Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: akhilmathema on March 26, 2008, 03:38:00 AM
-
Hi,
some how my server-manager doesn't seemed to be working. I haven't updated any of the packages. The websites on the box are still up and running but not the server-manager.
Kernel: 2.6.9-42.0.EL
[root@www ~]# tail -f /var/log/httpd/admin_error_log
[Wed Mar 26 14:33:02 2008] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Wed Mar 26 14:33:02 2008] [notice] Digest: generating secret for digest authentication ...
[Wed Mar 26 14:33:02 2008] [notice] Digest: done
[Wed Mar 26 14:33:02 2008] [notice] Apache configured -- resuming normal operations
[Wed Mar 26 13:14:41 2008] [error] [client 127.0.0.1] Premature end of script headers: index.cgi, referer: http://localhost/server-manager
[Wed Mar 26 13:15:18 2008] [error] [client 127.0.0.1] Premature end of script headers: index.cgi, referer: http://localhost/server-manager/index.cgi
[Wed Mar 26 15:02:44 2008] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Wed Mar 26 15:02:44 2008] [notice] Digest: generating secret for digest authentication ...
[Wed Mar 26 15:02:44 2008] [notice] Digest: done
[Wed Mar 26 15:02:44 2008] [notice] Apache configured -- resuming normal operations
[Wed Mar 26 15:07:44 2008] [error] [client 127.0.0.1] Premature end of script headers: index.cgi, referer: http://localhost/server-manager
-
What version are you using?
-
You were playing with cert hey.....
-
Its SME 7.0 and kernel version is Kernel: 2.6.9-42.0.EL.
I've not played with apache certficates.
Only I could ever think is something came around while expanding templates?
-
First try this
/etc/rc7.d/S86httpd-e-smith sigusr1
Should respond with [ok]
Lets see if we can find out what happened...
copy/paste this to /tmp/diag.sh with permission 744
#!/bin/sh
clear
echo " Diagnostic v0.0.1"
ls /home/e-smith/ssl.* > /tmp/diag.txt
echo " " >> /tmp/diag.txt
config show modSSL >> /tmp/diag.txt
echo " " >> /tmp/diag.txt
/sbin/e-smith/audittools/templates >> /tmp/diag.txt
echo " " >> /tmp/diag.txt
#cat /root/.bash_history | grep signal >> /tmp/diag.txt
#cat /root/.bash_history | grep expand >> /tmp/diag.txt
#cat /root/.bash_history | grep /etc >> /tmp/diag.txt
echo " " >> /tmp/diag.txt
cat /tmp/diag.txt
echo
echo "Post the file /tmp/diag.txt"
echo
Post that.....it will show modSSL db settings and if the cert files are there and if the db points to the files.
Results of the script /tmp/diag.txt
[edit] to add to code
-
Here is the result:
[root@www tmp]# cat diag.txt
/home/e-smith/ssl.crt:
www.domain.com.au.crt
www.domain.com.au.crt.orig
/home/e-smith/ssl.key:
www.domain.com.au.key
/home/e-smith/ssl.pem:
www.domain.com.au.pem
modSSL=service
CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
TCPPort=443
access=public
status=enabled
/etc/e-smith/templates-custom/etc/hosts.allow/sshd: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates/etc/atalk/papd.conf/20printers: MULTIPLE_RPM_OWNERS e-smith-LPRng-1.14.0-03, e-smith-netatalk-1.14.0-01
/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustTransProxy: MODIFIED e-smith-proxy-4.14.0-01
/etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy: MODIFIED e-smith-proxy-4.14.0-01
/etc/e-smith/templates/etc/proftpd.conf/05DefaultRoot: MODIFIED e-smith-proftpd-1.12.0-02
/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/20Manager: MODIFIED e-smith-base-4.16.0-26
/etc/e-smith/templates/etc/squid/squid.conf/45http_access80denybad: MANUALLY_ADDED
/etc/e-smith/templates/etc/squid/squid.conf/20ACL25badsite: MANUALLY_ADDED
Any clues?
