[BlueOnyx:14341] Re: SL-6.5 breaks Apache if SSL is enabled - FIXED

Michael Stauber mstauber at blueonyx.it
Fri Jan 31 19:04:23 PET 2014


Hi all,

>> Scientific Linux released version 6.5 last night with 184 updates!!
>
> Apache fails restart with:
>
> Syntax error on line 10 of /etc/httpd/conf.d/ssl_perl.conf:
> $parms->add_config() has failed: mod_perl:1: <VirtualHost> was not
> closed. at /usr/lib64/perl5/Apache2/PerlSections.pm line 215.\n

This problem *only* affects boxes with the YUM updates from the
"BlueOnyx-Testing" YUM repository. If you haven't updated from the
"BlueOnyx-Testing" since late November, then you should be fine.

How to fix it (TL;DR-Version first):
====================================

Assumption: In /etc/yum.repos.d/BlueOnyx.repo you still have the
"BlueOnyx-Testing" YUM repository enabled. If not, enable it again.

1.) Login by SSH as "admin" and use "su -" to gain root access.

2.) Run "yum clean all".

3.) Run "yum update". It will fetch a set of updated base-apache* RPMs.

4.) Run this command: /usr/sausalito/sbin/toggle_ssl.pl
    It is included in the new base-apache RPMs. Older boxes without
    this very latest update will not have this command.

5.) Run "/etc/init.d/httpd restart" and your Apache should start again.


Long explanation:
=================

Basically it was a bloody stupid oversight of mine. There are several
ways how you can handle SSL enabled Vsites in Apache. One is to add
extra <VirtualHost> containers into the Apache config files, which deal
with port 443 and also add the necessary SSL related options to it. Like
where to find the certificates and so on.

However, BlueOnyx uses /etc/httpd/conf.d/ssl_perl.conf to dynamically
generate the SSL related <VirtualHost> containers for SSL enabled
Vsites. Which is a bit more elegant.

However, I had merged in code from Hisao's 5200R where the handler
"virtual_host.pl" and then modified it further. This handler is
responsible for writing the <VirtualHost> containers of virtual sites.

However, Hisao's version not only creates a non-SSL container, but also
a separate one for SSL, as his 5200R is no longer using ssl_perl.conf.

Of course we can't have two <VirtualHost>-containers for SSL: One static
in the config file and a second one that's generated on the fly by
ssl_perl.conf.

So that caused the problems for anyone who had both the
"BlueOnyx-Testing" updates installed *and* either enabled SSL for an
existing Vsite or created a new SSL-enabled Vsite afterwards.

In the updates I just released the handler was fixed and additionally
the script /usr/sausalito/sbin/toggle_ssl.pl was added to quickly
rewrite the Apache config files of SSL-enabled Vsites. The forced
rewrite of these config files will remove the erroneous
<VirtualHost>-container for SSL and afterwards Apache will start again
just fine.

My apologies to all who were affected by this.

-- 
With best regards

Michael Stauber



More information about the Blueonyx mailing list