Applicable to:
- Plesk Onyx for Linux
Symptoms
-
Unable to start Apache or create a new domain due to the following error in Plesk:
PLESK_ERROR: Unable to start service: Unable to manage service by apache_control_adapter: ('start', 'web'). Error: INFO: Service: httpd, Action: start Trying to start service httpd... failed example.com systemd[1]: Starting The Apache HTTP Server... example.com httpd[17151]: httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 7 of /etc/httpd/conf.d/zz010_psa_httpd.conf: Could not open configuration file /etc/httpd/conf/plesk.conf.d/vhosts/example.com.conf: Permission denied example.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE example.com kill[17153]: kill: cannot find process "" example.com systemd[1]: httpd.service: control process exited, code=exited status=1 example.com systemd[1]: Failed to start The Apache HTTP Server. example.com systemd[1]: Unit httpd.service entered failed state. example.com systemd[1]: httpd.service failed. WARNING! Some problems are found during start service httpd(see log file: /var/log/plesk/rc_actions.log) Continue... /usr/local/psa/admin/sbin/pleskrc execution failed: Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
-
Default Apache page is shown on all websites.
-
When the below command is executed, the output differs from the provided one:
# cat /etc/psa/psa.conf | grep VHOSTS
HTTPD_VHOSTS_D /var/www/vhosts -
Vhosts location was changed according to the next article:
-
SELinux is in enforcing mode:
# getenforce
enforcing -
The following rows can be found in the
/var/log/audit/audit.logfile:CONFIG_TEXT: type=AVC msg=audit(1497589270.824:43672): avc: denied
{ read } for pid=24968 comm="/usr/sbin/httpd" name=".htaccess" dev="vda1" ino=26584342 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file -
The next rows can be found in the
/var/log/messagesfile:CONFIG_TEXT: pod8 python: SELinux is preventing fail2ban-server from search access on the directory /home/vhosts/system.#012#012**** Plugin catchall (100. confidence) suggests *************************#012#012If you believe that fail2ban-server should be allowed search access on the system directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'fail2ban-server' --raw | audit2allow -M my-fail2banserver#012# semodule -i my-fail2banserver.pp#012
Cause
Product issue:
- #PPPM-6521 "If a user tries to change virtual hosts location and SELinux is running in enforcing mode, the transvhosts.pl utility now exits with an error message. The message suggests disabling SELinux or setting it to permissive mode to avoid breaking hosted websites."
Fixed in:- Plesk Obsidian 27 August 2019 (fixed as PPP-43217, Linux)
Resolution
Workaround
If update is not possible for some reason you may try the following
Apply one of the following solutions:
-
Disable SELinux
Note: this solution disables SELinux until the server reboot only.
To disable it permanently, apply the steps from the article.-
Connect to the server via SSH.
-
Temporarily disable SELinux:
# setenforce 0
-
Start Nginx and Apache services:
# service nginx restart
# service httpd restart
-
-
Change vhosts folder back to the default one
The default location of the vhosts folder is
/var/www/vhosts.-
Connect to the server via SSH.
-
Temporarily disable SELinux:
# setenforce 0
-
Change the vhosts folder to the
/var/www/vhostsdefault one according to the next article: -
Enable SELinux back:
# setenforce 1
-
Comments
0 comments
Please sign in to leave a comment.