[olug] Apache will no longer run in Red Hat after a reboot

Kevin sharpestmarble at gmail.com
Tue Jan 27 15:52:19 CST 2015


Is SELinux turned on? If it is and if it's the thing doing the blocking,
then it will manifest as a confusing permissions issue. Try this:
`setenforce Permissive` and see if it starts working.

On Tue, Jan 27, 2015 at 2:26 PM, Damian Harouff <cekkent at gmail.com> wrote:

> If this is stock RHEL-provided Apache, SSL should already be compiled in,
> which can be confirmed with:
>
> root at svr [~]# httpd -t -D DUMP_MODULES | grep ssl
>  ssl_module (static)
> root at svr [~]#
>
> Otherwise you'll have to compile it in or load the module.
>
> Once you get over that hurdle, getting SSL going should be as easy as
> specifying an additional VirtualHost directive on port 443 inside the
> site's configuration:
>
> <VirtualHost 192.168.1.1:443>
>         SSLEngine on
>         SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
>         SSLCertificateFile      /etc/ssl/star.example.com.crt
>         SSLCertificateKeyFile   /etc/ssl/star.example.com.key
>
>         ServerName      "two.example.com"
>         DocumentRoot    "/var/www/html/two"
>
>         CustomLog       "/var/log/httpd/two-access.log" combined
>         ErrorLog        "/var/log/httpd/two-error.log"
>
>         <Directory /var/www/html>
>                 AllowOverride none
>
>                 Order Allow,Deny
>                 Allow from all
>         </Directory>
> </VirtualHost>
>
>
>
> On Tue, Jan 27, 2015 at 2:16 PM, T. J. Brumfield <enderandrew at gmail.com>
> wrote:
>
> > Yeah, that's what I tried. I httpd.conf is inheriting any *.conf file in
> > /etc/httpd/conf.d so I just renamed nss.conf to nss.conf.bak (since
> > nss.conf was the file actually loading mod_nss) and when I did that,
> Apache
> > would start, but SSL wasn't working.
> >
> > On Tue, Jan 27, 2015 at 2:14 PM, Damian Harouff <cekkent at gmail.com>
> wrote:
> >
> > > I hate to be "that guy", but: is he even using mod_nss? Red Hat tends
> to
> > > enable a lot of things arbitrarily. I know that NSS is more "open", but
> > > mod_ssl might get him back online sooner.
> > >
> > > On Tue, Jan 27, 2015 at 2:11 PM, T. J. Brumfield <
> enderandrew at gmail.com>
> > > wrote:
> > >
> > > > I'll try 644. Every article I saw on this said it must be a
> permission
> > > > issue access the *.db files in /etc/httpd/alias but the permissions
> > > appear
> > > > to be set correctly.
> > > >
> > > > On Tue, Jan 27, 2015 at 2:05 PM, Lou Duchez <lou at paprikash.com>
> wrote:
> > > >
> > > > > https://www.centos.org/forums/viewtopic.php?t=5818
> > > > >
> > > > > The fix seems to be:
> > > > >
> > > > > cd /etc/httpd
> > > > > chmod -R +r alias
> > > > >
> > > > > I don't think that 640 is right; I think you're looking for 644.
> > > > >
> > > > >  I got a call from a friend whose business depends on an Apache web
> > > > server,
> > > > >> but he doesn't know much about Linux. He is running Red Hat inside
> > of
> > > a
> > > > >> Windows Hyper-V VM. He bounced the Windows box for patching, which
> > in
> > > > turn
> > > > >> rebooted his VM. He doesn't remember the last time he installed
> > > updates
> > > > in
> > > > >> Red Hat, but he does it from time to time.
> > > > >>
> > > > >> /var/log/httpd/error_log is just full of this:
> > > > >>
> > > > >> [error] NSS_Initialize failed. Certificate database:
> > /etc/httpd/alias.
> > > > >> [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED
> > > > >>
> > > > >> I've never used NSS personally. I Googled for the error and
> > literally
> > > > >> every
> > > > >> hit I found was a permissions issue, that the apache wasn't
> running
> > > > under
> > > > >> the right group or that group couldn't access the files under
> > > > >> /etc/httpd/alias.
> > > > >>
> > > > >> The problem is that doesn't appear to the problem with my buddy.
> > Every
> > > > >> httpd process is running under apache:apache and all the *.db
> files
> > in
> > > > >> /etc/httpd/alias are 640 and owned by the apache group, exactly
> how
> > > they
> > > > >> should be.
> > > > >>
> > > > >> My buddy's business is down until we can resolve this.
> > > > >>
> > > > >> Any suggestions from someone more familiar with Red
> > Hat/Fedora/CentOS
> > > > and
> > > > >> NSS?
> > > > >>
> > > > >> -- T. J. Brumfield
> > > > >> "I'm questioning my education
> > > > >> Rewind and what does it show?
> > > > >> Could be, the truth it becomes you
> > > > >> I'm a seed, wondering why it grows"
> > > > >> -- Pearl Jam, Education
> > > > >> _______________________________________________
> > > > >> OLUG mailing list
> > > > >> OLUG at olug.org
> > > > >> https://lists.olug.org/mailman/listinfo/olug
> > > > >>
> > > > >
> > > > > _______________________________________________
> > > > > OLUG mailing list
> > > > > OLUG at olug.org
> > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > "I'm questioning my education
> > > > Rewind and what does it show?
> > > > Could be, the truth it becomes you
> > > > I'm a seed, wondering why it grows"
> > > > -- Pearl Jam, Education
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> >
> >
> >
> > --
> > "I'm questioning my education
> > Rewind and what does it show?
> > Could be, the truth it becomes you
> > I'm a seed, wondering why it grows"
> > -- Pearl Jam, Education
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>


More information about the OLUG mailing list