apache
Error: Fatal Python error: PyEval_AcquireThread: NULL new thread state
This might be cause of various issue.
1, mod_wsgi is compiled for a different Python version and/or a different Python installation than the Python virtual environment
2, Python installation it is trying to use at runtime
3, If mod_wsgi
and mod_python
are both enabled.
In my case, I figured out the third cause. for fixing disabled mod_python
because I was running website under wsgi wrapper.
sudo a2dismod python
sudo service apache2 restart
Error: Authz_core:error Client Denied by Server Configuration
I have upgraded apache2.2 to 2.3, now a strange error I faced. Existing Apache authorization directives are not working,
I have done a modification that fixed the issue
Error :
[Wed Jan 28 04:29:51.468839 2015] [authz_core:error] [pid 29764:tid 139708675897088] [client 117.247.186.108:46348] AH01630: client denied by server configuration: /opt/web-home/raspberrypi/facecount/static-assets/images/detect.png
This changes the way that access control is declared from
Order allow, deny
Allow from all
to :
Require all granted
his means that the total configuration for a Directory
is now something like:
<Directory /path/to/directory>
Options FollowSymlinks
AllowOverride none
Require all granted
</Directory>
Restart apache and it’ll all work nicely.
HowTo: Setup javameloy for watching J2EE application server activities
Javamelody is a tool to monitor J2EE application servers, I has capability for showing real-time statistics, I have integrated this tool with nearly 40 servers which connected with Javamelody collector server . It is the good choice for debugging and fine tunning J2EE applications by statistics history. Once you connected the java melody to an collector server it role it to collect all the data from the connected server for every 1 min. it will be avoid storing GBs of statistics data in the application server.
For more details Please check this https://code.google.com/p/javamelody/wiki/UserGuide#Introduction
I followed the given steps for deploying in Tomcat containers,
Packages:
https://javamelody.googlecode.com/files/javamelody-1.49.0.jar
https://pastockscanner.googlecode.com/files/iText-2.1.7.jar
http://sourceforge.net/projects/jrobin/files/jrobin/1.5.9/jrobin-1.5.9.1.jar/download
Installation,
1, Copy the jars to the lib dir of the applications
cp -rpf javamelody-1.49.0.jar iText-2.1.7.jar jrobin-1.5.9.1.jar <webapps>/ROOT/WEB-INF/lib
2, Modify web.xml
cp -rpf web.xml web.xml_$(date +%F)
vi <webapps>/ROOT/WEB-INF/web.xml
<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/application-context.xml classpath:net/bull/javamelody/monitoring-spring-datasource.xml </param-value> </context-param> <!--====================== Monitoring ===================================--> <!-- Custom CSS --> <filter> <filter-name>customResourceFilter</filter-name> <filter-class>net.bull.javamelody.CustomResourceFilter</filter-class> </filter> <filter-mapping> <filter-name>customResourceFilter</filter-name> <url-pattern>/monitoring</url-pattern> </filter-mapping> <!-- Monitor filter --> <filter> <filter-name>monitoring</filter-name> <filter-class>net.bull.javamelody.MonitoringFilter</filter-class> <init-param> <param-name>storage-directory</param-name> <param-value>logs/monitoring</param-value> </init-param> <init-param> <param-name>url-exclude-pattern</param-name> <param-value>(/images/.*|/js/.*|/styles/.*)</param-value> </init-param> <init-param> <param-name>admin-emails</param-name> <param-value>first.last@example.com</param-value> </init-param> <init-param> <param-name>mail-session</param-name> <param-value>MailSession</param-value> </init-param> <init-param> <param-name>mail-periods</param-name> <param-value>week,month</param-value> </init-param> </filter> <filter-mapping> <filter-name>monitoring</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>net.bull.javamelody.SessionListener</listener-class> </listener> <security-constraint> <web-resource-collection> <web-resource-name> monitoring URL </web-resource-name> <url-pattern> /monitoring/* </url-pattern> <http-method> GET </http-method> <http-method> POST </http-method> </web-resource-collection> <auth-constraint> <!-- the same like in your tomcat-users.conf file --> <role-name> watcher </role-name> </auth-constraint> </security-constraint> <login-config> <auth-method> BASIC </auth-method> <realm-name> Password please !!! </realm-name> </login-config> <security-role> <description> </description> <role-name> watcher </role-name> </security-role>
2, Modify security.xml if needed
cp -rpf security.xml security.xml_$(date +%F)
vi <webapps>/ROOT/WEB-INF/security.xml
<sec:http pattern="/monitoring/**" security="none"></sec:http>
3, Add the credential for basic auth
cp -rpf tomcat-users.xml tomcat-users.xml_$(date +%F)
vi $CATALIAN_HOME/conf/tomcat-users.xml
<user username="user" password="password" roles=watcher"/>
Now restart the tomcat.
