status of httpd-2.0

2013-04-03 Thread Zisis Lianas 
Just for interest:
was is the current status of httpd-2.0?
Will 2.0.65 be released (soon)?
When is it planned to mark httpd-2.0 as EOL?

Re: Apache 2.4.3 issue related to SLProxyCheckPeerCN directive

2012-11-20 Thread Zisis Lianas 
Hi Pravesh,

this is the expected behaviour of SSLProxyCheckPeerCN. When
set to "on" (default), the certificate CN of the backend server
has to match the configured BalancerMember's name.

In your case, your BalancerMember seems to be "https://15.146.153.101/";
(so the name is "15.146.153.101"), which has configured an SSL certificate
with "CN=y". This constellation can't work.

Normally "SSLProxyCheckPeerCN off" should solve your issue - what do
you mean with 'is not helping much in our case'? What is the error
message when turning SSLProxyCheckPeerCN off? Perhaps you can also
post the relevant part of your configuration.

The links you posted are not really applicable for this configuration
issue. Please also consider that this is more an users-issue than dev
(-> users mailinglist).



Regards,
Zisis

- Original Message -
> From: "Pravesh R Rai (STSD)" 
> To: dev@httpd.apache.org
> Cc: "Tariq Mahmood (Tariq Mahmood Dar (IESL))" , 
> "Arshad Mohammed (STSD)"
> , "William Chow" , "William A. 
> Rowe Jr. (wr...@rowe-clan.net)"
> , "Scott Lamons (Open Source Program Office)" 
> , "Bryan Sutula (Open Source
> Program Office)" 
> Sent: Tuesday, November 20, 2012 12:17:13 PM
> Subject: Apache 2.4.3 issue related to SLProxyCheckPeerCN directive
> 
> Hi All,
> 
> While trying to use Apache 2.4.3, we are getting following error
> messages (in error_log), when trying to access a link to another
> application running on Tomcat web server:
> 
> --
> [ssl:info] [pid 3264] [remote 127.0.0.1:1188] AH02005: SSL Proxy:
> Peer certificate CN mismatch: Certificate CN: y Requested hostname:
> 15.146.153.101
> [ssl:info] [pid 3264] [remote 127.0.0.1:1188] AH01998: Connection
> closed to child 0 with abortive shutdown (server localhost:2381)
> [proxy_http:error] [pid 3264] (502)Unknown error 502: [client
> 16.154.173.74:52712] AH01084: pass request body failed to
> 127.0.0.1:1188 (localhost), referer:
> https://15.146.153.101:2381/chplinkstrt.php?chppath=Tools%3A%3AServiceguard&chppage=Serviceguard%20Manager&chpurl=/sgmgr/main/main.do&chptarget=undefined
> [proxy:error] [pid 3264] [client 16.154.173.74:52712] AH00898: Error
> during SSL Handshake with remote server returned by
> /sgmgr/main/main.do, referer:
> https://15.146.153.101:2381/chplinkstrt.php?chppath=Tools%3A%3AServiceguard&chppage=Serviceguard%20Manager&chpurl=/sgmgr/main/main.do&chptarget=undefined
> [proxy_http:error] [pid 3264] [client 16.154.173.74:52712] AH01097:
> pass request body failed to 127.0.0.1:1188 (localhost) from
> 16.154.173.74 (), referer: https://15.146.153.101:2381/chpl
> --
> 
> Also found that, the same bug is reported at some Apache & Bugzilla
> sites:
> 
> https://issues.apache.org/bugzilla/show_bug.cgi?id=53006
> http://mail-archives.apache.org/mod_mbox/httpd-bugs/201203.mbox/%3cbug-53006-7...@https.issues.apache.org/bugzilla/%3E
> http://osdir.com/ml/bugs-httpd/2012-03/msg00324.html
> 
> but none of those points to the right direction. After going through
> Apache-2.4.3 docs/forum:
> 
> http://apache-http-server.18135.n6.nabble.com/SSLProxyCheckPeerCN-ProxyPreserveHost-issue-td447.html
> http://httpd.apache.org/docs/2.4/upgrading.html#misc
> http://httpd.apache.org/docs/trunk/mod/mod_ssl.html
> 
> found that, it is observed only with Apache-2.4.3 & is due to one
> directive "SLProxyCheckPeerCN", which is now "on" by default. But
> even setting this to "off" is not helping much in our case.
> 
> Can anybody please provide some clue about this behavior?
> 
> Regards,
> Pravesh
>

default build httpd-2.4 and loadmodule/shm

2012-11-16 Thread Zisis Lianas 
It's always annoying after building an httpd-2.4 to see the AH01177 error
message when doing a quick start-check with "apachectl start":
[Fri Nov 16 16:29:19.093450 2012] [proxy_balancer:emerg] [pid 15902:tid 
47671748469040] AH01177: Failed to lookup provider 'shm' for 'slotmem': is 
mod_slotmem_shm loaded??

Maybe its possible to comment in slotmem_shm_module in the default httpd.conf?

Also commenting out the "lbmethod_heartbeat_module" line makes sense to me,
since there is no mod_heartbeat* module loaded/configured in the default conf.
This would prevent the "AH02282: No slotmem from mod_heartmonitor" warning.


regards,
zisis

Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)

2012-09-17 Thread Zisis Lianas 
- Original Message -
> Try
> 
> ProxyPreserveHost Off
> 
> 
>BalancerMember http://backend01:5080/ route=0
>BalancerMember http://backend02:5080/ route=2
>BalancerMember http://backend01:5180/ route=1
>BalancerMember http://backend02:5180/ route=3
>ProxySet lbmethod=bybusyness nofailover=Off
>stickysession=JSESSIONID|jsessionid
> 
> 
> ProxyPass / balancer://default/
> ProxyPassReverse / balancer://default
> 

This configuration seems to work correctly - but this a false conclusion.
If you look deeper in log output/files, you will see that there is still
a double slash inside. Fortunately the final request the browser is sending
to the apache-httpd is "/clusterjsp/", so the cookie is considered and the
session is not lost.

But on backend servers you still get the double-slashed request, e.g.:
"10.x.x.x" "17/Sep/2012:10:43:04 +0100" "GET //clusterjsp/ HTTP/1.1" 200 1590 

So when you perform someting like 
javax.servlet.http.HttpServletRequest.getRequestURI()
on an applicationserver, you still will see the "//clusterjsp/".

Errorlog debug:
[Mon Sep 17 10:47:55.699519 2012] [proxy_balancer:trace1] [pid 5463:tid 
140065930422016] mod_proxy_balancer.c(73): [client 10.x.x.x:59115] 
canonicalising URL //default/clusterjsp/
[Mon Sep 17 10:47:55.699558 2012] [proxy_balancer:debug] [pid 5463:tid 
140065930422016] mod_proxy_balancer.c(614): [client 10.x.x.x:59115] AH01172: 
balancer://default: worker (http://backend02.foo:5180/) rewritten to 
http://backend02.foo:5180//clusterjsp/

(attached you will find the whole logfile)


Also with the two patches I mentioned in my first email, its
depended on your config whether you get the doubleslashes or
not in backend.

Maybe we can improve the URL canonicalisation, so that we are
independent of the config? The rfc is on our side ;)


http://www.ietf.org/rfc/rfc3986.txt
 -> 3.3.  Path
[...]
path  = path-abempty; begins with "/" or is empty
  / path-absolute   ; begins with "/" but not "//"
  / path-noscheme   ; begins with a non-colon segment
  / path-rootless   ; begins with a segment
  / path-empty  ; zero characters


[Mon Sep 17 10:47:55.603666 2012] [core:trace5] [pid 5463:tid 140065930422016] 
protocol.c(627): [client 10.x.x.x:59115] Request received from client: GET 
/clusterjsp HTTP/1.0
[Mon Sep 17 10:47:55.603847 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(301): [client 10.x.x.x:59115] Headers received from client:
[Mon Sep 17 10:47:55.603877 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   Host: mydomain.foo:8080
[Mon Sep 17 10:47:55.603884 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   User-Agent: Mozilla/5.0 (X11; 
Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1
[Mon Sep 17 10:47:55.603892 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   Accept: 
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Mon Sep 17 10:47:55.603898 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   Accept-Language: en-us,en;q=0.5
[Mon Sep 17 10:47:55.603903 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   Accept-Encoding: gzip, deflate
[Mon Sep 17 10:47:55.603921 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   Cookie: 
JSESSIONID=359c3bad94690428541d6c226f6d.3; 
__utma=85701643.1776763863.1324649383.1324649383.1324649383.1
[Mon Sep 17 10:47:55.603927 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   Via: 1.0 proxy.foo:3128 
(squid/2.7.STABLE5)
[Mon Sep 17 10:47:55.603934 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   X-Forwarded-For: 10.x.x.x
[Mon Sep 17 10:47:55.603939 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   Cache-Control: max-age=259200
[Mon Sep 17 10:47:55.603967 2012] [http:trace4] [pid 5463:tid 140065930422016] 
http_request.c(305): [client 10.x.x.x:59115]   Connection: keep-alive
[Mon Sep 17 10:47:55.604025 2012] [authz_core:debug] [pid 5463:tid 
140065930422016] mod_authz_core.c(828): [client 10.x.x.x:59115] AH01628: 
authorization result: granted (no directives)
[Mon Sep 17 10:47:55.604058 2012] [core:trace3] [pid 5463:tid 140065930422016] 
request.c(227): [client 10.x.x.x:59115] request authorized without 
authentication by access_checker_ex hook: /clusterjsp
[Mon Sep 17 10:47:55.604094 2012] [proxy_balancer:trace1] [pid 5463:tid 
140065930422016] mod_proxy_balancer.c(73): [client 10.x.x.x:59115] 
canonicalising URL //default/clusterjsp
[Mon Sep 17 10:47:55.604155 2012] [proxy_balancer:debug] [pid 5463:tid 
140065930422016] mod_proxy_balancer.c(292): [client

Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)

2012-09-14 Thread Zisis Lianas 

- Original Message -
> Can you forward over your exact config again?
> 

e.g.:

ProxyPreserveHost Off


BalancerMember http://backend01:5080 route=0
BalancerMember http://backend02:5080 route=2
BalancerMember http://backend01:5180 route=1
BalancerMember http://backend02:5180 route=3
ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid 


ProxyPass / balancer://default/
ProxyPassReverse / balancer://default/

Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)

2012-09-14 Thread Zisis Lianas 

- Original Message -
> From: "Jim Jagielski" 
> To: dev@httpd.apache.org
> Sent: Thursday, September 13, 2012 8:59:27 PM
> Subject: Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes 
> (httpd-2.4.3)
> 
> 
> 
> So in the case it is correctly adjusting the backend URL Location
> (backend01.foo:5080 -> mydomain.foo:8080)
> 
> So is the "bug" that it's
> 
>   http://mydomain.foo:8080//clusterjsp/
> 
> and not
> 
>   http://mydomain.foo:8080/clusterjsp/
> 
> ??
> 
> Certainly the redirect still works, right?

That's exactly the problem.

The redirect works, but the subsequent request looks like "//clusterjsp/",
which a problem because of the cookie set by the backend (Path=/clusterjsp).
So the cookie is ignored and on each new request you get a new session.

Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)

2012-09-13 Thread Zisis Lianas 
With this configuration I get a 500 error because of
"[proxy_balancer:trace1] ... mod_proxy_balancer.c(73): ... canonicalising
URL //defaultclusterjsp", when trying to access "/clusterjsp":
  ProxyPass / balancer://default
  ProxyPassReverse / balancer://default
Maybe this also expected.


But:
With this configuration I get the doubleslash bug, when the
backend is returning a 301:
  ProxyPass / balancer://default/
  ProxyPassReverse / balancer://default/

See also "proxypass_20120906.0.txt" attachment in one of my
emails before with the logfile trace.


- Original Message -
From: "Jim Jagielski" 
To: dev@httpd.apache.org
Sent: Thursday, September 13, 2012 6:54:36 PM
Subject: Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes 
(httpd-2.4.3)


On Sep 6, 2012, at 11:07 AM, Zisis Lianas  wrote:

> Tom, thanks for your feedback.
> 
> The main difference between our configurations is that you do
> ProxyPassReverse the single BalancerMember (http://app05/...),
> which is also working for me - in my configuration I ProxyPassReverse
> the "balancer://cluster". And this is the configuration which does
> not work correctly.
> 
> So...
> ProxyPassReverse / http://app05/ => WORKS
> ProxyPassReverse / balancer://cluster/ => DOES NOT WORK CORRECTLY
> 
> As documented the balancer://... ProxyPassReverse should work:
> http://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html#example
> 
> 

How is it not working for you?

Re: httpd 2.4.2 - mod_proxy id name not unique

2012-09-12 Thread Zisis Lianas 
Ok, got it. So I will have to change the solution for 2.4 as
Jim described it (/var/shared/logs/system1, /var/shared/logs/system2, ...).

Jeff, Jim, thanks for your feedback.


- Original Message -
From: "Jeff Trawick" 
To: dev@httpd.apache.org
Sent: Wednesday, September 12, 2012 3:45:44 PM
Subject: Re: httpd 2.4.2 - mod_proxy id name not unique

On Wed, Sep 12, 2012 at 9:31 AM, Zisis Lianas  wrote:
> That's right, Jeff, that's exactly what I want.
>
> For other directives we never had collisions with a shared
> runtime directory (2.0 and 2.2), since we could differ by hostname:
>  PidFile ${project_home}/logs/apache/${hostname}.httpd.pid
>  CustomLog ${project_home}/logs/apache/${hostname}.access_log combined 
> env=!dontlog
>  ErrorLog ${project_home}/logs/apache/${hostname}.error_log

I don't think that exact pattern is going to be possible with all
run-time files.  It should be easy enough to make ${hostname} refer to
a directory, at which point DefaultRuntimeDir fits in.

There's an ever-growing set of run-time files, and traditionally these
were inconsistent in their default location (/tmp?
DEFAULT_RUNTIME_DIR?  logs?), configurability (related directive or
not), and instance-specific naming (including pid in the filename or
not).  It isn't practical for us to continue with the endless
configuration of each individual item, and DefaultRuntimeDir should be
the way these are configured* when a single compiled-in directory
isn't appropriate.

Run-time files are special in that they often need to be moved as a
group to a different filesystem because of the filesystem
implementation (e.g., move way from some shared filesystem that
doesn't implement locking or Unix sockets, move to a RAM-based
filesystem for speed and automatic cleanup on reboot, whatever).
DefaultRuntimeDir makes that easy.

*Unfortunately, DefaultRuntimeDir isn't respected throughout 2.4.x.
There are even a few run-time files in trunk that don't respect it.


>
>
> - Original Message -
> From: "Jeff Trawick" 
> To: dev@httpd.apache.org
> Sent: Wednesday, September 12, 2012 2:53:38 PM
> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
>
> On Wed, Sep 12, 2012 at 8:40 AM, Zisis Lianas  wrote:
>> That's right, but on shared filesystems, "DefaultRuntimeDir"
>> (logs/) and the non-unique shm-filenames state a problem.
>
> Clarification: Do you want multiple web server instances to share the
> same runtime directory without collisions of individual files in that
> directory?
>
>> So what do you think about a shm-file-target-directory directive?
>>
>>
>> - Original Message -
>> From: "Jim Jagielski" 
>> To: dev@httpd.apache.org
>> Sent: Wednesday, September 12, 2012 2:28:07 PM
>> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
>>
>> Yes, that's the reason why the location of the file can be
>> user selectable. There's no need to adjust the name when you
>> can adjust the location/path.
>>
>> On Sep 12, 2012, at 7:00 AM, Zisis Lianas  wrote:
>>
>>> Currently the default location of the slotmem file
>>> is the "DefaultRuntimeDir", since on slotmem creation
>>> only the "conf->id" is defined as filename:
>>> modules/proxy/mod_proxy_balancer.c, 762:
>>> rv = storage->create(&new, conf->id,
>>> ALIGNED_PROXY_BALANCER_SHARED_SIZE,
>>> conf->max_balancers, AP_SLOTMEM_TYPE_PREGRAB, pconf);
>>>
>>> modules/slotmem/mod_slotmem_shm.c, 275:
>>> fname = slotmem_filename(pool, name);
>>>
>>> modules/slotmem/mod_slotmem_shm.c, 137:
>>> const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX,
>>> slotmemname, DEFAULT_SLOTMEM_SUFFIX, NULL);
>>>
>>>
>>> There is no possibility to customize the shm-filename
>>> resp. the shm-target-directory. Thats a big issue when
>>> working with shared filesystems.
>>>
>>> So my idea was to define some shm-target-directory and
>>> slotmemname-prefix in httpd.conf. So e.g. when shm-target-directory
>>> is /shared-fs/logs/shm/ and slotmemname-prefix is `hostname`
>>> (exported as shell variable), the final shm file would be
>>> /shared-fs/logs/shm/slotmem-shm-myhostname-sbf751527.shm.
>>>
>>>
>>>
>>> - Original Message -
>>> From: "Jim Jagielski" 
>>> To: dev@httpd.apache.org
>>> Sent: Tuesday, September 11, 2012 6:16:08 PM
>>> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
>>>
>

Re: httpd 2.4.2 - mod_proxy id name not unique

2012-09-12 Thread Zisis Lianas 
That's right, Jeff, that's exactly what I want.

For other directives we never had collisions with a shared
runtime directory (2.0 and 2.2), since we could differ by hostname:
 PidFile ${project_home}/logs/apache/${hostname}.httpd.pid
 CustomLog ${project_home}/logs/apache/${hostname}.access_log combined 
env=!dontlog
 ErrorLog ${project_home}/logs/apache/${hostname}.error_log


- Original Message -
From: "Jeff Trawick" 
To: dev@httpd.apache.org
Sent: Wednesday, September 12, 2012 2:53:38 PM
Subject: Re: httpd 2.4.2 - mod_proxy id name not unique

On Wed, Sep 12, 2012 at 8:40 AM, Zisis Lianas  wrote:
> That's right, but on shared filesystems, "DefaultRuntimeDir"
> (logs/) and the non-unique shm-filenames state a problem.

Clarification: Do you want multiple web server instances to share the
same runtime directory without collisions of individual files in that
directory?

