Apache : httpd could not be started

[lalebarde]

Hello,
Thought I have searched many forums, I have not found anything on this :
I am on my first server install . I selected OpenBSD 4.4 with OAMP. I am complete newbie for all of that (Gentoo on my desktop without apache, mysql, php). I have followed installation instructions from http://www.openbsd.org/faq, for OAMP from http://http://www.h-i-r.net/2008/01/...che-mysql.html, and for apache configuration in /var/www/conf/httpd.conf from http://http://httpd.apache.org/docs/...irectives.html.

When I start apache, here is the result : could not resolve port "192.168.2.11" --- service not supported for ai_socktype
/usr/sbin/apachectl start: httpd could not be started

As written in the apache documentation for listen : Listen is now a required directive. If it is not in the config file, the server will fail to start.

What I did with : Listen 192.168.2.11

If I remove this line, apache starts, but then if I try to browse my server from 192.168.2.11, I get :
Forbidden
You don't have permission to access /phpinfo.php on this server.

It is the same with PF disabled.

I need help please .

[anomie]

What version of Apache?

Quote:

Originally Posted by lalebarde

When I start apache, here is the result : could not resolve port "192.168.2.11"

It looks like you'll need to append a service port, i.e.:

Code:

Listen 192.168.2.11:80

Quote:

Originally Posted by lalebarde

You don't have permission to access /phpinfo.php on this server.

So modify the allow/deny directives to give yourself permission...

Consider getting a book on Apache. The official documentation is very thorough and useful, but it's not designed with new users in mind.

[J65nko]

First do a syntax test with apachectl

Code:

apachectl configtest

Read the fine apachectl man page to find out what it will report if there are no syntax errors.

The standard configuration of /var/www/conf/httpd.conf already enables a Listen on port 80 and port 443

Code:

$ grep -in listen /var/www/conf/httpd.conf 
182:# Listen: Allows you to bind Apache to specific IP addresses and/or
186:#Listen 3000
187:#Listen 12.34.56.78:80
191:# is used to tell the server which IP address to listen to. It can either
193:# See also the <VirtualHost> and Listen directives.
302:# Port: The port to which the standalone server listens. For
310:##  When we also provide SSL we have to listen to the 
314:Listen 80
315:Listen 443

So I wonder why you needed to add such a directive
If you want to use a specific IP address then add the port specification as shown in line 187.

Next step is to check whether Apache is actually LISTENing

Code:

$ netstat -an -f inet
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  *.80                   *.*                    LISTEN
tcp        0      0  *.6000                 *.*                    LISTEN
tcp        0      0  127.0.0.1.587          *.*                    LISTEN
tcp        0      0  127.0.0.1.25           *.*                    LISTEN
tcp        0      0  *.22                   *.*                    LISTEN
tcp        0      0  *.515                  *.*                    LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
udp        0      0  192.168.222.20.7184    83.96.227.85.123      
udp        0      0  192.168.222.20.11292   213.239.154.12.123    
udp        0      0  192.168.222.20.35727   94.75.205.140.123     
udp        0      0  192.168.222.20.4769    194.109.64.200.123    
udp        0      0  192.168.222.20.15905   213.10.47.241.123     
udp        0      0  *.514                  *.*

BTW I am assuming you are using the default Apache which is in the OpenBSD base systall, not an Apache 2 installed with a package

Did you follow the message given by the install of the PHP package? This tells you what to modify in httpd.conf.

[J65nko]

Last week I installed a OpenBSD current snapshot with php. This is the message I referred to in my previous post.

Code:

--- php5-core-5.2.6p0 -------------------
To enable the php5 module please create a symbolic
link from /var/www/conf/modules.sample/php5.conf
to /var/www/conf/modules/php5.conf.

ln -s /var/www/conf/modules.sample/php5.conf \
        /var/www/conf/modules

The recommended php configuration has been installed
to /var/www/conf/php.ini.

