Re: [users@httpd] apache routing issue
Quoting Paul Claridge (p...@vicjenmail.plus.com): > Does the default *:80 also serve data to localhost? Yep. Should work just like any other IP on your sytstem. > I assumed by creating another VH that would achieve a "shortcircuit" and > serve data to my local puppeteer browser from my prime website? Eeehhh.. i know some of these words. ;) -Sndr. -- | There's nothing like waking up with your Dicken's Cider! | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache routing issue
Quoting emma davis (emma.davi...@aol.com.INVALID): > When setting up virtual host I was not able give ServerAlias to > x.ddns.net > Apachectl -S gave an error. It would be helpful if you'd share the actual error. > P.s. This is Emma,That is Emily with a protective Daddy, she is > working on a school project Apologies then, my mistake. :/ -Sndr. -- | How do you get off a non-stop flight? | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache routing issue
Quoting emma davis (emma.davi...@aol.com.INVALID): > It is a domain name identification issue by Apache. > May be it a known issue. Apache has the concent of a 'default' virtual host. Any request to a domain not explicitly confiugred for that ip/port combo will be handled by the defaul virtual host. See the output of 'apachectl -S'. If all your vhosts have , the first one Apache 'reads' when parsing the configuration file(s) will be the default for all IPs on port 80. This will be why your 'blue' and 'brown' domains show the content of another site. They are not configured, but some other site on that ip/port combo was and is considered the 'default' virtual host. > When it really should be returning a 404 because I haven't set up or > enabled the blue or brown sites as virtual hosts. No. It will not return 404. So you can configure a "no site configured" default virtual host, and have unconfigured domains land there. And even force it to return a 404. But Apache, by default, will not do that. > Conclusion: > This means I can only host my four websites on one machine. > If I want the sites to be served from machine B I suspect I will have to > remove all sites from machine because machine A is taking priority. If you are behind consumer internet, and you have your router forward TCP/80 to a certain IP-address, you are limited to that host (ip-address) handling all HTTP requests. You can however set up a proxy that deals with routing traffic for certain sites to certain other ip-addresses in yournetwork. But i think it would be wise to first get a grip on Apache's essentials before delving in this material. > emma davis p.s. do i recall you sending a 'threat' about your daddy being a barrister who will sue us because some e-mail thread went offline? -Sndr. -- | So this magician is walking down the street and turns into a grocery store.. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] virtual host
Quoting Carmel NY (carmel...@outlook.com): > >Please elaborate on the 'not working out so well' bit. > >> apachectl -S > >> VirtualHost configuration: > >> *:80 stem.example.net > >> (/usr/local/etc/apache24/extra/httpd-vhosts.conf:24) > >> *:443 example.net > >> (/usr/local/etc/apache24/extra/httpd-ssl.conf:121) > Okay, on a stock FreeBSD installation, maybe on others too, there is an > index.html file in the document root that displays, "It Works" when it is > access. Now, when I type in my normal web address; http://example.net, the > vhost site is displayed. However, if I type in the vhost name; > http://stem.example.net, the regular site is display; ie. "It Works". That > is exactly opposite of what it is supposed to be doing. That make no sense, > so I know that I am doing something really wrong. This is Apache 2.4.x ? I don't see the 'default server ...','ip.add.re.ss:port is a NameVirtualHost' and 'alias'-lines in your 'apache2ctl -S' output. Did you remove those yourself? It always helps not to obfuscate your configs and logs when seeking help. # apache2ctl -S VirtualHost configuration: 213.154.236.176:443is a NameVirtualHost default server www.freshdot.net (/etc/apache2/sites-enabled/01.www.freshdot.net.conf:1) port 