J Henselmans

Q: Apache does not work after server 5.0.3 upgrade

I am having trouble getting basic services to work after the upgrade to Server 5.0.3 (what's new after a Server upgrade...).

 

This time it is Apache that does not want to work. The SSL server for the local server (the one that does the login for the users, the profilemanager etc) does not show up.

 

Reason seems to be that the proxy server that connects to the 'real' server has somehow lost its certifcates, as we can see in the settings in

/Library/Server/Web/Config/Proxy/apache_serviceproxy.conf.

 

Under

 

<VirtualHost *:443> and <VirtualHost *:8443>

 

I find:

 

  SSLCertificateFile "PATH_PLACEHOLDER.cert.pem"

   SSLCertificateKeyFile "PATH_PLACEHOLDER.key.pem"

   SSLCertificateChainFile "PATH_PLACEHOLDER.chain.pem"

 

Does anyone know how to replace these things with sensible values?

 

Kind regards,

Johan Henselmans

Server, OS X Server

Posted on Sep 17, 2015 2:11 AM

Close

Q: Apache does not work after server 5.0.3 upgrade

  • All replies
  • Helpful answers

Previous Page 2 of 3 last Next
  • by KRIBkia,

    KRIBkia KRIBkia Sep 18, 2015 2:38 AM in response to J Henselmans
    Level 1 (2 points)
    Sep 18, 2015 2:38 AM in response to J Henselmans

    The way I fixed the issues I had was to roll back to 4.1.x but had to fix the websites IPs within each site (I'm hosting a few) and all is now back to normal.


    However, I was contacted by Apple Server Support via email and have sent in a report so lets hope there is a fix for the 5.0.3 issues.

  • by KRIBkia,

    KRIBkia KRIBkia Sep 18, 2015 3:06 AM in response to KRIBkia
    Level 1 (2 points)
    Sep 18, 2015 3:06 AM in response to KRIBkia

    Just to add to this, it seems that my CardDav and CalDav services are stuck since I downgraded to 4.1.5. They're just giving me the spinning wheel. Also the server app is having issues with loading the certificates service screen.

  • by JonneV,

    JonneV JonneV Sep 18, 2015 6:40 AM in response to J Henselmans
    Level 1 (0 points)
    Sep 18, 2015 6:40 AM in response to J Henselmans

    Thanks, this helped fixing it!

  • by Lopezzi,

    Lopezzi Lopezzi Sep 18, 2015 7:26 AM in response to J Henselmans
    Level 1 (5 points)
    Sep 18, 2015 7:26 AM in response to J Henselmans

    Also to note, while the Websites are working, they still show as not accessible in the Server app.  Also, my Profile Manager won't turn on now either.  Not sure what to do about that.  Obviously this has something to do with the certs but it shouldn't be this hard.  Come on Apple...

  • by JonneV,

    JonneV JonneV Sep 18, 2015 10:04 AM in response to Lopezzi
    Level 1 (0 points)
    Sep 18, 2015 10:04 AM in response to Lopezzi

    I used to be able to restart apache from the command line, this seems not to work anymore since the update.

  • by Lopezzi,

    Lopezzi Lopezzi Sep 18, 2015 11:04 AM in response to J Henselmans
    Level 1 (5 points)
    Sep 18, 2015 11:04 AM in response to J Henselmans

    I saw this on another thread and it might fix the problems that we are all having too.  After doing the initial fix in the first post (editing the .conf file and replacing the placeholders with the path to the certs), which did fix my Websites issue, I still couldn't launch Profile Manager.  I noticed after upgrading, I don't remember seeing the "Upgrading your Services" dialog we usually get when the Server app is updated.  The suggestion on a different thread said to drag the Server app to the trash and wait for the dialog box that says it detected the Server app being removed.  After that dialog, drag the Server app back to the Applications folder and then launch it.  It will re-run the setup it normally does and upgrade the services.  I did this and lo and behold, my profile manager is working again!  This might also fix the Website issue too.  I couldn't test it as I already did the other fix.  Someone else who is having this issue want to test it?  Hope this helps this issue!

  • by Bi-noix,

    Bi-noix Bi-noix Sep 18, 2015 2:30 PM in response to Lopezzi
    Level 1 (4 points)
    Mac App Store
    Sep 18, 2015 2:30 PM in response to Lopezzi

    My understanding so far, based on the Readme.txt in the apache config folder is that from now on:

    - Ports 80 and 443 are "reserved" in the configuration for Apple services (including DeviceManager, Wiki,...)