> So what do you think about a shm-file-target-directory directive?
>
>
> - Original Message -
> From: "Jim Jagielski" 
> To: dev@httpd.apache.org
> Sent: Wednesday, September 12, 2012 2:28:07 PM
> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
>
> Yes, that's the reason why the location of the file can be
> user selectable. There's no need to adjust the name when you
> can adjust the location/path.
>
> On Sep 12, 2012, at 7:00 AM, Zisis Lianas  wrote:
>
>> Currently the default location of the slotmem file
>> is the "DefaultRuntimeDir", since on slotmem creation
>> only the "conf->id" is defined as filename:
>> modules/proxy/mod_proxy_balancer.c, 762:
>> rv = storage->create(&new, conf->id,
>> ALIGNED_PROXY_BALANCER_SHARED_SIZE,
>> conf->max_balancers, AP_SLOTMEM_TYPE_PREGRAB, pconf);
>>
>> modules/slotmem/mod_slotmem_shm.c, 275:
>> fname = slotmem_filename(pool, name);
>>
>> modules/slotmem/mod_slotmem_shm.c, 137:
>> const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX,
>> slotmemname, DEFAULT_SLOTMEM_SUFFIX, NULL);
>>
>>
>> There is no possibility to customize the shm-filename
>> resp. the shm-target-directory. Thats a big issue when
>> working with shared filesystems.
>>
>> So my idea was to define some shm-target-directory and
>> slotmemname-prefix in httpd.conf. So e.g. when shm-target-directory
>> is /shared-fs/logs/shm/ and slotmemname-prefix is `hostname`
>> (exported as shell variable), the final shm file would be
>> /shared-fs/logs/shm/slotmem-shm-myhostname-sbf751527.shm.
>>
>>
>>
>> - Original Message -
>> From: "Jim Jagielski" 
>> To: dev@httpd.apache.org
>> Sent: Tuesday, September 11, 2012 6:16:08 PM
>> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
>>
>> I have to admit, I never really considered that case, but can't
>> you simply change the default location of the slotmem on one?
>>
>> On Sep 11, 2012, at 10:01 AM, Zisis Lianas  wrote:
>>
>>> Hi Jim,
>>>
>>> what do you think about the suggested directives of
>>> "ProxyConfigIdPrefix" and "BalancerSlotmemDir"?
>>> (any other way to solve this problem is also welcome)
>>>
>>>
>>> Today I just ran into the same problem with httpd-2.4.3.
>>> The apache config/logs directory is shared (NFS) on two
>>> servers - when trying to restart both apache instances
>>> at same time, the last one throws an error:
>>> [proxy_balancer:debug] mod_proxy_balancer.c(760): AH01178: Doing balancers 
>>> create: 544,1 (6)
>>> [slotmem_shm:debug] mod_slotmem_shm.c(300): AH02300: create 
>>> /apache/logs/slotmem-shm-sbf751527.shm: 544/6
>>> [proxy_balancer:emerg] (17)File exists: AH01179: balancer slotmem_create 
>>> failed
>>>
>>> When I restart this instance when the first one is up,
>>> the restart is successful.
>>>
>>>
>>> regards,
>>> Zisis
>>>
>>> - Original Message -
>>> From: "Jim Jagielski" 
>>> To: dev@httpd.apache.org
>>> Sent: Tuesday, May 1, 2012 8:43:46 PM
>>> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
>>>
>>> Let me look into that... iirc, it was due to us wanting to
>>> be able to persist data between restarts and using the time
>>> as part of the id prevented that. But I could be mis-remembering.
>>>
>>> On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote:
>>>
>>>> hi,
>>>>
>

Re: httpd 2.4.2 - mod_proxy id name not unique

2012-09-12 Thread Zisis Lianas 
That's right, but on shared filesystems, "DefaultRuntimeDir"
(logs/) and the non-unique shm-filenames state a problem.

So what do you think about a shm-file-target-directory directive?


- Original Message -
From: "Jim Jagielski" 
To: dev@httpd.apache.org
Sent: Wednesday, September 12, 2012 2:28:07 PM
Subject: Re: httpd 2.4.2 - mod_proxy id name not unique

Yes, that's the reason why the location of the file can be
user selectable. There's no need to adjust the name when you
can adjust the location/path.

On Sep 12, 2012, at 7:00 AM, Zisis Lianas  wrote:

> Currently the default location of the slotmem file
> is the "DefaultRuntimeDir", since on slotmem creation
> only the "conf->id" is defined as filename:
> modules/proxy/mod_proxy_balancer.c, 762:
> rv = storage->create(&new, conf->id,
> ALIGNED_PROXY_BALANCER_SHARED_SIZE,
> conf->max_balancers, AP_SLOTMEM_TYPE_PREGRAB, pconf);
> 
> modules/slotmem/mod_slotmem_shm.c, 275:
> fname = slotmem_filename(pool, name);
> 
> modules/slotmem/mod_slotmem_shm.c, 137:
> const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX,
> slotmemname, DEFAULT_SLOTMEM_SUFFIX, NULL);
> 
> 
> There is no possibility to customize the shm-filename
> resp. the shm-target-directory. Thats a big issue when
> working with shared filesystems.
> 
> So my idea was to define some shm-target-directory and
> slotmemname-prefix in httpd.conf. So e.g. when shm-target-directory
> is /shared-fs/logs/shm/ and slotmemname-prefix is `hostname`
> (exported as shell variable), the final shm file would be
> /shared-fs/logs/shm/slotmem-shm-myhostname-sbf751527.shm.
> 
> 
> 
> - Original Message -
> From: "Jim Jagielski" 
> To: dev@httpd.apache.org
> Sent: Tuesday, September 11, 2012 6:16:08 PM
> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
> 
> I have to admit, I never really considered that case, but can't
> you simply change the default location of the slotmem on one?
> 
> On Sep 11, 2012, at 10:01 AM, Zisis Lianas  wrote:
> 
>> Hi Jim,
>> 
>> what do you think about the suggested directives of
>> "ProxyConfigIdPrefix" and "BalancerSlotmemDir"?
>> (any other way to solve this problem is also welcome)
>> 
>> 
>> Today I just ran into the same problem with httpd-2.4.3.
>> The apache config/logs directory is shared (NFS) on two
>> servers - when trying to restart both apache instances
>> at same time, the last one throws an error:
>> [proxy_balancer:debug] mod_proxy_balancer.c(760): AH01178: Doing balancers 
>> create: 544,1 (6)
>> [slotmem_shm:debug] mod_slotmem_shm.c(300): AH02300: create 
>> /apache/logs/slotmem-shm-sbf751527.shm: 544/6
>> [proxy_balancer:emerg] (17)File exists: AH01179: balancer slotmem_create 
>> failed
>> 
>> When I restart this instance when the first one is up,
>> the restart is successful.
>> 
>> 
>> regards,
>> Zisis
>> 
>> - Original Message -
>> From: "Jim Jagielski" 
>> To: dev@httpd.apache.org
>> Sent: Tuesday, May 1, 2012 8:43:46 PM
>> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
>> 
>> Let me look into that... iirc, it was due to us wanting to
>> be able to persist data between restarts and using the time
>> as part of the id prevented that. But I could be mis-remembering.
>> 
>> On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote:
>> 
>>> hi,
>>> 
>>> when mod_proxy currently is generating his "id", the name
>>> of this id is not very unique. So if you have a shared config/
>>> logs dir for more instances, the slotmem-shm files generated in
>>> DefaultRuntimeDir are the same. Bit unlucky if working with shared
>>> file systems.
>>> 
>>> In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see
>>> the following code:
>>> #if 0
>>>  id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, 
>>> apr_time_now()), PROXY_HASHFUNC_DEFAULT);
>>> #else
>>>  id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT);
>>> #endif
>>> 
>>> Primarily checked in with
>>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749
>>> 
>>> 
>>> If activating the first ap_proxy_hashfunc call, the generated names
>>> seem to be unique. Is there any reason this code is not used? Maybe
>>> we can set the "timed" version as default?
>>> 
>>> 
>>> 
>>> best regards,
>>> Zisis
>>> 
>> 
>

Re: httpd 2.4.2 - mod_proxy id name not unique

2012-09-12 Thread Zisis Lianas 
Currently the default location of the slotmem file
is the "DefaultRuntimeDir", since on slotmem creation
only the "conf->id" is defined as filename:
modules/proxy/mod_proxy_balancer.c, 762:
rv = storage->create(&new, conf->id,
 ALIGNED_PROXY_BALANCER_SHARED_SIZE,
 conf->max_balancers, AP_SLOTMEM_TYPE_PREGRAB, pconf);

modules/slotmem/mod_slotmem_shm.c, 275:
fname = slotmem_filename(pool, name);

modules/slotmem/mod_slotmem_shm.c, 137:
const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX,
 slotmemname, DEFAULT_SLOTMEM_SUFFIX, NULL);


There is no possibility to customize the shm-filename
resp. the shm-target-directory. Thats a big issue when
working with shared filesystems.

So my idea was to define some shm-target-directory and
slotmemname-prefix in httpd.conf. So e.g. when shm-target-directory
is /shared-fs/logs/shm/ and slotmemname-prefix is `hostname`
(exported as shell variable), the final shm file would be
/shared-fs/logs/shm/slotmem-shm-myhostname-sbf751527.shm.



- Original Message -
From: "Jim Jagielski" 
To: dev@httpd.apache.org
Sent: Tuesday, September 11, 2012 6:16:08 PM
Subject: Re: httpd 2.4.2 - mod_proxy id name not unique

I have to admit, I never really considered that case, but can't
you simply change the default location of the slotmem on one?

