, but I wonder if this is the way to fix the issue correctly. You souldn't need to do that. Now this directory can be modified by anyone, that's not good. Is that the official fix or did I missed some configuration somewhere ? Sending emails from php using mail or sendmail should be something working out of the box I guess, I doubt we're supposed to change permissions to make it work Correct. In regards of _security_, it's required to _allow_ the corresponding program / functionality / part of apache / mailer or whatever the access to the mail queue. This is something that is _not_ possible out of the box because there are many possi- bilities and security considerations. Any help would be appreciated. Try to add apache (or whatever part of it, or PHP subsystem called by it that needs to access the mail queue) to the required group to give it the proper permission to do so. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache: Socket is not connected: core_output_filter: writing data to the network
I see this error in the error log of apache. It seems to happen whenever someone do a GET on certain mp3-files on my server. What does this error mean? -- chs, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache: Socket is not connected: core_output_filter: writing data to the network
On 10/04/2012 08:05, Christer Solskogen wrote: I see this error in the error log of apache. It seems to happen whenever someone do a GET on certain mp3-files on my server. What does this error mean? It can be due to various different reasons. At a guess, probably this: https://issues.apache.org/bugzilla/show_bug.cgi?id=10712 In which case, it's probably your users getting frustrated with slow downloads and cancelling requests -- improving performance and getting more downstream bandwidth would help. Beyond that, it can be due to apache running out of file descriptors -- you'ld see error messages mentioning file descriptors elsewhere in the apache logs in that case, and it would only appear if your apache setup had hundreds of virtual hosts each with their own log files. Other things to look at: use of EnableSendFile or EnableMMAP in your configuration. IIRC this is generally fine and enabled by default on FreeBSD, *except* when you mount your document root by NFS. See the discussion in the Apache docs for more details. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Apache: Socket is not connected: core_output_filter: writing data to the network
On Tue, Apr 10, 2012 at 9:33 AM, Matthew Seaman matt...@freebsd.org wrote: a good explaination Thanks! -- chs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache module mod_fastcgi
according to: http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html#FastCgiExternalServer --- Note: Using FastCgiServer within a VirtualHost does not necessarily limited access to that host. If filename is accessible via other virtual hosts, they too can leverage the same definition. --- how would I share this between multiple virtualhosts? I can get it to work in one default virtualhost but in none of my virtualhosts since it's already defined and being shared across all virtualhost? -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Weird configuration with Apache 22 and Freebsd 9.0
Installed Freebsd9.0 along with Apache2.2 ,php5, php5-extensions, perl, and phpmyadmin phpmyadmin works fine when i put in the url but if I add a virtual host file then I get the error can't find phpmyadmin on the server. What am I missing here? Thanks___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Weird configuration with Apache 22 and Freebsd 9.0
On 1/30/12 11:40 AM, Darrell Betts wrote: Installed Freebsd9.0 along with Apache2.2 ,php5, php5-extensions, perl, and phpmyadmin phpmyadmin works fine when i put in the url but if I add a virtual host file then I get the error can't find phpmyadmin on the server. What am I missing here? You're missing, most likely, an alias to /phpmyadmin/ or similar. You may want to copy/paste your vhost configuration. Also, no offense meant, but I think you're being lazy. From your question, I can only guess that you haven't looked at your apache error log files. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
apache
Hey I install apache on free bsd 8.2 but accidentially didnt include the perl threads. Now when I try to re-install it says perl file required for apache..How do i fix this problem? Thanks, Daniel Lewis 561-676-1073 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache
On 1/16/12 1:03 PM, Daniel Lewis wrote: Hey I install apache on free bsd 8.2 but accidentially didnt include the perl threads. Now when I try to re-install it says perl file required for apache..How do i fix this problem? Thanks, Daniel Lewis 561-676-1073 Hi, Sadly, perl file required for apache totally doesn't ring a bell here. Mayhaps you could be a bit more accurate and copy/paste the error you're getting ? Also, if you could tell at what point you're getting the error, that could be handy. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache
On Mon, Jan 16, 2012 at 7:03 AM, Daniel Lewis innervisionnetw...@gmail.com wrote: Hey I install apache on free bsd 8.2 but accidentially didnt include the perl threads. Now when I try to re-install it says perl file required for apache..How do i fix this problem? I am assuming you want to run mod_perl on mod_worker so here are my 0.02: To answer your question you must build, and/or re-build Perl first and then Apache and then mod_perl in that order. You can do this as many times as you like because I've done it personally _many_ times. You must of course make desinstall before you can make install again. I've used mod_worker/mod_perl and it's probably _awesome_ for _some_ situations but it's not as straight forward as you may think, and it's not worth the hassle unless you really, really need it to take advantage of idle CPU with the same amount of RAM. You can definitively increase your Apache processes by ten fold _easily_ (and perhaps a lot more) using marginally more RAM, but you must have the CPU power to back it up or you will choke real quickly. You must have very clear, your average response per request to be able to project the actual concurrency, and you must leave _at least_ 1-2GB of RAM free for the OS and calculate at least 20% free time for CPUs. For one, not all Perl code is thread-safe and you must really understand how mod_perl shares the non-mutable segments and all that. This doesn't necessarily mean you can't use _all_ non thread-safe code, but you have to know which parts are fragile, and exactly how fragile they are. Remember mod_perl already loads your PMs globally so you are already saving a lot of memory there (not like mod_php which is basically a fancy SSI-type lang). The only reason to use mult-threaded LWP is to spawn many more Apache threads with mod_worker assuming that your RAM is actually big enough and you a lot of idling CPU power you want to take advantage of. The growth of the memory usage will becoem a trial and error thing and you must reset your main processes with maxrequestsperchild directive once in a while because most thread implementations including FBSD's will leak over time. Anyway, it's MHO but if you really don't understand exactly why and how you're going to use mod_worker/mod_perl just stick to mod_prefork and you'll still get *a very decent* performance and use of your HW. When I started using mod_perl/mod_worker it was quite experimental but if you sit down and do your homework it will really work wonders to squeeze the last drop on your HW. Also, be grateful you're using FBSD for such things, 'cause it can take the beating. This is one area where FBSD leaves Linux in the dust ;-) Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache segmentation fault
