problem after running all the apache2/php5 upgrade

Hey guys and gals,

Pardon the fact that I am a noob lamer. I’ve run a linux server for about 5 years now and readily admit I have done little to learn about the inner workings of this world. I can turn you into a pretzel teaching Photoshop, but the server thing is more of a need to know thing for me.

Well, when it breaks, I NEED TO KNOW!

Anyhow, all these upgrades popped up on my admin panel tonight and I ran them and summarily brought the server down in doing so. Some really odd things happened.

Running Debian, jic that matters.

First, the upgrade enabled Suexec and put suexec directives in all my domain directives (as seen by edit directives from each domain’s apache config panel in virtualmin)

After doing some searching here, I realized that is not a good thing, so I disabled suexec in the apache cp.

I then had to go into each domain’s directives files and delete the top line that referred to Suexec.

Still a problem, kept getting overlapping domains when trying to start apache.

I looked under networking and addressing in the Global Apache Config panel and my Addresses for name virtual servers was set to *:80, which I knew wasn’t good, because I have one domain on its own IP addie, so I replaced the * with the actual IP addie for the virtual host, and bingo! Apache started right up.

Ok… now I know there’s a lot of people snickering at me now, that’s fine :o) I’m just a dumb-assed noob anyhow. Just wanted to post this to see if anyone else has had this issue after the upgrade on or after 2/14/09

Server’s running, all is well, just wanted to report this happening, because it’s got to be a bug somewhere in the upgrade process, probably due to Apache itself?

</ramblings>

Steve

After doing some searching here, I realized that is not a good thing

Suexec is a very good thing…for times and places where suexec is a good thing.

I don’t know what you mean in this context, as to why it would be a bad thing. It’s a security feature, and though it has some performance related negatives, it is overall a positive in most virtual hosting deployments.

I’m just saying don’t go talking bad about suexec. If you don’t need it, by all means turn it off…but no need to impugn the general character of a very fine Apache feature. :wink:

Also note that you can turn off addition of suexec directives by Virtualmin in the Server Templates "Apache website" section.

Still a problem, kept getting overlapping domains when trying to start apache.

This never had anything to do with suexec. It’s always a case of mismatched NameVirtualHost and VirtualHost sections. Always. (There are some docs about this problem in the Troubleshooting Common Problems guide. It is a common problem, and a very frequently misunderstood problem…and people often assume it is something else. But it really is always a problem in the VirtualHost/NameVirtualHost.)

Server's running, all is well, just wanted to report this happening, because it's got to be a bug somewhere in the upgrade process, probably due to Apache itself?

I don’t know. If it were, it’d be a bug in Debian’s Apache packages. Upgrades shouldn’t alter configuration files like this. I’ve not seen it happen, so I don’t know exactly what’s going on…but I mainly have CentOS and RHEL on my servers (and my Ubuntu laptop is only for testing of server stuff–it does so little work I’d probably not notice subtle problems like this).

Anybody else seen an upgrade of Apache causing configuration file breakage?

Hi Joe!

OK… Excuse my dumb-assed noob way of expressing things :o)

I turned off Suexec because it was reporting an error on each domain in terms of being able to restart apache after the upgrade for each domain, then reported the IP missmatch. I can certainly go in and reapply it. I may be dumb but I’m not stupid, I did copy each apache directive file before I took out the line, so I can certainly put them back in and see what happens.

Strange thing is apache reports itself still in the system info as not running, and yet all my sites are up and running, and most of them do rely on php/mysql and they are all up.

This is something I need to investigate further.

I also know that several packages during the install reported that they failed, and yet when I tried a manual install, they were all reported as having been installed.

I would think this is sort of normal behavior, but again, the unfortunate truth is, I really have no clue what I’m doing. In 5 years I’ve only killed the server once, and now have a clear knowledge that I must have a backup of every server level file I manipulate.

I’m including the full install sequence as an attachment, also my apache log jic there’s something obvious, but I’m not expecting anyone to help out. If I find something I can fix I will (obviously). Also attaching my Apache error log.

Pardon my language that intimated I know something, I clearly don’t! That’s ok, even dummies can get things fixed :o)

Thanks for your input, hopefully for everyone in debian land, I am an exception to the rule. [file name=install_errorLogs.zip size=36890]http://www.virtualmin.com/components/com_fireboard/uploaded/files/install_errorLogs.zip[/file]

So, I’m hearing various reports of etch going to lenny sort of auto-magically, which would be expected to break some stuff…I’m not entirely sure I understand why that would ever happen, as it seems really dangerous for that to be an automatic feature. Scott mentioned in the issue tracker that if apt is looking at “stable” rather than “etch” repositories, apt would upgrade the system to lenny. So, this could very well be what happened in your case–which would be expected to break things. Major OS upgrades should be undertaken with care, and planning (and good backups).