    - Any Virtual host is served from 34580/34543, and there are automatic proxy directives for each host from 80->127.0.0.1:34580 / 443->34543

     

    There is a potential impact on the configuration/code of the virtual hosts (use x-forwarded-for insted of REMOTE_ADDR to get client IP, + any custom port forwarding/proxy you may use).

     

    I think Apple did that to ensure that access to the Apple provided services is working whatever the configuration of your additional custom sites / vhosts.

  • by macar00n,

    macar00n macar00n Sep 19, 2015 8:27 AM in response to Lopezzi
    Level 1 (0 points)
    Sep 19, 2015 8:27 AM in response to Lopezzi

    Thanks for this suggestion.  It worked.  I deleted Server [dragged to Trash] => Affirmed the Dialog "Server removed.." => Opened up the Trash folder => Dragged Sever back to Applications => Relaunch Server and Affirm subsequent Dialogs.  Cheers

  • by joegillespie,

    joegillespie joegillespie Sep 21, 2015 4:30 AM in response to Bi-noix
    Level 1 (0 points)
    Sep 21, 2015 4:30 AM in response to Bi-noix

    Thanks for the explanation of the other prots. I found that after installing Server 5.0.3, my websites were also not available upon relaunch of Server app. I puzzled through these comments and finally just rebooted the server. That was all it took; my sites are restored. No messing around in Terminal required. Hope that helps someone out there. Apple might have mentioned that. - Joe

  • by Deb Chabot,

    Deb Chabot Deb Chabot Sep 21, 2015 6:04 AM in response to J Henselmans
    Level 1 (20 points)
    Sep 21, 2015 6:04 AM in response to J Henselmans

    After the Server 5.03 update I too couldn't serve websites, and after messing with all this for a full day I installed the El Captain beta

    and everything works perfectly. I only hope that Apple will get the OS X back into the fine code it used to be!

  • by dbrogdon,

    dbrogdon dbrogdon Sep 21, 2015 2:13 PM in response to J Henselmans
    Level 1 (4 points)
    Sep 21, 2015 2:13 PM in response to J Henselmans

    Upgrading to 5.0.4 seems to fix the problem.

  • by Zjipz,

    Zjipz Zjipz Sep 22, 2015 1:17 AM in response to dbrogdon
    Level 1 (0 points)
    Sep 22, 2015 1:17 AM in response to dbrogdon

    it doesn't over here. I think this is a crappy way to treat us to an update.

     

    How do I get rid of the strange port issue and the fact that REMOTE_ADDR is crapped up?

     

    Updating to 5.0.4 didn't do the trick, sudo serveradmin command web:command=restoreFactorySettings didn't either.

     

    Anyone?

  • by Grady Lucas,

    Grady Lucas Grady Lucas Sep 22, 2015 8:00 AM in response to J Henselmans
    Level 1 (4 points)
    Mac OS X
    Sep 22, 2015 8:00 AM in response to J Henselmans

    Do I understand correctly that there should be PLACEHOLDER_TEXT in those files to replace with thecert infoform/etc/certificates? 

     

    My files do not have "PLACEHOLDER_TEXT"; the path is complete, but apparently wrong.

     

    Anyone else stuck?

  • by Grady Lucas,

    Grady Lucas Grady Lucas Sep 22, 2015 8:05 AM in response to KRIBkia
    Level 1 (4 points)
    Mac OS X
    Sep 22, 2015 8:05 AM in response to KRIBkia

    Any luck, I am having the exact same issue.

  • by dreness,

    dreness dreness Sep 22, 2015 5:00 PM in response to Lopezzi
    Level 1 (60 points)
    Sep 22, 2015 5:00 PM in response to Lopezzi

    Hi,

     

    Your lsof output indicates that the apache processes using the httpd_server_app.conf config were running, but the apache processes associated with apache_serviceproxy.conf were not working (these configs are in /Library/Server/Web/Config/apache2 and /Library/Server/Web/Config/Proxy respectively). Fixing the SSL cert problem in the apache_serviceproxy.conf file is probably what allowed those apache daemons to start working again.

     

    By looking in either of those config files (or by looking at a process listing, e.g. pgrep -fla httpd) you can find the path to the error log file used by that apache instance. The error log is the best place to look when apache isn't doing what you expect. In the case of the broken service proxy (due for example to SSL cert issues) you would probably see repeating startup failures in that error.log, as apache starts, encounters the fatal error, logs it, and then immediately exits.

     

    It is normal to have a bunch of IPv6 listeners

     

    Cheers,

    -dre

Previous Page 2 of 3 last Next