On Sep 11, 2012, at 10:01 AM, Zisis Lianas  wrote:

> Hi Jim,
> 
> what do you think about the suggested directives of
> "ProxyConfigIdPrefix" and "BalancerSlotmemDir"?
> (any other way to solve this problem is also welcome)
> 
> 
> Today I just ran into the same problem with httpd-2.4.3.
> The apache config/logs directory is shared (NFS) on two
> servers - when trying to restart both apache instances
> at same time, the last one throws an error:
>  [proxy_balancer:debug] mod_proxy_balancer.c(760): AH01178: Doing balancers 
> create: 544,1 (6)
>  [slotmem_shm:debug] mod_slotmem_shm.c(300): AH02300: create 
> /apache/logs/slotmem-shm-sbf751527.shm: 544/6
>  [proxy_balancer:emerg] (17)File exists: AH01179: balancer slotmem_create 
> failed
> 
> When I restart this instance when the first one is up,
> the restart is successful.
> 
> 
> regards,
> Zisis
> 
> - Original Message -
> From: "Jim Jagielski" 
> To: dev@httpd.apache.org
> Sent: Tuesday, May 1, 2012 8:43:46 PM
> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique
> 
> Let me look into that... iirc, it was due to us wanting to
> be able to persist data between restarts and using the time
> as part of the id prevented that. But I could be mis-remembering.
> 
> On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote:
> 
>> hi,
>> 
>> when mod_proxy currently is generating his "id", the name
>> of this id is not very unique. So if you have a shared config/
>> logs dir for more instances, the slotmem-shm files generated in
>> DefaultRuntimeDir are the same. Bit unlucky if working with shared
>> file systems.
>> 
>> In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see
>> the following code:
>> #if 0
>>   id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, 
>> apr_time_now()), PROXY_HASHFUNC_DEFAULT);
>> #else
>>   id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT);
>> #endif
>> 
>> Primarily checked in with
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749
>> 
>> 
>> If activating the first ap_proxy_hashfunc call, the generated names
>> seem to be unique. Is there any reason this code is not used? Maybe
>> we can set the "timed" version as default?
>> 
>> 
>> 
>> best regards,
>> Zisis
>> 
>

Re: httpd 2.4.2 - mod_proxy id name not unique

2012-09-11 Thread Zisis Lianas 
Hi Jim,

what do you think about the suggested directives of
"ProxyConfigIdPrefix" and "BalancerSlotmemDir"?
(any other way to solve this problem is also welcome)


Today I just ran into the same problem with httpd-2.4.3.
The apache config/logs directory is shared (NFS) on two
servers - when trying to restart both apache instances
at same time, the last one throws an error:
  [proxy_balancer:debug] mod_proxy_balancer.c(760): AH01178: Doing balancers 
create: 544,1 (6)
  [slotmem_shm:debug] mod_slotmem_shm.c(300): AH02300: create 
/apache/logs/slotmem-shm-sbf751527.shm: 544/6
  [proxy_balancer:emerg] (17)File exists: AH01179: balancer slotmem_create 
failed

When I restart this instance when the first one is up,
the restart is successful.


regards,
Zisis

- Original Message -
From: "Jim Jagielski" 
To: dev@httpd.apache.org
Sent: Tuesday, May 1, 2012 8:43:46 PM
Subject: Re: httpd 2.4.2 - mod_proxy id name not unique

Let me look into that... iirc, it was due to us wanting to
be able to persist data between restarts and using the time
as part of the id prevented that. But I could be mis-remembering.

On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote:

> hi,
> 
> when mod_proxy currently is generating his "id", the name
> of this id is not very unique. So if you have a shared config/
> logs dir for more instances, the slotmem-shm files generated in
> DefaultRuntimeDir are the same. Bit unlucky if working with shared
> file systems.
> 
> In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see
> the following code:
> #if 0
>id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, 
> apr_time_now()), PROXY_HASHFUNC_DEFAULT);
> #else
>id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT);
> #endif
> 
> Primarily checked in with
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749
> 
> 
> If activating the first ap_proxy_hashfunc call, the generated names
> seem to be unique. Is there any reason this code is not used? Maybe
> we can set the "timed" version as default?
> 
> 
> 
> best regards,
> Zisis
>

Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)

2012-09-06 Thread Zisis Lianas 
Tom, thanks for your feedback.

The main difference between our configurations is that you do
ProxyPassReverse the single BalancerMember (http://app05/...),
which is also working for me - in my configuration I ProxyPassReverse
the "balancer://cluster". And this is the configuration which does
not work correctly.

So...
 ProxyPassReverse / http://app05/ => WORKS
 ProxyPassReverse / balancer://cluster/ => DOES NOT WORK CORRECTLY

As documented the balancer://... ProxyPassReverse should work:
http://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html#example


So I think this is a bug.


- Original Message -
From: "Tom Evans" 
To: dev@httpd.apache.org
Sent: Thursday, September 6, 2012 4:40:18 PM
Subject: Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes 
(httpd-2.4.3)

On Thu, Sep 6, 2012 at 12:42 PM, Zisis Lianas  wrote:
> Also with the trailing slash the config does not work correctly,
> see attached logfile. Please keep in mind that this only happens
> if the backend returns a 301.
>
> Status from backend: 301
> Location: http://backend01.foo:5080/clusterjsp/
> [...]
> Response sent with status 301, headers:
> Location: http://mydomain.foo:8080//clusterjsp/
> [...]
> Request received from client: GET //clusterjsp/ HTTP/1.0
>
>

Only if your configuration is incorrect. The behaviour you are talking
about is solely concerned with how you have configured
ProxyPassReverse, which you have not shown. If you have incorrectly
matched '/'s on ProxyPassReverse, you will also have issues.

With ProxyPass and ProxyPassReverse, if the first argument ends in a
slash, so should the second. Eg, straight from my production
httpd.conf:


BalancerMember http://app05 retry=0
BalancerMember http://app07 retry=0 status=+H


ProxyPass / balancer://cluster/

ProxyPassReverse / http://app05/
ProxyPassReverse / http://app07/

This configuration works correctly in all cases.

Cheers

Tom

Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)

2012-09-06 Thread Zisis Lianas 
Also with the trailing slash the config does not work correctly,
see attached logfile. Please keep in mind that this only happens
if the backend returns a 301.

Status from backend: 301
Location: http://backend01.foo:5080/clusterjsp/
[...]
Response sent with status 301, headers:
Location: http://mydomain.foo:8080//clusterjsp/
[...]
Request received from client: GET //clusterjsp/ HTTP/1.0



- Original Message -
From: "Tom Evans" 
To: dev@httpd.apache.org
Sent: Thursday, September 6, 2012 12:49:03 PM
Subject: Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes 
(httpd-2.4.3)

On Wed, Sep 5, 2012 at 6:08 PM, Zisis Lianas  wrote:
> There seems to be some problems when trying to proxy "/" with
> ProxyPass and mod_proxy_balancer.
>
> See also:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=51982
> https://issues.apache.org/bugzilla/show_bug.cgi?id=51489
>
> I could reproduce both errors in httpd-2.4.3:
>   1) error 500 when configuring "ProxyPass / balancer://default"
>   2) double-slash problem when backend returns 301
>
>
>
> Sample config:
> 
> ProxyPreserveHost Off
> 
> BalancerMember http://backend1.foo:5080 route=0
> BalancerMember http://backend2.foo:5080 route=1
> ProxySet lbmethod=bybusyness nofailover=off 
> stickysession=JSESSIONID|jsessionid
> 
>
> ProxyPass / balancer://default
> ProxyPassReverse / balancer://default
> 
>
>
> 1)
> When configuring "ProxyPass / balancer://default", an error 500
> occurs. When using a different ProxyPassMatch config, everything
> works fine, e.g.: ProxyPassMatch ^/(.*)$ balancer://default/$1
>
> I broke it down to mod_proxy.c::ap_proxy_trans_match().
> "r->filename" resp. "found" is set to "proxy:balancer://defaultclusterjsp"
> when for e.g. the URL "http://mydomain.foo/clusterjsp"; is called.
> "r->filename" should be "proxy:balancer://default/clusterjsp".
>
> I wrote a patch for httpd-2.4.3 (attached) - maybe someone can
> review and improve it to get it finally in trunk.


This is because the configuration is incorrect. Your ProxyPassMatch
corresponds to this ProxyPass line

ProxyPass / balancer://default/

Not this

ProxyPass / balancer://default

The trailing slash is relevant, as you have found out.


>
>
> 2)
> When the patch from 1) is applied, you will run into another problem.
> On 301 from backend, an dispensable "/" will be prepended to the URI.
> E.g. when you call http://mydomain.foo:8080/clusterjsp in you browser, the
> redirect location will be set wrong:
> Location: http://mydomain.foo:8080//clusterjsp/
>
> This will result in session problems... (cookie path is "/clusterjsp" and
> not "//clusterjsp").
>
> See attached logfile for more details.
>
> A patch was proposed in 
> https://issues.apache.org/bugzilla/show_bug.cgi?id=51489
> for httpd-2.4.x, which is working for me.
>
> I did a quick check with:
> u = apr_pstrcat(r->pool, (strcmp(ent[i].fake, "/") == 0 ? "" : ent[i].fake), 
> &url[l2], NULL);

This "problem" comes from incorrectly fixing problem 1.

Cheers

Tom
[Thu Sep 06 13:24:00.102345 2012] [core:trace5] [pid 29121:tid 139699051894528] 
protocol.c(627): [client 10.x.x.x:56178] Request received from client: GET 
/clusterjsp HTTP/1.0
[Thu Sep 06 13:24:00.102556 2012] [http:trace4] [pid 29121:tid 139699051894528] 
http_request.c(301): [client 10.x.x.x:56178] Headers received from client:
[Thu Sep 06 13:24:00.102579 2012] [http:trace4] [pid 29121:tid 139699051894528] 
http_request.c(305): [client 10.x.x.x:56178]   Host: mydomain.foo:8080
[Thu Sep 06 13:24:00.102594 2012] [http:trace4] [pid 29121:tid 139699051894528] 
http_request.c(305): [client 10.x.x.x:56178]   User-Agent: Mozilla/5.0 (X11; 
Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0
[Thu Sep 06 13:24:00.102609 2012] [http:trace4] [pid 29121:tid 139699051894528] 
http_request.c(305): [client 10.x.x.x:56178]   Accept: 
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Thu Sep 06 13:24:00.102621 2012] [http:trace4] [pid 29121:tid 139699051894528] 
http_request.c(305): [client 10.x.x.x:56178]   Accept-Language: en-us,en;q=0.5
[Thu Sep 06 13:24:00.102640 2012] [http:trace4] [pid 29121:tid 139699051894528] 
http_request.c(305): [client 10.x.x.x:56178]   Accept-Encoding: gzip, deflate
[Thu Sep 06 13:24:00.102643 2012] [http:trace4] [pid 29121:tid 139699051894528] 
http_request.c(305): [client 10.x.x.x:56178]   Cookie: 
JSESSIONID=b4bee73f75211ee7b66c2182126d.0; 
__utma=85701643.1776763863.1324649383.1324649383.1324649383.1
[Thu Sep 06 13:24:00.102647 2012] [http:trace4] [pid 29121:t

Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)

2012-09-05 Thread Zisis Lianas 
There seems to be some problems when trying to proxy "/" with
ProxyPass and mod_proxy_balancer.

See also:
https://issues.apache.org/bugzilla/show_bug.cgi?id=51982
https://issues.apache.org/bugzilla/show_bug.cgi?id=51489

I could reproduce both errors in httpd-2.4.3:
  1) error 500 when configuring "ProxyPass / balancer://default"
  2) double-slash problem when backend returns 301



Sample config:

ProxyPreserveHost Off

BalancerMember http://backend1.foo:5080 route=0
BalancerMember http://backend2.foo:5080 route=1
ProxySet lbmethod=bybusyness nofailover=off 
stickysession=JSESSIONID|jsessionid


ProxyPass / balancer://default
ProxyPassReverse / balancer://default



1)
When configuring "ProxyPass / balancer://default", an error 500
occurs. When using a different ProxyPassMatch config, everything
works fine, e.g.: ProxyPassMatch ^/(.*)$ balancer://default/$1

I broke it down to mod_proxy.c::ap_proxy_trans_match().
"r->filename" resp. "found" is set to "proxy:balancer://defaultclusterjsp"
when for e.g. the URL "http://mydomain.foo/clusterjsp"; is called.
"r->filename" should be "proxy:balancer://default/clusterjsp".

I wrote a patch for httpd-2.4.3 (attached) - maybe someone can
review and improve it to get it finally in trunk.


2)
When the patch from 1) is applied, you will run into another problem.
On 301 from backend, an dispensable "/" will be prepended to the URI.
E.g. when you call http://mydomain.foo:8080/clusterjsp in you browser, the
redirect location will be set wrong:
Location: http://mydomain.foo:8080//clusterjsp/

This will result in session problems... (cookie path is "/clusterjsp" and
not "//clusterjsp").

See attached logfile for more details.

A patch was proposed in https://issues.apache.org/bugzilla/show_bug.cgi?id=51489
for httpd-2.4.x, which is working for me.

I did a quick check with:
u = apr_pstrcat(r->pool, (strcmp(ent[i].fake, "/") == 0 ? "" : ent[i].fake), 
&url[l2], NULL);




regards,
zisis


[Wed Sep 05 18:46:03.780655 2012] [core:trace5] [pid 16732:tid 14004746496] 
protocol.c(627): [client 10.x.x.x:53812] Request received from client: GET 
/clusterjsp HTTP/1.0
[Wed Sep 05 18:46:03.780880 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(301): [client 10.x.x.x:53812] Headers received from client:
[Wed Sep 05 18:46:03.780904 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   Host: mydomain.foo:8080
[Wed Sep 05 18:46:03.780918 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   User-Agent: Mozilla/5.0 (X11; 
Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0
[Wed Sep 05 18:46:03.780933 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   Accept: 
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Wed Sep 05 18:46:03.780945 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   Accept-Language: en-us,en;q=0.5
[Wed Sep 05 18:46:03.780957 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   Accept-Encoding: gzip, deflate
[Wed Sep 05 18:46:03.780969 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   Cookie: 
JSESSIONID=74ed1ff134626b3d85e4ec2ebca9.0; 
__utma=85701643.1776763863.1324649383.1324649383.1324649383.1
[Wed Sep 05 18:46:03.780981 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   Via: 1.0 
proxyserver.mydomain:3128 (squid/2.7.STABLE5)
[Wed Sep 05 18:46:03.780992 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   X-Forwarded-For: 10.x.x.x
[Wed Sep 05 18:46:03.781003 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   Cache-Control: max-age=259200
[Wed Sep 05 18:46:03.781023 2012] [http:trace4] [pid 16732:tid 14004746496] 
http_request.c(305): [client 10.x.x.x:53812]   Connection: keep-alive
...
[Wed Sep 05 18:46:03.781220 2012] [proxy_balancer:trace1] [pid 16732:tid 
14004746496] mod_proxy_balancer.c(73): [client 10.x.x.x:53812] 
canonicalising URL //default/clusterjsp
[Wed Sep 05 18:46:03.781300 2012] [proxy_balancer:debug] [pid 16732:tid 
14004746496] mod_proxy_balancer.c(292): [client 10.x.x.x:53812] AH01160: 
Found value 74ed1ff134626b3d85e4ec2ebca9.0 for stickysession JSESSIONID
[Wed Sep 05 18:46:03.781319 2012] [proxy_balancer:debug] [pid 16732:tid 
14004746496] mod_proxy_balancer.c(302): [client 10.x.x.x:53812] AH01161: 
Found route 0
[Wed Sep 05 18:46:03.781338 2012] [proxy_balancer:debug] [pid 16732:tid 
14004746496] mod_proxy_balancer.c(614): [client 10.x.x.x:53812] AH01172: 
balancer://default: worker (http://backend1.foo:5080) rewritten to 
http://backend1.foo:5080/clusterjsp
[Wed Sep

SSLProxyCheckPeerCN / ProxyPreserveHost issue

2012-09-04 Thread Zisis Lianas 
I noticed some different behaviour of SSLProxyCheckPeerCN in combination
with activated ProxyPreserveHost since httpd-2.4.3.
httpd-2.4.2 and httpd-2.2.22 seem to work 'correctly' (or vice versa).

When setting SSLProxyCheckPeerCN and ProxyPreserveHost to "on" in httpd-2.4.3,
i get an "AH02005: SSL Proxy: Peer certificate CN mismatch" error.

Platform: Linux SLES11 / x64



Configuration excerpt:
###
SSLEngine on
SSLProxyEngine On
ProxyPreserveHost On
SSLProxyCheckPeerCN On


BalancerMember https://backend01.server.foo:24090 route=0   #SSL 
CN=backend01.server.foo
BalancerMember https://backend02.server.foo:24090 route=1   #SSL 
CN=backend02.server.foo
ProxySet lbmethod=bybusyness nofailover=off 
stickysession=JSESSIONID|jsessionid


ProxyPass /clusterjsp balancer://appcluster/clusterjsp
ProxyPassReverse / balancer://appcluster/
###


https://mydispatcher-name.foo/ is the URL i call in my browser.
(SSL CN=mydispatcher-name.foo)



Test results:

Apache 2.4.3 (OpenSSL 1.0.1c):
ProxyPreserveHost On
SSLProxyCheckPeerCN On
[Tue Sep 04 15:21:36.033808 2012] [ssl:info] [pid 17466:tid 140319655495440] 
[remote x.x.x.x:24090] AH02005: SSL Proxy: Peer certificate CN mismatch: 
Certificate CN: backend01.server.foo Requested hostname: mydispatcher-name.foo
==> NOT WORKING

Apache 2.4.3 (OpenSSL 1.0.1c):
ProxyPreserveHost On
SSLProxyCheckPeerCN Off
==> WORKING

Apache 2.4.3 (OpenSSL 1.0.1c):
ProxyPreserveHost Off
SSLProxyCheckPeerCN On
==> WORKING



Apache 2.4.2 (OpenSSL 1.0.1b):
ProxyPreserveHost On
SSLProxyCheckPeerCN Off
==> WORKING

Apache 2.4.2 (OpenSSL 1.0.1b):
ProxyPreserveHost On
SSLProxyCheckPeerCN On
==> WORKING



Apache 2.2.22 (OpenSSL 1.0.1a):
ProxyPreserveHost On
SSLProxyCheckPeerCN Off
==> WORKING

Apache 2.2.22 (OpenSSL 1.0.1a):
ProxyPreserveHost On
SSLProxyCheckPeerCN On
==> WORKING



Reading the documentation for me it looks like 2.4.3 is working
correctly, and all older versions not. Opinions?


regards,
zisis

Re: httpd-2.4.2 - bug in ProxyErrorOverride

2012-06-15 Thread Zisis Lianas 
Just raised a bug for this issue:
https://issues.apache.org/bugzilla/show_bug.cgi?id=53420

httpd-2.2.x works correctly, error is only reproducable in 2.4.x.


- Original Message -
From: "Zisis Lianas" 
To: dev@httpd.apache.org
Sent: Wednesday, May 9, 2012 11:00:36 PM
Subject: httpd-2.4.2 - bug in ProxyErrorOverride

Hi,

when setting ProxyErrorOverride to "On" to get the httpd-ErrorDocument
instead of the backend-errordoc, httpd is waiting "ProxyTimeout" seconds
to respond to the client, even though the response is already read from
backend server.

The request/response is hanging somewhere in
  module/proxy/mod_proxy_http
-> ap_proxy_http_process_response
   -> ap_discard_request_body(backend->r) (modules/http/http_filters)
before timing out with "ProxyTimeout".


ProxyErrorOverride Directive:
http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride



Best regards,
Zisis

Re: httpd-2.4.2 - Bug in mod_slotmem_shm/mod_proxy_balancer

2012-06-13 Thread Zisis Lianas 
I just was informed that this issue is already known:
https://issues.apache.org/bugzilla/show_bug.cgi?id=52402

I uploaded the proposed patch (from Florian Schröder) to
the bugid for this issue in patch format.


- Original Message -
From: "Zisis Lianas" 
To: dev@httpd.apache.org
Sent: Wednesday, June 13, 2012 3:56:52 PM
Subject: httpd-2.4.2 - Bug in mod_slotmem_shm/mod_proxy_balancer

Hi guys,

when using proxy balancer configuration ("
  BalancerMember https://appserv6.domain:7000 route=0
  BalancerMember https://appserv7.domain:7000 route=1
  ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid

ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp
ProxyPassReverse / balancer://appcluster-https/



This also works:
(balancer config only in virtual hosts)

  ...
  
BalancerMember http://appserv1.domain:5080 route=0
BalancerMember http://appserv2.domain:5080 route=1
ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid
  
  ProxyPass /clusterjsp balancer://appcluster-http/clusterjsp
  ProxyPassReverse / balancer://appcluster-http/



  SSLEngine On
  ...
  
BalancerMember https://appserv6.domain:7000 route=0
BalancerMember https://appserv7.domain:7000 route=1
ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid
  
  ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp
  ProxyPassReverse / balancer://appcluster-https/




This fails:

  BalancerMember http://appserv1.domain:5080 route=0
  BalancerMember http://appserv2.domain:5080 route=1
  ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid

ProxyPass /clusterjsp balancer://default/clusterjsp
ProxyPassReverse / balancer://default/


  
BalancerMember https://appserv6.domain:7000 route=0
BalancerMember https://appserv7.domain:7000 route=1
ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid
  
  ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp
  ProxyPassReverse / balancer://appcluster-https/



error log:
[Wed Jun 13 15:37:06.728860 2012] [proxy_balancer:debug] [pid 9588:tid 
140210178676512] mod_proxy_balancer.c(752): AH01178: Doing balancers create: 
544, 1 (6)
[Wed Jun 13 15:37:06.728868 2012] [slotmem_shm:debug] [pid 9588:tid 
140210178676512] mod_slotmem_shm.c(300): AH02300: create 
/home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db.shm: 544/6
[Wed Jun 13 15:37:06.728964 2012] [proxy_balancer:debug] [pid 9588:tid 
140210178676512] mod_proxy_balancer.c(807): AH01184: Doing workers create: 
balancer://default (sc583e3db_default), 512, 2
[Wed Jun 13 15:37:06.728970 2012] [slotmem_shm:debug] [pid 9588:tid 
140210178676512] mod_slotmem_shm.c(300): AH02300: create 
/home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db_default.shm: 512/2
[Wed Jun 13 15:37:06.729001 2012] [proxy_balancer:debug] [pid 9588:tid 
140210178676512] mod_proxy_balancer.c(752): AH01178: Doing balancers create: 
544, 2 (7)
[Wed Jun 13 15:37:06.729007 2012] [slotmem_shm:debug] [pid 9588:tid 
140210178676512] mod_slotmem_shm.c(300): AH02300: create 
/home/zisis/apache-instance-2.4/slotmem-shm-s2d05e7bf.shm: 544/7
[Wed Jun 13 15:37:06.729037 2012] [proxy_balancer:debug] [pid 9588:tid 
140210178676512] mod_proxy_balancer.c(807): AH01184: Doing workers create: 
balancer://default (sc583e3db_default), 512, 2
[Wed Jun 13 15:37:06.729041 2012] [slotmem_shm:debug] [pid 9588:tid 
140210178676512] mod_slotmem_shm.c(584): AH02293: 
slotmem(/home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db_default.shm) grab 
failed. Num 2/num_free 0
[Wed Jun 13 15:37:06.729044 2012] [proxy_balancer:emerg] [pid 9588:tid 
140210178676512] (22)Invalid argument: AH01186: worker slotmem_grab failed
[Wed Jun 13 15:37:06.729069 2012] [:emerg] [pid 9588:tid 140210178676512] 
AH00020: Configuration Failed, exiting



And just a general question:
should a balancer-config in server-config be also available in any virtualhost?
I didn't find any clue in documentation. At least it does not work, e.g.:

  BalancerMember http://appserv1.domain:5080 route=0
  BalancerMember http://appserv2.domain:5080 route=1
  ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid

ProxyPass /clusterjsp balancer://default/clusterjsp
ProxyPassReverse / balancer://default/


  ...
  ProxyPass /anotherapp balancer://default/anotherapp
  ProxyPassReverse / balancer://default/


Same error as above, maybe also the same issue?:
"AH01186: worker slotmem_grab failed".




regards,
Zisis

httpd-2.4.2 - Bug in mod_slotmem_shm/mod_proxy_balancer

2012-06-13 Thread Zisis Lianas 
Hi guys,

when using proxy balancer configuration ("
  BalancerMember https://appserv6.domain:7000 route=0
  BalancerMember https://appserv7.domain:7000 route=1
  ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid

ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp
ProxyPassReverse / balancer://appcluster-https/



This also works:
(balancer config only in virtual hosts)

  ...
  
BalancerMember http://appserv1.domain:5080 route=0
BalancerMember http://appserv2.domain:5080 route=1
ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid
  
  ProxyPass /clusterjsp balancer://appcluster-http/clusterjsp
  ProxyPassReverse / balancer://appcluster-http/



  SSLEngine On
  ...
  
BalancerMember https://appserv6.domain:7000 route=0
BalancerMember https://appserv7.domain:7000 route=1
ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid
  
  ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp
  ProxyPassReverse / balancer://appcluster-https/




This fails:

  BalancerMember http://appserv1.domain:5080 route=0
  BalancerMember http://appserv2.domain:5080 route=1
  ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid

ProxyPass /clusterjsp balancer://default/clusterjsp
ProxyPassReverse / balancer://default/


  
BalancerMember https://appserv6.domain:7000 route=0
BalancerMember https://appserv7.domain:7000 route=1
ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid
  
  ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp
  ProxyPassReverse / balancer://appcluster-https/



error log:
[Wed Jun 13 15:37:06.728860 2012] [proxy_balancer:debug] [pid 9588:tid 
140210178676512] mod_proxy_balancer.c(752): AH01178: Doing balancers create: 
544, 1 (6)
[Wed Jun 13 15:37:06.728868 2012] [slotmem_shm:debug] [pid 9588:tid 
140210178676512] mod_slotmem_shm.c(300): AH02300: create 
/home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db.shm: 544/6
[Wed Jun 13 15:37:06.728964 2012] [proxy_balancer:debug] [pid 9588:tid 
140210178676512] mod_proxy_balancer.c(807): AH01184: Doing workers create: 
balancer://default (sc583e3db_default), 512, 2
[Wed Jun 13 15:37:06.728970 2012] [slotmem_shm:debug] [pid 9588:tid 
140210178676512] mod_slotmem_shm.c(300): AH02300: create 
/home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db_default.shm: 512/2
[Wed Jun 13 15:37:06.729001 2012] [proxy_balancer:debug] [pid 9588:tid 
140210178676512] mod_proxy_balancer.c(752): AH01178: Doing balancers create: 
544, 2 (7)
[Wed Jun 13 15:37:06.729007 2012] [slotmem_shm:debug] [pid 9588:tid 
140210178676512] mod_slotmem_shm.c(300): AH02300: create 
/home/zisis/apache-instance-2.4/slotmem-shm-s2d05e7bf.shm: 544/7
[Wed Jun 13 15:37:06.729037 2012] [proxy_balancer:debug] [pid 9588:tid 
140210178676512] mod_proxy_balancer.c(807): AH01184: Doing workers create: 
balancer://default (sc583e3db_default), 512, 2
[Wed Jun 13 15:37:06.729041 2012] [slotmem_shm:debug] [pid 9588:tid 
140210178676512] mod_slotmem_shm.c(584): AH02293: 
slotmem(/home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db_default.shm) grab 
failed. Num 2/num_free 0
[Wed Jun 13 15:37:06.729044 2012] [proxy_balancer:emerg] [pid 9588:tid 
140210178676512] (22)Invalid argument: AH01186: worker slotmem_grab failed
[Wed Jun 13 15:37:06.729069 2012] [:emerg] [pid 9588:tid 140210178676512] 
AH00020: Configuration Failed, exiting



And just a general question:
should a balancer-config in server-config be also available in any virtualhost?
I didn't find any clue in documentation. At least it does not work, e.g.:

  BalancerMember http://appserv1.domain:5080 route=0
  BalancerMember http://appserv2.domain:5080 route=1
  ProxySet lbmethod=bybusyness nofailover=Off 
stickysession=JSESSIONID|jsessionid

ProxyPass /clusterjsp balancer://default/clusterjsp
ProxyPassReverse / balancer://default/


  ...
  ProxyPass /anotherapp balancer://default/anotherapp
  ProxyPassReverse / balancer://default/


Same error as above, maybe also the same issue?:
"AH01186: worker slotmem_grab failed".




regards,
Zisis

Re: httpd 2.4.2 - mod_proxy id name not unique

2012-05-09 Thread Zisis Lianas 
Hi Jim,

ok, that looks reasonable.

