opensuse 12.3 apache2 2.2.22 server crashes after kernel update

Hi, this is my first Thread here-.

A few month ago i managed to set up an apache2 + php + tomcat environment on a virtual host.
It’s a private server, hosting some plain html-pages with Fotos and a php-calendar-application.

I am using a software firewall and the server provides: ssl-Access only (am using an own-created certificate).

Everything worked fine until the host-service-provider did a lunix kernel update.

The new situation is:
If i try to open the web-page after restarting apache, apache seems to crash after fullfilling some requests.
That means some parts of my test-website get delivered to the server, but not all of them.

This is the corr. content of the file:
/var/log/apache2/error_log:

[Sat Jun 28 07:10:10 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jun 28 07:10:10 2014] [warn] RSA server certificate CommonName (CN) `###########' does NOT match server name!?
[Sat Jun 28 07:10:10 2014] [warn] module proxy_module is already loaded, skipping
[Sat Jun 28 07:10:10 2014] [warn] module proxy_ajp_module is already loaded, skipping
[Sat Jun 28 07:10:10 2014] [warn] module proxy_module is already loaded, skipping
[Sat Jun 28 07:10:10 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jun 28 07:10:10 2014] [warn] RSA server certificate CommonName (CN) `#############' does NOT match server name!?
[Sat Jun 28 07:10:11 2014] [warn] pid file /var/run/httpd2.pid overwritten -- Unclean shutdown of previous Apache run?
[Sat Jun 28 07:10:11 2014] [notice] Apache/2.2.22 (Linux/SUSE) mod_ssl/2.2.22 OpenSSL/1.0.1e PHP/5.3.17 mod_jk/1.2.30 configured -- resuming normal operations
[Sat Jun 28 07:10:23 2014] [emerg] (1)Operation not permitted: couldn't release the accept mutex
[Sat Jun 28 07:10:23 2014] [alert] Child 23603 returned a Fatal error... Apache is exiting!

And this is the new kerneversion:
uname -a:

Linux #############.stratoserver.net 3.7.10-042stab090.3 #1 SMP Fri Jun 6 09:35:21 MSK 2014 i686 athlon i386 GNU/Linux

apache2ctl -t


which: no w3m in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games)
[Sat Jun 28 07:22:16 2014] [warn] module proxy_module is already loaded, skipping
[Sat Jun 28 07:22:16 2014] [warn] module proxy_ajp_module is already loaded, skipping
[Sat Jun 28 07:22:16 2014] [warn] module proxy_module is already loaded, skipping
Syntax OK

apache2ctl -V


which: no w3m in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games)
Server version: Apache/2.2.22 (Linux/SUSE)
Server built:   2013-07-30 09:44:48.000000000 +0000
Server's Module Magic Number: 20051115:30
Server loaded:  APR 1.4.6, APR-Util 1.4.1
Compiled using: APR 1.4.6, APR-Util 1.4.1
Architecture:   32-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/srv/www"
 -D SUEXEC_BIN="/usr/sbin/suexec2"
 -D DEFAULT_PIDLOG="/var/run/httpd2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/accept.lock"
 -D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"

What could i do to solve the problem?
I hope someone can help me / guide me in the right direction-.

I don’t know how to locate the error-.

so i provide more info:

sudo systemctl status apache2.service


apache2.service - apache
      Loaded: loaded (/lib/systemd/system/apache2.service; disabled)
      Active: inactive (dead)
      CGroup: name=systemd:/system/apache2.service

Jun 22 16:59:54 h2094623.stratoserver.net httpd2[1630]: httpd (pid 1623?) not...
Jun 28 07:09:31 h2094623.stratoserver.net start_apache2[23571]: Module "mod_a...
Jun 28 07:09:31 h2094623.stratoserver.net start_apache2[23571]: Check the APA...
Jun 28 07:09:31 h2094623.stratoserver.net start_apache2[23571]: [Sat Jun 28 0...
Jun 28 07:09:31 h2094623.stratoserver.net start_apache2[23571]: [Sat Jun 28 0...
Jun 28 07:09:31 h2094623.stratoserver.net start_apache2[23571]: [Sat Jun 28 0...
Jun 28 07:10:23 h2094623.stratoserver.net httpd2[23604]: [Sat Jun 28 07:10:23...
Jun 28 07:10:23 h2094623.stratoserver.net httpd2[23604]: [Sat Jun 28 07:10:23...
Jun 28 07:10:23 h2094623.stratoserver.net httpd2[23604]: [Sat Jun 28 07:10:23...
Jun 28 07:10:23 h2094623.stratoserver.net httpd2[23604]: httpd (pid 23597?) n...

As you should have noticed yourself, that output is completely unreadable.

Please use:

sudo systemctl status -l apache2.service

One thing I noticed though: apache2.service is disabled so it won’t start automatically during boot.
Is that intended?
How exactly are you starting it?

