Debian 9: mpm_worker, php-fpm ( roundcube, enigma, munin, phpmyadmin aliases fix )

Discussion in 'Tips/Tricks/Mods' started by ztk.me, Oct 5, 2017.

  1. unsichtbare

    unsichtbare Member HowtoForge Supporter

    OK, so impatient me went ahead and tried the following two methods with no success (it is a VMware VM and I can revert to snapshot easily). Both methods left me with a functioning webserver (serving sites), and broken phpmyadmin. I didn't try to fix phpmyadmin because neither of the below methods was resulting in a successful HTTP/2 test using this site: https://tools.keycdn.com/http2-test.

    BTW, my server is: (Ubuntu 16.04.4 LTS (Xenial Xerus)) ISPConfig 3.1.13

    Method one:
    Code:
    a2enmod proxy
    a2enmod proxy_fcgi
    a2dismod php7.0
    systemctl restart apache2
    a2dismod mpm_prefork //again disable it
    a2enmod mpm_event
    systemctl restart apache2
    Method two (suggested by zicguy):
    Code:
    a2enconf php7.0-fpm
    systemctl reload apache2
    a2dismod php7.0
    systemctl restart apache2
    a2dismod mpm_prefork
    a2enmod mpm_event
    systemctl restart apache2
     
  2. unsichtbare

    unsichtbare Member HowtoForge Supporter

    What type of server are you using? Were there any other configurations, or was there anything added to the Apache Directives section of ISPConfig?
    Thanks,
     
  3. zicguy

    zicguy Member

    I'm on Debian Stretch. I installed it with the Perfect Server tutorial and add multiple php versions (5.6, 7.0, 7.1, 7.2). Php 7.0 is the default version on my installation. I kept roundcube and phpmyadmin configuration files in /etc/apache2/conf-available/. I didn't have to add something in Apache Directives section of ISPConfig. Roundcube and webmail still works as relative url on each website (e.g. https://www.mywebsite.com/webmail).
    I suggest you to check your default php (cli) version first, by typing "php -v". Then, you can try to enable fpm with "a2enconf php7.0-fpm" according to your php version.
    Hope it helps ;-)
     
    unsichtbare likes this.
  4. unsichtbare

    unsichtbare Member HowtoForge Supporter

    Here's where I am:
    PHP 7.0.30-0ubuntu0.16.04.1 (cli) ( NTS )
    Copyright (c) 1997-2017 The PHP Group
    Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.30-0ubuntu0.16.04.1, Copyright (c) 1999-2017, by Zend Technologies​
     
  5. zicguy

    zicguy Member

    OK, so you can try the following to enable the right mod for roundcube, phpmyadmin:
    Code:
    a2enconf php7.0-fpm
    systemctl reload apache2
    a2dismod php7.0
    systemctl restart apache2
    a2dismod mpm_prefork
    a2enmod mpm_event
    systemctl restart apache2
     
  6. unsichtbare

    unsichtbare Member HowtoForge Supporter

    Thanks zicguy!
    Unfortunately, I still get a no HTTP/2 result on: https://tools.keycdn.com/http2-test and phpmyadmin is broken. I have left the snapshot in place, sites are serving and ISPConfig is working: https://vmsources.com/new1

    Thanks again,
     
  7. unsichtbare

    unsichtbare Member HowtoForge Supporter

    With the above mods suggested by zicguy in place, I see this in /var/log/apache2/error.log after the last Apache reload
    Code:
    [Fri Aug 31 06:59:02.338117 2018] [mpm_event:notice] [pid 1681:tid 139621172778880] AH00491: caught SIGTERM, shutting down
    [Fri Aug 31 06:59:03.568632 2018] [ssl:warn] [pid 3551:tid 140171039856512] AH01906: cloud001-webserver.cloud.mydomain.com:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Fri Aug 31 06:59:03.568814 2018] [ssl:error] [pid 3551:tid 140171039856512] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=cloud001-webserver.cloud.mydomain.com,OU=webserver,O=mydomain,L=Flagstaff,ST=Arizona,C=US / issuer: [email protected],CN=cloud001-webserver.cloud.mydomain.com,OU=webserver,O=mydomain,L=Flagstaff,ST=Arizona,C=US / serial: B287A6A0E2C60B0F / notbefore: Aug  2 15:31:14 2017 GMT / notafter: Jul 31 15:31:14 2027 GMT]
    [Fri Aug 31 06:59:03.568831 2018] [ssl:error] [pid 3551:tid 140171039856512] AH02604: Unable to configure certificate cloud001-webserver.cloud.mydomain.com:8080:0 for stapling
    [Fri Aug 31 06:59:03.568856 2018] [suexec:notice] [pid 3551:tid 140171039856512] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
    [Fri Aug 31 06:59:03.586053 2018] [:notice] [pid 3556:tid 140171039856512] FastCGI: process manager initialized (pid 3556)
    [Fri Aug 31 06:59:03.587499 2018] [:error] [pid 3553:tid 140171039856512] python_init: Python version mismatch, expected '2.7.6', found '2.7.12'.
    [Fri Aug 31 06:59:03.587590 2018] [:error] [pid 3553:tid 140171039856512] python_init: Python executable found '/usr/bin/python'.
    [Fri Aug 31 06:59:03.587597 2018] [:error] [pid 3553:tid 140171039856512] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
    [Fri Aug 31 06:59:03.587619 2018] [:notice] [pid 3553:tid 140171039856512] mod_python: Creating 8 session mutexes based on 6 max processes and 25 max threads.
    [Fri Aug 31 06:59:03.587625 2018] [:notice] [pid 3553:tid 140171039856512] mod_python: using mutex_directory /tmp
    [Fri Aug 31 06:59:03.602438 2018] [ssl:warn] [pid 3553:tid 140171039856512] AH01906: cloud001-webserver.cloud.mydomain.com:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Fri Aug 31 06:59:03.602582 2018] [ssl:error] [pid 3553:tid 140171039856512] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=cloud001-webserver.cloud.mydomain.com,OU=webserver,O=mydomain,L=Flagstaff,ST=Arizona,C=US / issuer: [email protected],CN=cloud001-webserver.cloud.mydomain.com,OU=webserver,O=mydomain,L=Flagstaff,ST=Arizona,C=US / serial: B287A6A0E2C60B0F / notbefore: Aug  2 15:31:14 2017 GMT / notafter: Jul 31 15:31:14 2027 GMT]
    [Fri Aug 31 06:59:03.602593 2018] [ssl:error] [pid 3553:tid 140171039856512] AH02604: Unable to configure certificate cloud001-webserver.cloud.mydomain.com:8080:0 for stapling
    [Fri Aug 31 06:59:03.603705 2018] [mpm_event:notice] [pid 3553:tid 140171039856512] AH00489: Apache/2.4.18 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g configured -- resuming normal operations
    [Fri Aug 31 06:59:03.603734 2018] [core:notice] [pid 3553:tid 140171039856512] AH00094: Command line: '/usr/sbin/apache2'
    PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/php_ldap.dll' - /usr/lib/php/20151012/php_ldap.dll: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP Warning:  Module 'redis' already loaded in Unknown on line 0
    PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/php_ldap.dll' - /usr/lib/php/20151012/php_ldap.dll: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP Warning:  Module 'redis' already loaded in Unknown on line 0
     
  8. Jesse Norell

    Jesse Norell Well-Known Member

    @unsichtbare, did you "a2enable proxy_fcgid"? I know you said you did earlier, but you're also deleting vm's and rolling back snapshots, so check that. I had nearly the same experience as @zicguy, in that the default roundcube and phpmyadmin configs continue working, and the commands were something like this (proxy_fcgid was already enabled as part of the perfect server tutorial):
    Code:
    systemctl stop apache2
    a2dismod php7.0
    apt-get purge -y libapache2-mod-php*
    a2enconf php7.1-fpm
    a2dismod mpm_prefork
    a2enmod mpm_event
    systemctl start apache2
     
    unsichtbare likes this.
  9. unsichtbare

    unsichtbare Member HowtoForge Supporter

    Same as you, I have proxy_fcgid enabled as part of the Perfect Server tutorial, however "a2enable" is not a known command:
     
  10. unsichtbare

    unsichtbare Member HowtoForge Supporter

    Some success - phpmyadmin now works after a2enmod proxy and a2enmod proxy_fcgid (thx Jesse Norell) but no joy on HTTP/2. Here's a summary of where I am (in this order of commands starting and stopping Apache):
    Code:
    a2enconf php7.0-fpm
    systemctl reload apache2
    a2dismod php7.0
    systemctl restart apache2
    a2dismod mpm_prefork
    a2enmod mpm_event
    systemctl restart apache2
    systemctl stop apache2
    apt-get purge -y libapache2-mod-php*
    a2enmod proxy
    a2enmod proxy_fcgi
    systemctl start apache2
     
  11. Jesse Norell

    Jesse Norell Well-Known Member

    sorry, a2enmod. ('apachectl -M | grep fcgid' should show it enabled)
    That sounds like you have some bad php config trying to load the php ldap module. .dll files are for windows, linux shared object files will end with .so .. try 'grep -R php_ldap /etc/php' and see if you can find something needing cleaned up. If your php websites worked with php7.0-fpm, I'd guess this won't resolve your problem, but might as well fix it.

    What does 'apachectl -M' show, and 'ls -l /etc/apache2/conf-enabled'? (there may be an apachectl equivalent for that, but I don't know it)
     
  12. Jesse Norell

    Jesse Norell Well-Known Member

    http/2 isn't automatic with mpm_event, create /etc/apache2/conf-available/http2.conf with:
    Code:
    <IfModule mod_http2.c>
        Protocols h2 h2c http/1.1
    </IfModule>
    Then run:
    Code:
    a2enmod http2
    a2enconf http2
    systemctl restart apache2
     
    Last edited: Sep 6, 2018
    concept21 likes this.
  13. unsichtbare

    unsichtbare Member HowtoForge Supporter

    It all seems to look healthy (to me).
    Code:
    [email protected]:/tmp# grep -R php_ldap /etc/php
    /etc/php/7.0/cgi/php.ini:;extension=php_ldap.dll
    /etc/php/7.0/cgi/php.ini.ucf-dist:;extension=php_ldap.dll
    /etc/php/7.0/fpm/php.ini:;extension=php_ldap.dll
    /etc/php/7.0/fpm/php.ini.ucf-dist:;extension=php_ldap.dll
    /etc/php/7.0/cli/php.ini:;extension=php_ldap.dll
    /etc/php/7.0/cli/php.ini.ucf-dist:;extension=php_ldap.dll
    [email protected]:/tmp#
    
    Code:
    [email protected]:/tmp# apachectl -M
    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
    Loaded Modules:
     core_module (static)
     so_module (static)
     watchdog_module (static)
     http_module (static)
     log_config_module (static)
     logio_module (static)
     version_module (static)
     unixd_module (static)
     access_compat_module (shared)
     actions_module (shared)
     alias_module (shared)
     auth_basic_module (shared)
     auth_digest_module (shared)
     authn_core_module (shared)
     authn_file_module (shared)
     authz_core_module (shared)
     authz_host_module (shared)
     authz_user_module (shared)
     autoindex_module (shared)
     cgi_module (shared)
     dav_module (shared)
     dav_fs_module (shared)
     deflate_module (shared)
     dir_module (shared)
     env_module (shared)
     expires_module (shared)
     fastcgi_module (shared)
     fcgid_module (shared)
     filter_module (shared)
     headers_module (shared)
     include_module (shared)
     mime_module (shared)
     mpm_event_module (shared)
     negotiation_module (shared)
     pagespeed_module (shared)
     proxy_module (shared)
     proxy_fcgi_module (shared)
     python_module (shared)
     rewrite_module (shared)
     setenvif_module (shared)
     socache_shmcb_module (shared)
     ssl_module (shared)
     status_module (shared)
     suexec_module (shared)
    [email protected]:/tmp#
    