-
SME's modSSL db entries for key and crt are missing and that will shut down your webserver.
Fill in the domain if they are different then what you posted and execute the two lines.
config setprop modSSL crt /home/e-smith/ssl.crt/www.domain.com.au.crt
config setprop modSSL key /home/e-smith/ssl.key/www.domain.com.au.key
Then restart httpd
/etc/rc7.d/S86httpd-e-smith sigusr1
Then rerun diag.sh again and you will see the difference in the modSSL section.
Also test the server to see if it's working, reboot it and test again.
signal-event post-upgrade; signal-event reboot
You have a few MANUALLY_ADDED templates that you might want to check...
You should be back up and running after the two line are run and the httpd restart.
-
Hi,
All I can see changes is just new db variables being added. When I compare them with other similar systems, they are completely identical
modSSL=service
CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
TCPPort=443
access=public
crt=/home/e-smith/ssl.crt/www.domain.com.au.crt
key=/home/e-smith/ssl.key/www.domain.com.au.key
status=enabled
One thing I noticed is that I can access the frames separately "http://localhost/server-manager/navigation", but either of the links don't work.
-
akhilmathema
> crt=/home/e-smith/ssl.crt/www.domain.com.au.crt
> key=/home/e-smith/ssl.key/www.domain.com.au.key
The cert details are usually in the form of
servername.domain.com.au.crt
servername.domain.com.au.key
On my unmodified server using self signed certificates, there are no crt or key entries in modSSL
Remove the entries for modSSL
Try
config delprop modSSL crt
config delprop modSSL key
signal-event post-upgrade
reboot
-
What do the contents of ....look like
/etc/e-smith/templates-custom/etc/hosts.allow/sshd: MANUALLY_ADDED, OVERRIDE
Also move that to /tmp and
signal-event post-upgrade; signal-event reboot
You can put it back after you test.
That one might be shutting you down....
-
electroman00,
Please be very careful with your advice. Almost all of your advice in this thread is incorrect or completely wrong. In the post directly above this one you are having him move a template dealing with SSH. That has absolutely nothing to do with server-manager. The only file on his list that does deal with server-maanger is:
/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/20Manager: MODIFIED e-smith-base-4.16.0-26
Also by making assumptions that the cert is wrong you are chasing something that most likely isn't even the issue.
-
electroman00,
Almost all of your advice in this thread is incorrect or completely wrong.
Mind being specific so I and others can be corrected.
Exactly what was wrong and why.
In the post directly above this one you are having him move a template dealing with SSH. That has absolutely nothing to do with server-manager. The only file on his list that does deal with server-maanger is:
/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/20Manager: MODIFIED e-smith-base-4.16.0-26
Without seeing the ssh template, your absolutely sure it has nothing to do with it.
That template is a custom template, lord knows what's in it and slords doesn't either.
Consider the fact, I did ask him for the contents of it first.....
In fact I do believe it was in the first line, correct me if I'm wrong...some may have missed that line.
Also by making assumptions that the cert is wrong you are chasing something that most likely isn't even the issue.
Exactly where did I say the cert was wrong.
Did you assume that I said that somewhere?
And yes, looking into 20Manager was the next diagnostic step.
Thinking about it, I probably should have edited the diag script to cat those files
to see the contents and have him rerun the script.
Handy little script wouldn't you agree...?
The cert details are usually in the form of
servername.domain.com.au.crt
servername.domain.com.au.key
Keyword "usually"
-
akhilmathema,
I am sorry that your thread ended as it did. I cannot help you with your problem as it is well above my level of expertise.
Please let the community know if your problem is resolved. The way I see it.
=SUM(post1:post12) returns Server_Still_Broke_Nobody_Listening.
(forgive my MS excel spreadsheet roots)
I would like you to end this experience as a happy SME user that has confidence in the forums. You may need to repost your problem to get a thread that is back on track.
disclaimer this post is not a criticism of anyone involved, just a desire to keep our mission in mind.