443 namevhost www.freshdot.net (/etc/apache2/sites-enabled/01.www.freshdot.net.conf:1) alias freshdot.net [ .. ] [2001:7b8:633:1:213:154:236:176]:443 is a NameVirtualHost default server www.freshdot.net (/etc/apache2/sites-enabled/01.www.freshdot.net.conf:1) port 443 namevhost www.freshdot.net (/etc/apache2/sites-enabled/01.www.freshdot.net.conf:1) alias freshdot.net Apache will, by default, treat the first vhost definition it finds as the default vhost for that IP/port combo. Try defining a simple vhost before defining the stem.example.net vhost so that no longer is your default vhost. Regards, -Sndr. -- | Scenery is here, wish you were beautiful. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] virtual host
Quoting Carmel NY (carmel...@outlook.com): > This is my first attempt to set up a virtual host with apache24 on a > FreeBSD 11.2 machine, and it is not working out so well. Please elaborate on the 'not working out so well' bit. > Assuming a site name of example.net, I tried to configure a simple vhost. > > ServerAdmin webmas...@example.net > DocumentRoot "/usr/local/www/testdir" > ServerName stem.example.net:80 The port addition here is not needed and might interfere with your configuration. > ServerAlias www.stem.example.net > ErrorLog "/var/log/stem.error.log" > CustomLog "/var/log/stem.access.log" common > > AcceptPathInfo On > > > AllowOverride all > Order Allow,Deny > Allow from all > # For Apache 2.4 add: > Require all granted Remove the 'Order' and 'Allow' lines if you're running Apache 2.4 Leave the 'Require all granted' line in that case. > > Otherwise this vhost config looks just dandy! > apachectl -S > VirtualHost configuration: > *:80 stem.example.net > (/usr/local/etc/apache24/extra/httpd-vhosts.conf:24) > *:443 example.net > (/usr/local/etc/apache24/extra/httpd-ssl.conf:121) It shows up here on port 80 too! > Obviously, I am dong something wrong, but I have no idea what. Please tell us what is not working for you! Regards, -Sndr. -- | Why won't an answering machine ever answer any questions? | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem setting up ssl
Quoting Mahmood Naderan (nt_mahm...@yahoo.com.INVALID): > >Is default-ssl site "enabled" via the debian/ubuntu tools e.g. a2ensite? > # a2ensite default-ssl > Enabling site default-ssl. Well, there ya go. > Now, when I open https://w.x.y.z in firefox, I get > Your connection is not secure This is because SSL-certs require domain names and don't work properly with 'bare IP addresses'. You'll never get that fixed unless you start using a domainname and a correct certificate (LetsEncrypt for example). -- | I'm a lousy dancer but my moods are swinging! | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem setting up ssl
Quoting Mahmood Naderan (nt_mahm...@yahoo.com.INVALID): > root@webshub:~# grep IfModule /etc/apache2/sites-available/default-ssl.conf > # > # Ok. > root@webshub:~# apachectl -S > AH00558: apache2: Could not reliably determine the server's fully qualified > domain name, using 127.0.1.1. Set the 'ServerName' directive globally to > suppress this message > VirtualHost configuration: > *:80 127.0.1.1 > (/etc/apache2/sites-enabled/000-default.conf:1) > ServerRoot: "/etc/apache2" I would expect a *:443 line here too. Somehow your config is not being parsed and Apache is not showing the SSL :443 vhost configuration. -- | My Bonnie looked into a gas tank, the height of its contents to see! | She lit a small match to assist her, oh bring back my Bonnie to me. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem setting up ssl
Quoting Mahmood Naderan (nt_mahm...@yahoo.com.INVALID): > As I posted earlier, SSLEngine is on > $ cat /etc/apache2/sites-available/default-ssl.conf > > So, I really don't know why it listens to http! Is mod_ssl actually loaded/enabled? Try removing the lines and check your httpd config syntax (apache2ctl -S) -- | Age is a very high price to pay for maturity. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem setting up ssl
Quoting Mahmood Naderan (nt_mahm...@yahoo.com.INVALID):
> [mahmood@rocks7 ~]$ wget http://w.x.y.z:443
> Connecting to w.x.y.z:443... connected.