Upgraded php52 to php53 by pkg_delete of php5 and porinstall php52. Then I had to manually resort back to php52 by pkg_delete and then portinstall and now getting a seg fault when restarting apache22 on this FreeBSD 8.1 server. I narrowed it down to not the php module, but the two ldap modules I have in apache... mail# cat httpd.conf|grep ldap #LoadModule authnz_ldap_module libexec/apache22/mod_authnz_ldap.so #LoadModule ldap_module libexec/apache22/mod_ldap.so With these two lines commented out, apache restarts without the seg fault. Tried to force pkg_delete on apache and then portinstall to rebuild these modules, but same issue afterward. The php module loads without error, but getting download prompts when trying to access php pages. Not getting any help from messages or httpd-error logs and all was working before I messed it up. My question is what I should try next to try and fix this issue. Should I force pkg_delete and rebuild all php packages or ldap packages? Or some other approach? Thanks for any help, Robert -- Robert rob...@webtent.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache segmentation fault
On Jan 11, 2012 12:39 PM, Robert Fitzpatrick rob...@webtent.org wrote: Upgraded php52 to php53 by pkg_delete of php5 and porinstall php52. Then I had to manually resort back to php52 by pkg_delete and then portinstall and now getting a seg fault when restarting apache22 on this FreeBSD 8.1 server. I narrowed it down to not the php module, but the two ldap modules I have in apache... mail# cat httpd.conf|grep ldap #LoadModule authnz_ldap_module libexec/apache22/mod_authnz_ldap.so #LoadModule ldap_module libexec/apache22/mod_ldap.so With these two lines commented out, apache restarts without the seg fault. Tried to force pkg_delete on apache and then portinstall to rebuild these modules, but same issue afterward. The php module loads without error, but getting download prompts when trying to access php pages. Not getting any help from messages or httpd-error logs and all was working before I messed it up. My question is what I should try next to try and fix this issue. Should I force pkg_delete and rebuild all php packages or ldap packages? Or some other approach? Thanks for any help, Robert -- Robert rob...@webtent.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org hi, you probably need to replace php.ini ... 5.3 barfs with a 5.2 config file... not sure if the pkg thingy would wipe your config. waitman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache segmentation fault
On Jan 11, 2012 12:54 PM, Waitman Gobble gobble...@gmail.com wrote: On Jan 11, 2012 12:39 PM, Robert Fitzpatrick rob...@webtent.org wrote: Upgraded php52 to php53 by pkg_delete of php5 and porinstall php52. Then I had to manually resort back to php52 by pkg_delete and then portinstall and now getting a seg fault when restarting apache22 on this FreeBSD 8.1 server. I narrowed it down to not the php module, but the two ldap modules I have in apache... mail# cat httpd.conf|grep ldap #LoadModule authnz_ldap_module libexec/apache22/mod_authnz_ldap.so #LoadModule ldap_module libexec/apache22/mod_ldap.so With these two lines commented out, apache restarts without the seg fault. Tried to force pkg_delete on apache and then portinstall to rebuild these modules, but same issue afterward. The php module loads without error, but getting download prompts when trying to access php pages. Not getting any help from messages or httpd-error logs and all was working before I messed it up. My question is what I should try next to try and fix this issue. Should I force pkg_delete and rebuild all php packages or ldap packages? Or some other approach? Thanks for any help, Robert -- Robert rob...@webtent.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org hi, you probably need to replace php.ini ... 5.3 barfs with a 5.2 config file... not sure if the pkg thingy would wipe your config. waitman sorry, somehow i missed that paragraph about commenting out the other modules... hope i didn't send you on a wild goose chase for nothing. but the behavior you describe sounds like what happens running with a mismatched php.ini... i once tried to narrow down but decided it more productive to start with a fresh ini file. i believe the problem has to do with the session config lines. that and the way it handles cgi variables (see the EPGS section) are the two biggest changes i noticed. anyway you might check if thats the issue easily by renaming php.ini.. it should run without it. (at least 5.2 would havent tried 5.3) if it runs without php.ini then that could be the problem. by the way you are restarting apache after the changes right? also verify that the modules listed in httpd.conf exist in the paths specified... hope that helps! waitman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache segmentation fault
On 1/11/2012 4:39 PM, Waitman Gobble wrote: sorry, somehow i missed that paragraph about commenting out the other modules... hope i didn't send you on a wild goose chase for nothing. but the behavior you describe sounds like what happens running with a mismatched php.ini... i once tried to narrow down but decided it more productive to start with a fresh ini file. i believe the problem has to do with the session config lines. that and the way it handles cgi variables (see the EPGS section) are the two biggest changes i noticed. anyway you might check if thats the issue easily by renaming php.ini.. it should run without it. (at least 5.2 would havent tried 5.3) if it runs without php.ini then that could be the problem. by the way you are restarting apache after the changes right? also verify that the modules listed in httpd.conf exist in the paths specified... hope that helps! waitman Thanks for that, found my php.ini was symlink'd to php.ini-recommended, which is now missing. PHP working now, but still no help with the segmentation fault. I have tested my ldap client pkgs and perl-LDAP to work fine, but when I uncomment those modules, I get the fault when restarting apache mail# pwd /usr/local/etc mail# cat apache22/httpd.conf|grep ldap LoadModule authnz_ldap_module libexec/apache22/mod_authnz_ldap.so LoadModule ldap_module libexec/apache22/mod_ldap.so mail# cat apache22/httpd.conf | grep ServerRoot ServerRoot /usr/local mail# cat apache22/httpd.conf | grep ldap LoadModule authnz_ldap_module libexec/apache22/mod_authnz_ldap.so LoadModule ldap_module libexec/apache22/mod_ldap.so mail# ls -lah /usr/local/libexec/apache22/*ldap* -rwxr-xr-x 1 root wheel54K Jan 11 12:29 /usr/local/libexec/apache22/mod_authnz_ldap.so -rwxr-xr-x 1 root wheel 115K Jan 11 12:29 /usr/local/libexec/apache22/mod_ldap.so mail# rc.d/apache22 restart Performing sanity check on apache22 configuration: Syntax OK Segmentation fault (core dumped) If I comment out the two modules shown, it restarts without issue. -- Robert rob...@webtent.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
apache 2.2.21 - back to 2.2.20 ?
Monday I did a portupgrade apache-2.2.20 needs updating (index has 2.2.21) There was no problem during the update (and nothing special mentionned in /usr/ports/UPDATING) Today Tuesday afternoon I did a # apachectl graceful Since them, several webpages give problems this error comes up: warning: preg_match() [function.preg-match]: Compilation failed: internal error: previously-checked referenced subpattern not found at offset 389 in /usr/local/www/apache22/data/drupal-6.22/includes/database.inc on line 347. nothing was changed to the website(s). In the morning today everything was still OK. The # apachectl grafecul must have loaded the new httpd (apache2.2.21) and now gives these errors. What can be the reason and how to solve? Can you switch back tot a previous version of a port How to go back from apache-2.2.21 to apache-2.2.20 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.21 - back to 2.2.20 ?
2011/9/20 n dhert ndhert...@gmail.com: Monday I did a portupgrade apache-2.2.20 needs updating (index has 2.2.21) There was no problem during the update (and nothing special mentionned in /usr/ports/UPDATING) Today Tuesday afternoon I did a # apachectl graceful Since them, several webpages give problems this error comes up: warning: preg_match() [function.preg-match]: Compilation failed: internal error: previously-checked referenced subpattern not found at offset 389 in /usr/local/www/apache22/data/drupal-6.22/includes/database.inc on line 347. Your drupal its old versión, i think work with php 4 and now you have php5 Try to upgrade drupal. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.21 - back to 2.2.20 ?
