[olug] Apache will no longer run in Red Hat after a reboot
T. J. Brumfield
enderandrew at gmail.com
Tue Jan 27 20:45:47 CST 2015
SELinux was on, but wasn't the problem. Permissions were fine. NSS couldn't
read the key stores because they were corrupt.
certutil: function failed: security library: bad database.
And the RPM db was corrupt. So was yum repo data.
On Tue, Jan 27, 2015 at 3:52 PM, Kevin <sharpestmarble at gmail.com> wrote:
> Is SELinux turned on? If it is and if it's the thing doing the blocking,
> then it will manifest as a confusing permissions issue. Try this:
> `setenforce Permissive` and see if it starts working.
>
> On Tue, Jan 27, 2015 at 2:26 PM, Damian Harouff <cekkent at gmail.com> wrote:
>
> > If this is stock RHEL-provided Apache, SSL should already be compiled in,
> > which can be confirmed with:
> >
> > root at svr [~]# httpd -t -D DUMP_MODULES | grep ssl
> > ssl_module (static)
> > root at svr [~]#
> >
> > Otherwise you'll have to compile it in or load the module.
> >
> > Once you get over that hurdle, getting SSL going should be as easy as
> > specifying an additional VirtualHost directive on port 443 inside the
> > site's configuration:
> >
> > <VirtualHost 192.168.1.1:443>
> > SSLEngine on
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> >
> > SSLCertificateFile /etc/ssl/star.example.com.crt
> > SSLCertificateKeyFile /etc/ssl/star.example.com.key
> >
> > ServerName "two.example.com"
> > DocumentRoot "/var/www/html/two"
> >
> > CustomLog "/var/log/httpd/two-access.log" combined
> > ErrorLog "/var/log/httpd/two-error.log"
> >
> > <Directory /var/www/html>
> > AllowOverride none
> >
> > Order Allow,Deny
> > Allow from all
> > </Directory>
> > </VirtualHost>
> >
> >
> >
> > On Tue, Jan 27, 2015 at 2:16 PM, T. J. Brumfield <enderandrew at gmail.com>
> > wrote:
> >
> > > Yeah, that's what I tried. I httpd.conf is inheriting any *.conf file
> in
> > > /etc/httpd/conf.d so I just renamed nss.conf to nss.conf.bak (since
> > > nss.conf was the file actually loading mod_nss) and when I did that,
> > Apache
> > > would start, but SSL wasn't working.
> > >
> > > On Tue, Jan 27, 2015 at 2:14 PM, Damian Harouff <cekkent at gmail.com>
> > wrote:
> > >
> > > > I hate to be "that guy", but: is he even using mod_nss? Red Hat tends
> > to
> > > > enable a lot of things arbitrarily. I know that NSS is more "open",
> but
> > > > mod_ssl might get him back online sooner.
> > > >
> > > > On Tue, Jan 27, 2015 at 2:11 PM, T. J. Brumfield <
> > enderandrew at gmail.com>
> > > > wrote:
> > > >
> > > > > I'll try 644. Every article I saw on this said it must be a
> > permission
> > > > > issue access the *.db files in /etc/httpd/alias but the permissions
> > > > appear
> > > > > to be set correctly.
> > > > >
> > > > > On Tue, Jan 27, 2015 at 2:05 PM, Lou Duchez <lou at paprikash.com>
> > wrote:
> > > > >
> > > > > > https://www.centos.org/forums/viewtopic.php?t=5818
> > > > > >
> > > > > > The fix seems to be:
> > > > > >
> > > > > > cd /etc/httpd
> > > > > > chmod -R +r alias
> > > > > >
> > > > > > I don't think that 640 is right; I think you're looking for 644.
> > > > > >
> > > > > > I got a call from a friend whose business depends on an Apache
> web
> > > > > server,
> > > > > >> but he doesn't know much about Linux. He is running Red Hat
> inside
> > > of
> > > > a
> > > > > >> Windows Hyper-V VM. He bounced the Windows box for patching,
> which
> > > in
> > > > > turn
> > > > > >> rebooted his VM. He doesn't remember the last time he installed
> > > > updates
> > > > > in
> > > > > >> Red Hat, but he does it from time to time.
> > > > > >>
> > > > > >> /var/log/httpd/error_log is just full of this:
> > > > > >>
> > > > > >> [error] NSS_Initialize failed. Certificate database:
> > > /etc/httpd/alias.
> > > > > >> [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED
> > > > > >>
> > > > > >> I've never used NSS personally. I Googled for the error and
> > > literally
> > > > > >> every
> > > > > >> hit I found was a permissions issue, that the apache wasn't
> > running
> > > > > under
> > > > > >> the right group or that group couldn't access the files under
> > > > > >> /etc/httpd/alias.
> > > > > >>
> > > > > >> The problem is that doesn't appear to the problem with my buddy.
> > > Every
> > > > > >> httpd process is running under apache:apache and all the *.db
> > files
> > > in
> > > > > >> /etc/httpd/alias are 640 and owned by the apache group, exactly
> > how
> > > > they
> > > > > >> should be.
> > > > > >>
> > > > > >> My buddy's business is down until we can resolve this.
> > > > > >>
> > > > > >> Any suggestions from someone more familiar with Red
> > > Hat/Fedora/CentOS
> > > > > and
> > > > > >> NSS?
> > > > > >>
> > > > > >> -- T. J. Brumfield
> > > > > >> "I'm questioning my education
> > > > > >> Rewind and what does it show?
> > > > > >> Could be, the truth it becomes you
> > > > > >> I'm a seed, wondering why it grows"
> > > > > >> -- Pearl Jam, Education
> > > > > >> _______________________________________________
> > > > > >> OLUG mailing list
> > > > > >> OLUG at olug.org
> > > > > >> https://lists.olug.org/mailman/listinfo/olug
> > > > > >>
> > > > > >
> > > > > > _______________________________________________
> > > > > > OLUG mailing list
> > > > > > OLUG at olug.org
> > > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > "I'm questioning my education
> > > > > Rewind and what does it show?
> > > > > Could be, the truth it becomes you
> > > > > I'm a seed, wondering why it grows"
> > > > > -- Pearl Jam, Education
> > > > > _______________________________________________
> > > > > OLUG mailing list
> > > > > OLUG at olug.org
> > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > >
> > >
> > >
> > > --
> > > "I'm questioning my education
> > > Rewind and what does it show?
> > > Could be, the truth it becomes you
> > > I'm a seed, wondering why it grows"
> > > -- Pearl Jam, Education
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
--
"I'm questioning my education
Rewind and what does it show?
Could be, the truth it becomes you
I'm a seed, wondering why it grows"
-- Pearl Jam, Education
More information about the OLUG
mailing list