> HTTP request sent, awaiting response... 200 OK
> 2018-08-20 10:30:50 (1.95 MB/s) - ‘index.html.1’ saved [33229]
> Any thought?
Did you forget to put 'SSLEngine On' in your SSL-vhost definition?
The above quoted clearly shows your Apache is doing normal HTTP on port 443.
Also, SSL generally doesn't work well when connecting to just an IP-address.
SSL certs contain a domain name, it has to match or you'll get certificate
security warnings.
Use this config as a reference, assuming Apache 2.4+:
|
| ServerName www.example.com
| ServerAlias example.com
|
| DocumentRoot /var/vhosts/www.example.com/html
|
| RewriteEngine On
| RewriteCond %{REQUEST_URI} !^/.well-known/
| RewriteRule (.*) https://www.example.com$1 [R=301,L]
|
|
| ServerName www.example.com
| ServerAlias example.com
|
| AddDefaultCharset utf-8
|
| Header always add Strict-Transport-Security "max-age=15552000;
includeSubDomains"
| Header always add X-Content-Type-Options "nosniff"
| Header always add X-Frame-Options "SAMEORIGIN"
| Header always add X-XSS-Protection "1; mode=block"
|
| SSLEngine On
| SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
| SSLCipherSuite
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:!aNULL:!eNULL:!EXPORT:!RC4:!DES:!SSLv2:!MD5:!SSLV3:!3DES:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:KRB5-DES-CBC3-SHA:"
| SSLOpenSSLConfCmd ECDHParameters secp384r1
| SSLOpenSSLConfCmd Curves secp384r1
|
| SSLCertificateChainFile/etc/letsencrypt/manual/chain.pem
| SSLCertificateFile /etc/letsencrypt/manual/www.example.com.crt
| SSLCertificateKeyFile /etc/letsencrypt/manual/www.example.com.key
| SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/manual/www.example.com.dh
|
| ErrorLog /var/vhosts/www.example.com/logs/error.log
| CustomLog /var/vhosts/www.example.com/logs/access.log combined
|
| DocumentRoot /var/vhosts/www.example.com/html/
|
| Options -Indexes
| Require all granted
|
|
| RewriteEngine On
|
| RewriteCond %{HTTP_HOST} !^www.example.com
| RewriteRule (.*) https://www.example.com$1 [R=301,L]
|
--
| Dopeler effect: The tendency of stupid ideas to seem smarter when they
| come at you rapidly.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Ache 2.4 and LetsEncrypt
Quoting @lbutlr (krem...@kreme.com): > After setting up lets encrypt on my server and running it I end up with the > following files: > 0 -rw--- 1 443 443 0 Mar 4 23:38 cert-1457159890.pem > 0 -rw--- 1 443 443 0 Mar 5 05:06 cert-1457179567.pem > 0 -rw--- 1 443 443 0 Mar 12 04:35 cert-1457782552.pem > As you can see, the cert…pem files are 0 bytes. > > I am using the lets encrypt.sh port from FreeBSD postmaster (since > letsenrypt still isn’t quite native on FreeBSD). You might get better results if you ask your question on IRC in #letsencrypt on irc://irc.freenode.net/ > Anyone have some pointers or an RTFM link? https://wiki.freebsd.org/BernardSpil/LetsEncrypt etc.. Before you get to the 'How do i configure Apache with SSL support', you need to have those 0-byte PEM-files filled by LetsEncrypt. https://mozilla.github.io/server-side-tls/ssl-config-generator/ -Sndr -- | One nice thing about egotists: They don't talk about other people. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mpm-itk questions
Quoting Rose, John B (jbr...@utk.edu): > Curious about any experience using mpm-itk. Pros and cons? There's a dedicated mpm-itk mailinglist at http://lists.err.no/mailman/listinfo/mpm-itk Also, i'm running an entire shared hosting farm on mpm-itk with no problems at all; aside from recent developments where libcap2 capabilities were introduced in mpm-itk for added security which break NFS-mounted storage. However, using libcap2 capabilities is now an option in the latest mpm-itk release. Regards, -Sndr -- | Hard work pays off in the future. Laziness pays off now. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Need Help with SSL Certificate Installation
Quoting Stormy (storm...@stormy.ca): > FWIW using Firefox 38.3 ESR, your login page works on port 80; forcing https > results in: "Secure Connection Failed An error occurred during a connection > to tracss.adamstelecom.com. SSL received a record that exceeded the maximum > permissible length. (Error code: ssl_error_rx_record_too_long)" The webserver behind tracss.adamstelecom.com is talking plain HTTP on TCP/443. | % telnet tracss.adamstelecom.com 443 | Trying 68.187.20.120... | Connected to tracss.adamstelecom.com. | Escape character is '^]'. | GET / HTTP/1.0 | | HTTP/1.1 301 Moved Permanently | [ .. ] Probably missing 'SSLEngine On' for the correct vhost(s). -Sndr. -- | Showering in clothes shows you're crazy. Showering nude shows your nuts. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.4, NFS-mounted content, strict permissions htaccess