On Tue, Sep 20, 2011 at 21:45, Sergio Tam tam.ser...@gmail.com wrote: 2011/9/20 n dhert ndhert...@gmail.com: Monday I did a portupgrade apache-2.2.20 needs updating (index has 2.2.21) There was no problem during the update (and nothing special mentionned in /usr/ports/UPDATING) Today Tuesday afternoon I did a # apachectl graceful Since them, several webpages give problems this error comes up: warning: preg_match() [function.preg-match]: Compilation failed: internal error: previously-checked referenced subpattern not found at offset 389 in /usr/local/www/apache22/data/drupal-6.22/includes/database.inc on line 347. Your drupal its old versión, i think work with php 4 and now you have php5 Try to upgrade drupal. Or, in worst case scenario, portdowngrade (it's in the ports) apache. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.21 - back to 2.2.20 ?
2011/9/20 Odhiambo Washington odhia...@gmail.com On Tue, Sep 20, 2011 at 21:45, Sergio Tam tam.ser...@gmail.com wrote: 2011/9/20 n dhert ndhert...@gmail.com: Monday I did a portupgrade apache-2.2.20 needs updating (index has 2.2.21) There was no problem during the update (and nothing special mentionned in /usr/ports/UPDATING) Today Tuesday afternoon I did a # apachectl graceful Since them, several webpages give problems this error comes up: warning: preg_match() [function.preg-match]: Compilation failed: internal error: previously-checked referenced subpattern not found at offset 389 in /usr/local/www/apache22/data/drupal-6.22/includes/database.inc on line 347. Your drupal its old versión, i think work with php 4 and now you have php5 Try to upgrade drupal. Or, in worst case scenario, portdowngrade (it's in the ports) apache. cd /usr/ports/sysutils/portdowngrade ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache 2.2.21 - back to 2.2.20 ?
Sergio Tam wrote: 2011/9/20 n dhert ndhert...@gmail.com: Monday I did a portupgrade apache-2.2.20 needs updating (index has 2.2.21) There was no problem during the update (and nothing special mentionned in /usr/ports/UPDATING) Today Tuesday afternoon I did a # apachectl graceful Since them, several webpages give problems this error comes up: warning: preg_match() [function.preg-match]: Compilation failed: internal error: previously-checked referenced subpattern not found at offset 389 in /usr/local/www/apache22/data/drupal-6.22/includes/database.inc on line 347. Your drupal its old versión, i think work with php 4 and now you have php5 Try to upgrade drupal. Might also try rebuild/reinstall mod_php, see if that helps. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Error from apache/dav after system upgrade: Init: Session Cache is not configured [hint: SSLSessionCache]
After I upgraded the 8.2-STABLE to more current code and upgraded all ports I am unable to connect to svn repository through apache: client gets this: Could not authenticate to server: rejected basic challenge. httpd-errors.log gets messages, see below. What may be a problem? Yuri ---httpd-errors.log--- [Fri Jul 01 13:39:27 2011] [info] removed PID file /var/run/httpd.pid (pid=12874) [Fri Jul 01 13:39:27 2011] [notice] caught SIGTERM, shutting down [Fri Jul 01 13:39:27 2011] [info] Init: Seeding PRNG with 144 bytes of entropy [Fri Jul 01 13:39:27 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Fri Jul 01 13:39:27 2011] [info] Init: Generating temporary DH parameters (512/1024 bits) [Fri Jul 01 13:39:27 2011] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Fri Jul 01 13:39:27 2011] [info] Init: Initializing (virtual) servers for SSL [Fri Jul 01 13:39:27 2011] [info] mod_ssl/2.2.19 compiled against Server: Apache/2.2.19, Library: OpenSSL/0.9.8k [Fri Jul 01 13:39:27 2011] [info] mod_unique_id: using ip addr 127.0.0.1 [Fri Jul 01 13:39:28 2011] [info] Init: Seeding PRNG with 144 bytes of entropy [Fri Jul 01 13:39:28 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Fri Jul 01 13:39:28 2011] [info] Init: Generating temporary DH parameters (512/1024 bits) [Fri Jul 01 13:39:28 2011] [info] Init: Initializing (virtual) servers for SSL [Fri Jul 01 13:39:28 2011] [info] mod_ssl/2.2.19 compiled against Server: Apache/2.2.19, Library: OpenSSL/0.9.8k [Fri Jul 01 13:39:28 2011] [notice] Digest: generating secret for digest authentication ... [Fri Jul 01 13:39:28 2011] [notice] Digest: done [Fri Jul 01 13:39:28 2011] [info] mod_unique_id: using ip addr 127.0.0.1 [Fri Jul 01 13:39:29 2011] [notice] Apache/2.2.19 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8q DAV/2 SVN/1.6.17 configured -- resuming normal operations [Fri Jul 01 13:39:29 2011] [info] Server built: May 24 2011 00:13:27 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid)
I am under the impression that suPHP is the better/more secure way of running PHP with Apache. In addition you don't need suEXEC to do so. Am I incorrect in these assumptions? What are the benefits of running PHP as a CGI(if you don't mind me asking) ? Mark -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Grant Peel Sent: Wednesday, 29 June 2011 2:13 PM To: freebsd-questions@freebsd.org Subject: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid) Hello Everyone, I am researching how to run PHP as CGI with Apache's Suexec module. Up to this point we have been using PHP as an Apache mod, but are looking to move to the more secure solution. I am not sure this is exactly the right list top post to so if anyone knows a better one please let me know :-) I am using FreeBSD (8) as the OS, Apache 2.2, PHP5 with several extensions installed. What I am looking for is to have PHP run as a CGI wrapped with suexec, and to have the fastcgi module, or, mod_fcgid. I have never set this up before so if anyone knows of a usefull 'how-to' that would be great. I have been reading through http://www.cyberciti.biz/faq/freebsd-apache22-fastcgi-php-configuration/ and it seems to have some good hints. Of course, once we get this all figured out, I will post a complete step by set here. TIA, -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org *** Travelex - www.travelex.com Travelex Outsourcing Pty Limited [Currency Select businesss] is a limited company registered in Australia with company number: 127 747 586. Information in this email including any attachment ('email') is confidential, may be privileged and is intended solely for the addressee. Unauthorised recipients are requested to preserve the confidentiality of this email, advise the sender immediately of any error in transmission, and then delete the email from the recipient's mailbox without making copies. Any disclosure, copying, distribution or action taken, or omitted to be taken, in reliance upon the contents of this email by unauthorised recipients is prohibited and may be unlawful. Please note that no contracts or commitments may be concluded on behalf of Travelex Outsourcing Pty Limited [Currency Select businesss] or its groups of companies ('Travelex') by means of email, and no statement or representation made in this email is binding on behalf of Travelex. DISCLAIMER: Whilst this message has been scanned for viruses, Travelex disclaims any responsibility or liability for viruses contained therein. It is therefore recommended that all emails should be scanned for viruses. *** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid)
