# Apache 2.4 errors on 12.0-RELEASE



## jontheil (May 28, 2019)

I have an installation of www/apache24 that have been running flawlessly for years.
I made some changes (installed www/nextcloud, configured a nullfs(5) etc.). After that, I haven't been able to start the web server with my usual configuration.
When both mod_perl and mod_ssl are disabled, the server can be started when the inclusion of configuration files regarding virtual hosts and SSL is also removed.

The runtime configuration is
`httpd -t -D DUMP_RUN_CFG`

```
ServerRoot: "/usr/local"
Main DocumentRoot: "/usr/local/www/apache24/data"
Main ErrorLog: "/var/log/httpd-error.log"
Mutex default: dir="/var/run/" mechanism=default 
Mutex fcgid-pipe: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/httpd.pid"
Define: DUMP_RUN_CFG
User: name="www" id=80
Group: name="www" id=80
```

Configuration files included while testing
`httpd -t -D DUMP_INCLUDES`

```
Included configuration files:
  (*) /usr/local/etc/apache24/httpd.conf
    (164) /usr/local/etc/apache24/modules.d/260_mod_perl.conf
    (164) /usr/local/etc/apache24/modules.d/270_mod_wsgi.conf
    (485) /usr/local/etc/apache24/extra/httpd-mpm.conf
    (491) /usr/local/etc/apache24/extra/httpd-autoindex.conf
    (494) /usr/local/etc/apache24/extra/httpd-languages.conf
    (500) /usr/local/etc/apache24/extra/httpd-info.conf
    (509) /usr/local/etc/apache24/extra/httpd-dav.conf
    (542) /usr/local/etc/apache24/Includes/no-accf.conf
```

*With mod_perl enabled*

When I run `service apache24 start`, nothing happens and the process crashes without even a core dump. The error log (configured with LogLevel debug) show very little information.


```
Assertion failed: (!argv[argc]), function perl_parse, file perl.c, line 1677.
```

*With mod_ssl enabled, mod_perl disabled*
With the following command, I get three lines in the error log and the core is dumped.

`httpd -e info -X`

```
*[ssl:info] [pid 98716:tid 34370617344] AH01883: Init: Initialized OpenSSL library
[info] [pid 98716] ssl_engine_init.c(365): [client AH01887: Init: Initializing (virtual) servers for SSL
[info] [pid 98716] ssl_engine_init.c(163): [client AH01876: mod_ssl/2.4.39 compiled against Server: Apache/2.4.39, Library: OpenSSL/1.0.2r
```

It seems unlikely that two errors (with openssl(1) and perl(1)) would happen simultaneously. I have been suspicious about the server certificates, but I cannot see anything wrong there – and the server fails to start even with no certificates configured.

Any help and suggestions will be appreciated.

Regards,
Jon Theil Nielsen


----------



## SirDice (May 29, 2019)

How did you install Apache? From ports or packages? And is your 12.0-RELEASE fully up to date (patches)?


----------



## Lamia (May 29, 2019)

Don't rule out the need to update your base pkgs. And you may want to get SSL working before setting up nextcloud.


----------



## jontheil (May 29, 2019)

SirDice said:


> How did you install Apache? From ports or packages? And is your 12.0-RELEASE fully up to date (patches)?


I installed apache from ports.
About kernel and userland:

```
freebsd-version -kru && uname -a
12.0-RELEASE-p4
12.0-RELEASE-p4
12.0-RELEASE-p5
FreeBSD example.com 12.0-RELEASE-p4 FreeBSD 12.0-RELEASE-p4 GENERIC  amd64
```
I think I read something about an issue when not running freebsd-update(8) correctly. I did
`freebsd-update fetch`
`freebsd-update install`
and rebooted to see the output above.
Could that be part of the problem?


----------



## SirDice (May 29, 2019)

The last patch didn't update the kernel, so it still shows p4. That's fine, expected and normal. 

As you built from ports, did you change the defaults with regards to SSL? Did you enable/disable any options at all? If you're using the defaults for everything why didn't you install the package?


----------



## jontheil (May 29, 2019)

Lamia said:


> Don't rule out the need to update your base pkgs. And you may want to get SSL working before setting up nextcloud.


