Apache show me "Service Unavailable".

Issues related to applications and software problems
hack3rcon
Posts: 296
Joined: 2014/11/24 11:04:37

Re: Apache show me "Service Unavailable".

Post by hack3rcon » 2019/01/14 06:39:16

pjsr2 wrote:
2019/01/13 16:04:41
There is a long list of errors and warnings in your log file.
Start with resolving the ":error" messages, starting with the first one you encounter. Others further down may be errors that are consequences of earlier ones.

Your first error message is:
[Sun Jan 06 03:30:01.641250 2019] [:error] [pid 22045] SecServerSignature: original signature too short. Please set ServerTokens to Full.
Looks like you are setting the value of ServerTokens somewhere in your configuration. The default setting is "Full". Try setting it to the default (or just remove it). Why/how did you change the settings for SecServerSignature and ServerTokens? Are you following an installation guide with outdated information, or are you copying configuration information from an old installation?
[Sun Jan 06 11:23:46.157369 2019] [:error] [pid 22960] [client 172.21.50.9:51758] PHP Fatal error: Uncaught Error: Call to undefined function mb_list_encodings() in ...
You need to install the php module php-mbstring. You may need to install additional php modules if you get similar error messages. Other php packages that you may need to install are: php-mysql, php-gd, php-xml, php-mcrypt and php-xmlrpc. To install php-mbstring:

Code: Select all

sudo yum install php-mbstring 
[Sun Jan 06 15:55:02.949152 2019] [:error] [pid 22962] [client 172.21.50.63:54436] client denied by server configuration: /var/www/html/wp-content/uploads/2017/12/4-324x160.jpg, referer: ...
The SELinux context of the files in your installation under /var/www/html/wp-*/ may be incorrect. This happens for example if you moved them from another location. To restore the SELinux context for all files under /var/www/html do:

Code: Select all

sudo restorecon -r -v -F /var/www/html
You can find useful information on SELinux in https://wiki.centos.org/HowTos/SELinux.
Thank you. My "httpd.conf" :

Code: Select all

ServerSignature Off
ServerTokens Prod
SecServerSignature Microsoft_IIS_8
Why it is short? How much its length must be?
About SELinux command:

Code: Select all

sudo restorecon -r -v -F /var/www/html
Is it restore my SELinux policy? The current policy is:

Code: Select all

$ ll -Z
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html

pjsr2
Posts: 362
Joined: 2014/03/27 20:11:07

Re: Apache show me "Service Unavailable".

Post by pjsr2 » 2019/01/14 14:58:38

SecServerSignature replaces the server token in the header with its value. When you have "ServerTokens Prod", the server token has the value "Apache", which is shorter than "Microsoft_IIS_8". You need to set the Server token to something at least as long as "Microsoft_IIS_8", for example by configuring "ServerTokens Full"
See https://github.com/SpiderLabs/ModSecuri ... rSignature
The security value of changing/hiding the Server token is limited, probably not worth the hassle.

Each file or directory has its own SELinux context. The option "-r" to the restorecon command makes that the commands restores the context recursively on any file or directory under /var/www/html.

hack3rcon
Posts: 296
Joined: 2014/11/24 11:04:37

Re: Apache show me "Service Unavailable".

Post by hack3rcon » 2019/01/15 06:37:07

pjsr2 wrote:
2019/01/14 14:58:38
SecServerSignature replaces the server token in the header with its value. When you have "ServerTokens Prod", the server token has the value "Apache", which is shorter than "Microsoft_IIS_8". You need to set the Server token to something at least as long as "Microsoft_IIS_8", for example by configuring "ServerTokens Full"
See https://github.com/SpiderLabs/ModSecuri ... rSignature
The security value of changing/hiding the Server token is limited, probably not worth the hassle.

