Our moodle hangs and shows this error message
Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
What does it mean? How can we fix it and prevent it from occurring again?
Is that an Apache error screen you see or a Moodle error screen? And is this a copy and paste error in reporting the error?
What does it mean?
Yep! It's true! Moodle is looking for 'Apache' ...
In 20+ years working with Apache on Linux (some Ubuntu, but mostly Fedora/RH Family/CentOS) I have never seen, if Apache server signature left on, a report of:
(Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16)
Note the bolded above. Now if Apache server signature left on (which should be off) and one forces a simple 404 error (not found), the server would show and should show if configured for ServerTokens set to OS:
(Apache/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16)
Note the missing 'h' in what you report from your server?
How can we fix it - possibly see below!
For for you in investigating config of your server:
ServerTokens
Configures the Server HTTP response header. Different ServerTokens directive options are following (add or modify httpd.conf file or apache.conf):
Prod or ProductOnly – Server sends (e.g.): Server: Apache
ServerTokens Prod
Major – Server sends (e.g.): Server: Apache/2
ServerTokens Major
Minor – Server sends (e.g.): Server: Apache/2.2
ServerTokens Minor
Min or Minimal – Server sends (e.g.): Server: Server: Apache/2.2.4
ServerTokens Min
OS – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu)
ServerTokens OS
Full or not specified – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
ServerTokens Full
ServerTokens setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.
For reference:
https://www.if-not-true-then-false.com/2009/howto-hide-and-modify-apache-server-information-serversignature-and-servertokens-and-hide-php-version-x-powered-by/
And lastly ... prevent it from occurring again?
Since things like that really don't happen all by themselves, suggest server admin needs to quit messin' with config!
Major piece of advice ... show as little as possible to those that would do harm to your server.
Now I could be all wrong. Been messin' with anything lately?
'SoS', Ken
Sorry, just my typo. It is "Apache" not "Apace". The error message shows on the Moodle screen.
We are using CentOS 7.4.1, PHP 7.2.16
Could you send a screen capture of this error screen?
Also info from:
cat /etc/redhat-release
/usr/sbin/httpd -V (just server version from that info)
yum repolist
tail /var/log/yum.log
'SoS', Ken
Interesting ... typical CentOS 7 runs either httpd (apache) or nginx - but could run LIghtspeed other as well.
This
/usr/sbin/httpd -V
no such command
shows you are not running apache (httpd daemon)
netstat -tulpn | grep :80 (or :443)
whatis httpd
or whatis nginx
Are we trying to run a loadbalancer?
And this on a server where you had moodle running already?
Confused!
'SoS', Ken
Also noticed the ! in front of repos.
Suggest refreshing the repos ... yum clean all
yum check-update
will rebuild repos.
'SoS', Ken
All I can say is 'WOW!" ... that's one messed up server - from typical AMP stacks on CentOS.
Purpose of these forums isn't how to install/admin/ an AMP stack, but Moodle. Really stretching the stated purpose of these forums - and free advice to boot - appreciated or not!
Some hints/clues for you (from what you have shared) ... just a few ...
Loaded: loaded (/etc/rc.d/init.d/httpd; bad; vendor preset: disabled)
Huh??!!! bad vendor preset????!!! Where in the world did you get httpd from - what repo? Uhhhhh ... don't answer that ... or even try to ... don't wanna know!
/etc/init.d/httpd: line 95: lynx: command not found
Lynx is a text based browser!!!! How did it get entered in the init.d of httpd ... the daemon for apache? In CentOS 7 there is no /etc/init.d/httpd ... 7 doesn't use the old but the new (that's a hint)
[root@moodle /]# netstat -tulpn | grep :80 returning ...
tcp6 0 0 :::443 :::* LISTEN 3053/httpd ... port 3053
http://www.adminsub.net/tcp-udp-port-finder/3503
And see it's really a CentOS 7 Guest OS on VM-Ware?
You can backup moodle code and moodledata using tar and archive those backups to another location.
MySQL appears to be running so you can use mysqldump to get an sql dump of the moodle DB. Then archive that off onto another location.
scp the backups off onto some other server.
Now the biggy ... 2 choices ...
Wipe out the VM Instance of CentOS 7 and start over with a fresh CentOS 7 this time keeping it simple. This might be best as it could be you tried what many have tried and failed to do ... upgrade a CentOS 6 in place to a CentOS 7. Reason I say that ... 'old mixed with new'.