I have updated www/apache24 and www/mod_perl2
OpenSSL seems to work when I use www/nginx-full.


----------



## jontheil (May 29, 2019)

SirDice said:


> The last patch didn't update the kernel, so it still shows p4. That's fine, expected and normal.
> 
> As you built from ports, did you change the defaults with regards to SSL? Did you enable/disable any options at all? If you're using the defaults for everything why didn't you install the package?


At least for www/apache24, I know I didn't change any options related to SSL. The reason why I build the port instead of using the package is that I years ago chose to build with all options (apart from the experimental) enabled. Might not be any good idea because of the size and complexity. But it worked fine. Another reason is that I generally don't want to mix ports and packages.


----------



## SirDice (May 29, 2019)

jontheil said:


> The reason why I build the port instead of using the package is that I years ago chose to build with all options (apart from the experimental) enabled.


Why enable a bunch of stuff you're never going to use? That only serves to decrease your security (you can easily get bitten by a bug in a module you never realized was enabled). It would make more sense if you _disabled_ everything, except the stuff you actually need. 



jontheil said:


> Another reason is that I generally don't want to mix ports and packages.


My point exactly. There's often very little reason to even build from ports. It was commonly done on FreeBSD because the old package system was, errm, crap and maintaining it was a royal pain in the posterior. But nowadays we have pkg(8).


----------



## jontheil (May 29, 2019)

SirDice said:


> Why enable a bunch of stuff you're never going to use? That only serves to decrease your security (you can easily get bitten by a bug in a module you never realized was enabled). It would make more sense if you _disabled_ everything, except the stuff you actually need.
> 
> 
> My point exactly. There's often very little reason to even build from ports. It was commonly done on FreeBSD because the old package system was, errm, crap and maintaining it was a royal pain in the posterior. But nowadays we have pkg(8).


I get your point about using packages. Maybe I should migrate all ports into packages. Will take some time and I am not convinced that each of the will work with default settings. Though I am pretty sure most of them will.
As a test, I deleted apache24 and mod_perl2 and installed them with pkg install(8). After that, the server starts with mod_ssl enabled and mod_perl disabled. With the last one enabled, I get the same "assertion failed" error as mentioned above.


----------



## reddy (May 29, 2019)

jontheil said:


> As a test, I deleted apache24 and mod_perl2 and installed them with pkg install(8). After that, the server starts with mod_ssl enabled and mod_perl disabled. With the last one enabled, I get the same "assertion failed" error as mentioned above.



If you did that, haven't you just mixed packages and ports? Also, when you say "I usually prefer to avoid mixing", are you saying that you are sometimes mixing them? This could be a cause for the issues you are facing.


----------



## jontheil (May 29, 2019)

reddy said:


> If you did that, haven't you just mixed packages and ports? Also, when you say "I usually prefer to avoid mixing", are you saying that you are sometimes mixing them? This could be a cause for the issues you are facing.


In fact, I said "...I generally don't want to mix ports and packages". So everything has been installed as ports. With a few exceptions, namely applications I just couldn't build whatever steps I took. For instance, I haven't been able to build ports-mgmt/synth which always fails because of lang/gcc6-aux. I don't know the exact number of these cases, and I don't remember how to find out. I have 1370 installed.

What specifically went wrong at the time these problem started, I don't know/remember. At least, now I know apache can be used when installed with default options set. I should be able to get the same result by something like `make -C /usr/ports/www/apache24/ rmconfig deinstall clean install clean`.
Then I could try to rebuild all perl-related ports (as described in /usr/ports/UPDATING) to resolve the issue with mod_perl2. Or..?


----------



## Lamia (May 30, 2019)

Keep using ports against pkgs.There are always a few exceptions - I'm my case some browsers, vm, and a few others.
You should get Apache running with mod_ssl via ports like you did with pkgs. For the mod_perl, I hope you don't have multiple Perl versions.  I have set it in my make.conf to avoid multiple versions. And that makes it easy to delete all Perl pkgs and rebuild them. 

These things happen - you upgrade or update your base pkgs/repo and some pkgs won't build again. 

I know that enabling unecessary build options also cause build failure or pkg crash (owing to a bug). 'make rmconfig' can be a good way to reset after deleting Apache or so.


----------

