HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Ispconfig IE7 Xen (http://www.howtoforge.com/forums/showthread.php?t=27863)

aurelius 16th October 2008 19:36

Ispconfig IE7 Xen
 
Hello,

I've created an debian Etch installation on vmware with ispconfig 2.2.27. Everything works as it should be without problems.

I now have installed Debian Etch on two vds on Xen I rent from an webhosting provider. Installation went oke. When I log in the secured control panel on port 81 i see something strange when I do netstat -tap on the commandline with ssh.

I see minimum 50 lines as these (I removed the IP and hostnames for privacy purposes)

tcp 0 0 domain.tld.:81 a00-000-000-000.a:54671 TIME_WAIT -
tcp 0 0 domain.tld.:81 a00-000-000-000.a:54665 TIME_WAIT -
tcp 0 0 domain.tld.:81 a00-000-000-000.a:54667 TIME_WAIT -
tcp 0 0 domain.tld.:81 a00-000-000-000.a:54666 TIME_WAIT -

Then the vds get stuck and a reboot is needed. Also the webserver is down.

When I login with firefox i still get those lines but they dissapear quickly.

I never had this problem with the Debian on vmware or even as a virtual machine in Windows Server 2008.

Is it a problem on Xen. Do you what I can do about it. I informed my provider but they have not yet responded, although a few days he said there were problems with OOM.

Can you help me on this one, you're tutorial for the perfect setup is great

Aurelius

falko 17th October 2008 15:11

Are there any errors in the error log in /root/ispconfig/httpd/logs?

aurelius 17th October 2008 21:32

in the errror log I found these messages

[Thu Oct 16 11:20:40 2008] [error] mod_ssl: SSL handshake failed (server domain.tld:81, client **.***.***.***) (OpenSSL library error follows)
[Thu Oct 16 11:20:40 2008] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:20 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:20 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:22 2008] [error] mod_ssl: SSL handshake failed (server domain.tld:81, client ***.***.***.***) (OpenSSL library error follows)
[Fri Oct 17 10:45:22 2008] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct 17 12:21:02 2008] [notice] caught SIGTERM, shutting down
[Fri Oct 17 12:23:15 2008] [notice] Apache configured -- resuming normal operations
[Fri Oct 17 12:23:15 2008] [notice] Accept mutex: sysvsem (Default: sysvsem)