OR - the more difficult road for you at present me thinks ...
Use yum and erase httpd, httpd-development and anything related ... which also might remove php drivers and php itself - dependencies.
Reboot server. Basically rebuild an AMP stack. Set that up with valid/working repos for things like PHP and test a static page ... don't forget your valid certs for https:// as well as a php info page.
Then restore your Moodle.
Too much for ya? Fine ... one time offer ... I'll do it for $15,000.00 US ...
$10,000.00 up front payable via PayPal and the remainder due when server is up. No work done until funds have been transferred - ie, the first $10,000.00 (that ought to price me out of the market, ya think?)
Opion: $5,000.00 US for direct Email support ... $2500.00 up front via PayPal. Condition ... you will not argue with what I tell you to do!
(that ought to price me out of the support market also, ya think?)
OR ... role up sleeves and find a tutorial on how to install an AMP stack on CentOS 7 ... properly.
OR ... role up sleeves and find a tutorial on how to install an AMP stack on CentOS 7 ... properly.
No! The repeat above is NOT a mistake!
A Google search for that will find several good tutorials on how to do that ... might have to make minor adjustments.
Not being mean nor cruel nor impolite ... just 100% honest in remote assessmet/free support exchange of public posted info via a forum that shouldn't be used for such.
'spirit of sharing', Ken
AMP stack is LAMP ... without the Linux.
"My boss compiled source code to install Apache, not yum install. He thought that it was easiler to upgrade because the version of downloaded code is known."
Tell your boss he was wrong. Back before repo's ... many/many/many moons ago, I compiled AMP stack. Depending upon what issues there were as announced by CentOS ... which gets their info from the folks at Red Hat ... one could have to dive deep into deciding if a vulnerability marked/tagged as 'important' was significant enough to warrant re-compling a 'slice of the pie' ... in other words, just one of the three that make up AMP ... Apache as an example.
Recompling of just Apache could also mean re-compiling of PHP in some cases ... longer down time.
Let's say it's PHP that has a security issue ... happens fairly often ... and it has to be re-compiled ... same problem ... that might require re-compiling of Apache and MySQL as well.
".... easiler to upgrade because the version of downloaded code is known."
Even easier with repos. and yum ... and the version is known.
yum list httpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.den1.denvercolo.net
* extras: repos.dfw.quadranet.com
* updates: mirror.dal10.us.leaseweb.net
* webtatic: us-east.repo.webtatic.com
Installed Packages
httpd.x86_64 2.4.6-90.el7.centos @base
The real package manager on CentOS is still RPM - Red Hat Package Manager. Now there is something you'd prefer not to learn. On top of or in front of that now is YUM (Yellow Dog Package Manager) ... which began it's life on Mac's, believe it or not. It's more 'intelligent' but it still uses RPM. Yum figures out the 'dependencies'.
I know you might be too young for this ... remember on Windows DLL Hell? Well, same kinda thing on Linux only it's 'dependencies' - libraries that are needed to run daemons/services/etc., etc.
Ask your boss ... if there were a zero day flaw in PHP and known to be in the wild, how quickly could your boss secure your server?
Me thinks your boss has given you pretty much mission impossible.
Ok ... enough ...can't suggest how to make the error go away - ask your Boss ... after all, he compiled the AMP stack. And to make it go away, your boss can also hack core code.
Good Luck, Kelvin!
'spirit of sharing', Ken
Just one more ... resource for you if your boss insist on compiling AMP ... you will need to refer to often me thinks.
https://lists.centos.org/pipermail/centos-announce/
Here is September:
https://lists.centos.org/pipermail/centos-announce/2019-September/thread.html
https://lists.centos.org/pipermail/centos-announce/2019-September/023405.html
Here's one on Firewalled
https://lists.centos.org/pipermail/centos-announce/2019-September/023412.html
Unless you are still using iptables might want to acquire the update to firewalled.
I happen to like the new firewall as it has a zone for dropped ... easy to have your server inaccessible to a bot network - all services/all ports - or a particularly agreessive scanner which sucks your server of bandwidth/resource usage. Let the researchers research ... just not at your server .... considering it's current issues, might want to consider using drop zone.
Ok, now am done!
'SoS', Ken