*fast* cgi , which as the name implies, is erm, fast ;) See, only apache has PHP as a module. Other web servers such as nginx or lighttpd use a fastcgi process. This has several advantages: - you'll no longer see apache exit with (quote) a signal 11, core dumped because of lousy php code / errors. - you can use different php config files for different vhosts - php fcgi is faster - you can use process accounting to check the processing time consumed individually by your web server , and your PHP processes - you will slightly reduce the size of your apache processes, since they'll no longer load mod_php On 6/29/11 8:31 AM, Van Der Meulen, Mark wrote: I am under the impression that suPHP is the better/more secure way of running PHP with Apache. In addition you don't need suEXEC to do so. Am I incorrect in these assumptions? What are the benefits of running PHP as a CGI(if you don't mind me asking) ? Mark -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Grant Peel Sent: Wednesday, 29 June 2011 2:13 PM To: freebsd-questions@freebsd.org Subject: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid) Hello Everyone, I am researching how to run PHP as CGI with Apache's Suexec module. Up to this point we have been using PHP as an Apache mod, but are looking to move to the more secure solution. I am not sure this is exactly the right list top post to so if anyone knows a better one please let me know :-) I am using FreeBSD (8) as the OS, Apache 2.2, PHP5 with several extensions installed. What I am looking for is to have PHP run as a CGI wrapped with suexec, and to have the fastcgi module, or, mod_fcgid. I have never set this up before so if anyone knows of a usefull 'how-to' that would be great. I have been reading through http://www.cyberciti.biz/faq/freebsd-apache22-fastcgi-php-configuration/ and it seems to have some good hints. Of course, once we get this all figured out, I will post a complete step by set here. TIA, -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org *** Travelex - www.travelex.com Travelex Outsourcing Pty Limited [Currency Select businesss] is a limited company registered in Australia with company number: 127 747 586. Information in this email including any attachment ('email') is confidential, may be privileged and is intended solely for the addressee. Unauthorised recipients are requested to preserve the confidentiality of this email, advise the sender immediately of any error in transmission, and then delete the email from the recipient's mailbox without making copies. Any disclosure, copying, distribution or action taken, or omitted to be taken, in reliance upon the contents of this email by unauthorised recipients is prohibited and may be unlawful. Please note that no contracts or commitments may be concluded on behalf of Travelex Outsourcing Pty Limited [Currency Select businesss] or its groups of companies ('Travelex') by means of email, and no statement or representation made in this email is binding on behalf of Travelex. DISCLAIMER: Whilst this message has been scanned for viruses, Travelex disclaims any responsibility or liability for viruses contained therein. It is therefore recommended that all emails should be scanned for viruses. *** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid)
Should I be using suPHP then instead of the formentioned suexec/mod_fcgid ? -Grant -Original Message- From: Damien Fleuriot Sent: Wednesday, June 29, 2011 4:25 AM To: freebsd-questions@freebsd.org Subject: Re: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid) *fast* cgi , which as the name implies, is erm, fast ;) See, only apache has PHP as a module. Other web servers such as nginx or lighttpd use a fastcgi process. This has several advantages: - you'll no longer see apache exit with (quote) a signal 11, core dumped because of lousy php code / errors. - you can use different php config files for different vhosts - php fcgi is faster - you can use process accounting to check the processing time consumed individually by your web server , and your PHP processes - you will slightly reduce the size of your apache processes, since they'll no longer load mod_php On 6/29/11 8:31 AM, Van Der Meulen, Mark wrote: I am under the impression that suPHP is the better/more secure way of running PHP with Apache. In addition you don't need suEXEC to do so. Am I incorrect in these assumptions? What are the benefits of running PHP as a CGI(if you don't mind me asking) ? Mark -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Grant Peel Sent: Wednesday, 29 June 2011 2:13 PM To: freebsd-questions@freebsd.org Subject: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid) Hello Everyone, I am researching how to run PHP as CGI with Apache's Suexec module. Up to this point we have been using PHP as an Apache mod, but are looking to move to the more secure solution. I am not sure this is exactly the right list top post to so if anyone knows a better one please let me know :-) I am using FreeBSD (8) as the OS, Apache 2.2, PHP5 with several extensions installed. What I am looking for is to have PHP run as a CGI wrapped with suexec, and to have the fastcgi module, or, mod_fcgid. I have never set this up before so if anyone knows of a usefull 'how-to' that would be great. I have been reading through http://www.cyberciti.biz/faq/freebsd-apache22-fastcgi-php-configuration/ and it seems to have some good hints. Of course, once we get this all figured out, I will post a complete step by set here. TIA, -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org *** Travelex - www.travelex.com Travelex Outsourcing Pty Limited [Currency Select businesss] is a limited company registered in Australia with company number: 127 747 586. Information in this email including any attachment ('email') is confidential, may be privileged and is intended solely for the addressee. Unauthorised recipients are requested to preserve the confidentiality of this email, advise the sender immediately of any error in transmission, and then delete the email from the recipient's mailbox without making copies. Any disclosure, copying, distribution or action taken, or omitted to be taken, in reliance upon the contents of this email by unauthorised recipients is prohibited and may be unlawful. Please note that no contracts or commitments may be concluded on behalf of Travelex Outsourcing Pty Limited [Currency Select businesss] or its groups of companies ('Travelex') by means of email, and no statement or representation made in this email is binding on behalf of Travelex. DISCLAIMER: Whilst this message has been scanned for viruses, Travelex disclaims any responsibility or liability for viruses contained therein. It is therefore recommended that all emails should be scanned for viruses. *** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid)
I would guess so, however I have no experience with fcgi on apache, I only run it with nginx and lighttpd servers. On 6/29/11 6:04 PM, Grant Peel wrote: Should I be using suPHP then instead of the formentioned suexec/mod_fcgid ? -Grant -Original Message- From: Damien Fleuriot Sent: Wednesday, June 29, 2011 4:25 AM To: freebsd-questions@freebsd.org Subject: Re: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid) *fast* cgi , which as the name implies, is erm, fast ;) See, only apache has PHP as a module. Other web servers such as nginx or lighttpd use a fastcgi process. This has several advantages: - you'll no longer see apache exit with (quote) a signal 11, core dumped because of lousy php code / errors. - you can use different php config files for different vhosts - php fcgi is faster - you can use process accounting to check the processing time consumed individually by your web server , and your PHP processes - you will slightly reduce the size of your apache processes, since they'll no longer load mod_php On 6/29/11 8:31 AM, Van Der Meulen, Mark wrote: I am under the impression that suPHP is the better/more secure way of running PHP with Apache. In addition you don't need suEXEC to do so. Am I incorrect in these assumptions? What are the benefits of running PHP as a CGI(if you don't mind me asking) ? Mark -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Grant Peel Sent: Wednesday, 29 June 2011 2:13 PM To: freebsd-questions@freebsd.org Subject: Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid) Hello Everyone, I am researching how to run PHP as CGI with Apache's Suexec module. Up to this point we have been using PHP as an Apache mod, but are looking to move to the more secure solution. I