Don't forget that the default OpenBSD httpd is chrooted
into /var/www by default, so you may need to create support
directories such as /var/www/tmp for PHP to work correctly.

[lalebarde]

Thanks anomie ,
With Listen 192.168.2.11:80, apache starts. But I still have the same access forbidden message from my browser.

Though in <Directory "/var/www/htdocs">, I have put :
Order deny,allow
Deny from all
Allow from 192.168.2.11

BTW, what book of Apache do you advise (english or french) ?

My version of appache is the one embedded at installation with OpenBSD 4.4. It seems it is apache-httpd-2.2.8.tgz - but I am not sure since pkg_info provides info from repository and not from installed version, and I still don't know how to get this information .

[DutchDaemon]

httpd -v usually works (and php -v if you need that as well)

[lalebarde]

Thanks J5nko,

Quote:

First do a syntax test with apachectl

Syntax OK

Quote:

$ grep -in listen /var/www/conf/httpd.conf

190:Listen 192.168.2.11:80
191:Listen 192.168.2.11:443
323:Listen 80
324:Listen 443
ok, I am not consistent here but it should be ok. For the trial, I suppress the ip specification, and let only the port. I am still forbidden.

Quote:

$ netstat -an -f inet

Proto Recv-Q Send-Q Local Address Foreign Adress (state)
tcp 0 0 192.168.2.20.80 192.168.2.10.54875 TIME_WAIT
tcp 0 0 *.80 *.* LISTEN
tcp 0 0 *.443 *.* LISTEN
tcp 0 0 *.22 *.* LISTEN
tcp 0 0 *.37 *.* LISTEN
tcp 0 0 *.13 *.* LISTEN
tcp 0 0 127.0.0.1.587 *.* LISTEN
tcp 0 0 127.0.0.1.25 *.* LISTEN
udp 0 0 192.168.2.20.31537 88.191.17.134.123
udp 0 0 127.0.0.1.512 *.*
udp 0 0 192.168.2.20.24521 88.191.11.98.123
udp 0 0 192.168.2.20.8367 88.191.47.13.123
udp 0 0 192.168.2.20.11927 91.121.138.209.123
udp 0 0 192.168.2.20.39243 81.93.183.116.123
udp 0 0 *.514 *.*

192.168.2.10 is another PC with windows. The one with which I try to connect to the server .20 is .11

Quote:

I am assuming you are using the default Apache which is in the OpenBSD

Yes

Quote:

Did you follow the message given by the install of the PHP package?

Yes :
ln -s /var/www/conf/modules-sample/php5.conf /var/www/conf/modules
ln -s /var/www/conf/modules-sample/mysql.ini /var/www/conf/php5/mysql.ini
vi /var/www/conf/httpd.conf : uncomment AddTyp application/x-httpd-php .php
I put also : ServerTokens ProductOnly

Other clue ?

[lalebarde]

Thanks DutchDaemon,
Apache 1.3.29
PHP 5.2.6

[anomie]

Quote:

Originally Posted by lalebarde

BTW, what book of Apache do you advise (english or french) ?

I've been happy with "Pro Apache, Third Edition" by Peter Wainwright as a (thorough) general reference. I would recommend starting there and giving yourself a few weeks to get through it all.

I also just received "Apache Security" by Ivan Ristic as a birthday gift, and I am about 1/3 finished with it. So far it has provided great info on securing Apache web server and PHP (running as a module or CGI).

[anomie]

Quote:

Originally Posted by lalebarde

But I still have the same access forbidden message from my browser.

Though in <Directory "/var/www/htdocs">, I have put :
Order deny,allow
Deny from all
Allow from 192.168.2.11

I'm not familiar with OBSD's standard Apache web server config; is /var/www/htdocs also your DocumentRoot?

Check filesystem permissions for /var/www/htdocs and any file it contains. Does the user httpd is running as have read access to them?

