apache

Error: Fatal Python error: PyEval_AcquireThread: NULL new thread state

Posted on

This might be cause of various issue.

1, mod_wsgi is compiled for a different Python version and/or a different Python installation than the Python virtual environment

2, Python installation it is trying to use at runtime

3, If mod_wsgi and mod_python are both enabled.

In my case, I figured out the third cause. for fixing disabled mod_python because I was running website under wsgi wrapper.

sudo a2dismod python
sudo service apache2 restart

 

This entry was posted in apache, Apache, Linux, OpenCV.

Error: Authz_core:error Client Denied by Server Configuration

Posted on Updated on

I have upgraded apache2.2 to 2.3, now a strange error I faced. Existing Apache authorization directives are not working,

I have done a modification that fixed the issue

Error :

[Wed Jan 28 04:29:51.468839 2015] [authz_core:error] [pid 29764:tid 139708675897088] [client 117.247.186.108:46348] AH01630: client denied by server configuration: /opt/web-home/raspberrypi/facecount/static-assets/images/detect.png

This changes the way that access control is declared from

  Order allow, deny
  Allow from all

to :

  Require all granted

his means that the total configuration for a Directory is now something like:

  <Directory /path/to/directory>
    Options FollowSymlinks
    AllowOverride none
    Require all granted
  </Directory>

Restart apache and it’ll all work nicely.

This entry was posted in 403, apache, Apache, Linux, Webserver.

HowTo: Setup javameloy for watching J2EE application server activities

Posted on Updated on

Javamelody is a tool to monitor J2EE application servers, I has capability for showing real-time statistics,  I have integrated this tool with nearly 40 servers which connected with Javamelody collector server . It is the good choice for debugging and fine tunning J2EE applications by statistics history. Once you connected the java melody to an collector server it role it to collect all the data from the connected server for every 1 min. it will be avoid storing GBs of statistics data in the application server.

For more details Please check this https://code.google.com/p/javamelody/wiki/UserGuide#Introduction

I followed the given steps for deploying in Tomcat containers,

Packages:

https://javamelody.googlecode.com/files/javamelody-1.49.0.jar
https://pastockscanner.googlecode.com/files/iText-2.1.7.jar
http://sourceforge.net/projects/jrobin/files/jrobin/1.5.9/jrobin-1.5.9.1.jar/download

Installation,

1, Copy the jars to the lib dir of the applications

cp -rpf javamelody-1.49.0.jar iText-2.1.7.jar jrobin-1.5.9.1.jar <webapps>/ROOT/WEB-INF/lib

2, Modify  web.xml

cp -rpf web.xml web.xml_$(date +%F)
vi <webapps>/ROOT/WEB-INF/web.xml
<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>
 /WEB-INF/application-context.xml
 classpath:net/bull/javamelody/monitoring-spring-datasource.xml
 </param-value>
 </context-param>
 <!--====================== Monitoring ===================================-->
 <!-- Custom CSS -->
 <filter>
 <filter-name>customResourceFilter</filter-name>
 <filter-class>net.bull.javamelody.CustomResourceFilter</filter-class>
 </filter>
 <filter-mapping>
 <filter-name>customResourceFilter</filter-name>
 <url-pattern>/monitoring</url-pattern>
 </filter-mapping>
 <!-- Monitor filter -->
 <filter>
 <filter-name>monitoring</filter-name>
 <filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
 <init-param>
 <param-name>storage-directory</param-name>
 <param-value>logs/monitoring</param-value>
 </init-param>
 <init-param>
 <param-name>url-exclude-pattern</param-name>
 <param-value>(/images/.*|/js/.*|/styles/.*)</param-value>
 </init-param>
 <init-param>
 <param-name>admin-emails</param-name>
 <param-value>first.last@example.com</param-value>
 </init-param>
 <init-param>
 <param-name>mail-session</param-name>
 <param-value>MailSession</param-value>
 </init-param>
 <init-param>
 <param-name>mail-periods</param-name>
 <param-value>week,month</param-value>
 </init-param>
 </filter>
 <filter-mapping>
 <filter-name>monitoring</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>
 <listener>
 <listener-class>net.bull.javamelody.SessionListener</listener-class>
 </listener>
<security-constraint>
 <web-resource-collection>
 <web-resource-name> monitoring URL </web-resource-name>
 <url-pattern> /monitoring/* </url-pattern>
 <http-method> GET </http-method>
 <http-method> POST </http-method>
 </web-resource-collection>
<auth-constraint>
 <!-- the same like in your tomcat-users.conf file -->
 <role-name> watcher </role-name>
 </auth-constraint>
 </security-constraint>
<login-config>
 <auth-method> BASIC </auth-method>
 <realm-name> Password please !!! </realm-name>
 </login-config>
<security-role>
 <description> </description>
 <role-name> watcher </role-name>
 </security-role>

2, Modify security.xml if needed

cp -rpf security.xml security.xml_$(date +%F)
vi  <webapps>/ROOT/WEB-INF/security.xml
<sec:http pattern="/monitoring/**" security="none"></sec:http>

3, Add the credential for basic auth

cp -rpf tomcat-users.xml tomcat-users.xml_$(date +%F)
vi $CATALIAN_HOME/conf/tomcat-users.xml
<user username="user" password="password" roles=watcher"/>

Now restart the tomcat.

