# Apache24 in jail doesn't start after jail restart



## pantos (Dec 9, 2018)

Hello,

I'm running www/apache24 on FreeBSD 11.2-RELEASE-p6 in a jail. To start on boot I add  
	
	



```
apache24_enable="YES"
```
 in /etc/rc.conf. After rebooting the hole system Apache starts without problems. If I restart the Apache jail only, Apache doesn't start.

Is there a log about starting the services? Any other ideas how to solve this?

Thanks!


----------



## Bobi B. (Dec 9, 2018)

How do you manage your jails? Do you use a helper program, for example, sysutils/ezjail or wrote /etc/jail.conf by yourself?

In the latter case you can add

```
$logfile = "/var/log/jail.$name.log";
exec.prestart = "rm -f $logfile";
exec.consolelog = "$logfile";
```
to common options in your /etc/jail.conf.

PS: Another option I could think of is, check whether address and port, you're trying to bind Apache to, are available after computer starts; run unjailed sockstat(1).


----------



## ShelLuser (Dec 9, 2018)

pantos said:


> After rebooting the hole system Apache starts without problems. If I restart the Apache jail only, Apache doesn't start.


So what's in your /etc/jail.conf and how did you configure the Jail in /etc/rc.conf?

Also what command did you use to restart the Jail?

As to any logfiles: normally you'd consult the log of whatever service which gave you a problem, so in this case you should consult the Apache logfiles. The default error logfile (applicable to the whole service) is defined in httpd.conf by default, probably /var/log/httpd/error.log, that's the first place to look.


----------



## toorski (Dec 10, 2018)

As others mentioned in their replies here, you should indicate how did you or what created your jail.

Personally, I like and use iocage(8) jail management utility.

`# iocage --help`


```
Usage: iocage [OPTIONS] COMMAND [ARGS]...

A jail manager.
Options:
-v, --version Display iocage's version and exit.
-f, --force   Allow iocage to rename datasets.
--help        Show this message and exit.

Commands:
activate    Set a zpool active for iocage usage.
chroot      Chroot to a jail.
clean      Destroy specified dataset types.
clone       Clone a jail.
console     Login to a jail.
create      Create a jail.
destroy    Destroy specified jail(s).
df          Show resource usage of all jails.
exec        Run a command inside a specified jail.
export     Exports a specified jail.
fetch       Fetch a version of FreeBSD for jail usage or...
fstab      Manipulate the specified jails fstab.
get         Gets the specified property.
import      Import a specified jail.
list        List a specified dataset type, by default...
migrate    Migrate all iocage_legacy develop basejails...
pkg         Use pkg inside a specified jail.
rename      Rename a jail.
restart    Restarts the specified jails or ALL.
rollback   Rollbacks the specified jail.
set         Sets the specified property.
snaplist    Show snapshots of a specified jail.
snapremove  Remove specified snapshot of a jail.
snapshot   Snapshots the specified jail.
start       Starts the specified jails or ALL.
stop        Stops the specified jails or ALL.
update      Run freebsd-update to update a specified jail...
upgrade     Run freebsd-update to upgrade a specified…
nd use “iocage” jail management utility.
```

No matter how or what created your jail, if it exists , show the “jls” output here

Here is blipped list of my jail:
`# jls`

```
JID  IP Address     Hostname                      Path

1  XX.XX.124.130  mydomain.com            /iocage/jails/webhost/root
```

Moreover, any TCP/IP service running in jail is started in jail's root dir, with /etc/rc.conf

To operate Apache server in jail, chroot to that jail and then do:
*Edit:*
use "jexec"  with the following Aapache control commands:

apachectl stop

apachectl start

apachectl restart



If there are any issues with your Apache HTTPD server configuration or otherwise, the above commands will show stdout message(s) indicating so.


----------



## SirDice (Dec 11, 2018)

toorski said:


> To operate Apache server in jail, chroot to that jail and then do:


No, a chroot(8) and a jail(8) are NOT the same thing.


----------



## toorski (Dec 11, 2018)

SirDice said:


> No, a chroot(8) and a jail(8) are NOT the same thing.


Yes Sir, You're correct.  Tho, I didn't imply "chroot" uitl, just "chroot dir to the jail," which isn't correct or needed either. So I'll fix that


----------



## pantos (Dec 16, 2018)

Bobi B. said:


> How do you manage your jails? Do you use a helper program, for example, sysutils/ezjail or wrote /etc/jail.conf by yourself?



I manage my /etc/jail.conf by myself.



ShelLuser said:


> Also what command did you use to restart the Jail?


`sudo service jail restart apachejail`



Bobi B. said:


> In the latter case you can add
> 
> ```
> $logfile = "/var/log/jail.$name.log";
> ...



