httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Goran Tepshic <purpleri...@gmail.com>
Subject Re: [users@httpd] FreebSD jailed Apache 2.4 rewrite/proxy module errors
Date Wed, 13 Aug 2014 18:46:24 GMT
Great, thanks a ton mate!


On Wed, Aug 13, 2014 at 8:30 PM, Jeff Trawick <trawick@gmail.com> wrote:

> On Wed, Aug 13, 2014 at 8:05 AM, Goran Tepshic <purpleritza@gmail.com>
> wrote:
>
>> Hmm, interesting tip Jedd.
>>
>>  I now tried changing mutex (*commended by default*) to *sem *and those
>> error logs stopped.
>> Now, reading this page
>> http://httpd.apache.org/docs/current/mod/core.html#mutex i see that
>> there are couple of mutexes available (*i still don't know what that is
>> and why do I need one*) and couple of them seems to remedy this issue.
>> Not sure which one should i choose, which is stable and most performant.
>>
>> I'm by no means an expert, just a unix fan trying to set up a simple,
>> secure VPS.
>> Could you please shed some light on choosing the best solution?
>>
>
> Safe:
>
> Follow the "strength in numbers" path.  Use flock since that is the
> default for FreeBSD and presumably most httpd configurations there are
> still using it.  But as you noticed originally the default path is not in a
> place where the child has permission to write to it, so see about that.
>  (The path should default to ServerRoot / logs / )  dtruss/truss/whatever
> should be able to show what path can't be accessed in the jail.
>
>
> Fastest:
>
> Unless you want to benchmark your environment, I wouldn't worry about it.
>  Some that may be theoretically faster have caveats listed in the
> documentation.
>
> Posixsem (which you might get with "sem") is the one that most recently
> was found to have code bugs exposed in some httpd configurations (fixed in
> future releases of apr).
>
>
>
>>
>> ALso, HUGE thanks for your help!
>>
>>
>> On Wed, Aug 13, 2014 at 1:10 PM, Jeff Trawick <trawick@gmail.com> wrote:
>>
>>> On Wed, Aug 13, 2014 at 6:40 AM, Goran Tepshic <purpleritza@gmail.com>
>>> wrote:
>>>
>>>> Just set up a FreeBSD jail to run httpd in it and all works good except
>>>> these two, rewrite/proxy modules.
>>>>
>>>> *These are error logs excerpts:*
>>>>
>>>>
>>>> *mod_rewrite* error:
>>>>
>>>> [rewrite:crit] [pid 43447] (13)Permission denied: AH00666: mod_rewrite:
>>>> could not init rewrite_mapr_lock_acquire in child
>>>>
>>>> *mod_proxy* error:
>>>>
>>>> [proxy:crit] [pid 43447] (13)Permission denied: AH02479: could not init
>>>> proxy_mutex in child
>>>>
>>>>
>>>> Not sure permissions of *what* are being denied as html in document
>>>> root is being served just fine when these modules are disabled.
>>>>
>>>> I tried googling but found nothing but rubbish.
>>>>
>>>>
>>>> Please help, this thing is making me crazy.
>>>>
>>> httpd/APR on FreeBSD uses a file-based mutex ("flock") by default.  It
>>> looks like the mutex files are placed in a location where the httpd child
>>> processes don't have permission.
>>>
>>> You should be able to use 2.4's Mutex directive (
>>> http://httpd.apache.org/docs/current/mod/core.html#mutex) to resolve
>>> the issue.
>>>
>>> Perhaps the necessary magic is
>>>
>>> Mutex file:/some/path/ default
>>>
>>> where /some/path is writable by httpd parent and child.  I don't *think*
>>> this is some jail-specific issue, other than that child-writable paths in
>>> the jail may be different/more limited due to the way it is set up.
>>>
>>>
>>> --
>>> Born in Roswell... married an alien...
>>> http://emptyhammock.com/
>>>
>>>
>>
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
> http://edjective.org/
>
>

Mime
View raw message