Submitted by machiner on Tue, 03/05/2013 - 17:43
This started a week ago. What I was doing on the server at the time was messing with iptables. I have flushed all the rules so I don't think it's related, but, it's what I was doing on the server. Before I started messing with iptables I saw no issue.
Here is data from the apache2 error log:
[Tue Mar 05 18:16:08 2013] [notice] caught SIGTERM, shutting down
[Tue Mar 05 18:16:31 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Tue Mar 05 18:16:31 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 05 18:16:31 2013] [notice] Digest: done
[Tue Mar 05 18:16:32 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Tue Mar 05 18:16:32 2013] [notice] Graceful restart requested, doing restart
[Tue Mar 05 18:16:32 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[Tue Mar 05 18:16:32 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 05 18:16:32 2013] [notice] Digest: done
[Tue Mar 05 18:16:32 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Tue Mar 05 18:16:35 2013] [notice] Graceful restart requested, doing restart
[Tue Mar 05 18:16:35 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[Tue Mar 05 18:16:35 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 05 18:16:35 2013] [notice] Digest: done
[Tue Mar 05 18:16:36 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
PHP Warning: Module 'curl' already loaded in Unknown on line 0
PHP Warning: Module 'curl' already loaded in Unknown on line 0
Status:
Active
Comments
Submitted by andreychek on Tue, 03/05/2013 - 17:57 Comment #1
Howdy -- do you see Service Unavailable for all sites, or just for one of them?
Also, can you take a look at the log for the domain you're accessing? That's available in $HOME/logs/error_log.
Lastly -- what output does this command produce:
iptables -L -n
Submitted by machiner on Tue, 03/05/2013 - 18:01 Comment #2
Thanks for your response. The $HOME error log reads about the same except for a self-signed ssl cert error, which I just disabled on the server, by the way. Anyway:
[Tue Mar 05 18:16:08 2013] [notice] caught SIGTERM, shutting down
[Tue Mar 05 18:16:31 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Tue Mar 05 18:16:31 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 05 18:16:31 2013] [notice] Digest: done
[Tue Mar 05 18:16:32 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Tue Mar 05 18:16:32 2013] [notice] Graceful restart requested, doing restart
[Tue Mar 05 18:16:32 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[Tue Mar 05 18:16:32 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 05 18:16:32 2013] [notice] Digest: done
[Tue Mar 05 18:16:32 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Tue Mar 05 18:16:35 2013] [notice] Graceful restart requested, doing restart
[Tue Mar 05 18:16:35 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[Tue Mar 05 18:16:35 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 05 18:16:35 2013] [notice] Digest: done
[Tue Mar 05 18:16:36 2013] [notice] Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
PHP Warning: Module 'curl' already loaded in Unknown on line 0
PHP Warning: Module 'curl' already loaded in Unknown on line 0
root@hb1:/var/log/apache2# cd /home/sites150/logs/
root@hb1:/home/sites150/logs# cat error_log
[Sun Mar 03 06:25:15 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Mar 03 06:25:15 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.sites150.com' does NOT match server name!?
[Tue Mar 05 05:48:07 2013] [error] [client 174.132.199.90] File does not exist: /usr/share/phpmyadmin/scripts, referer: http://24.187.216.106/phpmyadmin/scripts/setup.php
[Tue Mar 05 05:48:07 2013] [error] [client 174.132.199.90] File does not exist: /usr/share/phpmyadmin/scripts, referer: http://24.187.216.106/phpmyadmin/scripts/setup.php
[Tue Mar 05 12:09:59 2013] [error] [client 174.132.199.90] File does not exist: /usr/share/phpmyadmin/scripts, referer: http://24.187.216.106/phpmyadmin/scripts/setup.php
[Tue Mar 05 12:09:59 2013] [error] [client 174.132.199.90] File does not exist: /usr/share/phpmyadmin/scripts, referer: http://24.187.216.106/phpmyadmin/scripts/setup.php
[Tue Mar 05 18:16:31 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 05 18:16:31 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.sites150.com' does NOT match server name!?
