Our moodle hangs and shows this error message
Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
What does it mean? How can we fix it and prevent it from occurring again?
Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Dave Weninger -
Number of replies: 12
In reply to Dave Weninger
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Ken Task -
Is that an Apache error screen you see or a Moodle error screen? And is this a copy and paste error in reporting the error?
What does it mean?
Yep! It's true! Moodle is looking for 'Apache' ...
In 20+ years working with Apache on Linux (some Ubuntu, but mostly Fedora/RH Family/CentOS) I have never seen, if Apache server signature left on, a report of:
(Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16)
Note the bolded above. Now if Apache server signature left on (which should be off) and one forces a simple 404 error (not found), the server would show and should show if configured for ServerTokens set to OS:
(Apache/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16)
Note the missing 'h' in what you report from your server?
How can we fix it - possibly see below!
For for you in investigating config of your server:
ServerTokens
Configures the Server HTTP response header. Different ServerTokens directive options are following (add or modify httpd.conf file or apache.conf):
Prod or ProductOnly – Server sends (e.g.): Server: Apache
ServerTokens Prod
Major – Server sends (e.g.): Server: Apache/2
ServerTokens Major
Minor – Server sends (e.g.): Server: Apache/2.2
ServerTokens Minor
Min or Minimal – Server sends (e.g.): Server: Server: Apache/2.2.4
ServerTokens Min
OS – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu)
ServerTokens OS
Full or not specified – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
ServerTokens Full
ServerTokens setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.
For reference:
https://www.if-not-true-then-false.com/2009/howto-hide-and-modify-apache-server-information-serversignature-and-servertokens-and-hide-php-version-x-powered-by/
And lastly ... prevent it from occurring again?
Since things like that really don't happen all by themselves, suggest server admin needs to quit messin' with config!
Major piece of advice ... show as little as possible to those that would do harm to your server.
Now I could be all wrong. Been messin' with anything lately?
'SoS', Ken
In reply to Ken Task
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Dave Weninger -
Sorry, just my typo. It is "Apache" not "Apace". The error message shows on the Moodle screen.
We are using CentOS 7.4.1, PHP 7.2.16
In reply to Dave Weninger
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Ken Task -
Could you send a screen capture of this error screen?
Also info from:
cat /etc/redhat-release
/usr/sbin/httpd -V (just server version from that info)
yum repolist
tail /var/log/yum.log
'SoS', Ken
In reply to Ken Task
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Dave Weninger -
cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
/usr/sbin/httpd -V
no such command
#yum repolist
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Loading mirror speeds from cached hostfile
* base: centos.01link.hk
* epel: nrt.edge.kernel.org
* extras: centos.01link.hk
* remi-php72: ftp.riken.jp
* remi-safe: ftp.riken.jp
* updates: centos.01link.hk
repo id repo name status
!base/7/x86_64 CentOS-7 - Base 10,019
*!epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,348
!extras/7/x86_64 CentOS-7 - Extras 435
!nodesource/x86_64 Node.js Packages for Enterprise Linux 7 - x86_64 113
!remi-php72 Remi's PHP 7.2 RPM repository for Enterprise Linux 7 - 379
!remi-safe Safe Remi's RPM repository for Enterprise Linux 7 - x8 3,553
!updates/7/x86_64 CentOS-7 - Updates 2,500
repolist: 30,347
# tail /var/log/yum.log
Apr 20 07:46:35 Installed: jemalloc-3.6.0-1.el7.x86_64
Apr 20 07:46:35 Installed: redis-3.2.12-2.el7.x86_64
Aug 20 11:30:29 Updated: libldb-1.3.4-1.el7.x86_64
Aug 20 11:30:29 Installed: samba-common-4.8.3-6.el7_6.noarch
Aug 20 11:30:29 Installed: libwbclient-4.8.3-6.el7_6.x86_64
Aug 20 11:30:30 Installed: samba-client-libs-4.8.3-6.el7_6.x86_64
Aug 20 11:30:30 Installed: samba-common-libs-4.8.3-6.el7_6.x86_64
Aug 20 11:30:30 Installed: cifs-utils-6.2-10.el7.x86_64
Aug 20 11:30:30 Updated: libldb-devel-1.3.4-1.el7.x86_64
Aug 20 11:30:30 Installed: cifs-utils-devel-6.2-10.el7.x86_64
CentOS Linux release 7.4.1708 (Core)
