Great, thanks a ton mate!
On Wed, Aug 13, 2014 at 8:30 PM, Jeff Trawick <traw...@gmail.com> wrote: > On Wed, Aug 13, 2014 at 8:05 AM, Goran Tepshic <purpleri...@gmail.com> > wrote: > >> Hmm, interesting tip Jedd. >> >> I now tried changing mutex (*commended by default*) to *sem *and those >> error logs stopped. >> Now, reading this page >> http://httpd.apache.org/docs/current/mod/core.html#mutex i see that >> there are couple of mutexes available (*i still don't know what that is >> and why do I need one*) and couple of them seems to remedy this issue. >> Not sure which one should i choose, which is stable and most performant. >> >> I'm by no means an expert, just a unix fan trying to set up a simple, >> secure VPS. >> Could you please shed some light on choosing the best solution? >> > > Safe: > > Follow the "strength in numbers" path. Use flock since that is the > default for FreeBSD and presumably most httpd configurations there are > still using it. But as you noticed originally the default path is not in a > place where the child has permission to write to it, so see about that. > (The path should default to ServerRoot / logs / ) dtruss/truss/whatever > should be able to show what path can't be accessed in the jail. > > > Fastest: > > Unless you want to benchmark your environment, I wouldn't worry about it. > Some that may be theoretically faster have caveats listed in the > documentation. > > Posixsem (which you might get with "sem") is the one that most recently > was found to have code bugs exposed in some httpd configurations (fixed in > future releases of apr). > > > >> >> ALso, HUGE thanks for your help! >> >> >> On Wed, Aug 13, 2014 at 1:10 PM, Jeff Trawick <traw...@gmail.com> wrote: >> >>> On Wed, Aug 13, 2014 at 6:40 AM, Goran Tepshic <purpleri...@gmail.com> >>> wrote: >>> >>>> Just set up a FreeBSD jail to run httpd in it and all works good except >>>> these two, rewrite/proxy modules. >>>> >>>> *These are error logs excerpts:* >>>> >>>> >>>> *mod_rewrite* error: >>>> >>>> [rewrite:crit] [pid 43447] (13)Permission denied: AH00666: mod_rewrite: >>>> could not init rewrite_mapr_lock_acquire in child >>>> >>>> *mod_proxy* error: >>>> >>>> [proxy:crit] [pid 43447] (13)Permission denied: AH02479: could not init >>>> proxy_mutex in child >>>> >>>> >>>> Not sure permissions of *what* are being denied as html in document >>>> root is being served just fine when these modules are disabled. >>>> >>>> I tried googling but found nothing but rubbish. >>>> >>>> >>>> Please help, this thing is making me crazy. >>>> >>> httpd/APR on FreeBSD uses a file-based mutex ("flock") by default. It >>> looks like the mutex files are placed in a location where the httpd child >>> processes don't have permission. >>> >>> You should be able to use 2.4's Mutex directive ( >>> http://httpd.apache.org/docs/current/mod/core.html#mutex) to resolve >>> the issue. >>> >>> Perhaps the necessary magic is >>> >>> Mutex file:/some/path/ default >>> >>> where /some/path is writable by httpd parent and child. I don't *think* >>> this is some jail-specific issue, other than that child-writable paths in >>> the jail may be different/more limited due to the way it is set up. >>> >>> >>> -- >>> Born in Roswell... married an alien... >>> http://emptyhammock.com/ >>> >>> >> > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > http://edjective.org/ > >