Quoting Kurtis Rader (kra...@skepticism.us): Apache 2.4/mpm-itk fails to serve sites from this NFS setup. When i move the site to local storage with exact same permissions it works fine. Also, if i set +x bits on all parent directores on the NFS setup, it works. When you tested with local storage did you also ensure the parent directories did not have the x (execute/search) bit set? Yeah, i made very sure the local storage had the same permissions. See the paste i posted, esp. the https://8n1.org/10735/b28a part: [ .. ] I've traced the error to a call to ap_run_open_htaccess inside apache itself. getuid() returns 33 (www-data) right before this call, on the local filesystem this call returns APR_ENOTDIR and on the remote filesystem it returns APR_EACCES. In UNIX like operating systems the x permission on a directory means [..] Thanks, but trust me, i know. ;-) -- | I can can-can! Can you? | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.4, NFS-mounted content, strict permissions htaccess
Quoting Robert Webb (rw...@ropeguru.com): What options do you have set for the NFS mounts? The server is a NetApp FAS 32040 in MetroCluster mode. Its export options are '-sec=sys' and then a set of hosts that either have rw or ro access. The client has 'rw,vers=3,tcp,bg' in its fstab. Nothing special imho. Could it have something to do with a atime/noatime setup? I have not done NFS in a while so I am just throwing this out there. I fail to see how (no)atime would impact this. Since we dont specify any atime options, the defaults should apply (atime on). Please note the following: See the paste i posted, esp. the https://8n1.org/10735/b28a part: [ .. ] I've traced the error to a call to ap_run_open_htaccess inside apache itself. getuid() returns 33 (www-data) right before this call, on the local filesystem this call returns APR_ENOTDIR and on the remote filesystem it returns APR_EACCES. Perhaps i should take this to -dev to get more insight on this... -- | I got stung by a b, c? | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache 2.4, NFS-mounted content, strict permissions htaccess
Hi list, I'm running into permission trouble with Apache 2.4 (and mpm-itk, though i wonder if this is solely mpm-itk related). It was also reported about a year ago on the mpm-itk mailinglist. The archives are down so i some-what reconstructed that thread here: https://8n1.org/10728/cbbe I'm seeing the exact same behaviour. Our site-content is on an NFS-mount, it does *NOT* have root_squash enabled, the site parent directories are all 0700 (drwx--) for the users that 'own' the site. Apache 2.4/mpm-itk fails to serve sites from this NFS setup. When i move the site to local storage with exact same permissions it works fine. Also, if i set +x bits on all parent directores on the NFS setup, it works. f: /mnt/nfs/h/http-test/htdocs/.htaccess drwxr-xr-x root root / drwxr-xr-x root root mnt drwxr-x--x root root nfs drwxr-xr-x root root h drwx-- http-test http-linux_http-test http-test drwx-- http-test http-linux_http-test htdocs -rw--- http-test http-linux_http-test .htaccess As shown in the reconstructed thread paste above, this has to do with Apache 2.4 running a few threads as www-data, not root as it was in 2.2. Does anyone know of any fix for this issue? Other than setting +x bit on all parent directories, which introduces security risks of its own? Basically we can't use Apache 2.4/itk with our NFS-setup now. I'm not entirely sure if this is Apache 2.4 core or mpm-itk (which is not part of Apache itself) related. As shown in the paste, just before Apache calls ap_run_open_htaccess, its uid is 33 (www-data) which explains why it can't read the htdocs/ folder. It used to be root (i haven't tested this, but it must be). Any ideas how to tackle this would be more than welcome! Kind reagrds, -Sander. -- | Q: Why do you never see elephants hiding in trees? | A: They're really good at it | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] mods-enabled/dir.conf conf.d/ files
Hi,
I'm running Apache 2.2.22(-1ubuntu1.2) on Ubuntu Precise GNU/Linux.