am not sure this is exactly the right list top post to so if anyone knows a better one please let me know :-) I am using FreeBSD (8) as the OS, Apache 2.2, PHP5 with several extensions installed. What I am looking for is to have PHP run as a CGI wrapped with suexec, and to have the fastcgi module, or, mod_fcgid. I have never set this up before so if anyone knows of a usefull 'how-to' that would be great. I have been reading through http://www.cyberciti.biz/faq/freebsd-apache22-fastcgi-php-configuration/ and it seems to have some good hints. Of course, once we get this all figured out, I will post a complete step by set here. TIA, -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org *** Travelex - www.travelex.com Travelex Outsourcing Pty Limited [Currency Select businesss] is a limited company registered in Australia with company number: 127 747 586. Information in this email including any attachment ('email') is confidential, may be privileged and is intended solely for the addressee. Unauthorised recipients are requested to preserve the confidentiality of this email, advise the sender immediately of any error in transmission, and then delete the email from the recipient's mailbox without making copies. Any disclosure, copying, distribution or action taken, or omitted to be taken, in reliance upon the contents of this email by unauthorised recipients is prohibited and may be unlawful. Please note that no contracts or commitments may be concluded on behalf of Travelex Outsourcing Pty Limited [Currency Select businesss] or its groups of companies ('Travelex') by means of email, and no statement or representation made in this email is binding on behalf of Travelex. DISCLAIMER: Whilst this message has been scanned for viruses, Travelex disclaims any responsibility or liability for viruses contained therein. It is therefore recommended that all emails should be scanned for viruses. *** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache 2.2 + PHP5 + SuExec + (fast-cgi or mod_fcgid)
Hello Everyone, I am researching how to run PHP as CGI with Apache's Suexec module. Up to this point we have been using PHP as an Apache mod, but are looking to move to the more secure solution. I am not sure this is exactly the right list top post to so if anyone knows a better one please let me know :-) I am using FreeBSD (8) as the OS, Apache 2.2, PHP5 with several extensions installed. What I am looking for is to have PHP run as a CGI wrapped with suexec, and to have the fastcgi module, or, mod_fcgid. I have never set this up before so if anyone knows of a usefull 'how-to' that would be great. I have been reading through http://www.cyberciti.biz/faq/freebsd-apache22-fastcgi-php-configuration/ and it seems to have some good hints. Of course, once we get this all figured out, I will post a complete step by set here. TIA, -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Installing php-fpm without apache
How can I install php-fpm without installing apache? Is it possible? [root@timp /usr/ports/lang/php5]# make showconfig === The following configuration options are available for php5-5.3.6_1: CLI=off Build CLI version CGI=off Build CGI version FPM=on Build FPM version (experimental) APACHE=off Build Apache module AP2FILTER=off Use Apache 2.x filter interface (experimental) DEBUG=off Enable debug SUHOSIN=off Enable Suhosin protection system MULTIBYTE=off Enable zend multibyte support IPV6=off Enable ipv6 support MAILHEAD=off Enable mail header patch LINKTHR=off Link thread lib (for threaded extensions) === Use 'make config' to modify these settings Only FPM is on [root@timp /usr/ports/lang/php5]# make missing www/apache13 textproc/libxml2 textproc/expat2 in spite of this I see apache13 as dependency ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Installing php-fpm without apache
I'm very sorry! I had vars like WITH_APACHE=foo in /etc/make.conf! It's ok in ports. 2011/6/27 Pavel Timofeev tim...@gmail.com How can I install php-fpm without installing apache? Is it possible? [root@timp /usr/ports/lang/php5]# make showconfig === The following configuration options are available for php5-5.3.6_1: CLI=off Build CLI version CGI=off Build CGI version FPM=on Build FPM version (experimental) APACHE=off Build Apache module AP2FILTER=off Use Apache 2.x filter interface (experimental) DEBUG=off Enable debug SUHOSIN=off Enable Suhosin protection system MULTIBYTE=off Enable zend multibyte support IPV6=off Enable ipv6 support MAILHEAD=off Enable mail header patch LINKTHR=off Link thread lib (for threaded extensions) === Use 'make config' to modify these settings Only FPM is on [root@timp /usr/ports/lang/php5]# make missing www/apache13 textproc/libxml2 textproc/expat2 in spite of this I see apache13 as dependency ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
system upgrade introduced oddball apache error...
Running FreeBSD 8.2-STABLE #0: Thu Jun 9 09:25:05 EDT 2011 on i386 and rebuilt all my ports from source shortly after the upgrade. Got weird error when I tried to start apache2 (using % apachectl -t first): [Mon Jun 13 10:16:15 2011] [error] syntax error at (eval 21) line 1, near require Apache2::Const -\n [Mon Jun 13 10:16:15 2011] [error] Can't load Perl module Apache2::Const -compile = ':common' for server localhost:80, exiting... The Perl module in question is present here: freebsd% ls -l /usr/local/lib/perl5/site_perl/5.14.0/mach/Apache2/Const.pm -r--r--r-- 1 root wheel 25924 Jun 10 17:08 /usr/local/lib/perl5/site_perl/5.14.0/mach/Apache2/Const.pm The only reference to it is in an Apache config include file: PerlModule Apache2::Const -compile = ':common' I have these ports: perl-5.14.0 apache-2.2.19 ap22-mod_perl2-2.0.5,3 In the /usr/local/etc/apache22/httpd.conf file, there is this line: LoadModule perl_module libexec/apache22/mod_perl.so but the httpd.conf file was unchanged from before the upgrade. Neither of these two commands gave any output at all: freebsd% perl -e 'use Apache2::Const qw( :common ); freebsd% perl -M'Apache2::Const -compile = qw(:common)' -e 1; This command gave one line of output: freebsd% perl -MApache2::Const -e 'print $Apache2::Const::VERSION, \n'; 2.05 This problem did not occur before the upgrade when I was running: perl-5.12.3 apache-2.2.17_1 ap22-mod_perl2-2.0.4_2,3 I don't know how to debug this problem. No log files in /var/log were changed by running the apachectl(8) command and there have been no new lines added to /var/log/httpd-error.log since I rebooted and shut down apache2 on June 9th as part of the upgrade. Any and all ideas welcome. Regards, web... -- William Bulley Email: w...@umich.edu 72 characters width template -| ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nfs error: No route to host when starting apache ...
On Fri, 1 Apr 2011, Rick Macklem wrote: Since rpc.lockd and rpc.statd expect to be able to do IP broadcast (same goes for rpcbind), I suspect that might be a problem w.r.t. jails, although I know nothing about how jails work? Oh, and you can use the nolock mount option to avoid use of rpc.lockd and rpc.statd. based on the mount_nfs man page, as well as trying it just in case, this option no longer appears to be availalble in the 7.x nfs code ... :( Oops, sorry. The option is called nolockd. rick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nfs error: No route to host when starting apache ...
On Fri, 1 Apr 2011, Rick Macklem wrote: Since rpc.lockd and rpc.statd expect to be able to do IP broadcast (same goes for rpcbind), I suspect that might be a problem w.r.t. jails, although I know nothing about how jails work? Oh, and you can use the nolock mount option to avoid use of rpc.lockd and rpc.statd. based on the mount_nfs man page, as well as trying it just in case, this option no longer appears to be availalble in the 7.x nfs code ... :( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
nfs error: No route to host when starting apache ...
