LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-03-2010, 06:10 PM   #1
SteveJenkins
LQ Newbie
 
Registered: Nov 2009
Distribution: CentOS
Posts: 18

Rep: Reputation: 0
Apache Never Starts on Reboot


I've been pulling my hair out on this one. I haven't had to reboot my server in many many moons, but when I did recently, everything fired back up just fine... except httpd!

The strange thing is that if I log in after reboot and simply type:

Code:
service httpd start
It starts up just fine!

The OS is Fedora 12. Apache is 2.2.14. chkconfig looks ok:

Code:
# chkconfig --list httpd
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
The httpd script is in /etc/rc.d/init.d/httpd and looks like this:

Code:
#!/bin/bash
#
# httpd        Startup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# description: The Apache HTTP Server is an efficient and extensible  \
#              server implementing the current HTTP standards.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd/httpd.pid
#
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server 
#  implementing the current HTTP standards.
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then
        . /etc/sysconfig/httpd
fi

# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-"C"}

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""

# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based "worker" MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/sbin/apachectl
httpd=${HTTPD-/usr/sbin/httpd}
prog=httpd
pidfile=${PIDFILE-/var/run/httpd/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd}
RETVAL=0

# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure.  So we just do it the way init scripts
# are expected to behave here.
start() {
        echo -n $"Starting $prog: "
        LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch ${lockfile}
        return $RETVAL
}

# When stopping httpd a delay of >10 second is required before SIGKILLing the
# httpd parent; this gives enough time for the httpd parent to SIGKILL any
# errant children.
stop() {
        echo -n $"Stopping $prog: "
        killproc -p ${pidfile} -d 10 $httpd
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
    echo -n $"Reloading $prog: "
    if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
        RETVAL=$?
        echo $"not reloading due to configuration syntax error"
        failure $"not reloading $httpd due to configuration syntax error"
    else
        killproc -p ${pidfile} $httpd -HUP
        RETVAL=$?
    fi
    echo
}

# See how we were called.
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  status)
        status -p ${pidfile} $httpd
        RETVAL=$?
        ;;
  restart)
        stop
        start
        ;;
  condrestart|try-restart)
        if status -p ${pidfile} $httpd >&/dev/null; then
                stop
                start
        fi
        ;;
  force-reload|reload)
        reload
        ;;
  graceful|help|configtest|fullstatus)
        $apachectl $@
        RETVAL=$?
        ;;
  *)
        echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"
        RETVAL=3
esac

exit $RETVAL
httpd service start, stop, restart, etc. all work fine. So does apachectl configtest, start, stop, restart, and graceful.

Any ideas on where I should start looking to see why httpd doesn't start on boot?

Thanks in advance!
 
Old 03-03-2010, 06:45 PM   #2
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
Check the error logs ?
It might be trying to start but failing.
 
Old 03-03-2010, 07:29 PM   #3
Dig
Member
 
Registered: Nov 2009
Posts: 40

Rep: Reputation: 1
- what is the ouput of #service httpd configtest and what is in the logs , also can you make sure of the output of this

#ls -l /etc/rc.d/rc5.d/ | grep httpd

Last edited by Dig; 03-04-2010 at 01:19 AM.
 
Old 03-09-2010, 02:00 PM   #4
SteveJenkins
LQ Newbie
 
Registered: Nov 2009
Distribution: CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by smoker View Post
Check the error logs ?
It might be trying to start but failing.
Nothing appears in /var/log/messages when I reboot (I did it just now).

When I start apache manually, the error log looks like this, and everything starts up ok:

Code:
[Tue Mar 09 11:52:24 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 09 11:52:24 2010] [info] Init: Seeding PRNG with 256 bytes of entropy
[Tue Mar 09 11:52:24 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Mar 09 11:52:25 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Mar 09 11:52:25 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Mar 09 11:52:25 2010] [info] mod_ssl/2.2.14 compiled against Server: Apache/2.2.14, Library: OpenSSL/1.0.0-fips-beta4
[Tue Mar 09 11:52:25 2010] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 09 11:52:25 2010] [notice] Digest: done
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [debug] util_ldap.c(1986): LDAP merging Shared Cache conf: shm=0xb730f8f0 rmm=0xb730f920 for VHOST: hostname.com
[Tue Mar 09 11:52:25 2010] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Tue Mar 09 11:52:25 2010] [info] LDAP: SSL support available
PHP Warning:  Directive 'register_globals' is deprecated in PHP 5.3 and greater in Unknown on line 0
PHP Warning:  Module 'fileinfo' already loaded in Unknown on line 0
[Tue Mar 09 11:52:25 2010] [error] python_init: Python version mismatch, expected '2.6', found '2.6.2'.
[Tue Mar 09 11:52:25 2010] [error] python_init: Python executable found '/usr/bin/python'.
[Tue Mar 09 11:52:25 2010] [error] python_init: Python path being used '/usr/lib/python26.zip:/usr/lib/python2.6/:/usr/lib/python2.6/plat-linux2:/usr/lib/python2.6/lib-tk:/usr/lib/python2.6/lib-old:/usr/lib/python2.6/lib-dynload'.
[Tue Mar 09 11:52:25 2010] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Tue Mar 09 11:52:25 2010] [notice] mod_python: using mutex_directory /tmp 
[Tue Mar 09 11:52:26 2010] [info] Init: Seeding PRNG with 256 bytes of entropy
[Tue Mar 09 11:52:26 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Mar 09 11:52:26 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Mar 09 11:52:26 2010] [debug] ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory
[Tue Mar 09 11:52:26 2010] [debug] ssl_scache_shmcb.c(272): for 511952 bytes (512000 including header), recommending 32 subcaches, 133 indexes each
[Tue Mar 09 11:52:26 2010] [debug] ssl_scache_shmcb.c(306): shmcb_init_memory choices follow
[Tue Mar 09 11:52:26 2010] [debug] ssl_scache_shmcb.c(308): subcache_num = 32
[Tue Mar 09 11:52:26 2010] [debug] ssl_scache_shmcb.c(310): subcache_size = 15996
[Tue Mar 09 11:52:26 2010] [debug] ssl_scache_shmcb.c(312): subcache_data_offset = 2144
[Tue Mar 09 11:52:26 2010] [debug] ssl_scache_shmcb.c(314): subcache_data_size = 13852
[Tue Mar 09 11:52:26 2010] [debug] ssl_scache_shmcb.c(316): index_num = 133
[Tue Mar 09 11:52:26 2010] [info] Shared memory session cache initialised
[Tue Mar 09 11:52:26 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Mar 09 11:52:26 2010] [info] mod_ssl/2.2.14 compiled against Server: Apache/2.2.14, Library: OpenSSL/1.0.0-fips-beta4
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 1989 for worker proxy:reverse
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 1989 for (*)
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 1990 for worker proxy:reverse
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 1990 for (*)
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 1991 for worker proxy:reverse
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 1991 for (*)
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 1992 for worker proxy:reverse
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 1992 for (*)
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 1993 for worker proxy:reverse
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 1993 for (*)
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 1994 for worker proxy:reverse
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 1994 for (*)
[Tue Mar 09 11:52:26 2010] [notice] Apache/2.2.14 (Unix) DAV/2 PHP/5.3.1 mod_python/3.3.1 Python/2.6.2 mod_ssl/2.2.14 OpenSSL/1.0.0-fips-beta4 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Tue Mar 09 11:52:26 2010] [info] Server built: Dec  3 2009 10:25:53
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 1995 for worker proxy:reverse
[Tue Mar 09 11:52:26 2010] [debug] prefork.c(1013): AcceptMutex: sysvsem (default: sysvsem)
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 1995 for (*)
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 1996 for worker proxy:reverse
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Tue Mar 09 11:52:26 2010] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 1996 for (*)
To answer the other two questions:

Code:
# ls -l /etc/rc.d/rc5.d/ | grep httpd
lrwxrwxrwx 1 root root 15 2010-02-20 19:28 S85httpd -> ../init.d/httpd

# service httpd configtest
Syntax OK
Just rebooted again, and still having the same issues. It's driving me nuts!

Last edited by SteveJenkins; 03-09-2010 at 02:04 PM.
 
Old 03-09-2010, 08:23 PM   #5
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
The chkconfig line in the init script looks wrong: see http://linux.die.net/man/8/chkconfig; specifically the example in "Runlevel Files" section.
You should also fix those errors mentioned in the logfile.
 
Old 03-10-2010, 08:08 AM   #6
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
Chris is correct, your line in the /etc/rc.d/init.d/httpd file should look like this

Code:
# chkconfig: 2345 85 15
you currently have

Code:
# chkconfig: - 85 15
Also Chris's link is broken, this is correct http://linux.die.net/man/8/chkconfig (no trailing semi-colon)

Last edited by smoker; 03-10-2010 at 08:10 AM.
 