URL : http://my-applicationserver.com/monitoring
This is only for those who deployed more than one Javamelody.
JavaMelody collector server installation:
Download and Deploy the collector application in the webserver
https://javamelody.googlecode.com/files/javamelody-1.49.0.war
From the browser you can see the application like below
Name of application to monitor : Just a name to identify the application it can be any thing
eg : mywebserver1 , mywebserver2
URL(s): Valid monitoring URL without “/monitoring”, provide basic authentication if enabled.
eg : http://<username>:<password>@mywebserver1.com
It can be add many javamelody instances like below:
Howto: Installing GnuPG for php 5.3 on Centos6
What is GnuPG ?
GNU Privacy Guard(gnupg) is a cryptographic software mostly used for Filecrypt, it is available for the following tools bash,php,python,perl modules. The statergy for using GnuPG is to be secure the data while digital transportation.
Please refer the Wiki for more information : http://en.wikipedia.org/wiki/GNU_Privacy_Guard
I followed the below steps to install GnuPG.
1, Install Dependency packages gnupg libgpg-error gpgme libgpg-error-devel gpgme-devel
2, Install/Enable PHP module
3, Restart Apache
Install dependencies:
[root@planetcure:~]# yum install gnupg libgpg-error gpgme libgpg-error-devel gpgme-devel php-devel
Installing PHP module using PECL repository
[root@planetcure:~]# pecl install gnupg
Enabling php support
[root@planetcure:~]# echo -e '; Enable GnuPG extension module\nextension=gnupg.so' > $(php --ini | grep "additional .ini" | awk -F: '{print $2}')/gnupg.ini
Verifying installation
[root@planetcure:~]# php --info | grep gnupg gnupg gnupg support => enabled
Restarting Httpd
[root@planetcure:~]# service httpd restart
If you need to check through PHP info , create a file info.php with the below code and place it into the web root directory. then call the file through browser it will be looks like the below image.
cat info.php <?php phpinfo(); ?>
script : Start the tomcat as service.
This script is used to start the sevrlet container as service, which is using common-daemon for starting java process.
#!/bin/sh # # tomcat Start/Stop the Tomcat servlet container. # # chkconfig: 345 55 55 # description: Tomcat servlet container. # processname: tomcat ############################################################################## # # Small shell script to show how to start/stop Tomcat using jsvc # If you want to have Tomcat running on port 80 please modify the server.xml # file: # # <!-- Define a non-SSL HTTP/1.1 Connector on port 80 --> # <Connector className="org.apache.catalina.connector.http.HttpConnector" # port="80" minProcessors="5" maxProcessors="75" # enableLookups="true" redirectPort="8443" # acceptCount="10" debug="0" connectionTimeout="60000"/> # Download and install dependency package # http://mirror.symnds.com/software/Apache//commons/daemon/binaries/commons-daemon-1.0.15-bin.tar.gz # # Source function library. . /etc/rc.d/init.d/functions set +x JAVA_HOME=/usr/local/jdk1.7.0_45 CATALINA_HOME=/usr/local/apache-tomcat-6.0.37 DAEMON_HOME=/usr/local/apache-tomcat-6.0.37 TOMCAT_USER=tomcat TMP_DIR=/var/tmp CATALINA_OPTS='-Xms512M -Xmx1024M' CLASSPATH=\ $JAVA_HOME/lib/tools.jar:\ $DAEMON_HOME/bin/commons-daemon.jar:\ $CATALINA_HOME/bin/bootstrap.jar prog=tomcat start() { echo $"Starting $prog: " # # Start Tomcat # $DAEMON_HOME/bin/jsvc \ -user $TOMCAT_USER \ -home $JAVA_HOME \ -Dcatalina.home=$CATALINA_HOME \ -Djava.io.tmpdir=$TMP_DIR \ -outfile $CATALINA_HOME/logs/catalina.out \ -errfile '&1' \ $CATALINA_OPTS \ -cp $CLASSPATH \ org.apache.catalina.startup.Bootstrap # # To get a verbose JVM #-verbose \ # To get a debug of jsvc. #-debug \ } stop() { echo $"Stopping $prog: " # # Stop Tomcat # PID=`cat /var/run/jsvc.pid` kill $PID } status() { if ! $JAVA_HOME/bin/jps -mlvV | grep -v "Jps" > /dev/null then echo "Stopped : $prog is no not running" else echo "Running process for tomcat" echo "==========================" $JAVA_HOME/bin/jps -mlvV | grep -v "Jps" fi } case "$1" in start) start ;; stop) stop ;; restart) stop sleep 2 start ;; status) status ;; *) echo "Usage $0 {start|stop|restart|status}" exit 1;; esac
Error: SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?