Each file or directory has its own SELinux context. The option "-r" to the restorecon command makes that the commands restores the context recursively on any file or directory under /var/www/html.
Thank you.
I set "ServerTokens Full" and my log is:

Code: Select all

# cat /var/log/httpd/error_log
[Tue Jan 15 09:58:18.407849 2019] [mpm_prefork:notice] [pid 2952] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Jan 15 09:58:19.551469 2019] [core:notice] [pid 3535] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Jan 15 09:58:19.555787 2019] [suexec:notice] [pid 3535] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 15 09:58:19.555839 2019] [:notice] [pid 3535] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Tue Jan 15 09:58:19.555845 2019] [:notice] [pid 3535] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"
[Tue Jan 15 09:58:19.555850 2019] [:notice] [pid 3535] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Tue Jan 15 09:58:19.555856 2019] [:notice] [pid 3535] ModSecurity: LUA compiled version="Lua 5.1"
[Tue Jan 15 09:58:19.555859 2019] [:notice] [pid 3535] ModSecurity: LIBXML compiled version="2.9.1"
[Tue Jan 15 09:58:19.555862 2019] [:notice] [pid 3535] ModSecurity: Original server signature: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
[Tue Jan 15 09:58:19.555953 2019] [:notice] [pid 3535] ModSecurity: StatusEngine call: "2.9.2,Apache/2.4.6 (CentOS) Ope,1.4.8/1.4.8,8.32/8.32 2012-11-30,Lua 5.1,2.9.1,ea"
[Tue Jan 15 09:58:19.748774 2019] [:notice] [pid 3535] ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/
[Tue Jan 15 09:58:19.756745 2019] [so:warn] [pid 3535] AH01574: module deflate_module is already loaded, skipping
[Tue Jan 15 09:58:19.756766 2019] [so:warn] [pid 3535] AH01574: module deflate_module is already loaded, skipping
[Tue Jan 15 09:58:19.760151 2019] [so:warn] [pid 3535] AH01574: module deflate_module is already loaded, skipping
[Tue Jan 15 09:58:19.761046 2019] [so:warn] [pid 3535] AH01574: module headers_module is already loaded, skipping
[Tue Jan 15 09:58:19.770163 2019] [so:warn] [pid 3535] AH01574: module ssl_module is already loaded, skipping
[Tue Jan 15 09:58:19.811128 2019] [auth_digest:notice] [pid 3535] AH01757: generating secret for digest authentication ...
[Tue Jan 15 09:58:19.814931 2019] [lbmethod_heartbeat:notice] [pid 3535] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 15 09:58:19.867421 2019] [mpm_prefork:notice] [pid 3535] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips Microsoft_IIS_8 configured -- resuming normal operations
[Tue Jan 15 09:58:19.867481 2019] [core:notice] [pid 3535] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Why I must restore SELinux policy? My current SELinux policy is:

Code: Select all

# ls -Z /var/www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
Is it wrong?

pjsr2
Posts: 362
Joined: 2014/03/27 20:11:07

Re: Apache show me "Service Unavailable".

Post by pjsr2 » 2019/01/15 08:23:11

The log file in one of your previous messages showed "denied" on many files, and that could have been caused by wrong SELinux context settings.
These messages don't show up any more in your log file. Looks like your server is up and running.

There are some warnings left on loading modules multiple times. You can ignore these warnings, but if you want to resolve these, you have to carefully go through the configuration files and comment out those places were a module is loaded a second time.

hack3rcon
Posts: 296
Joined: 2014/11/24 11:04:37

Re: Apache show me "Service Unavailable".

Post by hack3rcon » 2019/01/15 09:30:55

pjsr2 wrote:
2019/01/15 08:23:11
The log file in one of your previous messages showed "denied" on many files, and that could have been caused by wrong SELinux context settings.
These messages don't show up any more in your log file. Looks like your server is up and running.