I just setup an nfs mount between two servers ... ServerA, nfsd on 192.168.1.8 ServerB, nfs client on 192.168.1.7 I have a jail, ServerC, running on 192.168.1.7 ... most operations appear to work, but it looks like 'special files' of a sort aren't working, for when I try and startup Apache, I get: [Fri Apr 01 19:42:02 2011] [emerg] (65)No route to host: couldn't grab the accept mutex When I try and do a 'newaliases', I get: # newaliases postalias: fatal: lock /etc/aliases.db: No route to host Yet, for instance, both MySQL and PostgreSQL are running without any issues ... So, the mount is there, it is readable, it is working ... I can ssh into the jail, I can create files, etc ... I do have rpc.lockd and rpc.statd running on both client / server sides ... I'm not seeing anything in eithr the man page for mount_nfs *or* nfsd that might account / corect for something like this, but since I'm not sure what this is exactly, not sure exactl what I should be looking for :( Note that this behaviour happens at the *physical* server level as well, having tested with using postalias to generate the same 'lock' issue above ... Now, I do have mountd/nfsd started iwth the -h to bind them to 192.168.1.8 ... *but*, the servers themselves, although on same switch do have different default gateways ... I'm not seeing anything within the man page for, say, rpc.statd/rpc.lockd that allows me to bind it to the 192.168.1.0/24 IP, so is it binding to my public IP instead of my private? So nfsd / mount_nfs can talk find, as they go thorugh 192.168.1.0/24 as desired, but rpc.statd/rpc.lockd are the public IPs and not able to talk to each other? Thx ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nfs error: No route to host when starting apache ...
I've succeedig in getting a bit further ... by the time I got to the bottom of my original, I started to think in terms of rpc more, and had overlooked lookign at thte rpcbind man page, which *does* have a -h option ... setting that fixes things perfectly *almost* ... The last issue I seem to be hitting *might* be a 6.x NFS client against a 7.x server issue ... ? Postfix generates: postfix/showq[65261]: fatal: select lock: Permission denied The only post I found about this was: http://lists.freebsd.org/pipermail/freebsd-questions/2010-April/215284.html But there didn't appear to be any responses ... so either all responses were private to Robert, or ... ? This is my last 6.x box, so it is not overly critical, but would be nice if I could get it to work properly ... On Fri, 1 Apr 2011, Marc G. Fournier wrote: I just setup an nfs mount between two servers ... ServerA, nfsd on 192.168.1.8 ServerB, nfs client on 192.168.1.7 I have a jail, ServerC, running on 192.168.1.7 ... most operations appear to work, but it looks like 'special files' of a sort aren't working, for when I try and startup Apache, I get: [Fri Apr 01 19:42:02 2011] [emerg] (65)No route to host: couldn't grab the accept mutex When I try and do a 'newaliases', I get: # newaliases postalias: fatal: lock /etc/aliases.db: No route to host Yet, for instance, both MySQL and PostgreSQL are running without any issues ... So, the mount is there, it is readable, it is working ... I can ssh into the jail, I can create files, etc ... I do have rpc.lockd and rpc.statd running on both client / server sides ... I'm not seeing anything in eithr the man page for mount_nfs *or* nfsd that might account / corect for something like this, but since I'm not sure what this is exactly, not sure exactl what I should be looking for :( Note that this behaviour happens at the *physical* server level as well, having tested with using postalias to generate the same 'lock' issue above ... Now, I do have mountd/nfsd started iwth the -h to bind them to 192.168.1.8 ... *but*, the servers themselves, although on same switch do have different default gateways ... I'm not seeing anything within the man page for, say, rpc.statd/rpc.lockd that allows me to bind it to the 192.168.1.0/24 IP, so is it binding to my public IP instead of my private? So nfsd / mount_nfs can talk find, as they go thorugh 192.168.1.0/24 as desired, but rpc.statd/rpc.lockd are the public IPs and not able to talk to each other? Thx ... ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org Marc G. FournierHub.Org Hosting Solutions S.A. scra...@hub.org http://www.hub.org Yahoo:yscrappySkype: hub.orgICQ:7615664MSN:scra...@hub.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nfs error: No route to host when starting apache ...
I just setup an nfs mount between two servers ... ServerA, nfsd on 192.168.1.8 ServerB, nfs client on 192.168.1.7 I have a jail, ServerC, running on 192.168.1.7 ... most operations appear to work, but it looks like 'special files' of a sort aren't working, for when I try and startup Apache, I get: [Fri Apr 01 19:42:02 2011] [emerg] (65)No route to host: couldn't grab the accept mutex When I try and do a 'newaliases', I get: # newaliases postalias: fatal: lock /etc/aliases.db: No route to host Yet, for instance, both MySQL and PostgreSQL are running without any issues ... So, the mount is there, it is readable, it is working ... I can ssh into the jail, I can create files, etc ... I do have rpc.lockd and rpc.statd running on both client / server sides ... Since rpc.lockd and rpc.statd expect to be able to do IP broadcast (same goes for rpcbind), I suspect that might be a problem w.r.t. jails, although I know nothing about how jails work? I'm not seeing anything in eithr the man page for mount_nfs *or* nfsd that might account / corect for something like this, but since I'm not sure what this is exactly, not sure exactl what I should be looking for :( Note that this behaviour happens at the *physical* server level as well, having tested with using postalias to generate the same 'lock' issue above ... Now, I do have mountd/nfsd started iwth the -h to bind them to 192.168.1.8 ... *but*, the servers themselves, although on same switch do have different default gateways ... I'm not seeing anything within the man page for, say, rpc.statd/rpc.lockd that allows me to bind it to the 192.168.1.0/24 IP, so is it binding to my public IP instead of my private? So nfsd / mount_nfs can talk find, as they go thorugh 192.168.1.0/24 as desired, but rpc.statd/rpc.lockd are the public IPs and not able to talk to each other? Thx ... ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nfs error: No route to host when starting apache ...