After recovering my Cpanel server it was getting the Internal server error for every domain hosted and throwing some messages in error log
[Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] Premature end of script headers: index.php, referer: http://domain.com/ [Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?
My server is configured for running suphp in CGI mode with Mod-security, So it will check the sticky bit of the suphp binary.The error was because the suphp binary was missing its suid permissions and assigning it fixed the issue.
chmod +s /opt/suphp/sbin/suphp
This should fix the issue instantly.
Error: No space left on device: mod_rewrite: Parent could not create RewriteLock file
[Thu Jun 20 20:04:20 2013] [crit] (28)No space left on device: mod_rewrite: Parent could not create RewriteLock file /usr/local/apache/logs/rewrite_lock Configuration Failed
Such errors appears when you are running out of Disk Space or Quota which is assigned (which can be increased to fix the issue) OR when semaphores of the server gets full. Semaphores are often used to restrict the number of threads than can access some (physical or logical) resource.
Using the below command you can semaphores list.
root@server04 [~]# ipcs -s | grep nobody
So, In-order to clear the semaphores list. We have execute the following command.
root@server04 [~]# ipcs -s | grep nobody | awk '{print $2}' | xargs -n 1 ipcrm sem
After clearing the semaphores list, restart the apache server. Now, it will starts without any issues.But, it is an temporary solution it will re-occur when Semaphores get full.
Add following lines in “/etc/sysctl.conf” to get this issue fixed permanently. These values will increase the limits of Semaphores on the Server.
# Increases the semaphore limits & extend Apache’s uptime.
kernel.msgmni = 512 kernel.sem = 250 128000 32 512
Then load the new settings into the kernel using the command.
root@server04 [~]# sysctl -p
Howto: Enable mod_security in Apache/2.2.23
It is a opensource plafrorm works with apache. Mod security is used to sure sites form several attack’s like trojans, DDos, generic_attacks, bad_robots, etc, It is good to have filtering system for apache.
Installation :
Downlaod package form official download :
[root@server ~]#wget http://www.modsecurity.org/download/modsecurity-apache_2.5.13.tar.gz
Make sure that you have install dependence packages or installed below package
[root@server ~]#yum install apr-devel [root@server ~]#yum install pcre-devel
Untar Package and swithc to apache directory.
[root@server ~]#tar zxvf modsecurity-apache_2.5.13.tar.gz [root@server ~]#cd modsecurity-apache_2.5.13/apache2/
Configure with apr package .
[root@server apache2]#./configure --with-apr=/usr/bin/apr-1-config
or
[root@server apache2]#./configure --with-apr=/usr/bin/apr
compile.
[root@server apache2]# make;make install
Add one line to your configuration to load module. you may find module under /usr/local/apache2/modules/
[root@server apache2]# vi /etc/httpd/conf/httpd.conf LoadModule security2_module modules/mod_security2.so
Start Apache
[root@server apache2]# service httpd restart
Thats it, now you may check the loaded module.
[root@server apache2]# httpd -M |grep security Syntax OK security2_module (shared)
Also you may try some base rules for mode security
mkdir -p /etc/modsecurity2/base_rules/ cd /etc/modsecurity2/base_rules/ wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz vi /etc/httpd/conf/httpd.conf <IfModule mod_security2.c> # ModSecurity2 config file. # Include /etc/modsecurity2/base_rules/*conf </IfModule>
Restart Apache
Enjoy 🙂