URL : http://my-applicationserver.com/monitoring

This is only for those who deployed more than one Javamelody.

JavaMelody collector server installation:

Download and Deploy the collector application in the webserver

https://javamelody.googlecode.com/files/javamelody-1.49.0.war

From the browser you can see the application like below

Monitoring JavaMelody on Beijing stg2 web3 BeijingInternal

 

Name of application to monitor : Just a name to identify the application it can be any thing

eg : mywebserver1 , mywebserver2

URL(s): Valid monitoring URL without “/monitoring”, provide basic authentication if enabled.

eg : http://<username&gt;:<password>@mywebserver1.com

It can be add many javamelody instances like below:

Server

 

This entry was posted in apache, Java, Linux, Webserver.

Howto: Installing GnuPG for php 5.3 on Centos6

Posted on Updated on

What is GnuPG ?

GNU Privacy Guard(gnupg) is a cryptographic software mostly used for Filecrypt, it is available for the following tools bash,php,python,perl modules. The statergy for using GnuPG is to be secure the data while digital transportation.

Please refer the Wiki for more information : http://en.wikipedia.org/wiki/GNU_Privacy_Guard

I followed the below steps to install GnuPG.

1, Install Dependency packages gnupg libgpg-error gpgme libgpg-error-devel gpgme-devel
2, Install/Enable PHP module
3, Restart Apache

Install dependencies:

[root@planetcure:~]# yum install gnupg libgpg-error gpgme libgpg-error-devel gpgme-devel php-devel

Installing PHP module using PECL repository

[root@planetcure:~]# pecl install gnupg

Enabling php support

[root@planetcure:~]# echo -e '; Enable GnuPG extension module\nextension=gnupg.so' > $(php --ini | grep "additional .ini" | awk -F: '{print $2}')/gnupg.ini

Verifying installation

[root@planetcure:~]# php --info | grep gnupg
gnupg
gnupg support => enabled

Restarting Httpd

[root@planetcure:~]# service httpd restart

If you need to check through PHP info , create a file info.php with the below code and place it into the web root directory. then call the file through browser it will be looks like the below image.

cat info.php
<?php
phpinfo();
?>

gnupg

 

This entry was posted in apache, Linux, PHP.

script : Start the tomcat as service.

Posted on

This script is used to start the sevrlet container as service, which is using common-daemon for starting java process.

#!/bin/sh
#
# tomcat Start/Stop the Tomcat servlet container.
#
# chkconfig: 345 55 55
# description: Tomcat servlet container.
# processname: tomcat
##############################################################################
#
# Small shell script to show how to start/stop Tomcat using jsvc
# If you want to have Tomcat running on port 80 please modify the server.xml
# file:
#
# <!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->
# <Connector className="org.apache.catalina.connector.http.HttpConnector"
# port="80" minProcessors="5" maxProcessors="75"
# enableLookups="true" redirectPort="8443"
# acceptCount="10" debug="0" connectionTimeout="60000"/>
# Download and install dependency package 
# http://mirror.symnds.com/software/Apache//commons/daemon/binaries/commons-daemon-1.0.15-bin.tar.gz
# 
# Source function library.
. /etc/rc.d/init.d/functions

set +x
JAVA_HOME=/usr/local/jdk1.7.0_45
CATALINA_HOME=/usr/local/apache-tomcat-6.0.37
DAEMON_HOME=/usr/local/apache-tomcat-6.0.37
TOMCAT_USER=tomcat
TMP_DIR=/var/tmp
CATALINA_OPTS='-Xms512M -Xmx1024M'
CLASSPATH=\
$JAVA_HOME/lib/tools.jar:\
$DAEMON_HOME/bin/commons-daemon.jar:\
$CATALINA_HOME/bin/bootstrap.jar
prog=tomcat