Apache is not picking up the 'DirectoryIndex' configuration from the
conf.d/ directory as i will illustrate below:
Default installation has /etc/apache2/mods-available/dir.{load,conf}
symlinked in /etc/apache2/mods-enabled/. Nothing wrong with that, sane
defaults are configured and i have my own perference in conf.d/myconfig
like so:
| root@mybox:/etc/apache2# grep -ri DirectoryIndex .
| ./mods-available/dir.conf: DirectoryIndex index.html index.cgi
index.pl index.php index.xhtml index.htm
| ./mods-enabled/dir.conf: DirectoryIndex index.html index.cgi
index.pl index.php index.xhtml index.htm
| ./conf.d/myconfig:DirectoryIndex index.php index.pl index.html
In /etc/apache2/apache2.conf the order of 'Includes' is:
| root@mybox:/etc/apache2# grep Include apache2.conf
| # Include module configuration:
| Include mods-enabled/*.load
| Include mods-enabled/*.conf
| # Include all the user configurations:
| Include httpd.conf
| # Include ports listing
| Include ports.conf
| # Include of directories ignores editors' and dpkg's backup files,
| # Include generic snippets of statements
| Include conf.d/
| # Include the virtual host configurations:
| Include sites-enabled/
And to my knowledge, Apache parses it's configuration top-to-bottom.
If i put 'FUBAR' in conf.d/myconfig, Apache fails to start so it does
parse the file...
I noticed Apache does not pick up the DirectoryIndex setting from
conf.d/myconfig and sticks with the one found in mods-enabled/dir.conf.
My site's DocumentRoot has both an index.html and index.php file. If i
leave the stock config for dir.conf with my conf.d/myconfig file, Apache
shows me the index.html, if i remove mods-enabled/dir.conf and reload
Apache it gives me the index.php.
Is this a bug in Apache? Or am i doing something wrong?
I discovered this with mpm-itk and reproduced it with mpm-prefork.
Thanks for your time.
With regards,
-Sander.
--
| You dig around for a while but you fail to find any treasure.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [EMAIL PROTECTED] access.log problem
Quoting Staf Wagemakers ([EMAIL PROTECTED]): own when apache2 is restarted?, and if they are, what can I do if they have not been regenerated by numerous apache2 restarts, and also complete system reboots. The access-log file is created automatically at a httpd server start if it doesn't exists.. apache2ctl restart should do the trick If, however, you've rm -rf'ed the log directory and recreated it, please make sure the ownerships and mode on the directory (and files therein) are correct so your Apache user can write to them. -Sndr. -- | Intaxication: Euphoria at getting a tax refund, which lasts until you | realize it was your money to start with. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Weird writev()-loop when download is cancelled.
Hello!
With Apache 2.2.6 (the prefork mpm, on Debian 'SID') i'm seeing weird
behaviour when a (large) download is cancelled by a visitor.
Scenario: User browses to my site, clicks a link to a 1.5G zipfile,
realises it will take ages to download and clicks 'cancel download',
which results in an Apache process eating up ~99% CPU-time and hogging
the system.