As this seems to be a permissions issue, try to disable AppArmor (if it is running) as a test before you start Apache2.

sudo /sbin/rcapparmor stop

Thank you wolfi for your help,


sudo systemctl status -l apache2.service
systemctl: invalid option -- 'l'

Here is the current - readable output


sudo systemctl status  apache2.service
apache2.service - apache
      Loaded: loaded (/lib/systemd/system/apache2.service; enabled)
      Active: active (running) since Sat, 2014-06-28 22:24:24 CEST; 40min ago
     Process: 1069 ExecStop=/usr/sbin/httpd2 -D SYSTEMD -k stop (code=exited, status=0/SUCCESS)
     Process: 1081 ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -k start (code=exited, status=0/SUCCESS)
    Main PID: 1100 (httpd2-prefork)
      CGroup: name=systemd:/system/apache2.service
          ├ 1100 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
          ├ 1101 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
          ├ 1102 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
          ├ 1103 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
          ├ 1104 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
          └ 1105 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start

Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: Module "mod_ajp" is not installed, ignoring.
Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: Check the APACHE_MODULES setting in /etc/sysconfig/apache2.
Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: [Sat Jun 28 22:24:23 2014] [warn] module proxy_module is already loaded, skipping
Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: [Sat Jun 28 22:24:23 2014] [warn] module proxy_ajp_module is already loaded, skipping
Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: [Sat Jun 28 22:24:23 2014] [warn] module proxy_module is already loaded, skipping

Is that intended?

NO, and meanwhile i activated the ‘autorestart option’ - Before I was restarting the apache2 by hand (shame on me) using:
/etc/init.d/apache2 restart, because i actually also have to enter the phraseForServerkey (SSL) manually.
The autodelivery of the phraseForServerkey (SSL) is another point i still need a solution for-.

Before your kind reply i also tried to solve the problem myself and i found out, that the http protocol works fine when i switch off the firewall (which is set up to block the http) and the ssl.
vi /etc/sysconfig/apache2


APACHE_SERVER_FLAGS=""


SuSEfirewall2 stop

In my opinion that means, that there is a ssl-problem.

Should i still exec?


sudo /sbin/rcapparmor stop

Oh.
So this option did not exist in 12.3 yet.
Pity.

Here is the current - readable output

sudo systemctl status apache2.service
apache2.service - apache
Loaded: loaded (/lib/systemd/system/apache2.service; enabled)
Active: active (running) since Sat, 2014-06-28 22:24:24 CEST; 40min ago
Process: 1069 ExecStop=/usr/sbin/httpd2 -D SYSTEMD -k stop (code=exited, status=0/SUCCESS)
Process: 1081 ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -k start (code=exited, status=0/SUCCESS)
Main PID: 1100 (httpd2-prefork)
CGroup: name=systemd:/system/apache2.service
├ 1100 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
├ 1101 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
├ 1102 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
├ 1103 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
├ 1104 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start
└ 1105 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start

Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: Module “mod_ajp” is not installed, ignoring.
Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: Check the APACHE_MODULES setting in /etc/sysconfig/apache2.
Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: [Sat Jun 28 22:24:23 2014] [warn] module proxy_module is already loaded, skipping
Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: [Sat Jun 28 22:24:23 2014] [warn] module proxy_ajp_module is already loaded, skipping
Jun 28 22:24:23 h2094623.stratoserver.net start_apache2[1081]: [Sat Jun 28 22:24:23 2014] [warn] module proxy_module is already loaded, skipping

Hm, it is running now.

You have enabled mod_ajp but that isn’t installed. So I suppose you should either install it, or remove it from the “APACHE_MODULES” line in /etc/sysconfig/apache2. And you probably have proxy_module more than once in there (or it gets loaded more than once in /etc/apache2).

Anyway, those should not cause a problem.

NO, and meanwhile i activated the ‘autorestart option’ - Before I was restarting the apache2 by hand (shame on me) using:
/etc/init.d/apache2 restart, because i actually also have to enter the phraseForServerkey (SSL) manually.
The autodelivery of the phraseForServerkey (SSL) is another point i still need a solution for-.

You could also use “systemctl start apache2”, but that’s the same in the end.

Regarding phraseForServerkey, this might help:
http://sudaraka.org/how-to/create-self-signed-ssl-certificate

Before your kind reply i also tried to solve the problem myself and i found out, that the http protocol works fine when i switch off the firewall (which is set up to block the http) and the ssl.
vi /etc/sysconfig/apache2

APACHE_SERVER_FLAGS=“”

SuSEfirewall2 stop

In my opinion that means, that there is a ssl-problem.

Well, HTTPS runs on a different port than standard HTTP (normally 443), so you have to open that in the firewall of course. But I guess you know that anyway.

So switching off SSL makes Apache start successfully?
AFAIK you need to create a certificate for SSL/HTTPS to work.
But I don’t know the details there, as I never set up HTTPS myself.

Just enabling SSL on a default openSUSE installation does prevent Apache from starting successfully though.
At least on a 13.1 system.