aurelius 17th October 2008 21:38

and in the syslog I found these messages

Oct 17 12:23:04 domaintld kernel: klogd 1.4.1#18, log source = /proc/kmsg started.
Oct 17 12:23:04 domaintld kernel: Linux version 2.6.18-xen (shand@endor) (gcc version 3.4.4 20050314 (prerelease) (Debian 3.4.3-13)) #1 SMP Fri Jun 1 15:01:20 BST 2007
Oct 17 12:23:04 domaintld kernel: BIOS-provided physical RAM map:
Oct 17 12:23:04 domaintld kernel: Xen: 0000000000000000 - 0000000020800000 (usable)
Oct 17 12:23:04 domaintld kernel: 0MB HIGHMEM available.
Oct 17 12:23:04 domaintld kernel: 520MB LOWMEM available.
Oct 17 12:23:04 domaintld kernel: NX (Execute Disable) protection: active
Oct 17 12:23:04 domaintld kernel: On node 0 totalpages: 133120
Oct 17 12:23:04 domaintld kernel: DMA zone: 133120 pages, LIFO batch:31
Oct 17 12:23:04 domaintld kernel: ACPI in unprivileged domain disabled
Oct 17 12:23:04 domaintld kernel: Allocating PCI resources starting at 30000000 (gap: 20800000:df800000)
Oct 17 12:23:04 domaintld kernel: Detected 1995.084 MHz processor.
Oct 17 12:23:04 domaintld kernel: Built 1 zonelists. Total pages: 133120
Oct 17 12:23:04 domaintld kernel: Kernel command line: root=/dev/sda1 ro
Oct 17 12:23:04 domaintld kernel: Enabling fast FPU save and restore... done.
Oct 17 12:23:04 domaintld kernel: Enabling unmasked SIMD FPU exception support... done.
Oct 17 12:23:04 domaintld kernel: Initializing CPU#0
Oct 17 12:23:04 domaintld kernel: PID hash table entries: 4096 (order: 12, 16384 bytes)
Oct 17 12:23:04 domaintld kernel: Xen reported: 1995.000 MHz processor.
Oct 17 12:23:04 domaintld kernel: Console: colour dummy device 80x25
Oct 17 12:23:04 domaintld kernel: Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Oct 17 12:23:04 domaintld kernel: Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Oct 17 12:23:04 domaintld kernel: Software IO TLB disabled
Oct 17 12:23:04 domaintld kernel: vmalloc area: e1000000-f51fe000, maxmem 2d7fe000
Oct 17 12:23:04 domaintld kernel: Memory: 513920k/532480k available (2100k kernel code, 10084k reserved, 740k data, 196k init, 0k highmem)
Oct 17 12:23:04 domaintld kernel: Checking if this processor honours the WP bit even in supervisor mode... Ok.
Oct 17 12:23:04 domaintld kernel: Calibrating delay using timer specific routine.. 4009.10 BogoMIPS (lpj=20045547)
Oct 17 12:23:04 domaintld kernel: Security Framework v1.0.0 initialized
Oct 17 12:23:04 domaintld kernel: Capability LSM initialized
Oct 17 12:23:04 domaintld kernel: Mount-cache hash table entries: 512
Oct 17 12:23:04 domaintld kernel: CPU: After generic identify, caps: bfebc3f1 20100000 00000000 00000000 0004e33d 00000000 00000001
Oct 17 12:23:04 domaintld kernel: CPU: After vendor identify, caps: bfebc3f1 20100000 00000000 00000000 0004e33d 00000000 00000001
Oct 17 12:23:04 domaintld kernel: CPU: L1 I cache: 32K, L1 D cache: 32K
Oct 17 12:23:04 domaintld kernel: CPU: L2 cache: 4096K
Oct 17 12:23:04 domaintld kernel: CPU: After all inits, caps: bfebc3f1 20100000 00000000 00000940 0004e33d 00000000 00000001
Oct 17 12:23:04 domaintld kernel: Checking 'hlt' instruction... OK.
Oct 17 12:23:04 domaintld kernel: SMP alternatives: switching to UP code
Oct 17 12:23:04 domaintld kernel: Freeing SMP alternatives: 12k freed
Oct 17 12:23:04 domaintld kernel: Brought up 1 CPUs
Oct 17 12:23:04 domaintld kernel: migration_cost=0
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 16
Oct 17 12:23:04 domaintld kernel: Brought up 1 CPUs
Oct 17 12:23:04 domaintld kernel: PCI: setting up Xen PCI frontend stub
Oct 17 12:23:04 domaintld kernel: ACPI: Interpreter disabled.
Oct 17 12:23:04 domaintld kernel: Linux Plug and Play Support v0.97 (c) Adam Belay
Oct 17 12:23:04 domaintld kernel: pnp: PnP ACPI: disabled
Oct 17 12:23:04 domaintld kernel: xen_mem: Initialising balloon driver.
Oct 17 12:23:04 domaintld kernel: PCI: System does not support PCI
Oct 17 12:23:04 domaintld kernel: PCI: System does not support PCI
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 2
Oct 17 12:23:04 domaintld kernel: IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
Oct 17 12:23:04 domaintld kernel: TCP established hash table entries: 131072 (order: 8, 1048576 bytes)
Oct 17 12:23:04 domaintld kernel: TCP bind hash table entries: 65536 (order: 7, 524288 bytes)
Oct 17 12:23:04 domaintld kernel: TCP: Hash tables configured (established 131072 bind 65536)
Oct 17 12:23:04 domaintld kernel: TCP reno registered
Oct 17 12:23:04 domaintld kernel: IA-32 Microcode Update Driver: v1.14a-xen <tigran@veritas.com>
Oct 17 12:23:04 domaintld kernel: audit: initializing netlink socket (disabled)
Oct 17 12:23:04 domaintld kernel: audit(1224238975.348:1): initialized
Oct 17 12:23:04 domaintld kernel: VFS: Disk quotas dquot_6.5.1
Oct 17 12:23:04 domaintld kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
Oct 17 12:23:04 domaintld kernel: Initializing Cryptographic API
Oct 17 12:23:04 domaintld kernel: io scheduler noop registered
Oct 17 12:23:04 domaintld kernel: io scheduler anticipatory registered
Oct 17 12:23:04 domaintld kernel: io scheduler deadline registered
Oct 17 12:23:04 domaintld kernel: io scheduler cfq registered (default)
Oct 17 12:23:04 domaintld kernel: Floppy drive(s): fd0 is unknown type 15 (usb?), fd1 is unknown type 15 (usb?)
Oct 17 12:23:04 domaintld kernel: Failed to obtain physical IRQ 6
Oct 17 12:23:04 domaintld kernel: floppy0: no floppy controllers found
Oct 17 12:23:04 domaintld kernel: RAMDISK driver initialized: 16 RAM disks of 16384K size 1024 blocksize
Oct 17 12:23:04 domaintld kernel: loop: loaded (max 8 devices)
Oct 17 12:23:04 domaintld kernel: Xen virtual console successfully installed as tty1
Oct 17 12:23:04 domaintld kernel: Event-channel device installed.
Oct 17 12:23:04 domaintld kernel: netfront: Initialising virtual ethernet driver.
Oct 17 12:23:04 domaintld kernel: Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
Oct 17 12:23:04 domaintld kernel: ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
Oct 17 12:23:04 domaintld kernel: PNP: No PS/2 controller found. Probing ports directly.
Oct 17 12:23:04 domaintld kernel: i8042.c: No controller found.
Oct 17 12:23:04 domaintld kernel: mice: PS/2 mouse device common for all mice
Oct 17 12:23:04 domaintld kernel: xen-vbd: registered block device major 8
Oct 17 12:23:04 domaintld kernel: blkfront: sda1: barriers enabled
Oct 17 12:23:04 domaintld kernel: md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
Oct 17 12:23:04 domaintld kernel: md: bitmap version 4.39
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 1
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 17
Oct 17 12:23:04 domaintld kernel: Using IPI No-Shortcut mode
Oct 17 12:23:04 domaintld kernel: blkfront: sda2: barriers enabled
Oct 17 12:23:04 domaintld kernel: netfront: device eth0 has copying receive path.
Oct 17 12:23:04 domaintld kernel: XENBUS: Device with no driver: device/console/0
Oct 17 12:23:04 domaintld kernel: md: Autodetecting RAID arrays.
Oct 17 12:23:04 domaintld kernel: md: autorun ...
Oct 17 12:23:04 domaintld kernel: md: ... autorun DONE.
Oct 17 12:23:04 domaintld kernel: EXT2-fs warning (device sda1): ext2_fill_super: mounting ext3 filesystem as ext2
Oct 17 12:23:04 domaintld kernel: VFS: Mounted root (ext2 filesystem) readonly.
Oct 17 12:23:04 domaintld kernel: Freeing unused kernel memory: 196k freed
Oct 17 12:23:04 domaintld kernel: serial_core: no version for "struct_module" found: kernel tainted.
Oct 17 12:23:04 domaintld kernel: Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled
Oct 17 12:23:04 domaintld kernel: Adding 1048568k swap on /dev/sda2. Priority:-1 extents:1 across:1048568k
Oct 17 12:23:04 domaintld kernel: device-mapper: ioctl: 4.7.0-ioctl (2006-06-24) initialised: dm-devel@redhat.com
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 10
Oct 17 12:23:04 domaintld kernel: lo: Disabled Privacy Extensions
Oct 17 12:23:04 domaintld kernel: IPv6 over IPv4 tunneling driver