There are some warnings left on loading modules multiple times. You can ignore these warnings, but if you want to resolve these, you have to carefully go through the configuration files and comment out those places were a module is loaded a second time.
Can it cause any problem?
In my config file:

Code: Select all

$ cat /etc/httpd/conf/httpd.conf | grep deflate_module
LoadModule deflate_module modules/mod_deflate.so
LoadModule deflate_module modules/mod_expires.so
LoadModule deflate_module modules/mod_rewrite.so

$ cat /etc/httpd/conf/httpd.conf | grep headers_module
LoadModule headers_module modules/mod_headers.so

$ cat /etc/httpd/conf/httpd.conf | grep ssl_module
LoadModule ssl_module modules/mod_ssl.so

pjsr2
Posts: 362
Joined: 2014/03/27 20:11:07

Re: Apache show me "Service Unavailable".

Post by pjsr2 » 2019/01/15 11:47:08

You need to search all configuration files for the modules, not just /etc/httpd/conf/httpd.conf. Candidates are all files in the /etc/httpd/conf, /etc/httpd/conf.d and /etc/httpd/conf.modules.d directories.

Code: Select all

grep -r mod_ /etc/httpd

hack3rcon
Posts: 296
Joined: 2014/11/24 11:04:37

Re: Apache show me "Service Unavailable".

Post by hack3rcon » 2019/01/18 05:55:39

pjsr2 wrote:
2019/01/15 11:47:08
You need to search all configuration files for the modules, not just /etc/httpd/conf/httpd.conf. Candidates are all files in the /etc/httpd/conf, /etc/httpd/conf.d and /etc/httpd/conf.modules.d directories.

Code: Select all

grep -r mod_ /etc/httpd
The output is:

Code: Select all

$ grep -r mod_ /etc/httpd
/etc/httpd/conf/magic:# Magic data for mod_mime_magic Apache module (originally for file(1) command)
/etc/httpd/conf/magic:# The module is described in /manual/mod/mod_mime_magic.html
/etc/httpd/conf/httpd.conf.save:# LoadModule foo_module modules/mod_foo.so
/etc/httpd/conf/httpd.conf.save:      # You need to enable mod_logio.c to use %I and %O
/etc/httpd/conf/httpd.conf.save:    # The mod_mime_magic module allows the server to use various hints from the
/etc/httpd/conf/httpd.conf:# LoadModule foo_module modules/mod_foo.so
/etc/httpd/conf/httpd.conf:LoadModule ssl_module modules/mod_ssl.so
/etc/httpd/conf/httpd.conf:LoadModule deflate_module modules/mod_deflate.so
/etc/httpd/conf/httpd.conf:LoadModule deflate_module modules/mod_expires.so
/etc/httpd/conf/httpd.conf:LoadModule deflate_module modules/mod_rewrite.so
/etc/httpd/conf/httpd.conf:LoadModule headers_module modules/mod_headers.so
/etc/httpd/conf/httpd.conf:      # You need to enable mod_logio.c to use %I and %O
/etc/httpd/conf/httpd.conf:    # The mod_mime_magic module allows the server to use various hints from the
/etc/httpd/conf/httpd.conf:<IfModule mod_expires.c>
/etc/httpd/conf/httpd.conf:<IfModule mod_deflate.c>
/etc/httpd/conf/httpd.conf:<IfModule mod_rewrite.c>
/etc/httpd/conf/httpd.conf:<IfModule mod_headers.c>
/etc/httpd/conf.d/autoindex.conf:# Required modules: mod_authz_core, mod_authz_host,
/etc/httpd/conf.d/autoindex.conf:#                   mod_autoindex, mod_alias
/etc/httpd/conf.d/userdir.conf:<IfModule mod_userdir.c>
/etc/httpd/conf.d/php.conf:    <IfModule mod_authz_core.c>
/etc/httpd/conf.d/php.conf:    <IfModule !mod_authz_core.c>
/etc/httpd/conf.d/php.conf:# mod_php options
/etc/httpd/conf.d/php.conf:<IfModule  mod_php7.c>
/etc/httpd/conf.d/php.conf:    php_value session.save_path    "/var/lib/php/mod_php/session"
/etc/httpd/conf.d/php.conf:    php_value soap.wsdl_cache_dir  "/var/lib/php/mod_php/wsdlcache"
/etc/httpd/conf.d/php.conf:    #php_value opcache.file_cache   "/var/lib/php/mod_php/opcache"
/etc/httpd/conf.d/ssl.conf:#   block. So, if available, use this one instead. Read the mod_ssl User
/etc/httpd/conf.d/ssl.conf:#   See the mod_ssl documentation for a complete list.
/etc/httpd/conf.d/ssl.conf:#   mixture between C and Perl.  See the mod_ssl documentation
/etc/httpd/conf.d/ssl.conf:#   approach is that mod_ssl sends the close notify alert but doesn't wait for
/etc/httpd/conf.d/ssl.conf:#     mod_ssl sends the close notify alert.
/etc/httpd/conf.d/ssl.conf:#     SSL close notify alert is send and mod_ssl waits for the close notify
/etc/httpd/conf.d/mod_security.conf:<IfModule mod_security2.c>
/etc/httpd/conf.d/mod_security.conf:    SecTmpDir /var/lib/mod_security
/etc/httpd/conf.d/mod_security.conf:    SecDataDir /var/lib/mod_security
/etc/httpd/conf.d/mod_evasive.conf:# mod_evasive configuration
/etc/httpd/conf.d/mod_evasive.conf:LoadModule evasive20_module modules/mod_evasive24.so
/etc/httpd/conf.d/mod_evasive.conf:<IfModule mod_evasive24.c>
/etc/httpd/conf.d/mod_evasive.conf:    # (see mod_evasive.c for a list of primes used).
/etc/httpd/conf.d/mod_evasive.conf:    #DOSLogDir           "/var/lock/mod_evasive"
/etc/httpd/conf.modules.d/00-base.conf:LoadModule access_compat_module modules/mod_access_compat.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule actions_module modules/mod_actions.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule alias_module modules/mod_alias.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule allowmethods_module modules/mod_allowmethods.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule auth_basic_module modules/mod_auth_basic.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule auth_digest_module modules/mod_auth_digest.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authn_anon_module modules/mod_authn_anon.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authn_core_module modules/mod_authn_core.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authn_dbd_module modules/mod_authn_dbd.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authn_dbm_module modules/mod_authn_dbm.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authn_file_module modules/mod_authn_file.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authn_socache_module modules/mod_authn_socache.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authz_core_module modules/mod_authz_core.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authz_dbd_module modules/mod_authz_dbd.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authz_dbm_module modules/mod_authz_dbm.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authz_host_module modules/mod_authz_host.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authz_owner_module modules/mod_authz_owner.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule authz_user_module modules/mod_authz_user.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule autoindex_module modules/mod_autoindex.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule cache_module modules/mod_cache.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule cache_disk_module modules/mod_cache_disk.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule data_module modules/mod_data.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule dbd_module modules/mod_dbd.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule deflate_module modules/mod_deflate.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule dir_module modules/mod_dir.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule dumpio_module modules/mod_dumpio.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule echo_module modules/mod_echo.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule env_module modules/mod_env.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule expires_module modules/mod_expires.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule ext_filter_module modules/mod_ext_filter.