Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st August 2006, 15:08
jarkand jarkand is offline
Junior Member
 
Join Date: Aug 2006
Location: Germany (the very south)
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to jarkand
Default Apache down every week (caught SIGTERM)

Hey guys,

this is my first post here, so don't push to hard on me, ok

I've been looking around for some time to find any helpful topics on the web but wasn't lucky so far. Let's try it this way.

My system is a Debian 3.1 version (Postfix, Apache2 (Apache/2.0.54 mod_ssl/2.0.54), MySql and Proftp, also).

And here's my problem (and I think it's not related to system only):
Every Sunday my Apache goes down so I sat down and checked the logs. The only thing I found, is an entry in /var/log/apache2/error.log which says:
Code:
[Sun Aug 06 06:25:02 2006] [notice] caught SIGTERM, shutting down
Well, every Sunday means that it has something to do with the crons running on my system. So I checked the weekly cron in /etc/cron.weekly and found the standard files which are:
Quote:
man-db
ntp-server
sysklogd
But wasn't lucky here, too.

After checking the /etc/logrotate.d/apache2 I found this:
Code:
/var/log/apache2/*.log {
	weekly
	missingok
	rotate 52
	compress
	delaycompress
	notifempty
	create 640 root adm
	sharedscripts
	postrotate
		if [ -f /var/run/apache2.pid ]; then
			/etc/init.d/apache2 restart > /dev/null
		fi
	endscript
}
Here you can see that the Apache is restarted but for some reason it fails. OK, more digging and after one week I found this in the apache error log:
Code:
[Sun Aug 13 06:25:01 2006] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
[Sun Aug 13 06:25:01 2006] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Sun Aug 13 06:25:01 2006] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Aug 13 06:25:01 2006] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Sun Aug 13 06:25:01 2006] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
As far as I understand the cron is restarting the apache but apache waits for the SSL private key password but there's no one who types it in - right? So it sends the SIGTERM signal and that's it: no Website online

Now my question: am I right? Is this the problem and if so how do I make sure that when apache is restarting, the password is submitted automatically?

Any hints are greatly appreciated. Thanks,
Mik
Reply With Quote
Sponsored Links
  #2  
Old 21st August 2006, 18:44
jarkand jarkand is offline
Junior Member
 
Join Date: Aug 2006
Location: Germany (the very south)
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to jarkand
Default

OK, I found one solution but I'm not very happy with it because it reduces the cert security level.

To get rid of the pass phrase request, simply create a new key without the -des3 (or what ever you've chosen) option.

Here's a very short (I'm sure you'll find these information 1 billion times on the net much better described than here) how to Apache-SSL / Apache ModSSL key and CSR Generation without pass phrase instructions:

1. Generate the private key
Code:
openssl genrsa –out yourdomain.com.key 1024
Quote:
insted of: openssl genrsa –des3 yourdomain.com.key 1024
2. Generate the CSR
Code:
openssl req –new –key yourdomain.com.key –out yourdomain.com.csr
3. Request the CRT from a CA Unit or create your own one.

4. Edit Apache's conf and restart.

Apache will never again ask you to enter the pass for your privat key and you don't have to worry about cron jobs that require to restart Apache.

Quote:
WARNING: Use this way only if you absolutely trust the server, and you make sure the permissions are carefully set!
Ohh, btw, any commends STILL appreciated...
Mik
Reply With Quote
  #3  
Old 22nd August 2006, 13:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

I guess when you created the certificates for Apache, you chose to encrypt the private key with a pass phrase (as shown here for ISPConfig's Apache: http://www.ispconfig.org/manual_installation.htm ). If you do this, then Apache always needs human intervention (someone who types in the pass phrase) to start/restart. Therefore you should choose not to encrypt the private key.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 23rd August 2006, 11:29
drks drks is offline
Junior Member
 