So it would make sense to introduce something like a prefix
directive for "proxy_server_conf->id" (e.g. ProxyConfigIdPrefix)?
Otherwise we could use some unique host property for that prefix?

Also some relative directory directive for all slotmem files
in mod_proxy_balancer would be nice (ap_slotmem_provider_t->create).
Maybe "BalancerSlotmemDir". So DefaultRuntimeDir + BalancerSlotmemDir
would build up the path for the slotmem files.



Best regards,
Zisis

- Original Message -
From: "Jim Jagielski" 
To: dev@httpd.apache.org
Sent: Tuesday, May 1, 2012 8:43:46 PM
Subject: Re: httpd 2.4.2 - mod_proxy id name not unique

Let me look into that... iirc, it was due to us wanting to
be able to persist data between restarts and using the time
as part of the id prevented that. But I could be mis-remembering.

On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote:

> hi,
> 
> when mod_proxy currently is generating his "id", the name
> of this id is not very unique. So if you have a shared config/
> logs dir for more instances, the slotmem-shm files generated in
> DefaultRuntimeDir are the same. Bit unlucky if working with shared
> file systems.
> 
> In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see
> the following code:
> #if 0
>id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, 
> apr_time_now()), PROXY_HASHFUNC_DEFAULT);
> #else
>id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT);
> #endif
> 
> Primarily checked in with
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749
> 
> 
> If activating the first ap_proxy_hashfunc call, the generated names
> seem to be unique. Is there any reason this code is not used? Maybe
> we can set the "timed" version as default?
> 
> 
> 
> best regards,
> Zisis
>

httpd-2.4.2 - bug in ProxyErrorOverride

2012-05-09 Thread Zisis Lianas 
Hi,

when setting ProxyErrorOverride to "On" to get the httpd-ErrorDocument
instead of the backend-errordoc, httpd is waiting "ProxyTimeout" seconds
to respond to the client, even though the response is already read from
backend server.

The request/response is hanging somewhere in
  module/proxy/mod_proxy_http
-> ap_proxy_http_process_response
   -> ap_discard_request_body(backend->r) (modules/http/http_filters)
before timing out with "ProxyTimeout".


ProxyErrorOverride Directive:
http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride



Best regards,
Zisis

httpd 2.4.2 - mod_proxy id name not unique

2012-04-30 Thread Zisis Lianas 
hi,

when mod_proxy currently is generating his "id", the name
of this id is not very unique. So if you have a shared config/
logs dir for more instances, the slotmem-shm files generated in
DefaultRuntimeDir are the same. Bit unlucky if working with shared
file systems.

In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see
the following code:
#if 0
id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, 
apr_time_now()), PROXY_HASHFUNC_DEFAULT);
#else
id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT);
#endif

Primarily checked in with
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749


If activating the first ap_proxy_hashfunc call, the generated names
seem to be unique. Is there any reason this code is not used? Maybe
we can set the "timed" version as default?



best regards,
Zisis

Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

2012-04-18 Thread Zisis Lianas 
Hi Jim (et all),

did you get any other feedback on the slotmem (directory) override?

Writing all the slotmem-shm files (for mod_proxy_balancer) in the
logs directory looks quite "unlovely", e.g. in my configuration with
two balancer and shared logs directory:

# ls -F1 logs/
error/
access/
slotmem-shm-s45fb3af_default.shm
slotmem-shm-s45fb3af_my_second_balancer.shm
slotmem-shm-s45fb3af.shm
slotmem-shm-s463b4ab_default.shm
slotmem-shm-s463b4ab_my_second_balancer.shm
slotmem-shm-s463b4ab.shm

It would be nice to have a customizable slotmem-prefix and/or target
directory for shm files. What do you think?



Best regards,
Zisis

- Original Message -
From: "Jim Jagielski" 
To: dev@httpd.apache.org
Sent: Tuesday, March 6, 2012 7:26:19 PM
Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

My plan is 2 pronged... to see if r1297560 is enough and if
allowing a slotmem override is even needed (or wanted) ... ;)

On Mar 6, 2012, at 12:35 PM, Zisis Lianas wrote:

> Thanks Jim, that works fine for the default-rel-runtimedir configuration.
> Slotmem file is created as /logs/slotmem-shm-s.shm.
> 
> Now if also the slotmem-file-target-location directive gets available,
> this thread is done for me.
> 
> 
> Regards,
> Zisis
> 
> - Original Message -
> From: "Jim Jagielski" 
> To: dev@httpd.apache.org
> Sent: Tuesday, March 6, 2012 5:21:22 PM
> Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)
> 
> http://svn.apache.org/viewvc?rev=1297560&view=rev
> 
> On Mar 6, 2012, at 10:39 AM, Jeff Trawick wrote:
> 
>> On Tue, Mar 6, 2012 at 10:33 AM, Jim Jagielski  wrote:
>>> Yeah, that seems better, ala ./modules/cache/mod_socache_dbm.c
>> 
>> On behalf of anyone else reading this thread, here's the idiom from
>> mod_socache_dbm.c:
>> 
>> #define DEFAULT_DBM_PREFIX DEFAULT_REL_RUNTIMEDIR "/socache-dbm-"
>> ...
>>  const char *path = apr_pstrcat(p, DEFAULT_DBM_PREFIX, namespace,
>>  NULL);
>> 
>>   ctx->data_file = ap_server_root_relative(p, path);
>> 
>> 
>>> 
>>> On Mar 6, 2012, at 8:36 AM, Jeff Trawick wrote:
>>> 
>>>> On Tue, Mar 6, 2012 at 7:56 AM, Jim Jagielski  wrote:
>>>>> OK... What I'll do is add a directive which provides a
>>>>> "default" location for slotmem file...
>>>> 
>>>> Uhh, that seems as endless as per-mutex directives.
>>>> 
>>>> Is slotmem not using DEFAULT_REL_RUNTIMEDIR already?  (not perfect,
>>>> but a good start)
>>>> Directive to specify runtime directory (API returns serverroot +
>>>> DEFAULT_REL_RUNTIMEDIR if not configured).
>>>> Directive like Mutex but for shmem?
>>>> 
>>> 
>> 
>> 
>> 
>> -- 
>> Born in Roswell... married an alien...
>> 
>

Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

2012-03-07 Thread Zisis Lianas 
Hi Jim,

for me/us it's needed, because we operate with multi-instancing.

e.g.:
Apache installation directory ("ServerRoot") is /opt/http-2.4.x/
(belonging to apache:apache). This installation only provides the
httpd binaries/modules.


Users on this server configure their own apache insances:

(user1:group1)
/var/www/project1/
 \==> logs/  (error/access/pid/mutex)
 \==> htdocs/  (content)
 \==> config/  (httpd.conf, includes, etc.)

(user2:group2)
/var/www/project2/
 \==> logs/
 \==> htdocs/
 \==> config/

(user3:group3)
/var/www/project3/
 \==> logs/
 \==> htdocs/
 \==> config/


So a customizable slotmem-shm file would make sense in
this scenario.


Regards,
Zisis

- Original Message -
From: "Jim Jagielski" 
To: dev@httpd.apache.org
Sent: Tuesday, March 6, 2012 7:26:19 PM
Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

My plan is 2 pronged... to see if r1297560 is enough and if
allowing a slotmem override is even needed (or wanted) ... ;)

On Mar 6, 2012, at 12:35 PM, Zisis Lianas wrote:

> Thanks Jim, that works fine for the default-rel-runtimedir configuration.
> Slotmem file is created as /logs/slotmem-shm-s.shm.
> 
> Now if also the slotmem-file-target-location directive gets available,
> this thread is done for me.
> 
> 
> Regards,
> Zisis
> 
> - Original Message -
> From: "Jim Jagielski" 
> To: dev@httpd.apache.org
> Sent: Tuesday, March 6, 2012 5:21:22 PM
> Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)
> 
> http://svn.apache.org/viewvc?rev=1297560&view=rev
> 
> On Mar 6, 2012, at 10:39 AM, Jeff Trawick wrote:
> 
>> On Tue, Mar 6, 2012 at 10:33 AM, Jim Jagielski  wrote:
>>> Yeah, that seems better, ala ./modules/cache/mod_socache_dbm.c
>> 
>> On behalf of anyone else reading this thread, here's the idiom from
>> mod_socache_dbm.c:
>> 
>> #define DEFAULT_DBM_PREFIX DEFAULT_REL_RUNTIMEDIR "/socache-dbm-"
>> ...
>>  const char *path = apr_pstrcat(p, DEFAULT_DBM_PREFIX, namespace,
>>  NULL);
>> 
>>   ctx->data_file = ap_server_root_relative(p, path);
>> 
>> 
>>> 
>>> On Mar 6, 2012, at 8:36 AM, Jeff Trawick wrote:
>>> 
>>>> On Tue, Mar 6, 2012 at 7:56 AM, Jim Jagielski  wrote:
>>>>> OK... What I'll do is add a directive which provides a
>>>>> "default" location for slotmem file...
>>>> 
>>>> Uhh, that seems as endless as per-mutex directives.
>>>> 
>>>> Is slotmem not using DEFAULT_REL_RUNTIMEDIR already?  (not perfect,
>>>> but a good start)
>>>> Directive to specify runtime directory (API returns serverroot +
>>>> DEFAULT_REL_RUNTIMEDIR if not configured).
>>>> Directive like Mutex but for shmem?
>>>> 
>>> 
>> 
>> 
>> 
>> -- 
>> Born in Roswell... married an alien...
>> 
>

Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

2012-03-06 Thread Zisis Lianas 
Thanks Jim, that works fine for the default-rel-runtimedir configuration.
Slotmem file is created as /logs/slotmem-shm-s.shm.