I did it and it confirms your suspicion:


```
Starting apache24.
(49)Can't assign requested address: AH00072: make_sock: could not bind to address [00::::::00]:80 no listening sockets available, shutting down
AH00015: Unable to open logs
/etc/rc: WARNING: failed to start apache24
```

Any idea how to fix this?


----------



## ShelLuser (Dec 16, 2018)

pantos said:


> Any idea how to fix this?


Now I'm confused: when did that error ("could not bind address") show up? Problem is that the error is not consistent with your original problem description. When rebooting a Jail all the network devices would already be present, so it couldn't prevent Apache from booting.

But more so: if this was an actual symptom then it would also have happened when you rebooted the entire server, yet you claim that this doesn't happen.

So something doesn't add up here.

Anyway, check httpd.conf and share what Listen settings you're using.


----------



## Bobi B. (Dec 16, 2018)

Have you assigned an IPv6 to your jail? Seems like Apache is unable to bind to IPv6 equivalent of `0.0.0.0`.


----------



## pantos (Dec 16, 2018)

ShelLuser said:


> Now I'm confused: when did that error ("could not bind address") show up?



The error occures if I restart the Apache jail only and not the hole system.



ShelLuser said:


> Anyway, check httpd.conf and share what Listen settings you're using.




```
Listen 10.0.0.1:80
Listen 10.0.0.1:443
Listen [00:::::00]:80
Listen [00:::::00]:443
```



Bobi B. said:


> Have you assigned an IPv6 to your jail?



Yes. This is my /etc/jail.conf:

```
# /etc/jail.conf

# Global settings applied to all jails.

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;

$logfile = "/var/log/jail.$name.log";
exec.prestart = "rm -f $logfile";
exec.consolelog = "$logfile";

apachejail {
    host.hostname = "apache";
    path = "/usr/jails/apachejail";
    ip4.addr = lo1|10.0.0.1;
    ip6.addr = vtnet0|00:::::00/64;
    mount.fstab = "/usr/jails/fstab.apachejail";
}
```

Jail log after rebooting the hole system:

```
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/perl5/5.26/mach/CORE
32-bit compatibility ldconfig path: /usr/lib32
/etc/rc: WARNING: $hostname is not set -- see rc.conf(5).
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting redis.
Performing sanity check on php-fpm configuration:
[16-Dec-2018 21:27:21] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful

Starting php_fpm.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
Starting cron.

Sun Dec 16 21:27:22 CET 2018
```

Jail log after restarting the Apache jail only:

```
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/perl5/5.26/mach/CORE
32-bit compatibility ldconfig path: /usr/lib32
/etc/rc: WARNING: $hostname is not set -- see rc.conf(5).
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting redis.
Performing sanity check on php-fpm configuration:
[16-Dec-2018 21:29:37] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful

Starting php_fpm.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
(49)Can't assign requested address: AH00072: make_sock: could not bind to address [00::::::00]:80
no listening sockets available, shutting down
AH00015: Unable to open logs
/etc/rc: WARNING: failed to start apache24
Starting cron.

Sun Dec 16 21:29:37 CET 2018
```


----------



## ShelLuser (Dec 17, 2018)

I'm not doing much with IPv6 myself but I'm pretty sure that 00:::::00 isn't a valid IP address, thus also a cause of your problems (as shown by the error message earlier). Change that to a valid entry and things should behave better.


----------



## pantos (Dec 17, 2018)

ShelLuser said:


> I'm pretty sure that 00:::::00 isn't a valid IP address,


You're right! It's my (maybe confusing) attempt to anonymize the IP (the originally starts with 2a03:...).

To clarify my question: There seems to be a problem to bind the IPv6 that prevents the automatic start of the Apache server after restarting the Apache jail. A later manual Apache start is no problem...


----------



## Bobi B. (Dec 17, 2018)

I'm not sure you can anonymize your address this way. You'll have to "hide" behind a reverse proxy, or some web server protection service, where proxy's address will be publicly visible, whereas your server's address will be hidden.

I also don't believe you can assign `any` address -- `0.0.0.0` for IPv4 or `00::00` for IPv6 -- to a network interface. Even if you made-up an IPv6 address noone will route requests to you, hence clients will be unable to reach your server.

If you want everything to work, as it should, better assign a correct IPv6 address or disable IPv6 bindings in Apache.


----------



## anlashok (Dec 17, 2018)

Is there anything else on the Host or in another jail that is also trying to bind the same IPv6 address?. It could be that on host restart the other service hasn't started at the point the Apache jail binds the address so Apache starts ok but afterwards when you only restart the jail, this other service has now bound the IPv6 address and thus Apache is then unable to do so.


----------

