strange problems (again). this time ...

Discussion in 'ISPConfig 3 Priority Support' started by craig baker, Dec 20, 2020.

  1. craig baker

    craig baker Member HowtoForge Supporter

    I'm getting odd errors in log/error.log with things like
    [Sat Dec 19 18:48:49.282982 2020] [fcgid:warn] [pid 1338693:tid 140035303130880] (104)Connection reset by peer: [client] mod_fcgid: ap_pass_brigade failed in handle_request_ipc function
    [Sat Dec 19 18:44:18.943158 2020] [log_config:warn] [pid 1336611:tid 140036478859008] (32)Broken pipe: [client] AH00646: Error writing to | /usr/local/ispconfig/server/scripts/vlogger -s access.log -t "%Y%m%d-access.log" /var/log/ispconfig/httpd
    now I've read these can be due to resource problems - but server has 256gb of ram and 128gb is free...
    i've also been looking at fcgid values in the vhosts which are:

                    <IfModule mod_fcgid.c>
                                    FcgidIdleTimeout 300
                                    FcgidProcessLifeTime 3600
                                    # FcgidMaxProcesses 1000
                                    FcgidMaxRequestsPerProcess 5000
                                    FcgidMinProcessesPerClass 0
                                    FcgidMaxProcessesPerClass 10
                                    FcgidConnectTimeout 3
                                    FcgidIOTimeout 600
                                    FcgidBusyTimeout 3600
                                    FcgidMaxRequestLen 1073741824
    I've put entries at the end in the /etc/httpd/conf/httpd.conf:
    RequestHeader unset Proxy early
    FcgidMaxProcesses 2000
    FcgidMaxProcessesPerClass 200

    now I didnt comment the FcgidMaxProcesses line in the vhost where did that get commented out?
    I dont have any entries in the Options tab to explain these entries... maybe they are too small in a template??

    does the httpd.conf value take precedence if its larger?

    output from systemctl status httpd:
    anyway your comments would be appreciated!
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    No. If you want to raise them for a website, use the apache directives field of the site or if you want to change the defaults for all sites, create a custom vhost template and change it in that template.
  3. craig baker

    craig baker Member HowtoForge Supporter

    ENLIGHTENMENT - the messages above are NOT due to resource problems but by the other end killing the connection after a 500 error.

    For example on the first one:
    [Sat Dec 19 18:48:49.282982 2020]
    looking in access.log we fine - - [19/Dec/2020:18:48:43 -0500] "GET /supportlogin/ HTTP/1.1" 500 1391600 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +"
    same ip - same time. the bingbot is generating a 500 error by accessing /supportlogin. and then aborts the connection leading to the broken pipe.
    now of course GET /supportlogin/ should NOT generate a 500 error. so .. thats an additional question.
    but the broken pipe error is NOT a problem in and of itself its just saying the other end aborted the connection.

    now - more interesting connection why would a perfectly good page ( generate a 500 error??
  4. craig baker

    craig baker Member HowtoForge Supporter

    .... but another logging error - on a different site:
    [Sun Dec 20 03:20:05.913929 2020] [ssl:error] [pid 1336601:tid 140037132736832] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 04A1452C24A5B466FEAD4E470D4284A094E0 / notbefore: Oct 28 06:08:15 2020 GMT / notafter: Jan 26 06:08:15 2021 GMT]
    [Sun Dec 20 03:20:05.913945 2020] [ssl:error] [pid 1336601:tid 140037132736832] AH02604: Unable to configure certificate for stapling
    [[email protected] web]# 
    now from my vhost file -
     SSLEngine on
                    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
                    SSLHonorCipherOrder     on
                    # <IfModule mod_headers.c>
                    # Header always add Strict-Transport-Security "max-age=15768000"
                    # </IfModule>
                    SSLCertificateFile /var/www/clients/client0/web83/ssl/
                    SSLCertificateKeyFile /var/www/clients/client0/web83/ssl/
                                      SSLUseStapling on
                      SSLStaplingResponderTimeout 5
                      SSLStaplingReturnResponderErrors off
    I dont have a chain cert listed, but I dont on other sites that dont generate the error either!

    final but of strangeness - pulls up just fine and is secure gives LE cert with valid dates!
    so ... are the above errors significant? sure would like to expunge them!
    so... what does the error above actually mean?

Share This Page