aurelius 17th October 2008 21:50

It seems that it is not only happening when I login on the control panel. When I login with pop3 to get my mail there are 5 or 6 of these lines, it takes more than 45 seconds before these dissapear

falko 18th October 2008 18:11

Quote:

Originally Posted by aurelius (Post 150531)
in the errror log I found these messages

[Thu Oct 16 11:20:40 2008] [error] mod_ssl: SSL handshake failed (server domain.tld:81, client **.***.***.***) (OpenSSL library error follows)
[Thu Oct 16 11:20:40 2008] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:20 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:20 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:22 2008] [error] mod_ssl: SSL handshake failed (server domain.tld:81, client ***.***.***.***) (OpenSSL library error follows)
[Fri Oct 17 10:45:22 2008] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct 17 12:21:02 2008] [notice] caught SIGTERM, shutting down
[Fri Oct 17 12:23:15 2008] [notice] Apache configured -- resuming normal operations
[Fri Oct 17 12:23:15 2008] [notice] Accept mutex: sysvsem (Default: sysvsem)

Please recreate the SSL certificate: http://www.howtoforge.com/forums/showthread.php?t=121

aurelius 18th October 2008 19:09

I also found this in the error log, does it also has to do with the certificate

[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:20 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:20 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:22 2008] [error] mod_ssl: SSL handshake failed (server domain.tld:81, client ***.***.***.***) (OpenSSL library error follows)
[Fri Oct 17 10:45:22 2008] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct 17 12:21:02 2008] [notice] caught SIGTERM, shutting down
[Fri Oct 17 12:23:15 2008] [notice] Apache configured -- resuming normal operations
[Fri Oct 17 12:23:15 2008] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Sat Oct 18 18:03:09 2008] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Sat Oct 18 18:03:09 2008] [error] System: Connection reset by peer (errno: 104)
[Sat Oct 18 18:03:12 2008] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Sat Oct 18 18:03:12 2008] [error] System: Connection reset by peer (errno: 104)

aurelius 18th October 2008 19:20

Thanks for your help falko, I know now for sure that the problems occurs with https. I didn't use https on the vmware, On another vm I had https and I see know the same messages

Another question, can a faulty certificate cause server hanging,

till 19th October 2008 11:46

Quote:

Another question, can a faulty certificate cause server hanging,
No, not as far as I know. It only can cause a client to not authenticate.


All times are GMT +2. The time now is 21:41.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.