The error messages you posted are a bit misleading then I’d say… :wink:
But there are indeed warnings about the certificate in your original post.

So probably the above link might help, or have a look here as well:
http://old-en.opensuse.org/Apache_Howto_SSL

Should i still exec?

sudo /sbin/rcapparmor stop

It’s worth a try. Although it shouldn’t pose a problem for Apache in the default config.
It’s started again on reboot anyway, or run “sudo /sbin/rcapparmor start” to start it again manually.
I don’t know whether you even have it installed/activated though of course.

Thank you very much for your help, again wolfi323.

You have enabled mod_ajp but that isn’t installed. So I suppose you should either install it, or remove it from the “APACHE_MODULES” line in /etc/sysconfig/apache2. And you probably have proxy_module more than once in there (or it gets loaded more than once in /etc/apache2).

… in the meantime i changed several concerned config-files
AND i also recreated my self-signed servercertificate according to the advices given in the links you provided.
AFterwards i re-activated SSL-mode


vi /etc/sysconfig/apache2
APACHE_SERVER_FLAGS="SSL"
APACHE_SERVERNAME="devServer" // also provided the name i used in my new selfsigned cert-.

SO my new status is:


systemctl stop apache2
systemctl start apache2
systemctl status apache2.service
apache2.service - apache
      Loaded: loaded (/lib/systemd/system/apache2.service; enabled)
      Active: active (running) since Sun, 2014-06-29 01:38:03 CEST; 22s ago
     Process: 4015 ExecStop=/usr/sbin/httpd2 -D SYSTEMD -k stop (code=exited, status=0/SUCCESS)
     Process: 4058 ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -k start (code=exited, status=0/SUCCESS)
    Main PID: 4079 (httpd2-prefork)
      CGroup: name=systemd:/system/apache2.service
          ├ 4079 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -k start
          ├ 4080 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -k start
          ├ 4081 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -k start
          ├ 4082 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -k start
          ├ 4083 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -k start
          └ 4084 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL -D SYSTEMD -k start

Jun 29 01:37:50 x.stratoserver.net start_apache2[4058]: [Sun Jun 29 01:37:50 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

After i called the testpage the status then changes upon


systemctl status apache2.service
apache2.service - apache
      Loaded: loaded (/lib/systemd/system/apache2.service; enabled)
      Active: inactive (dead) since Sun, 2014-06-29 01:41:22 CEST; 6s ago
     Process: 4092 ExecStop=/usr/sbin/httpd2 -D SYSTEMD -k stop (code=exited, status=0/SUCCESS)
     Process: 4058 ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -k start (code=exited, status=0/SUCCESS)
    Main PID: 4079 (code=exited, status=0/SUCCESS)
      CGroup: name=systemd:/system/apache2.service

Jun 29 01:37:50 x.stratoserver.net start_apache2[4058]: [Sun Jun 29 01:37:50 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Jun 29 01:41:22 x.stratoserver.net httpd2[4092]: httpd (pid 4079?) not running

journalctl -n is also working - my apache2 - config with SSL is not working-.


journalctl -n
-- Logs begin at Sun, 2014-06-22 16:48:04 CEST, end at Sun, 2014-06-29 01:29:51 CEST. --
Jun 29 01:00:01 x.stratoserver.net /USR/SBIN/CRON[3671]: pam_unix(crond:session): session closed for user root
Jun 29 01:02:19 x.stratoserver.net start_apache2[3704]: [Sun Jun 29 01:02:19 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Jun 29 01:04:12 x.stratoserver.net start_apache2[3734]: [Sun Jun 29 01:04:12 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Jun 29 01:04:57 x.stratoserver.net httpd2[3762]: httpd (pid 3754?) not running
Jun 29 01:11:41 x.stratoserver.net start_apache2[3783]: [Sun Jun 29 01:11:41 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Jun 29 01:11:59 x.stratoserver.net httpd2[3810]: httpd (pid 3803?) not running
Jun 29 01:18:01 x.stratoserver.net /usr/sbin/cron[3823]: pam_unix(crond:session): session opened for user root by (uid=0)
Jun 29 01:18:01 x.stratoserver.net /USR/SBIN/CRON[3823]: pam_unix(crond:session): session closed for user root
Jun 29 01:29:34 x.stratoserver.net start_apache2[3988]: [Sun Jun 29 01:29:34 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Jun 29 01:29:51 xx.stratoserver.net httpd2[4015]: httpd (pid 4008?) not running

At the moment i do not understand who is overlapping who?
But i am tired and i need a pause now.
Thank you though, i will check-in tommorow again.

So the server is running now.
But apparently you have two VirtualHosts configured to listen on port 443.
Probably a conflict between your vhosts configuration in /etc/apache2/vhosts.d/ and the default one in /etc/apache2/default-vhost.conf (or /etc/apache2/default-vhost-ssl.conf).

Maybe this would help?
http://blog.breidert.net/virtual-hosts-overlap-443-first-has-precendence/