Also, add another allow line below the one you have, because it looks like you're browsing the web server from itself. Change to:

Code:

Order deny,allow
Deny from all
Allow from 192.168.2.11
Allow from 127.0.0.1

Finally, there are some other directives that could cause permission to be denied. (But we won't worry about those for now.)

[robbak]

When you say that you are trying to browse the server, what is the url you are going to?

http://<hostname>/ , or http://<hostname>/phpinfo.php ?

If the later, just check if user http can read phpinfo.php.

Code:

$ cd /<your document root>
$ ls -l

If you do not understand the ouptut, post it and we'll tell you.

[J65nko]

Quote:

Originally Posted by lalebarde

ln -s /var/www/conf/modules-sample/php5.conf /var/www/conf/modules
ln -s /var/www/conf/modules-sample/mysql.ini /var/www/conf/php5/mysql.ini

vi /var/www/conf/httpd.conf : uncomment AddTyp application/x-httpd-php .php
I put also : ServerTokens ProductOnly

That is all what I did have to do get a simple test.php script working. Except I didn't mess with the ServerTokens I also didn't have to edit those Deny/Allow directives.

If I do a http://localhost/test.php the following displays OK in firefox and lynx:

Code:

# cat /var/www/htdocs/test.php                                              
<html>
<head>
   <title>This is a test</title>
</head> 

<body>
  <h1>A test for PHP</h1> 

<?php
 echo '<p>A simple test for PHP</p>' ; 

$name='J65nko' ;

echo <<<END
<p>
   Another parapgraph, this time created with a here document.
</p>

<p>You can also use variables</p>

<p>Take care, </p>
<p>$name </p>

END;

?>
</body>
</html>

Do you actually have a phpinfo.php file? I don't

Code:

# find /var/www -name 'phpinfo*'  
#

[lalebarde]

Hello anomie, robbak, J65nko,
Thanks a lot for your replies.

anomie,

Quote:

is /var/www/htdocs also your DocumentRoot?

YES

Quote:

Check filesystem permissions for /var/www/htdocs and any file it contains. Does the user httpd is running as have read access to them?

Everybody has access to DocumentRoot and read access to all its contents.

Quote:

Also, add another allow line below the one you have, because it looks like you're browsing the web server from itself.

No, the server is on x.x.x.20, the browser on x.x.x.11
Anyway, if I allow 127.0.0.1, ma browser is still forbidden.

robbak,

Quote:

When you say that you are trying to browse the server, what is the url you are going to?

http://192.168.2.20/phpinfo.php

Quote:

just check if user http can read phpinfo.php

cd /var/www/htdocs
ls -l
drwxr-xr-x 2 root Wheel bgplg
-r--r--r-- 1 root bin blowfish.jpg
-r--r--r-- 1 root bin bsd_small.gif
-r--r--r-- 1 root bin index.html
-r--r--r-- 1 root bin lock.gif
-r--r--r-- 1 root bin logo23.jpg
-r--r--r-- 1 root bin logo24.jpg
-r--r--r-- 1 root bin mod_ssl_sb.gif
-r--r--r-- 1 root bin openbsd_pb.gif
-r--r--r-- 1 root bin openbsdpower.gif
-r--r--r-- 1 root bin openssl_ics.gif
-rw-r--r-- 1 root bin phpinfo.php
-r--r--r-- 1 root bin smalltitle.gif
It looks to me everyuser has read access.

Quote:

If I do a http://localhost/test.php the following displays OK in firefox and lynx:

If I browse locally : lynx http://localhost/test.php or lynx http://localhost/index.html, it works. But from x.x.x.11, I am rejected :
Forbidden
You don't have permission to access /test.php on this server.

Quote:

Do you actually have a phpinfo.php file?

Yes, in : /var/www/htdocs, but it is empty

[lalebarde]

Quote:

I also didn't have to edit those Deny/Allow directives.

If I come back to default :
<Directory "/var/www/htdocs">
Order allow,deny
Allow from all
</Directory>
It works

I have to dig again in the documentation for this stuff.

I close the thread. THANKS A LOT ALL OF YOU