I just setup an nfs mount between two servers ... ServerA, nfsd on 192.168.1.8 ServerB, nfs client on 192.168.1.7 I have a jail, ServerC, running on 192.168.1.7 ... most operations appear to work, but it looks like 'special files' of a sort aren't working, for when I try and startup Apache, I get: [Fri Apr 01 19:42:02 2011] [emerg] (65)No route to host: couldn't grab the accept mutex When I try and do a 'newaliases', I get: # newaliases postalias: fatal: lock /etc/aliases.db: No route to host Yet, for instance, both MySQL and PostgreSQL are running without any issues ... So, the mount is there, it is readable, it is working ... I can ssh into the jail, I can create files, etc ... I do have rpc.lockd and rpc.statd running on both client / server sides ... Since rpc.lockd and rpc.statd expect to be able to do IP broadcast (same goes for rpcbind), I suspect that might be a problem w.r.t. jails, although I know nothing about how jails work? Oh, and you can use the nolock mount option to avoid use of rpc.lockd and rpc.statd. I'm not seeing anything in eithr the man page for mount_nfs *or* nfsd that might account / corect for something like this, but since I'm not sure what this is exactly, not sure exactl what I should be looking for :( Note that this behaviour happens at the *physical* server level as well, having tested with using postalias to generate the same 'lock' issue above ... Now, I do have mountd/nfsd started iwth the -h to bind them to 192.168.1.8 ... *but*, the servers themselves, although on same switch do have different default gateways ... I'm not seeing anything within the man page for, say, rpc.statd/rpc.lockd that allows me to bind it to the 192.168.1.0/24 IP, so is it binding to my public IP instead of my private? So nfsd / mount_nfs can talk find, as they go thorugh 192.168.1.0/24 as desired, but rpc.statd/rpc.lockd are the public IPs and not able to talk to each other? Thx ... ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
8.1 to 8.2 upgrade, apache SSL Certificates problem
Hi, I did an upgrade from FreeBSD 8.1 to 8.2 today. All OK so far, except for Apache (apache-2.2.17_1) It wouldn't start. /var/log/httpd-error.log [Wed Mar 23 13:04:26 2011] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0) I dit not change anything tot my apache config in the last weeks (and have restarted apache, via apachectl graceful several times). My certificates are still there and did not change. Accessing some of my https enabled virtual hosts worked before the upgrade. # apachectl configtest Suntax OK If I start apache without SSL (commenting out the Include etc/apache22/extra/httpd-ssl.conf line in /usr/local/etc/apache22/httpd.conf), then apache starts. Waht can be the cause, it worked before 8.2 ?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Solved - 8.1 to 8.2 upgrade, apache SSL Certificates problem
Don't border, i found the error, nothing to with freebsd. sorry 2011/3/23 n dhert ndhert...@gmail.com Hi, I did an upgrade from FreeBSD 8.1 to 8.2 today. All OK so far, except for Apache (apache-2.2.17_1) It wouldn't start. /var/log/httpd-error.log [Wed Mar 23 13:04:26 2011] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0) I dit not change anything tot my apache config in the last weeks (and have restarted apache, via apachectl graceful several times). My certificates are still there and did not change. Accessing some of my https enabled virtual hosts worked before the upgrade. # apachectl configtest Suntax OK If I start apache without SSL (commenting out the Include etc/apache22/extra/httpd-ssl.conf line in /usr/local/etc/apache22/httpd.conf), then apache starts. Waht can be the cause, it worked before 8.2 ?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Do you have to install Apache to use sarg (and squid) with Webmin?
Hi folks, I'm trying to put a simple proxy server together, and I have installed Squid, Sarg and Webmin, all of which are working fine. When I go into webmin to add a sarg module, I don't see it anywhere as an option. Is that because I have to install Apache first? If so, how do I then add the sarg module? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Do you have to install Apache to use sarg (and squid) with Webmin?
No. Apache Mod_proxy is independent of squid, even natd and ipfw; a reverse proxy? Ed Flecko edfle...@gmail.com wrote: Hi folks, I'm trying to put a simple proxy server together, and I have installed Squid, Sarg and Webmin, all of which are working fine. When I go into webmin to add a sarg module, I don't see it anywhere as an option. Is that because I have to install Apache first? If so, how do I then add the sarg module? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache FastCGI display Website not correct
On 01/03/2011 20:22, Silvio Siefke wrote: Hello, i use fastcgi with PHP-FPM on Apache 2.2.17. When i go on Website with FastCGI then the page load not complete. http://mail.silviosiefke.de/fastcgi_apache.png When i run with FCGID then the page load complete. http://mail.silviosiefke.de/fcgid_apache.png Has someone a idea what is the problem? Thank you. This is not a FreeBSD problem. The most likely problem is that your FastCGI configuration handles more paths than it should, including images, CSS and other non-fastcgi URLs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache FastCGI display Website not correct
Hey, Am 02.03.2011 15:25, schrieb Ivan Voras: This is not a FreeBSD problem. Thank u, that i know. But i has think that is a user list, someone can help me. Because i try since weeks and found not where is the mistake. The most likely problem is that your FastCGI configuration handles more paths than it should, including images, CSS and other non-fastcgi URLs. That mean? Regards Silvio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache FastCGI display Website not correct
Silvio Siefke wrote: Hello, i use fastcgi with PHP-FPM on Apache 2.2.17. When i go on Website with FastCGI then the page load not complete. http://mail.silviosiefke.de/fastcgi_apache.png When i run with FCGID then the page load complete. http://mail.silviosiefke.de/fcgid_apache.png Has someone a idea what is the problem? Thank you. Strictly _not_ a FreeBSD issue, but FWIW I thought maybe I'd respond anyway. Someone please correct me if I'm wrong here, as I haven't been keeping up with the latest Apache news and stuff so the following may be out of touch. I thought that at some point a couple of years ago that FastCGI became deprecated in favor of mod_fcgid. Look at the dates on this page: http://www.fastcgi.com/drupal/node/19 Apache has absorbed the mod_fcgid into the mainstream. Notice the dates on the support page below seem to be more recent: http://httpd.apache.org/mod_fcgid/ Since your website works OK with mod_fcgid why not use it because it works? I use Apache with the event mpm and mod_fcgid, but am still using PHP 5.2.x. For purposes of this problem the difference between my use of the event mpm and you using worker should probably not be significant. I cannot properly address your question concerning FastCGI as I do not use it. What I can do is share some of my configs for my web development server using mod_fcgid. httpd.conf: [...] LoadModule alias_module libexec/apache22/mod_alias.so LoadModule rewrite_module libexec/apache22/mod_rewrite.so #LoadModule php5_modulelibexec/apache22/libphp5.so LoadModule fcgid_module libexec/apache22/mod_fcgid.so [...] Directory /usr/local/www/apache22/data SetOutputFilter Deflate AddOutputFilterByType DEFLATE text/html text/plain text/css text/javascript application/javascript application/x-javascript text/xml application/xml application/xhtml+xml SetEnvIfNoCase Request_URI \\.(?:gif|jpe?g|png)$ no-gzip dont-vary Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all # added for mod_fcgid #SetHandler fcgid-script FCGIWrapper /usr/local/bin/php-cgi .php Options ExecCGI # end of mod_fcgid change /Directory # added to enable mod_fcgid: IfModule mod_fcgid.c AddHandler fcgid-script .fcgi .php SocketPath /var/run/fcgidsock/ #SocketPath /var/run/fcgid_shm IPCConnectTimeout 10 IPCCommTimeout 20 OutputBufferSize 0 MaxRequestsPerProcess 1024 /IfModule # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. IfModule dir_module DirectoryIndex index.html index.php /IfModule [...] This is for the main site. In addition I only have one virtual host and the httpd-vhosts.conf looks like this: NameVirtualHost *:80 VirtualHost 192.168.10.4:80 ServerAdmin webmas...@test.zip DocumentRoot /usr/local/www/apache22/oldriver.test.zip ServerName oldriver.test.zip ServerAlias oldriver.test.zip ErrorLog /var/log/httpd-error.log CustomLog /var/log/httpd-access.log common Directory /usr/local/www/apache22/oldriver.test.zip Options Indexes FollowSymLinks FCGIWrapper /usr/local/bin/php-cgi .php Options ExecCGI DirectoryIndex index.html index.php home.php AllowOverride All Order deny,allow allow from all /Directory /VirtualHost Your requirements are likely somewhat different from mine, so these configs work for me but you should only consider them as examples. If any of it may be useful adjust accordingly. Consider using mod_fcgid instead of FastCGI because it is newer and more currently under active support. That is, unless you have some other overriding reason that makes you forced to use FastCGI. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache FastCGI display Website not correct
