Consider our wiki article for this:
https://cwiki.apache.org/confluence/display/HTTPD/CouldNotBindToAddress
On Thu, Dec 15, 2022 at 5:16 PM Dan Nessett <dness...@yahoo.com.invalid>
wrote:
> I am attempting to set up apache with sslh. The latter is running fine,
> but when I attempt to start the apache2 server, it fails with the following
> message:
>
> dnessett@Mount:/etc/apache2/sites-available$ sudo systemctl restart
> apache2
> Job for apache2.service failed because the control process exited with
> error code.
> See "systemctl status apache2.service" and "journalctl -xe" for details.
>
> Wnen I investigate further (asking for apache status), I find the
> following:
>
> dnessett@Mount:/etc/apache2/sites-available$ systemctl status
> apache2.service
> ● apache2.service - The Apache HTTP Server
> Loaded: loaded (/lib/systemd/system/apache2.service; enabled-runtime;
> vendor preset: enabled)
> Drop-In: /lib/systemd/system/apache2.service.d
> └─apache2-systemd.conf
> Active: failed (Result: exit-code) since Thu 2022-12-15 11:08:46 MST;
> 41s ago
> Process: 2520 ExecStart=/usr/sbin/apachectl start (code=exited,
> status=1/FAILURE)
>
> Dec 15 11:08:46 Mount systemd[1]: Starting The Apache HTTP Server...
> Dec 15 11:08:46 Mount apachectl[2520]: (98)Address already in use:
> AH00072: make_sock: could not bind to address 127.0.0.1:4443
> Dec 15 11:08:46 Mount apachectl[2520]: no listening sockets available,
> shutting down
> Dec 15 11:08:46 Mount apachectl[2520]: AH00015: Unable to open logs
> Dec 15 11:08:46 Mount apachectl[2520]: Action 'start' failed.
> Dec 15 11:08:46 Mount apachectl[2520]: The Apache error log may have more
> information.
> Dec 15 11:08:46 Mount systemd[1]: apache2.service: Control process exited,
> code=exited status=1
> Dec 15 11:08:46 Mount systemd[1]: apache2.service: Failed with result
> 'exit-code'.
> Dec 15 11:08:46 Mount systemd[1]: Failed to start The Apache HTTP Server.
>
> Since it appears port 4443 is already in use, I print the active listen
> addresses:
>
> dnessett@Mount:/etc/apache2/sites-available$ sudo lsof -i -P -n | grep
> LISTEN
> systemd-r 760 systemd-resolve 13u IPv4 20577 0t0 TCP
> 127.0.0.53:53 (LISTEN)
> cupsd 859 root 6u IPv6 21248 0t0 TCP [::1]:631
> (LISTEN)
> cupsd 859 root 7u IPv4 21249 0t0 TCP
> 127.0.0.1:631 (LISTEN)
> vsftpd 977 root 3u IPv6 21478 0t0 TCP *:21
> (LISTEN)
> sshd 989 root 3u IPv4 23513 0t0 TCP *:22
> (LISTEN)
> sshd 989 root 4u IPv6 23515 0t0 TCP *:22
> (LISTEN)
> mysqld 1565 mysql 17u IPv6 26365 0t0 TCP *:3306
> (LISTEN)
> sslh 2166 sslh 3u IPv4 75977 0t0 TCP
> 98.127.182.220:443 (LISTEN)
> sslh 2167 sslh 3u IPv4 75977 0t0 TCP
> 98.127.182.220:443 (LISTEN)
>
> As is shown, there is no active listen address for port 4443. journalctl
> -xe gave no additional information.
>
> I have configured apache to listen on 4443, since sslh listens on 443 and
> forwards https requests to port 4443. I am using a virtual host for this
> purpose in 000-default.conf, which I include below (notice I have commented
> out the listen on port 80, since I only want apache to listen for https
> requests). I have also commented out some <Directory > directives that came
> from an XAMPP configuration, which I have disabled. If I get apache working
> I will remove most of this commented out text
>
> dnessett@Mount:/etc/apache2/sites-available$ cat 000-default.conf
> # Comment out the port 80 virtual host block
>
> <IfDefine IgnoreBlockComment>
> <VirtualHost *:80>
> # The ServerName directive sets the request scheme, hostname and
> port that
> # the server uses to identify itself. This is used when creating
> # redirection URLs. In the context of virtual hosts, the ServerName
> # specifies what hostname must appear in the request's Host:
> header to
> # match this virtual host. For the default virtual host (this
> file) this
> # value is not decisive as it is used as a last resort host
> regardless.
> # However, you must set it for any further virtual host explicitly.
> #ServerName www.example.com
>
> ServerAdmin webmaster@localhost
> DocumentRoot /var/www/html
>
> # Available loglevels: trace8, ..., trace1, debug, info, notice,
> warn,
> # error, crit, alert, emerg.
> # It is also possible to configure the loglevel for particular
> # modules, e.g.
> #LogLevel info ssl:warn
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> # For most configuration files from conf-available/, which are
> # enabled or disabled at a global level, it is possible to
> # include a line for only one particular virtual host. For example
> the
> # following line enables the CGI configuration for this host only
> # after it has been globally disabled with "a2disconf".
> #Include conf-available/serve-cgi-bin.conf
> </VirtualHost>
> </IfDefine>
>
> Listen localhost:4443 ssl;
>
> # These defintions are in the main conf file
>
> <IfDefine IgnoreBlockComment>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> Require all denied
> </Directory>
>
> <Directory /usr/share>
> AllowOverride None
> Require all granted
> </Directory>
>
> <Directory /var/www/>
> Options Indexes FollowSymLinks
> AllowOverride None
> Require all granted
> </Directory>
> </IfDefine>
>
> # Comment out the lampp phpadmin and htdocs Directory blocks
>
> <IfDefine IgnoreBlockComment>
> <Directory "/opt/lampp/phpmyadmin">
> AllowOverride AuthConfig Limit
> Require all granted
> ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
> </Directory>
>
> <Directory "/opt/lampp/apache2/htdocs">
> Options Indexes FollowSymLinks
> AllowOverride All
> Order allow,deny
> Allow from all
> </Directory>
> </IfDefine>
>
> <VirtualHost localhost:4443>
> ServerName coop.mountolive.com:4443
> DocumentRoot /var/www/sites/coop-mountolive
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> SSLEngine on
> SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
> SSLCertificateKeyFile /root/.
> acme.sh/*.mountolive.com/*.mountolive.com.key
> </VirtualHost>
>
> For completeness, I include below the configuration information for sslh:
>
> dnessett@Mount:/etc/default$ cat sslh
> # Default options for sslh initscript
> # sourced by /etc/init.d/sslh
>
> # Disabled by default, to force yourself
> # to read the configuration:
> # - /usr/share/doc/sslh/README.Debian (quick start)
> # - /usr/share/doc/sslh/README, at "Configuration" section
> # - sslh(8) via "man sslh" for more configuration details.
> # Once configuration ready, you *must* set RUN to yes here
> # and try to start sslh (standalone mode only)
>
> RUN=yes
>
> # binary to use: forked (sslh) or single-thread (sslh-select) version
> # systemd users: don't forget to modify /lib/systemd/system/sslh.service
> DAEMON=/usr/sbin/sslh
>
> DAEMON_OPTS="--user sslh --listen coop.mountolive.com:443 --ssh
> 127.0.0.1:22 --ssl localhost:4443 --pidfile /var/run/sslh/sslh.pid"
>
> Thanks for any help you can give.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