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule filter_module modules/mod_filter.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule headers_module modules/mod_headers.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule include_module modules/mod_include.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule info_module modules/mod_info.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule log_config_module modules/mod_log_config.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule logio_module modules/mod_logio.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule mime_magic_module modules/mod_mime_magic.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule mime_module modules/mod_mime.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule negotiation_module modules/mod_negotiation.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule remoteip_module modules/mod_remoteip.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule reqtimeout_module modules/mod_reqtimeout.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule rewrite_module modules/mod_rewrite.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule setenvif_module modules/mod_setenvif.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule socache_dbm_module modules/mod_socache_dbm.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule socache_memcache_module modules/mod_socache_memcache.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule status_module modules/mod_status.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule substitute_module modules/mod_substitute.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule suexec_module modules/mod_suexec.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule unique_id_module modules/mod_unique_id.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule unixd_module modules/mod_unixd.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule userdir_module modules/mod_userdir.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule version_module modules/mod_version.so
/etc/httpd/conf.modules.d/00-base.conf:LoadModule vhost_alias_module modules/mod_vhost_alias.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule buffer_module modules/mod_buffer.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule watchdog_module modules/mod_watchdog.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule heartbeat_module modules/mod_heartbeat.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule heartmonitor_module modules/mod_heartmonitor.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule usertrack_module modules/mod_usertrack.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule dialup_module modules/mod_dialup.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule charset_lite_module modules/mod_charset_lite.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule log_debug_module modules/mod_log_debug.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule ratelimit_module modules/mod_ratelimit.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule reflector_module modules/mod_reflector.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule request_module modules/mod_request.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule sed_module modules/mod_sed.so
/etc/httpd/conf.modules.d/00-base.conf:#LoadModule speling_module modules/mod_speling.so
/etc/httpd/conf.modules.d/00-dav.conf:LoadModule dav_module modules/mod_dav.so
/etc/httpd/conf.modules.d/00-dav.conf:LoadModule dav_fs_module modules/mod_dav_fs.so
/etc/httpd/conf.modules.d/00-dav.conf:LoadModule dav_lock_module modules/mod_dav_lock.so
/etc/httpd/conf.modules.d/00-lua.conf:LoadModule lua_module modules/mod_lua.so
/etc/httpd/conf.modules.d/00-mpm.conf:LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
/etc/httpd/conf.modules.d/00-mpm.conf:#LoadModule mpm_worker_module modules/mod_mpm_worker.so
/etc/httpd/conf.modules.d/00-mpm.conf:#LoadModule mpm_event_module modules/mod_mpm_event.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_module modules/mod_proxy.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_connect_module modules/mod_proxy_connect.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_express_module modules/mod_proxy_express.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_http_module modules/mod_proxy_http.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
/etc/httpd/conf.modules.d/00-proxy.conf:LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
/etc/httpd/conf.modules.d/00-systemd.conf:LoadModule systemd_module modules/mod_systemd.so
/etc/httpd/conf.modules.d/01-cgi.conf:# which has been configured in 00-mpm.conf.  mod_cgid should be used
/etc/httpd/conf.modules.d/01-cgi.conf:# with a threaded MPM; mod_cgi with the prefork MPM.
/etc/httpd/conf.modules.d/01-cgi.conf:   LoadModule cgid_module modules/mod_cgid.so
/etc/httpd/conf.modules.d/01-cgi.conf:   LoadModule cgid_module modules/mod_cgid.so
/etc/httpd/conf.modules.d/01-cgi.conf:   LoadModule cgi_module modules/mod_cgi.so
/etc/httpd/conf.modules.d/00-ssl.conf:LoadModule ssl_module modules/mod_ssl.so
/etc/httpd/conf.modules.d/10-mod_security.conf:LoadModule security2_module modules/mod_security2.so
/etc/httpd/conf.modules.d/10-mod_security.conf:<IfModule !mod_unique_id.c>
/etc/httpd/conf.modules.d/10-mod_security.conf:    LoadModule unique_id_module modules/mod_unique_id.so
/etc/httpd/conf.modules.d/10-limitipconn.conf:# This module will not function unless mod_status is loaded and the
/etc/httpd/conf.modules.d/10-limitipconn.conf:# "ExtendedStatus On" directive is set. So load only if mod_status is too.
/etc/httpd/conf.modules.d/10-limitipconn.conf:<IfModule mod_status.c>
/etc/httpd/conf.modules.d/10-limitipconn.conf:    # mod_limitipconn configuration
/etc/httpd/conf.modules.d/10-limitipconn.conf:    LoadModule limitipconn_module modules/mod_limitipconn.so
/etc/httpd/conf.modules.d/10-limitipconn.conf:    # from the mod_limitipconn package for configuration examples.

