CentOS 7 w/virtual webservers

EPLychon · 04-27-2015, 10:27 AM

I have a clean install of CentOS 7 and I am trying to host several domains. First I followed the instructions here: https://www.digitalocean.com/communi...ts-on-centos-7

Then I added the instructions from here: http://www.tecmint.com/apache-virtua...ing-in-centos/

After finishing up, I still have several errors which I am posting here:

Code:

systemctl status httpd.service -l
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
   Active: failed (Result: exit-code) since Mon 2015-04-27 10:20:50 CDT; 15s ago
  Process: 16406 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 16402 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 16402 (code=exited, status=1/FAILURE)

Apr 27 10:20:50 server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 27 10:20:50 server kill[16406]: kill: cannot find process ""
Apr 27 10:20:50 server systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 27 10:20:50 server systemd[1]: Failed to start The Apache HTTP Server.
Apr 27 10:20:50 server systemd[1]: Unit httpd.service entered failed state.

I'm at a loss here and fairly new at setting up web servers. Any help would be appreciated!

Thanks!
William

EPLychon · 04-28-2015, 08:53 AM

There could be some steps missed with setting up a web server prior to the instructions on those websites. If there is any other information I could post to be helpful let me know. I would really like to get this up and running.

Thanks!

Habitual · 04-28-2015, 10:05 AM

look at /var/log/httpd/error_log?

EPLychon · 04-28-2015, 11:11 AM

Here is what I get when I open it in Vi:

Quote:

(13)Permission denied: AH00091: httpd: could not open error log file /var/www/sorchastarr.com/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/sorchastarr.com/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/sorchastarr.com/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/sorchastarr.com/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/sorchastarr.com/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/sorchastarr.com/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/sorchastarr.com/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/sorchastarr.com/error.log.
AH00015: Unable to open logs

Habitual · 04-28-2015, 01:55 PM

You should think about changing those values to say /var/log/http/sorchastarr.com_error.log.
You don't want to have your apache logs writing to /var/www/.
It's an unnecessary risk.

So see what .conf files you need to adjust, have a look at the output of

Code:

apache2ctl -S

Once you start writing to /var/log/http/sorchastarr.com_error.log, apache should start right up.

John VV · 04-28-2015, 02:11 PM

EPLychon
as with basically all files in /var/www
you do need to be root
all files in /var/www should be OWNED BY the user "apache"

Code:

su -
 nano /var/www/sorchastarr.com/error.log
--- or ---
vi /var/www/sorchastarr.com/error.log

EPLychon · 04-28-2015, 03:36 PM

I am posting the journalctl -xn to hopefully get more info:

Code:

systemctl status httpd.service
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
   Active: failed (Result: exit-code) since Tue 2015-04-28 15:30:09 CDT; 17s ago
  Process: 2924 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 2920 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 2920 (code=exited, status=1/FAILURE)
   CGroup: /system.slice/httpd.service

Apr 28 15:30:09 Garmany systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 28 15:30:09 Garmany kill[2924]: kill: cannot find process ""
Apr 28 15:30:09 Garmany systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 28 15:30:09 Garmany systemd[1]: Failed to start The Apache HTTP Server.
Apr 28 15:30:09 Garmany systemd[1]: Unit httpd.service entered failed state.
[root@Garmany william]# journalctl -xn
-- Logs begin at Tue 2015-04-28 15:29:21 CDT, end at Tue 2015-04-28 15:30:25 CDT. --
Apr 28 15:30:20 Garmany setroubleshoot[2922]: received signal=14
Apr 28 15:30:20 Garmany setroubleshoot[2922]: KeyboardInterrupt in RunFaultServer
Apr 28 15:30:20 Garmany setroubleshoot[2922]: writing database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=1
Apr 28 15:30:20 Garmany dbus-daemon[783]: 'list' object has no attribute 'split'
Apr 28 15:30:23 Garmany NetworkManager[802]: <info>  (enp0s25): Activation: Stage 4 of 5 (IPv6 Configure Timeout) scheduled...
Apr 28 15:30:23 Garmany NetworkManager[802]: <info>  (enp0s25): Activation: Stage 4 of 5 (IPv6 Configure Timeout) started...
Apr 28 15:30:23 Garmany NetworkManager[802]: <info>  (enp0s25): Activation: Stage 4 of 5 (IPv6 Configure Timeout) complete.
Apr 28 15:30:24 Garmany systemd[1]: Starting Stop Read-Ahead Data Collection...
-- Subject: Unit systemd-readahead-done.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit systemd-readahead-done.service has begun starting up.
Apr 28 15:30:24 Garmany systemd[1]: Started Stop Read-Ahead Data Collection.
-- Subject: Unit systemd-readahead-done.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit systemd-readahead-done.service has finished starting up.
--
-- The start-up result is done.
Apr 28 15:30:25 Garmany fprintd[2834]: ** Message: No devices in use, exit
[root@Garmany william]# apache2ctl -S
bash: apache2ctl: command not found...
[root@Garmany william]#

I also ran apache2ctl -S as requested and as you can see it is not found. I feel like I'm missing something but I'm just not sure what it is.

I also created the error.log mentioned above by "John VV", there wasn't a file there before.

EPLychon · 04-28-2015, 03:50 PM

I got it to start. I had to change the write access and then I got this message:

Code:

 SELinux is preventing /usr/sbin/httpd from write access on the directory /var/www/sorchastarr.com.

                                      *****  Plugin httpd_write_content (92.2 confidence) suggests   ***************

                                      If you want to allow httpd to have write access on the sorchastarr.com directory
                                      Then you need to change the label on '/var/www/sorchastarr.com'
                                      Do
                                      # semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/sorchastarr.com'
                                      # restorecon -v '/var/www/sorchastarr.com'

                                      *****  Plugin catchall_boolean (7.83 confidence) suggests   ******************

                                      If you want to allow httpd to unified
                                      Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.
                                      You can read 'None' man page for more details.
                                      Do
                                      setsebool -P httpd_unified 1

                                      *****  Plugin catchall (1.41 confidence) suggests   **************************

                                      If you believe that httpd should be allowed write access on the sorchastarr.com directory by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # grep httpd /var/log/audit/audit.log | audit2allow -M mypol
                                      # semodule -i mypol.pp

Once I followed the instructions I was able to start httpd!

Thanks for the help!

Habitual · 04-28-2015, 05:18 PM

Good job and Well Done!

descendant_command · 04-28-2015, 05:23 PM

... duplicate ...

descendant_command · 04-28-2015, 05:25 PM

Quote:

Originally Posted by John VV

all files in /var/www should be OWNED BY the user "apache"

I couldn't disagree more.
The user running the webserver should have write access to the bare minimum required to perform it's functions.
If it has the ability to rewrite it's own files it gives any attacker MUCH more scope to make your webserver do their bidding.