Old 03-18-2010, 01:05 PM   #7
SteveJenkins
LQ Newbie
 
Registered: Nov 2009
Distribution: CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
Made the change suggested by Chris and Smoker, but still having the same issue. Nothing in /var/log/messages that even mentions httpd (or even http - I grepped). The httpd error log mentions nothing (and I've cleaned up most of those unrelated errors... most from old PHP code).

Anywhere else I should look?
 
Old 03-18-2010, 01:18 PM   #8
spampig
Member
 
Registered: Feb 2010
Location: /Earth/UK/England/Hampshire
Distribution: Debian, Ubuntu, CentOS, Slackware
Posts: 262
Blog Entries: 2

Rep: Reputation: 56
This may be nothing - on CENTOS is Apache2 called 'httpd'? On other distro's the process comes up as 'apache2' instead - eg:

Quote:
# ps aux | grep httpd
root 10702 0.0 0.0 3236 788 pts/0 R+ 18:14 0:00 grep httpd
# ps aux | grep http
root 10704 0.0 0.0 3236 784 pts/0 R+ 18:14 0:00 grep http
{no results.....}
# ps aux | grep apache
root 8889 0.0 0.9 35644 9392 ? Ss Mar13 0:08 /usr/sbin/apache2 -k start
root 10706 0.0 0.0 3236 792 pts/0 R+ 18:14 0:00 grep apache
www-data 15424 0.0 1.1 39924 11896 ? S Mar14 0:01 /usr/sbin/apache2 -k start
www-data 15425 0.0 1.0 39624 11228 ? S Mar14 0:00 /usr/sbin/apache2 -k start
www-data 15429 0.0 1.1 39620 11612 ? S Mar14 0:00 /usr/sbin/apache2 -k start
www-data 15431 0.0 1.1 39960 11916 ? S Mar14 0:00 /usr/sbin/apache2 -k start
www-data 15432 0.0 1.1 39960 11924 ? S Mar14 0:01 /usr/sbin/apache2 -k start
www-data 28949 0.0 1.1 39628 11596 ? S Mar15 0:01 /usr/sbin/apache2 -k start
After months of it not missing a beat I once went to restart it with various 'httpd' connotations, only to find /etc/init.d/apache2 restart worked as it should. By this time I'd started to reconfigure apache thinking 'how did this ever work' lol :-)
 
Old 03-19-2010, 03:59 PM   #9
SteveJenkins
LQ Newbie
 
Registered: Nov 2009
Distribution: CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
Yeah... the process is named httpd. Still stumped on this one.

If it's any help for the troubleshooters out there, I'm also running a separate virtual host on port 443 (https). Not sure if anything in the ssl.conf there might be causing the issue. I'll post it here just in case someone sees something I'm missing:

Code:
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these 
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
# 
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#

LoadModule ssl_module modules/mod_ssl.so

#
# When we also provide SSL we have to listen to the 
# the HTTPS port in addition.
#
Listen 443

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        dc:UNIX:/var/cache/mod_ssl/distcache
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 
SSLMutex default

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the 
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names.  NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly. 
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/www/vhosts/blah.domainname.com/htdocs/"
ServerName blah.domainname.com:443

# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog /www/logs/ssl_error_log
TransferLog /www/logs/ssl_access_log
LogLevel warn

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
SSLProtocol all -SSLv2

#   SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server.crt
#SSLCertificateFile /etc/pki/tls/certs/domain.com.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/server.key
#SSLCertificateKeyFile /etc/pki/tls/certs/domain.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#<Location />
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means that
#     the standard Auth/DBMAuth methods can be used for access control.  The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context. 
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't wait for
#   the close notify alert from client. When you need a different shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, i.e. no
#     SSL close notify alert is send or allowed to received.  This violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
#     this when you receive I/O errors because of the standard approach where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. Use
#     this only for browsers where you know that their SSL implementation
#     works correctly. 
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
 
Old 03-19-2010, 04:17 PM   #10
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
Have you tried booting into single user mode, then issuing

telinit 3

and seeing if you can observe any errors from there ?
 
  


Reply

Tags
apache, boot, httpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache starts, able to ping, no site shown. phantom_cyph Linux - Server 5 09-27-2008 04:45 PM
Services going down when Apache starts Thales Medeiros Linux - Server 3 03-15-2007 08:51 PM
Two Fluxbox Versions - Root starts newest,User starts oldest fortezza Linux - Software 1 05-21-2006 01:17 AM
apache starts but does not work mrosati Linux - Software 6 06-05-2004 12:53 PM
Every reboot starts an integrity check mustang05 Linux - Software 1 01-24-2004 09:34 AM


All times are GMT -5. The time now is 06:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration