Re: [users@httpd] better configtest
> What is the point of not starting httpd if there is an issue with a single > virtual host? This gives the best feedback to the user that the config couldn't be honored. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] better configtest
> > > > 1. > > what is the point of having a apachectl configtest, when a restart can > still fail? It can't be to difficult to include cert checks here, can it? > This is now becoming a significant part. > > The bar is useful, not perfect. configtest checks for _syntax_ validity. > > > 2. > > AH00016: Configuration Failed > > AH00016: Configuration Failed > > AH00016: Configuration Failed > > AH00016: Configuration Failed > > AH00016: Configuration Failed > > AH00016: Configuration Failed > > AH00016: Configuration Failed > > > > This is useless, why not list config line or cert name? > > This error means post-configuration failed. This is when the collected > config is acted upon, which is not really within line-by-line mode. > Normally there's a preceding error message with more details, maybe in > a vhost-specific error log? Maybe, I would have to look through quite a lot. Can't the development team re-think about this? What is the point of not starting httpd if there is an issue with a single virtual host? Why not have that specific virtual host fail only? I would like to have this config syntax check expanded to cert content or some other way of validating that I can test if I can restart httpd safely. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] better configtest
On Tue, Apr 16, 2024 at 4:42 AM Marc wrote: > > > With the forced upon us 90 day certificate renewal crap, my httpd was down > today although I have a 'restart procedure' that verifies a bit for errors > with apachectl configtest. > > 1. > what is the point of having a apachectl configtest, when a restart can still > fail? It can't be to difficult to include cert checks here, can it? This is > now becoming a significant part. The bar is useful, not perfect. configtest checks for _syntax_ validity. > 2. > AH00016: Configuration Failed > AH00016: Configuration Failed > AH00016: Configuration Failed > AH00016: Configuration Failed > AH00016: Configuration Failed > AH00016: Configuration Failed > AH00016: Configuration Failed > > This is useless, why not list config line or cert name? This error means post-configuration failed. This is when the collected config is acted upon, which is not really within line-by-line mode. Normally there's a preceding error message with more details, maybe in a vhost-specific error log? -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] better configtest
Hi, Marc wrote: > With the forced upon us 90 day certificate renewal crap, my httpd > was down today although I have a 'restart procedure' that verifies > a bit for errors with apachectl configtest. Regardless of the certificate duration I would recommend to use some monitoring tool to check on the status of the web service and get an alert when the certificate is close from its expiration date. I personally use Monit [1], but there is probably plenty of other tools that could fullfill the same purpose. Sincerely, 1: https://mmonit.com/monit/ -- Xavier Belanger - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org