[Tue Mar 05 18:16:32 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 05 18:16:32 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.sites150.com' does NOT match server name!?
[Tue Mar 05 18:16:32 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 05 18:16:32 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.sites150.com' does NOT match server name!?
[Tue Mar 05 18:16:36 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 05 18:16:36 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.sites150.com' does NOT match server name!?
[Tue Mar 05 18:41:21 2013] [error] [client 24.183.182.146] File does not exist: /usr/share/phpmyadmin/scripts
I only have one virtual server on the host at this time.
iptables -L -n says: (Hmmm, I swear I flushed the rules!!)
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22060
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Submitted by andreychek on Tue, 03/05/2013 - 20:13 Comment #3
Well, you have an ACCEPT rule there for port 80, so at first glance it doesn't appear to be an issue with the firewall on your server.
What if you make a file named "test.html" with something like "Hello World" as the contents -- are you able to access that test.html file? Or do you continue to receive the Server Unavailable error?
Submitted by machiner on Tue, 03/05/2013 - 20:40 Comment #4
Going to the server IP address gives the same error as the virtual site. However, I can hit port 10000 and log into the virtualmin script.
Submitted by andreychek on Tue, 03/05/2013 - 20:43 Comment #5
Yeah, the IP address and domain name would each be looking at the same DocumentRoot.
Port 10000 is actually Webmin though, that's not being served by Apache.
Were you able to try creating a "test.html" file? I'm curious if that's accessible, or if all content served by Apache fails.
Submitted by machiner on Wed, 03/06/2013 - 06:51 Comment #6
I made test.html and put it in /var/www/ and I was not able to access it, same error "service unavailable"
I'm confused about what you wrote: "Yeah, the IP address and domain name would each be looking at the same DocumentRoot."
Isn't the virtual server served-up from the /home/virtualserveracct/public_html. The ip addy serves up content from /var/www
Either way I can't hit either one.
Submitted by andreychek on Wed, 03/06/2013 - 10:42 Comment #7
In theory, your first Virtual Server should be the default one, which would cause going to the IP address to serve requests from there as well.
It's possible that's not what's happening though.
If you like, I could log into your system and take a look, as it definitely looks like something is awry -- but I'm not quite sure what.
If that's okay, you can either enable Remote Support using the Virtualmin Support module, or you could email login details to me at eric@virtualmin.com.
Submitted by machiner on Wed, 03/06/2013 - 14:24 Comment #8
I have sent you an email with the subject line: RE: virtualmin support issue.
Submitted by andreychek on Wed, 03/06/2013 - 15:22 Comment #9
Okay, thanks for the email -- here is what I'm seeing --
First, the Virtualmin installation should have removed /var/www from your Apache config, as that can cause a variety of problems down the road. I disabled that for you (though, if necessary, it can easily be re-added, but I'd highly recommend against it).
All content should be served from within /home.
For the sites150.com domain -- what I did is add two files. test.html, and test.php, each with some test content... and in both cases, I was able to access that test content.
You can see it here:
http://sites150.com/test.html
http://sites150.com/test.php
What that means is that you aren't seeing a server configuration issue, or an Apache problem -- it's actually some sort of problem specific to the WordPress configuration for that domain.
Were there any changes being made to WordPress around the time this issue started occurring?
Submitted by machiner on Wed, 03/06/2013 - 16:05 Comment #10
No. But I see "foo".
I installed wordpress from within virtualmin, using the script. It worked when I first installed it. Perhaps a module I added fubar'd it. I'll look into it.
Thanks.
Submitted by machiner on Thu, 03/07/2013 - 09:11 Comment #11
This issue is FIXED. There was a plugin installed in WP that kept the site in Maintenance mode which yielded the 503 "service unavailable" issue.
D'OH!
Grazie.