After dist-upgrade Apache was upgraded from 2.2 to 2.4, Apache and cannot start

Follow

Comments

1 comment

  • Avatar
    Ehud Ziegelman (Edited )

    Hi Renan Poss Moreira,

    Good afternoon!

     

    1) May I ask, if the below include is considered by you in a custom template or not:

    /usr/local/psa/admin/conf/templates/default/nginx.php:include "<?= $VAR->server->nginx->httpConfDir ?>/plesk.conf.d/ip_default/*.conf";

     

     

    2) Would this ticket also be applicable for using Apache2 version 2.4 where on debug mode I may see such comments regarding "mod_socache_shmcb"

    2023-04-29 10:58:10                default-172_26_6_71:443 15.235.198.56 - - "GET / HTTP/1.0" 403 528 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36"                other_log
    2023-04-29 10:58:10                [ssl:info] [pid 280859:tid 139839093466688] [client 172.26.6.71:38244] AH01964: Connection to child 110 established (server default-172_26_6_71:443)                server_error_log
    2023-04-29 10:58:10                [ssl:debug] [pid 280859:tid 139839093466688] ssl_engine_kernel.c(2425): [client 172.26.6.71:38244] AH02645: Server name not provided via TLS extension (using default/first virtual host)                server_error_log
    2023-04-29 10:58:10                [ssl:debug] [pid 280859:tid 139839093466688] ssl_engine_kernel.c(2254): [client 172.26.6.71:38244] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)                server_error_log
    2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(508): AH00831: socache_shmcb_store (0x63 -> subcache 3)                server_error_log
    2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(745): AH00842: expiring 1 and reclaiming 0 removed socache entries                server_error_log
    2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(765): AH00843: we now have 0 socache entries                server_error_log
    2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(862): AH00847: insert happened at idx=0, data=(0:32)                server_error_log
    2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(865): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/193                server_error_log
    2023-04-29 10:58:10                [socache_shmcb:debug] [pid 280859:tid 139839093466688] mod_socache_shmcb.c(530): AH00834: leaving socache_shmcb_store successfully                server_error_log
    2023-04-29 10:58:10                [:error] [pid 280859:tid 139839093466688] [client 15.235.198.56:0] [client 15.235.198.56] ModSecurity: Access denied with connection close (phase 1). Matched phrase "SG" at GEO:COUNTRY_CODE. [file "/etc/apache2/plesk.conf.d/modsecurity.conf"] [line "199"] [id "99999932394"] [msg "Blocking Singapore (SG)"] [data "{city=Singapore (Downtown Core), country_code=SG, country_code3=SGP, country_name=Singapore, country_continent=AS, Remote Host=172.26.6.71}"] [hostname "52.60.222.59"] [uri "/"] [unique_id "ZEzOEl_jnyxs4WsxK9wiygAAAG4"]                server_error_log

     

    Where I get the [:error] message for ModSecurity. This happens where:

    a) It seems .htaccess file still using "only, deny , allow" Apache2 version 2.2 syntax, when running version 2.4 requiring the syntax of "required" etc.

    b) The above mentioning of "mod_socache_shmcb" where on Tools and Settings --> Apache Web Server Settings that mode was already enabled

    c) The mentioning of cache changing from value from "1" to "0": 'mod_socache_shmcb.c(745): AH00842: expiring 1 and reclaiming 0 removed socache entries'

    d) Seems ModSecurirty reports an error, as possibly an earlier .htaccess already blocked the client IP, where it is called, both on the same millisecond.

    e) Could be also related to logroate issues, where the server is acting on different log files?

     

    3) Is the below article, more accurately describing the error this KB article relates to:

    https://ibmimedia.com/blog/149/how-to-fix-sslsessioncache-shmcb-session-cache-not-supported

     

    SSLSessionCache cache not supported error occurs when there is an issue with Apache configuration file after an upgrade from version 2.2 to 2.4.

     

    In Plesk

    In plesk control panel, after Apache upgrade to version 2.4, you will notice that the configuration files is not completely generated.

    To resolve this, inspect the custom templates available in the /usr/local/psa/admin/conf/templates folder. Replace the Include to IncludeOptional  in evert line containing a Wildcart. You can observer the following lines;

    /etc/apache2/conf.d/zz010_psa_httpd.conf
    /etc/apache2/plesk.conf.d/server.conf
    /etc/apache2/plesk.conf.d/horde.conf


    Additionally, enable a few Apache modules with the command below;

    a2enmod authz_core authz_host access_compat socache_shmcb slotmem_shm mpm_worker unixd php5 dir

     

    Where these modules are not even listed on Plesk as optional:

    authz_host 
    unixd
    php5

     

    And, while these modules are currently DISABLED on my server Plesk installation configuration:

    slotmem_shm
    mpm_worker 

     

    4) What would happen if the include of Mod Security is changed to OPTIONAL as suggested, changing the 'include'?

    /etc/apache2/plesk.conf.d/server.conf
    # Containing the line:
    Include "/etc/apache2/plesk.conf.d/modsecurity.conf"
    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request