I’m spending the next few days almost exclusively with Debian, so I’ll probably understand what’s happening a bit more clearly–and we’ll have a lenny Virtualmin repo soon, too.

Wonderful Joe!

I continue to be amazed how well you guys respond to situations you in so many ways are not responsible. At least my server is running, even though it reports in the admin panel that apache is not.

Nothing super important that I could not do without for a few days anyhow. It’s nice to run a server that is not currently super mission critical :o)

I’ll watch my cp for your handy dandy updates.

And THANKS! I really mean it!

Steve

Joe,
First thanks for all your help on my system. I just applied all the new updates to my system and the old issue of susexec needing /home is back.
I found this ‘fix’ on the Ubuntu site -
Is this a cure for what ails me?


Re: Getting Virtualmin to work


Quote:
Originally Posted by Mistraal
Anybody?

I would also like to know how to change the default suexec settings.

As ubuntu follows the debian trend of modules maybe there is a switch or something to a2enmod. Dunno.

you have to :-

Open a terminal

$sudo apt-get install fakeroot
$sudo apt-get install build-essential
$apt-get source apache2
$sudo apt-get build-dep apache2

change to the apache2-2.0.x/debian folder
$cd apache2-2.0.X/debian
edit the rules file
$gedit rules
change the following line from
–with-suexec-docroot=/var/www
to
–with-suexec-docroot=/home
save.
cdup one level to the apache2-2.0.x folder
$cd …
then type
$dpkg-buildpackage -rfakeroot -b
$sudo dpkg -i …/apache2-2.0.x_i386.deb
then edit the /etc/apache2/apache2.conf file
$gedit /etc/apache2/apache2.conf
uncomment the following line
#AddHandler cgi-script .cgi
and make it look like this
AddHandler cgi-script .php .cgi .sh .pl

Thanks
nick

It sounds like somehow, the wrong version of Apache was installed onto your system.

You just need to make sure Virtualmin’s version of Apache is what is installed on your system, and not the one from your distro.

That would resolve your suexec issue.
-Eric

Eric,
I think I understand what you are saying - I did a completer os reinstall a couple of months ago and a virgin install using the virtualmin pro script - that should have installed the correct apache right?
When the virgin Virtualmin install finished everything worked great. The next install of updates brought the suexec issue back, this was fixed and the system worked great again.
When I installed the new updates yesterday the suexec complaint is back again.
Could you explain to me what the solution would be? I really like the VM/WebMin interface and want to continue running it. If there’s a fix I can do that will stop this single recurring issue I’d love to know what it is and how to perform it.
Thanks!

Yeah, in theory, the problem isn’t supposed to keep coming back :slight_smile:

What distro/version are you using?
-Eric

Ubuntu 8.04 LTS
Linux 2.6.24-21-server on i686
Apache version 2.2.8
Virtualmin 3.65 Pro

When I check the Virtualmin configuration (the yellow iformation bar is now showing again) I get the following error notice:
BIND DNS server is installed, and the system is configured to use it.
Mail server Postfix is installed and configured.

The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.

… your system is not ready for use by Virtualmin.

When I look at the STATUS of the system (via Virtualmin) I see the apache server as not up. (a red x is showing) - BUT the apache server is running as web pages are currently displaying there (ex. corporatebusinessjet.com).
Email does NOT work correctly.
I set up an acct. ‘nick@imhandy.com’ which had an automatic reply ‘i got it’, and also a forwarding address of my yahoo.com account.
I receive the autoreply quickly, I never receive the ‘forwarded’ version of the email.
When I turn off the ‘autoreply’ I STILL get an autoreply and STILL never receive just the forwarded email message.
If you or Joe would like to log in and take a look, please let me know and I’ll email you the access info.
Thanks again.

Do you perhaps have one or more non-standard repositories installed?

I’m using Ubuntu 8.04 as well, and it’s never attempted to overwrite my Apache version.

What does this show:

dpkg -l ‘apache2*’ | grep ii

dpkg -l ‘apache2*’ | grep ii
ii apache2-doc 2.2.8-11vm documentation for apache2
ii apache2-mpm-prefork 2.2.8-1ubuntu0.3 Traditional model for Apache HTTPD
ii apache2-utils 2.2.8-1ubuntu0.3 utility programs for webservers
ii apache2.2-common 2.2.8-1ubuntu0.3 Next generation, scalable, extendable web se

I think Nick’s system it squared away now.

The Ubuntu apache2 package was installed…I haven’t quite figured out why yet. But running “apt-get install apache2” got it back to normal.

Ubuntu’s apache2 suexec deb package is compiled with the docroot=/var/www and it should be docroot=/home for virtualmin.

follow nmournian’s directions above

Anytime you do a apt-get/aptitude you’ll overwrite with ubuntu’s prefork package and removing the apache2 worker version installed by virtualmin/webmin. This is why suexec defaults to ubuntu’s settings.

-Jason