Strace shows:
30672 writev(79, [{1fa0\r\n, 6}, {\270Q\34..., 8096}, {\r\n, 2}], 3) = -1
EPIPE (Broken pipe)
30672 --- SIGPIPE (Broken pipe) @ 0 (0) ---
30672 writev(79, [{1fa0\r\n, 6}, {\235:\235..., 8096}, {\r\n, 2}], 3) =
-1 EPIPE (Broken pipe)
30672 --- SIGPIPE (Broken pipe) @ 0 (0) ---
30672 writev(79, [{1fa0\r\n, 6}, {\241\237..., 8096}, {\r\n, 2}], 3) = -1
EPIPE (Broken pipe)
30672 --- SIGPIPE (Broken pipe) @ 0 (0) ---
In a continous loop. This happens for each and every request that is
cancelled, so looping apache processes accumulate at a fast rate on a
busy site. While smaller files make processes loop less longer, this
large file poses a problem as it takes some time to writev() 1.5G and
processing the SIGPIPE's.
Why exactly does Apache not stop sending data after receiving a SIGPIPE? ;-)
-Sndr.
--
| 42.7 percent of all statistics are made up on the spot.
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Weird writev()-loop when download is cancelled.
Quoting Sander Smeenk ([EMAIL PROTECTED]): Scenario: User browses to my site, clicks a link to a 1.5G zipfile, realises it will take ages to download and clicks 'cancel download', which results in an Apache process eating up ~99% CPU-time and hogging the system. Explicitly enabling or disabling Sendfile does not make any difference. Funny thing is, using wget(1) and interrupting that it works like expected. -Sndr. -- | Scenery is here, wish you were beautiful. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2.3 + Logging partial requests
Quoting Joshua Slive ([EMAIL PROTECTED]): See: http://wiki.apache.org/httpd/Logs/Response_Size Nice. Thanks. % apache2 -l | grep logio mod_logio.c Will work on that then, thanks alot! Regards, Sander. -- | Those who get too big for their britches will be exposed in the end. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.3 + Logging partial requests
Hello! I'm a happy Apache 2.2.3 user, everything is working just fine, except for this oddity which i'd like to see explained if possible ;-) I recently hosted a large patch to a popular MMORPG on my blog, and as expected, i got tons of hits on it. Curious as i am, i started investigating what / where / who these hits came from and found this in my logs (only showing HTTP Status and Bytes Transferred): 200 268939916 206 5825969 206 11646796 206 228617796 206 107575967 206 68177222 206 227867859 206 173765305 206 164469689 206 167575428 206 170672939 206 173799865 (All hits from one unique IP) Aparently this visitor transferred a total of 1.768.934.751 bytes. The patch is ~300MB, but my traffic stats and graphs do not reflect this. As it turns out, Apache logs the bytes transferred for partial requests as if each and every byte from the position it started from was transferred to the visitor. I tried this myself by wget'ing a large file from my server and continously interrupting it before wget -c'ing it again, and it gave me the same results in the logs. I'm a bit puzzled as to why this is. The process handling the request should be aware of when it started transferring and when it stopped transferring, right? Can anyone shed a light? :) Kind regards, Sander. -- | Did you hear about the cat that ate a ball of wool? -- It got mittens. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache2 mod_xslt trouble.
Quoting Nick Kew ([EMAIL PROTECTED]): Erm, I don't see a warning ... They were in my first post to the list. But i left them out on my second post. The warnigs are: | [error] an unknown filter was not added: mod-xslt Oh, right. Either you've got the wrong filter name (check the source and/or docs for your XSLT module), or the module isn't loaded (see LoadModule in the Apache docs). Come on, Nick. Don't act like i'm a complete idiot. The module works fine, until the daily maintenance scripts start apache2ctl reload'ing the server to ensure logrotation. Then, at random intervals the server 'forgets' to load the mod-xslt module causing it to start without the module and all these warnings or errors turn up. You could have taken the time you've wasted on acting like i'm the idiot to read my initial post instead. FWIW, mod_transform is another option for XSLT, and one I'd be in a better position to help with if you had questions. Do you know other real-time xsl/xml transformers that can be used in conjunction with Apache2? I'd be happy to receive names of alternatives. Erm, yes, I just told you one. Oh really? I meant BESIDES mod_xslt and mod_transform, do you happen to know any others? Regards, Sander. -- | Visitors always give pleasure: if not on arrival, then on the departure. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache2 mod_xslt trouble.
Quoting Nick Kew ([EMAIL PROTECTED]): From time to time it seems that the daily cronjob's 'apache2ctl reload' causes Apache to 'forget' to load mod-xslt causing these warnings for each xml/xsl related request: Erm, I don't see a warning ... They were in my first post to the list. But i left them out on my second post. The warnigs are: | [error] an unknown filter was not added: mod-xslt For every request that has the specified text/xml mimetype. The raw xml is then returned to the client... So no-one is using mod_xslt with Apache2 ? Nope. Actually there are several different modules, from different authors, called mod_xslt, so your question is already under-specified. Ok, I didn't really know that. I'm new to integrated xsl/xml transformation modules in Apache2, the one i'm using is aparently built from sources at http://www.mod-xslt2.com/ FWIW, mod_transform is another option for XSLT, and one I'd be in a better position to help with if you had questions. Do you know other real-time xsl/xml transformers that can be used in conjunction with Apache2? I'd be happy to receive names of alternatives. The fact that debian's packaging of Apache is terminally confusing makes it harder again to get help here. :) Regards, Sander. -- | Visitors always give pleasure: if not on arrival, then on the departure. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache2 mod_xslt trouble.
Quoting Sander Smeenk ([EMAIL PROTECTED]): I'm running Apache 2.0.55, prefork mpm and mod_xslt 2004112100 on Debian servers. From time to time it seems that the daily cronjob's 'apache2ctl reload' causes Apache to 'forget' to load mod-xslt causing these warnings for each xml/xsl related request: So no-one is using mod_xslt with Apache2 ? :( Sander. -- | How many of you believe in psycho-kinesis? Raise my hand . . . | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache2 mod_xslt trouble.
Hello everyone. I'm running Apache 2.0.55, prefork mpm and mod_xslt 2004112100 on Debian servers. From time to time it seems that the daily cronjob's 'apache2ctl reload' causes Apache to 'forget' to load mod-xslt causing these warnings for each xml/xsl related request: | [error] an unknown filter was not added: mod-xslt Doing a 'hard restart', eg, apache2ctl stop and apache2ctl start fixes it. Any clue what might cause this? The other thing is, i see Apache's segfault quite often while processing xsl/xml, so i have my doubts about the 'cleanlyness' of the mod_xslt code. Are there any other xml/xsl transformers that work like mod_xslt but /are/ stable? I'd be happy to hear from you all! Kind regards, Sander Smeenk. -- | Fooz In a perfect world... spammers would get caught, go to jail, and | share a cell with many men who have enlarged their penisses, taken | Viagra and are looking for a new relationship. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache X-Forwarded-For
Hello, I'd like to hear from people if they have experience in tracking how many users are 'hidden' behind proxies that visit their site. How can I find out how many there are? From what I know all well-behaving proxies should add a X-Forwarded-For header with the real IP address of the client and other proxies in the path. Is X-Forwarded-For the only header for this? Rumour has it there are many other headerfields that might contain this information. Right now i log X-Forwarded-For with a LogFormat/CustomLog entry, but this gives me about 3% of our visitors that aren't measured because they come from one proxy IP. Our partners indicate that we measure about 20% to 30% less visitors as they do. And i'm wondering why / how that's possible. This might be a bit unapropriate for this list, but i don't really know where else to go with this question. Feel free to reply offlist if you feel this is off-topic. Thanks in advance, Sander Smeenk. -- | From the FidoNet tagline collection: | If it jams, force it. If it breaks, it needed replacing | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
