Univention Bugzilla – Bug 42196
Apache does not start during the UCS 4.2 setup
Last modified: 2017-04-04 18:29:49 CEST
univention-apache depends on libapache2-mod-auth-pam. libapache2-mod-auth-pam has been replaced in Debian with libapache2-mod-authnz-pam. Restarting web server: apache2 failed! The apache2 configtest failed. ... (warning). Output of config test was: apache2: Syntax error on line 140 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/auth_pam.load: Cannot load /usr/lib/apache2/modules/mod_auth_pam.so into server: /usr/lib/apache2/modules/mod_auth_pam.so: undefined symbol: ap_log_rerror Action 'configtest' failed. The Apache error log may have more information.
r72080 | Bug #42183 *: libapache2-mod-auth-pam -> libapache2-mod-authnz-pam
Next error message: root@unassigned-hostname:~# /etc/init.d/apache2 restart [....] Restarting web server: apache2AH00557: apache2: apr_sockaddr_info_get() failed for unassigned-hostname AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message Action 'start' failed. The Apache error log may have more information. failed! root@unassigned-hostname:~#
I got this error: AH00526: Syntax error on line 58 of /etc/apache2/mods-enabled/ssl.conf: Invalid command 'SSLMutex', perhaps misspelled or defined by a module not included in the server configuration
Apache 2.4 config has changed quite a bit. See http://httpd.apache.org/docs/current/upgrading.html. What i have done so far (in univention-apache): * Removed SSLMutex from mods-available/ssl.conf, SSLMutex is replaced with Mutex and there is a default Mutex config in the debian apache2.conf. * conf.d/ucs.conf: conf.d is no longer supported, moved ucs.conf to conf-available and activate/deactivate ucs in postinst/prerm Remove old template with dpkg-maintscript-helper in postrm, postinst and preinst * a2dismod auth_pam during update, a2enmod authnz_pam by default (auth-pam has been replaced with authnz-pam) * Options directives like "Options ExecCGI" are no loner supported, + or - before each optione is required, changed in ucs.conf (add + to all Options without + or -) * The NameVirtualHost directive no longer has any effect, other than to emit a warning. Removed from 000-default.conf and default-ssl.conf TODO: * Access control: Order allow,deny Allow from all is deprecated, the new way is Require all granted This is a bit more complicated because we have several ucr variables for order, allow and deny (see mods-available/proxy.conf). But there is a access_compat module to support old-sytle access controls and it is enabled by default. So the old access controls should work. Do we want to migrate access controls? Added bug #42296 for generic "clean up"
univention-apache * sites in sites-available now must have the suffix .conf -> renamed etc/apache2/sites-available/default-ssl to etc/apache2/sites-available/default-ssl.conf -> renamed etc/apache2/sites-available/default to etc/apache2/sites-available/default.conf
Created attachment 7988 [details] More updates conffiles/etc/apache2/conf-available/ucs.conf duplicates many setting from the default apache2 configuration in Debian: | CustomLog /var/log/apache2/access.log combined This belongs into the site configuration; it conflicts with the purpose of conf-available/other-vhosts-access-log.conf | ErrorLog /var/log/apache2/error.log This is already configured in apache2.conf | <Directory /> | Options +FollowSymLinks | AllowOverride None | </Directory> This is already configured in apache2.conf | <Directory "/usr/lib/cgi-bin"> | AllowOverride None | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | Order allow,deny | Allow from all | </Directory> This is already in conf-available/serv-cgi-bin.conf Also in ucs-sites.conf | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ But the 'cgi' module is not enabled by default! | <Directory /var/www/> | Options +Indexes +FollowSymLinks +MultiViews 1. This is configured in sites-available/000-default 2. Served data should be put into the ./html/ sub-directory for security reasons (#730372) UCRV apache2/documentroot needs adjustment | Order allow,deny | allow from all As noted in comment 4 this is deprecated: <https://httpd.apache.org/docs/2.4/upgrading.html#run-time> → "Access control" sites-available/000-default.conf needs to be renamed to default.conf
r72428 | Bug #42196 apache: Move 000-default.conf r72427 | Bug #42196 apache: cgi-bin r72426 | Bug #42196 apache: logging r72425 | Bug #42196 apache: root r72424 | Bug #42196 apache: Fix renamed conf file r72423 | Bug #42196 apache: Restart Package: univention-apache Version: 9.0.1-1A~4.2.0.201609081328 Branch: ucs_4.2-0
univention-management-console-module-udm (7.0.1-3): r72457 | Bug #42196: apache: Move univention-directory-manager to univention-directory-manager.conf univention-saml (4.0.0-3): r72456 | Bug #42196: apache: Move univention-saml to univention-saml.conf
*** Bug 39286 has been marked as a duplicate of this bug. ***
REOPEN: ./base/univention-maintenance/.htaccess is not migrated. This causes 500 Internal service errors when using the statictics/mrtg module.
(In reply to Florian Best from comment #10) > REOPEN: > ./base/univention-maintenance/.htaccess is not migrated. This causes 500 > Internal service errors when using the statictics/mrtg module. fixed
r75764: univention-saml (4.0.1-1) * Consider the renamed univention-saml apache site in 91univention- saml.inst (Bug #42196)
r75786: ucs-test (7.0.6-49) * 09_updater/pool.sh: Adjust configuration to Apache 2.4 (Bug #42196)
Apache setups works again. Changelog: OK
Some more changes for this bug have been done in Bug #43988.
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".