Now if also the slotmem-file-target-location directive gets available,
this thread is done for me.


Regards,
Zisis

- Original Message -
From: "Jim Jagielski" 
To: dev@httpd.apache.org
Sent: Tuesday, March 6, 2012 5:21:22 PM
Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

 http://svn.apache.org/viewvc?rev=1297560&view=rev

On Mar 6, 2012, at 10:39 AM, Jeff Trawick wrote:

> On Tue, Mar 6, 2012 at 10:33 AM, Jim Jagielski  wrote:
>> Yeah, that seems better, ala ./modules/cache/mod_socache_dbm.c
> 
> On behalf of anyone else reading this thread, here's the idiom from
> mod_socache_dbm.c:
> 
> #define DEFAULT_DBM_PREFIX DEFAULT_REL_RUNTIMEDIR "/socache-dbm-"
> ...
>   const char *path = apr_pstrcat(p, DEFAULT_DBM_PREFIX, namespace,
>   NULL);
> 
>ctx->data_file = ap_server_root_relative(p, path);
> 
> 
>> 
>> On Mar 6, 2012, at 8:36 AM, Jeff Trawick wrote:
>> 
>>> On Tue, Mar 6, 2012 at 7:56 AM, Jim Jagielski  wrote:
 OK... What I'll do is add a directive which provides a
 "default" location for slotmem file...
>>> 
>>> Uhh, that seems as endless as per-mutex directives.
>>> 
>>> Is slotmem not using DEFAULT_REL_RUNTIMEDIR already?  (not perfect,
>>> but a good start)
>>> Directive to specify runtime directory (API returns serverroot +
>>> DEFAULT_REL_RUNTIMEDIR if not configured).
>>> Directive like Mutex but for shmem?
>>> 
>> 
> 
> 
> 
> -- 
> Born in Roswell... married an alien...
>

Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

2012-03-05 Thread Zisis Lianas 
I can reproduce this on SuSE Linux Enterprise 11sp1 (x86_64,
2.6.32.12-0.7-xen) and Ubuntu 11.04 (x86_64, 2.6.38.x).



- Ursprüngliche Mail -
Von: "Jim Jagielski" 
An: dev@httpd.apache.org
Gesendet: Montag, 5. März 2012 19:15:03
Betreff: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

What system is this... I'm assuming that your shm impl does an
actual file connection for the shm instance...

On Mar 5, 2012, at 10:46 AM, Zisis Lianas wrote:

> Hi,
>
> I think there is an issue in mod_slotmem_shm / mod_proxy_balancer
> with httpd 2.4.x when building and installing as root, but trying
> to run httpd as standard unix-user.
>
> Scenario:
> my httpd is installed as 'root' in /root/httpd-2.4.1/, permissions
> root:root/0755. When I create a 'user' httpd.conf and load slotmem_shm_module,
> proxy_module, proxy_http_module and proxy_balancer_module and do some
> balancer configuration, the httpd doesn't come up. Error log (trace8):
> [Mon Mar 05 11:36:40.739013 2012] [proxy_balancer:debug] [pid 27793:tid
> 140642808817440] mod_proxy_balancer.c(751): AH01178: Doing balancers create: 
> 544, 1 (6)
> [Mon Mar 05 11:36:40.739054 2012] [proxy_balancer:emerg] [pid 27793:tid
> 140642808817440] (13)Permission denied: AH01179: balancer slotmem_create 
> failed
> [Mon Mar 05 11:36:40.739080 2012] [:emerg] [pid 27793:tid
> 140642808817440] AH00020: Configuration Failed, exiting
>
>
> In strace you can see that httpd is trying to create mutex(?) files in
> installation root directory, which belongs to user 'root' and is not
> writeable for other users:
> open("/root/httpd-2.4.1/s29df2056", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such 
> file or directory)
> open("/root/httpd-2.4.1/s29df2056", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such 
> file or directory)
> open("/root/httpd-2.4.1/s29df2056", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666) 
> = -1 EACCES (Permission denied)
>
>
> I tried to change the mutex location with the mutex directive and
> "proxy-balancer-shm", but that doesn't work:
> Mutex file:/tmp/ proxy-balancer-shm
> Syntax seems to be OK, but this configuration item is ignored completely.
>
>
> config extraction:
> ServerRoot "/root/httpd-2.4.1"
>
> LoadModule proxy_module modules/mod_proxy.so
> LoadModule proxy_http_module modules/mod_proxy_http.so
> LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
> LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
> LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
>
> Mutex file:/tmp/ proxy-balancer-shm
>
> 
>BalancerMember http://appserver1.localhost:3001 route=0
>BalancerMember http://appserver2.localhost:3001 route=1
>ProxySet lbmethod=byrequests stickysession=JSESSIONID|jsessionid
> 
>
> ProxyPassMatch /servlet/ balancer://default/
> ProxyPassReverse / balancer://default/
>
>
>
> My quick hack to get my apache instance started:
> --- httpd-2.4.1/modules/slotmem/mod_slotmem_shm.c
> +++ httpd-2.4.1/modules/slotmem/mod_slotmem_shm.c
> @@ -269,7 +269,10 @@
> }
> if (name) {
> if (name[0] != '/') {
> -fname = ap_server_root_relative(pool, name);
> +char file_name[100];
> +strcpy(file_name, "/tmp/");
> +strcat(file_name, name);
> +fname = file_name;
> }
> else {
> fname = name;
>
>
> I think it would make sense to check why the mutex configuration of
> proxy-balancer-shm is ignored.
>
>
>
> Best regards,
> Zisis
>

httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)

2012-03-05 Thread Zisis Lianas 
Hi,

I think there is an issue in mod_slotmem_shm / mod_proxy_balancer
with httpd 2.4.x when building and installing as root, but trying
to run httpd as standard unix-user.

Scenario:
my httpd is installed as 'root' in /root/httpd-2.4.1/, permissions
root:root/0755. When I create a 'user' httpd.conf and load slotmem_shm_module,
proxy_module, proxy_http_module and proxy_balancer_module and do some
balancer configuration, the httpd doesn't come up. Error log (trace8):
[Mon Mar 05 11:36:40.739013 2012] [proxy_balancer:debug] [pid 27793:tid
 140642808817440] mod_proxy_balancer.c(751): AH01178: Doing balancers create: 
544, 1 (6)
[Mon Mar 05 11:36:40.739054 2012] [proxy_balancer:emerg] [pid 27793:tid
 140642808817440] (13)Permission denied: AH01179: balancer slotmem_create failed
[Mon Mar 05 11:36:40.739080 2012] [:emerg] [pid 27793:tid
 140642808817440] AH00020: Configuration Failed, exiting


In strace you can see that httpd is trying to create mutex(?) files in
installation root directory, which belongs to user 'root' and is not
writeable for other users:
open("/root/httpd-2.4.1/s29df2056", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such 
file or directory)
open("/root/httpd-2.4.1/s29df2056", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such 
file or directory)
open("/root/httpd-2.4.1/s29df2056", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666) = 
-1 EACCES (Permission denied)


I tried to change the mutex location with the mutex directive and
"proxy-balancer-shm", but that doesn't work:
Mutex file:/tmp/ proxy-balancer-shm
Syntax seems to be OK, but this configuration item is ignored completely.


config extraction:
ServerRoot "/root/httpd-2.4.1"

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so

Mutex file:/tmp/ proxy-balancer-shm


BalancerMember http://appserver1.localhost:3001 route=0
BalancerMember http://appserver2.localhost:3001 route=1
ProxySet lbmethod=byrequests stickysession=JSESSIONID|jsessionid


ProxyPassMatch /servlet/ balancer://default/
ProxyPassReverse / balancer://default/



My quick hack to get my apache instance started:
--- httpd-2.4.1/modules/slotmem/mod_slotmem_shm.c
+++ httpd-2.4.1/modules/slotmem/mod_slotmem_shm.c
@@ -269,7 +269,10 @@
 }
 if (name) {
 if (name[0] != '/') {
-fname = ap_server_root_relative(pool, name);
+char file_name[100];
+strcpy(file_name, "/tmp/");
+strcat(file_name, name);
+fname = file_name;
 }
 else {
 fname = name;


I think it would make sense to check why the mutex configuration of
proxy-balancer-shm is ignored.



Best regards,
Zisis