start() {
echo $"Starting $prog: "
 #
 # Start Tomcat
 #
 $DAEMON_HOME/bin/jsvc \
 -user $TOMCAT_USER \
 -home $JAVA_HOME \
 -Dcatalina.home=$CATALINA_HOME \
 -Djava.io.tmpdir=$TMP_DIR \
 -outfile $CATALINA_HOME/logs/catalina.out \
 -errfile '&1' \
 $CATALINA_OPTS \
 -cp $CLASSPATH \
 org.apache.catalina.startup.Bootstrap
 #
 # To get a verbose JVM
 #-verbose \
 # To get a debug of jsvc.
 #-debug \
}
stop() {
 echo $"Stopping $prog: "
 #
 # Stop Tomcat
 #
 PID=`cat /var/run/jsvc.pid`
 kill $PID
}
status() {
 if ! $JAVA_HOME/bin/jps -mlvV | grep -v "Jps" > /dev/null
 then
 echo "Stopped : $prog is no not running"
 else
 echo "Running process for tomcat"
 echo "=========================="
 $JAVA_HOME/bin/jps -mlvV | grep -v "Jps"
 fi
}

case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 restart)
 stop
 sleep 2
 start
 ;;
 status)
 status
 ;;
 *)
 echo "Usage $0 {start|stop|restart|status}"
 exit 1;;
esac

This entry was posted in apache, Apache, Linux, Scripts, tomcat.

Error: SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

Posted on Updated on

After recovering my Cpanel server it was getting the Internal server error for every domain hosted and throwing  some messages in error log

[Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] Premature end of script headers: index.php, referer: http://domain.com/
[Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

My server is configured for running suphp in CGI mode with Mod-security, So it will check the sticky bit of the suphp binary.The error was because the suphp binary was missing its suid permissions and assigning it fixed the issue.

chmod +s /opt/suphp/sbin/suphp

This should fix the issue instantly.

 

 

This entry was posted in 500, apache, Apache, Cpanel, Linux, Webserver and tagged , , , , , .

Error: No space left on device: mod_rewrite: Parent could not create RewriteLock file

Posted on

 Apache  service on a Server stops while restart it shows following messages in error_logs
[Thu Jun 20 20:04:20 2013] [crit] (28)No space left on device: mod_rewrite: Parent could not create RewriteLock file /usr/local/apache/logs/rewrite_lock
Configuration Failed

Such errors appears when you are running out of Disk Space or Quota which is assigned (which can be increased to fix the issue) OR when semaphores of the server gets full. Semaphores are often used to restrict the number of threads than can access some (physical or logical) resource.

Using the below command you can semaphores list.

root@server04 [~]# ipcs -s | grep nobody

So, In-order to clear the semaphores list. We have execute the following command.

root@server04 [~]# ipcs -s | grep nobody | awk '{print $2}' | xargs -n 1 ipcrm sem

After clearing the semaphores list, restart the apache server. Now, it will starts without any issues.But, it is an temporary solution it will re-occur when Semaphores get full.

Add following lines in “/etc/sysctl.conf” to get this issue fixed permanently. These values will increase the limits of Semaphores on the Server.

# Increases the semaphore limits & extend Apache’s uptime.

kernel.msgmni = 512
kernel.sem = 250 128000 32 512

Then load the new settings into the kernel using the command.

root@server04 [~]# sysctl -p
Now you are in safe zone.

This entry was posted in apache, Apache, Cpanel, Linux, MAC, Ubuntu and tagged , , , , , .

Howto: Enable mod_security in Apache/2.2.23

Posted on Updated on

It is a opensource plafrorm works with apache. Mod security is used to sure sites form several attack’s like  trojans, DDos, generic_attacks, bad_robots, etc, It is good to have filtering system for apache.

Installation :

Downlaod package form official download :

[root@server ~]#wget http://www.modsecurity.org/download/modsecurity-apache_2.5.13.tar.gz

Make sure that you have install dependence  packages or installed below package

[root@server ~]#yum install apr-devel
[root@server ~]#yum install pcre-devel

Untar Package and swithc to apache directory.

[root@server ~]#tar zxvf modsecurity-apache_2.5.13.tar.gz
[root@server ~]#cd modsecurity-apache_2.5.13/apache2/

Configure with apr package .

[root@server apache2]#./configure --with-apr=/usr/bin/apr-1-config

or

[root@server apache2]#./configure --with-apr=/usr/bin/apr

compile.

[root@server apache2]# make;make install

Add one line to your configuration to load module. you may find module under /usr/local/apache2/modules/

[root@server apache2]# vi /etc/httpd/conf/httpd.conf

LoadModule security2_module modules/mod_security2.so

Start Apache

[root@server apache2]# service httpd restart

Thats it, now you may check the loaded module.

[root@server apache2]# httpd -M |grep security
 Syntax OK
 security2_module (shared)

Also you may try some base rules for mode security

mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
vi /etc/httpd/conf/httpd.conf
<IfModule mod_security2.c>
# ModSecurity2 config file.
#
Include /etc/modsecurity2/base_rules/*conf
</IfModule>

Restart Apache

Enjoy 🙂

This entry was posted in apache, Cpanel and tagged .