Join Date: Aug 2006
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

There is no need to regenerate a key/csr/certificate. If you know the SSL Passphrase, you can simply remove it:

http://www.5dollarwhitebox.org/wiki/..._From_Key_File


Code:
# cp www.domain.com.key www.domain.com.key.passphrase

# openssl rsa -in www.domain.com.key.passphrase -out www.domain.com.key
read RSA key

Enter PEM pass phrase: <need to know passphrase to remove it>
writing RSA key
__________________
drks - http://www.5dollarwhitebox.org
Reply With Quote
  #5  
Old 12th July 2008, 07:15
salehqt salehqt is offline
Junior Member
 
Join Date: Jul 2008
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Same problem, different cause

I have same problem with Ubuntu Server 8.04. every package is in its default version. The fact is that I haven't enabled SSL at all. so the problem can't be caused by SSL or something.
I checked configuration and found out that logrotate is killing my apache. but there are no error messages in the log only one line: caught SIGTERM, shutting down.
I tried "apache2ctl configtest" and it says I have no problem with my config file.

PS: I tried once to install cpanel but I didn't complete the installation procedure, cpanel is not working now, but its files are in my /usr/local/cpanel.
Reply With Quote
  #6  
Old 13th July 2008, 12:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Mayb monit is a solution for you - it starts Apache automatically if it is not running: http://www.howtoforge.com/server_mon...it_debian_etch
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 15th July 2008, 01:59
gotting gotting is offline
Junior Member
 
Join Date: Mar 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Similar problem Apache dies

I have a similar problem.

It appears that my apache instance dies. Most often on sundays. Not every sunday but at least every second or third. I'm running isp config on Ubuntu 6.06. It might have somthing to do with this bug
https://bugs.launchpad.net/ubuntu/+s...e2/+bug/174805

However, I haven't managed to fund out if it's also present in Dapper. But it seems that Apache does not restart properly after log rotation.

The beginning of my error.log after rotation

Code:
[Sun Jul 06 06:25:41 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
[Sun Jul 06 06:25:41 2008] [warn] module proxy_http_module is already loaded, skipping
[Sun Jul 06 06:25:41 2008] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming normal operations
[Sun Jul 06 11:48:21 2008] [notice] caught SIGTERM, shutting down
[Sun Jul 06 11:48:23 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
[Sun Jul 06 11:48:23 2008] [warn] module proxy_http_module is already loaded, skipping
[Sun Jul 06 11:48:23 2008] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming normal operations
[Sun Jul 06 12:16:22 2008] [notice] caught SIGTERM, shutting down
[Sun Jul 06 12:16:23 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
[Sun Jul 06 12:16:23 2008] [warn] module proxy_http_module is already loaded, skipping
[Sun Jul 06 12:16:24 2008] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming normal operations
[Sun Jul 06 12:39:21 2008] [notice] Graceful restart requested, doing restart
[Sun Jul 06 12:39:21 2008] [warn] module proxy_http_module is already loaded, skipping
[Sun Jul 06 12:39:22 2008] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming normal operations
[Sun Jul 06 12:39:22 2008] [warn] long lost child came home! (pid 21639)
[Sun Jul 06 12:42:17 2008] [notice] caught SIGTERM, shutting down
Can someone explain what the 4 first lines mean? I'm also concerned about
Code:
[warn] module proxy_http_module is already loaded, skipping
because I can't figure out why proxy_http_module seems to be loaded twice.

/Johan
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
mod_mono apache 2.2 ColdDoT Server Operation 5 23rd May 2006 02:58
Apache 2.0.52 - mod_dir.c ZC1 Server Operation 1 21st May 2006 20:31
Problem with the installation of Dokeos (LMS) in ISPConfig jofranco General 4 28th April 2006 00:45
PHP/MySQL/Apache2/ISPConfig configuration issues? senzapaura General 21 25th December 2005 14:01
Apache 1.3 Support SleeperZ General 3 9th November 2005 11:10


All times are GMT +2. The time now is 07:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.