Hello, i want say its running now perfect. I has search in internet and found the follow Howto, and now it run. http://blog.myprod.net/2010/08/14/apache2-suexec-fastcgi-php-5-3-3-fpm-cache-opcode-apc/ Regards Silvio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache FastCGI display Website not correct
Silvio Siefke wrote: Hello, i want say its running now perfect. I has search in internet and found the follow Howto, and now it run. http://blog.myprod.net/2010/08/14/apache2-suexec-fastcgi-php-5-3-3-fpm- cache-opcode-apc/ That is excellent. I had also forgoten all about the suexec aspect too. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache FastCGI display Website not correct
Hello, i use fastcgi with PHP-FPM on Apache 2.2.17. When i go on Website with FastCGI then the page load not complete. http://mail.silviosiefke.de/fastcgi_apache.png When i run with FCGID then the page load complete. http://mail.silviosiefke.de/fcgid_apache.png Has someone a idea what is the problem? Thank you. Regards Silvio Some Config Parameters: VirtualHost SuexecUserGroup siefke siefke ServerName silviosiefke.de DocumentRoot /usr/local/www/vserver/silviosiefke.de/data ScriptAlias /cgi-bin/ /usr/local/www/vserver/silviosiefke.de/cgi-bin/ AddHandler php5-fastcgi .php FastCgiExternalServer /usr/local/www/vserver/silviosiefke.de/data -socket /tmp/siefke.socket Directory /usr/local/www/vserver/silviosiefke.de/data IfModule mod_rewrite.c RewriteEngine On RewriteCond %{REQUEST_URI} \/$ RewriteRule ^(.*)$ index.php [L,QSA] /IfModule Options -All +FollowSymLinks +ExecCGI AllowOverride Options FileInfo AuthConfig Limit allow from all AllowOverride All /Directory ErrorLog /usr/local/www/vserver/silviosiefke.de/log/error.log CustomLog /usr/local/www/vserver/silviosiefke.de/log/access.log combined /VirtualHost # httpd -V Server version: Apache/2.2.17 (FreeBSD) Server built: Feb 26 2011 13:17:20 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.4.2, APR-Util 1.3.10 Compiled using: APR 1.4.2, APR-Util 1.3.10 Architecture: 32-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/worker -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_FLOCK_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT=/usr/local -D SUEXEC_BIN=/usr/local/sbin/suexec -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=etc/apache22/mime.types -D SERVER_CONFIG_FILE=etc/apache22/httpd.conf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache with LDAP from ports failing.
I am trying to build apache22 on a fresh 8.1 box from ports. It is dying right about here: mod_authnz_ldap.c:41:2: error: #error mod_authnz_ldap requires APR-util to have LDAP support built in. To fix add --with-ldap to ./configure. Help! :) -- Paul Halliday http://www.pintumbler.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache with LDAP from ports failing.
On 07/01/2011 12:43, Paul Halliday wrote: I am trying to build apache22 on a fresh 8.1 box from ports. It is dying right about here: mod_authnz_ldap.c:41:2: error: #error mod_authnz_ldap requires APR-util to have LDAP support built in. To fix add --with-ldap to ./configure. Add LDAP support to the OPTIONS for devel/apr1 by running 'make config' Rebuild and reinstall devel/apr1 Rebuild and reinstall www/apache22 In general, you need to match up the capabilities from devel/apr1 with the set of modules you want to enable for www/apace22. So if you want apache itself[*] to interface with LDAP, MySQL, PostgreSQL or SQLite or you want to use ndbm format hash files etc. then you need to turn on the corresponding capability in devel/apr1. Ditto for www/apache20 and devel/apr0 and (presumably) for the upcoming www/apache24 and devel/apr2. Cheers, Matthew [*] but not by an embedded language like mod_php or mod_perl -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
OT: apache+ssl question _off-list_
Would any folks with experience in Apache/SSL be willing to help with a (probably novice) problem off-list? (My search-fu is inferior: I've found the problem mentioned, but no solutions.) Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
Got mod_caucho.so installed. The makefile only refers to Apache 20 while I am running 22. I changed the path in the Makefile to /usr/ports/www/apache22 and the compile arg to yes and it installed fine. Will test now. Cheers, Andy --- Mvh/Rgds, Andreas Wideroe andr...@wideroe.net Den 14. okt. 2010 kl. 21:20 skrev Andy Wodfer wod...@gmail.com: On Thu, Oct 14, 2010 at 7:56 PM, Michael Powell nightre...@hotmail.com wrote: Christer Solskogen wrote: [snip] Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. Don't think so. locate (updated) and find only shows these: ./tmp/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/classes/com/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/xsl/caucho ./usr/local/resin3/webapps/resin-doc/examples/amber-basic/WEB- INF/classes/com/caucho You might need to have apache[2|22] installed first. You do need Apache installed first as apxs is used to build the mod_caucho module. Install Apache by the ports system as you normally would. See the 'Compiling mod_caucho.so' section here: http://www.caucho.com/resin-3.1/doc/install-apache.xtp If the configure script doesn't/can't find apxs automagically use the CLI switch and provide it with the location. It should be able to find it. Then config resin.conf and httpd.conf accordingly. Thanks Mike! Will try that and report back. Cheers, Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Resin 3.1.9, Apache 2.2.16 and mod_caucho?
Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. uname -a FreeBSD domain.domain.net 8.0-RELEASE-p4 FreeBSD 8.0-RELEASE-p4 #0: Mon Jul 12 20:22:27 UTC 2010 r...@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 Cheers, Andreas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
On Thu, Oct 14, 2010 at 10:16 AM, Andy Wodfer wod...@gmail.com wrote: Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. -- chs, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Resin 3.1.9, Apache 2.2.16 and mod_caucho?
On Thu, Oct 14, 2010 at 1:06 PM, Christer Solskogen christer.solsko...@gmail.com wrote: On Thu, Oct 14, 2010 at 10:16 AM, Andy Wodfer wod...@gmail.com wrote: Hi, I'm trying to install Resin together with Apache and according to all documentation I can find I'm supposed to compile the mod_caucho and include this in the Apache httpd.conf, but I can't find any reference to mod_caucho in my ports, system or compile options. Is the documentation outdated or can anyone give me some pointers as to how I can make requests to Java sites go through Apache (using virtual hosts)? Ie. http://caucho.com/resin-3.1/doc/install-apache.xtp Both Apache (port 80) and Resin3.1 (port 8080) runs fine alone. You probably have that module already installed. It comes with www/resin3 according to the Makefile. Don't think so. locate (updated) and find only shows these: ./tmp/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/classes/com/caucho ./usr/local/resin3/webapps/resin-doc/WEB-INF/xsl/caucho ./usr/local/resin3/webapps/resin-doc/examples/amber-basic/WEB-INF/classes/com/caucho /Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org