After dist-upgrade Apache was upgraded from 2.2 to 2.4, Apache and cannot start

Renan Poss Moreira

Updated February 13, 2023 10:01

Plesk for Linux kb: technical ABT: Group B

Applicable to:

Plesk for Linux

Symptoms

Note: the article is related to the issue that occurs after Apache upgrade (during dist-upgrade for example).

After failed Plesk upgrade on Debian OS with Apache version 2.4 installed, web server is not starting.
The following error messages appears:

CONFIG_TEXT: apache2: Syntax error on line 234 of /etc/apache2/apache2.conf: Syntax error on line 5 of /etc/apache2/conf.d/zz010_psa_httpd.conf: Syntax error on line 72 of /etc/apache2/plesk.conf.d/server.conf: No matches for the wildcard '*.conf' in '/etc/apache2/plesk.conf.d/ip_default', failing (use IncludeOptional if required)
Action 'configtest' failed.
The Apache error log may have more information.

CONFIG_TEXT: Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration

CONFIG_TEXT: SSLSessionCache: 'shmcb' session cache not supported (known names: dbm,memcache). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

CONFIG_TEXT: The apache2 instance did not start within 20 seconds. Please read the log files to discover problems.

CONFIG_TEXT: [proxy_balancer:emerg] [pid 25870] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded?

CONFIG_TEXT: Invalid command 'Require', perhaps misspelled or defined by a module not included in the server configuration

CONFIG_TEXT: Invalid command 'User', perhaps misspelled or defined by a module not included in the server configuration1.

CONFIG_TEXT: Invalid command 'DirectoryIndex', perhaps misspelled or defined by a module not included in the server configuration

CONFIG_TEXT: ERROR: Config file dir.conf not properly enabled: /etc/apache2/mods-enabled/dir.conf is a real file, not touching it

Cause

Configuration files were not completely switched to the new Apache 2.4

Resolution

Check if custom templates exist in /usr/local/psa/admin/conf/templates folder. If so review all of them and change Include to IncludeOptional in every line what contain wildcard.
If there are no custom templates change Include to IncludeOptional in every line what contain wildcard in the following files:

MYSQL_LIN: /etc/apache2/conf.d/zz010_psa_httpd.conf
/etc/apache2/plesk.conf.d/server.conf
/etc/apache2/plesk.conf.d/horde.conf
Enable and activate the following Apache modules

# a2enmod authz_core authz_host access_compat socache_shmcb slotmem_shm mpm_worker unixd php5 dir

Comments

1 comment

Ehud Ziegelman

April 30, 2023 13:46 (Edited April 30, 2023 14:13)

Hi Renan Poss Moreira,

Good afternoon!

1) May I ask, if the below include is considered by you in a custom template or not:

/usr/local/psa/admin/conf/templates/default/nginx.php:include "<?= $VAR->server->nginx->httpConfDir ?>/plesk.conf.d/ip_default/*.conf";

2) Would this ticket also be applicable for using Apache2 version 2.4 where on debug mode I may see such comments regarding "mod_socache_shmcb"

2023-04-29 10:58:10                default-172_26_6_71:443 15.235.198.56 - - "GET / HTTP/1.0" 403 528 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36"                other_log
2023-04-29 10:58:10                [ssl:info] [pid 280859:tid 139839093466688] [client 172.26.6.71:38244] AH01964: Connection to child 110 established (server default-172_26_6_71:443)                server_error_log
2023-04-29 10:58:10                [ssl:debug] [pid 280859:tid 139839093466688] ssl_engine_kernel.c(2425): [client 172.26.6.71:38244] AH02645: Server name not provided via TLS extension (using default/first virtual host)                server_error_log
2023-04-29 10:58:10                [ssl:debug] [pid 280859:tid 139839093466688] ssl_engine_kernel.c(2254): [client 172.26.6.71:38244] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)                server_error_log
2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(508): AH00831: socache_shmcb_store (0x63 -> subcache 3)                server_error_log
2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(745): AH00842: expiring 1 and reclaiming 0 removed socache entries                server_error_log
2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(765): AH00843: we now have 0 socache entries                server_error_log
2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(862): AH00847: insert happened at idx=0, data=(0:32)                server_error_log
2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(865): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/193                server_error_log
2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(530): AH00834: leaving socache_shmcb_store successfully                server_error_log
2023-04-29 10:58:10                [:error] [pid 280859:tid 139839093466688] [client 15.235.198.56:0] [client 15.235.198.56] ModSecurity: Access denied with connection close (phase 1). Matched phrase "SG" at GEO:COUNTRY_CODE. [file "/etc/apache2/plesk.conf.d/modsecurity.conf"] [line "199"] [id "99999932394"] [msg "Blocking Singapore (SG)"] [data "{city=Singapore (Downtown Core), country_code=SG, country_code3=SGP, country_name=Singapore, country_continent=AS, Remote Host=172.26.6.71}"] [hostname "52.60.222.59"] [uri "/"] [unique_id "ZEzOEl_jnyxs4WsxK9wiygAAAG4"]                server_error_log

Where I get the [:error] message for ModSecurity. This happens where:

a) It seems .htaccess file still using "only, deny , allow" Apache2 version 2.2 syntax, when running version 2.4 requiring the syntax of "required" etc.

b) The above mentioning of "mod_socache_shmcb" where on Tools and Settings --> Apache Web Server Settings that mode was already enabled

c) The mentioning of cache changing from value from "1" to "0": 'mod_socache_shmcb.c(745): AH00842: expiring 1 and reclaiming 0 removed socache entries'

d) Seems ModSecurirty reports an error, as possibly an earlier .htaccess already blocked the client IP, where it is called, both on the same millisecond.

e) Could be also related to logroate issues, where the server is acting on different log files?

3) Is the below article, more accurately describing the error this KB article relates to:

https://ibmimedia.com/blog/149/how-to-fix-sslsessioncache-shmcb-session-cache-not-supported

SSLSessionCache cache not supported error occurs when there is an issue with Apache configuration file after an upgrade from version 2.2 to 2.4.

In Plesk

In plesk control panel, after Apache upgrade to version 2.4, you will notice that the configuration files is not completely generated.

To resolve this, inspect the custom templates available in the /usr/local/psa/admin/conf/templates folder. Replace the Include to IncludeOptional in evert line containing a Wildcart. You can observer the following lines;

/etc/apache2/conf.d/zz010_psa_httpd.conf

/etc/apache2/plesk.conf.d/server.conf

/etc/apache2/plesk.conf.d/horde.conf

Additionally, enable a few Apache modules with the command below;

a2enmod authz_core authz_host access_compat socache_shmcb slotmem_shm mpm_worker unixd php5 dir

Where these modules are not even listed on Plesk as optional:

authz_host 
unixd
php5

And, while these modules are currently DISABLED on my server Plesk installation configuration:

slotmem_shm
mpm_worker

4) What would happen if the include of Mod Security is changed to OPTIONAL as suggested, changing the 'include'?

/etc/apache2/plesk.conf.d/server.conf

# Containing the line:
Include "/etc/apache2/plesk.conf.d/modsecurity.conf"

Please sign in to leave a comment.