pjsr2
Posts: 362
Joined: 2014/03/27 20:11:07

Re: Apache show me "Service Unavailable".

Post by pjsr2 » 2019/01/19 19:04:02

For mod_deflate, you can see that it is loaded in the following line:

Code: Select all

/etc/httpd/conf.modules.d/00-base.conf:LoadModule deflate_module modules/mod_deflate.so
This line is probably processed very early, since the files in the conf.modules.d directory are included on one of the first lines in /etc/httpd/httpd.conf:

Code: Select all

Include conf.modules.d/*.conf
Later on in the httpd.conf file the module is loaded a second time on the line with:

Code: Select all

/etc/httpd/conf/httpd.conf:LoadModule deflate_module modules/mod_deflate.so
You can either comment out that line, or protect the module from being loaded a second time by surrounding it with <IfModule> directives in the following way:

Code: Select all

<IfModule !mod_deflate.c>
LoadModule deflate_module modules/mod_deflate.so
</IfModule>
Likewise, you can protect headers_module and ssl_module with directives <IfModule !mod_headers.c> and <IfModule !mod_ssl.c> from being loadded a second time.

In CentOS, the normal place to load the modules is in a LoadModule directive in a file in the /etc/httpd/conf.modules.d directory. When you add an additional module, you can add an additional file with the LoadModule directive in the conf.modules.d directory. Such a file is normally installed by the package that contains the module.

See the apache documentation on https://httpd.apache.org/docs/2.4/mod/c ... l#ifmodule

hack3rcon
Posts: 296
Joined: 2014/11/24 11:04:37

Re: Apache show me "Service Unavailable".

Post by hack3rcon » 2019/01/20 06:17:24

pjsr2 wrote:
2019/01/19 19:04:02
For mod_deflate, you can see that it is loaded in the following line:

Code: Select all

/etc/httpd/conf.modules.d/00-base.conf:LoadModule deflate_module modules/mod_deflate.so
This line is probably processed very early, since the files in the conf.modules.d directory are included on one of the first lines in /etc/httpd/httpd.conf:

Code: Select all

Include conf.modules.d/*.conf
Later on in the httpd.conf file the module is loaded a second time on the line with:

Code: Select all

/etc/httpd/conf/httpd.conf:LoadModule deflate_module modules/mod_deflate.so
You can either comment out that line, or protect the module from being loaded a second time by surrounding it with <IfModule> directives in the following way:

Code: Select all

<IfModule !mod_deflate.c>
LoadModule deflate_module modules/mod_deflate.so
</IfModule>
Likewise, you can protect headers_module and ssl_module with directives <IfModule !mod_headers.c> and <IfModule !mod_ssl.c> from being loadded a second time.

In CentOS, the normal place to load the modules is in a LoadModule directive in a file in the /etc/httpd/conf.modules.d directory. When you add an additional module, you can add an additional file with the LoadModule directive in the conf.modules.d directory. Such a file is normally installed by the package that contains the module.

See the apache documentation on https://httpd.apache.org/docs/2.4/mod/c ... l#ifmodule
When I commented below line:

Code: Select all

LoadModule deflate_module modules/mod_deflate.so
Then Apache can't start:

Code: Select all

# journalctl -xe
-- 
-- Unit httpd.service has begun shutting down.
Jan 20 09:43:26 localhost.localdomain systemd[1]: Stopped The Apache HTTP Server.
-- Subject: Unit httpd.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit httpd.service has finished shutting down.
Jan 20 09:43:26 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit httpd.service has begun starting up.
Jan 20 09:43:26 localhost.localdomain httpd[23564]: httpd: Syntax error on line 56 of /etc/httpd/conf/httpd.conf: Can't locate
Jan 20 09:43:26 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 20 09:43:26 localhost.localdomain kill[23566]: kill: cannot find process ""
Jan 20 09:43:26 localhost.localdomain systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 20 09:43:26 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit httpd.service has failed.
-- 
-- The result is failed.
Jan 20 09:43:26 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
Jan 20 09:43:26 localhost.localdomain systemd[1]: httpd.service failed.
Jan 20 09:43:26 localhost.localdomain polkitd[5721]: Unregistered Authentication Agent for unix-process:23552:110329782 (syste

Post Reply