    Code:
    [email protected]:/tmp# ls -l /etc/apache2/conf-enabled
    total 0
    lrwxrwxrwx 1 root root 34 Aug  2  2017 apache2-doc.conf -> ../conf-available/apache2-doc.conf
    lrwxrwxrwx 1 root root 30 Aug  2  2017 charset.conf -> ../conf-available/charset.conf
    lrwxrwxrwx 1 root root 30 Aug  2  2017 httpoxy.conf -> ../conf-available/httpoxy.conf
    lrwxrwxrwx 1 root root 44 Aug  2  2017 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf
    lrwxrwxrwx 1 root root 46 Aug  2  2017 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
    lrwxrwxrwx 1 root root 42 Sep  4 13:32 pagespeed_libraries.conf -> ../conf-available/pagespeed_libraries.conf
    lrwxrwxrwx 1 root root 33 Aug 31 06:33 php7.0-fpm.conf -> ../conf-available/php7.0-fpm.conf
    lrwxrwxrwx 1 root root 33 Aug  2  2017 phpmyadmin.conf -> ../conf-available/phpmyadmin.conf
    lrwxrwxrwx 1 root root 32 Aug  2  2017 roundcube.conf -> ../conf-available/roundcube.conf
    lrwxrwxrwx 1 root root 31 Aug  2  2017 security.conf -> ../conf-available/security.conf
    lrwxrwxrwx 1 root root 36 Aug  2  2017 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
    [email protected]:/tmp#
    
     
  14. unsichtbare

    unsichtbare Member HowtoForge Supporter

    /etc/apache2/conf-available is a directory with several *.conf files in it. SHould I create a new file, or append IfModule to an existing file?

    THX
     
  15. unsichtbare

    unsichtbare Member HowtoForge Supporter

    OK, I got it! HTTP/2 Now working on Ubuntu 16.04LTS "The Perfect Server" build.
    Here is a summary of the steps and order that got it working for me (anyone, please chime in if you think I got these out-of-order). I included all of the apache reload/stop/start in the order that I applied them, possible some could be eliminated:
    1. a2enconf php7.0-fpm
    2. systemctl reload apache2
    3. a2dismod php7.0
    4. systemctl restart apache2
    5. a2dismod mpm_prefork
    6. a2enmod mpm_event
    7. systemctl restart apache2
    8. systemctl stop apache2
    9. apt-get purge -y libapache2-mod-php*
    10. a2enmod proxy
    11. a2enmod proxy_fcgi
    12. systemctl start apache2
    13. add-apt-repository -y ppa:eek:ndrej/apache2
    14. apt-key update
    15. apt-get update
    16. apt-get --only-upgrade install apache2 -y
    17. ANSWER "N" or press [Enter] to accept default and keep existing server config or ISPConfig will be broken
    18. a2enmod http2
    19. systemctl restart apache2
    20. Add these lines to Apache directives of website in ISPConfig:
    • Code:
      Protocols h2 h2c http/1.1
      ProtocolsHonorOrder On
      Protocols h2 h2c http/1.1
     
    ahrasis likes this.
  16. Jesse Norell

    Jesse Norell Well-Known Member

    Sorry, meant to say create /etc/apache2/conf-available/http2.conf (now edited/fixed above)
     
  17. unsichtbare

    unsichtbare Member HowtoForge Supporter

    Thanks! I think I accomplished the same thing by adding the lines to my Apache Directives in ISPConfig.
     
  18. concept21

    concept21 Member

    Hello Jesse,
    What is the advantage of http2 over http1.1? Is it stable for production? :rolleyes:
     
  19. ahrasis

    ahrasis Well-Known Member

    It has a lot of advantages. You can just google for that. And it is definitely stable.
     
  20. sunghost

    sunghost Member

    Hi, i switch to mpm_event and http2 is running, but not webmail and phpmyadmin. Must i still create a Website wit fqdn like server007.domani.tld and add the Code to the Apache Directive? I tried this, but get 503. Need help. thx.
     

Share This Page