/usr/sbin/httpd -V
no such command
#yum repolist
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Loading mirror speeds from cached hostfile
* base: centos.01link.hk
* epel: nrt.edge.kernel.org
* extras: centos.01link.hk
* remi-php72: ftp.riken.jp
* remi-safe: ftp.riken.jp
* updates: centos.01link.hk
repo id repo name status
!base/7/x86_64 CentOS-7 - Base 10,019
*!epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,348
!extras/7/x86_64 CentOS-7 - Extras 435
!nodesource/x86_64 Node.js Packages for Enterprise Linux 7 - x86_64 113
!remi-php72 Remi's PHP 7.2 RPM repository for Enterprise Linux 7 - 379
!remi-safe Safe Remi's RPM repository for Enterprise Linux 7 - x8 3,553
!updates/7/x86_64 CentOS-7 - Updates 2,500
repolist: 30,347
# tail /var/log/yum.log
Apr 20 07:46:35 Installed: jemalloc-3.6.0-1.el7.x86_64
Apr 20 07:46:35 Installed: redis-3.2.12-2.el7.x86_64
Aug 20 11:30:29 Updated: libldb-1.3.4-1.el7.x86_64
Aug 20 11:30:29 Installed: samba-common-4.8.3-6.el7_6.noarch
Aug 20 11:30:29 Installed: libwbclient-4.8.3-6.el7_6.x86_64
Aug 20 11:30:30 Installed: samba-client-libs-4.8.3-6.el7_6.x86_64
Aug 20 11:30:30 Installed: samba-common-libs-4.8.3-6.el7_6.x86_64
Aug 20 11:30:30 Installed: cifs-utils-6.2-10.el7.x86_64
Aug 20 11:30:30 Updated: libldb-devel-1.3.4-1.el7.x86_64
Aug 20 11:30:30 Installed: cifs-utils-devel-6.2-10.el7.x86_64
In reply to Dave Weninger
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Ken Task -
Interesting ... typical CentOS 7 runs either httpd (apache) or nginx - but could run LIghtspeed other as well.
This
/usr/sbin/httpd -V
no such command
shows you are not running apache (httpd daemon)
netstat -tulpn | grep :80 (or :443)
whatis httpd
or whatis nginx
Are we trying to run a loadbalancer?
And this on a server where you had moodle running already?
Confused!
'SoS', Ken
In reply to Dave Weninger
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Ken Task -
Also noticed the ! in front of repos.
Suggest refreshing the repos ... yum clean all
yum check-update
will rebuild repos.
'SoS', Ken
In reply to Dave Weninger
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Ken Task -
Oh, yeah! If ya had moodle running at one point in time under apache (httpd), did you make sure the httpd daemon is started on reboots?
When any operating system gets a kernel upgrade, normally, server needs to be rebooted. And if systemd doesn't know that the httpd (apache) daemon needs to start up after reboot ... no web server.
Very strange though ... the error screen you show is a Moodle error screen ... so something web server has to be running to see the error!!!
To be 100% honest, have never seen that in many/many/many years running Moodles or WP's or Joomla's or Drupal's or ... whatever. Very strange.
So guess I'll ask again ... and be truthful ... were you playing around with anything?
'SoS', Ken
In reply to Ken Task
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Dave Weninger -
[root@moodle ~]# systemctl status httpd
● httpd.service - (null)
Loaded: loaded (/etc/rc.d/init.d/httpd; bad; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
[root@moodle ~]#
[root@moodle /]# service --status-all | grep running
/etc/init.d/httpd: line 95: lynx: command not found
SUCCESS! MySQL running (31999)
/etc/init.d/other_vsftp: line 37: syntax error near unexpected token `fi'
/etc/init.d/other_vsftp: line 37: ` fi'
Active: active (running) since Tue 2019-08-20 17:47:31 HKT; 1 months 1 days ago
Active: active (running) since Tue 2019-08-20 17:47:31 HKT; 1 months 1 days ago
vmware-guestd is not running
Active: active (running) since Tue 2019-08-20 17:47:31 HKT; 1 months 1 days ago
[root@moodle /]#
[root@moodle /]# netstat -tulpn | grep :443
tcp6 0 0 :::443 :::* LISTEN 3053/httpd
[root@moodle /]# netstat -tulpn | grep :80
tcp6 0 0 :::80 :::* LISTEN 3053/httpd
[root@moodle /]#
[root@moodle /]# whatis httpd
httpd: nothing appropriate.
[root@moodle /]#
We are not trying to run a loadbalancer.
The moodle is running normally. The web server should be on, I don't understand why it shows the status of httpd is inactive.
● httpd.service - (null)
Loaded: loaded (/etc/rc.d/init.d/httpd; bad; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
[root@moodle ~]#
[root@moodle /]# service --status-all | grep running
/etc/init.d/httpd: line 95: lynx: command not found
SUCCESS! MySQL running (31999)
/etc/init.d/other_vsftp: line 37: syntax error near unexpected token `fi'
/etc/init.d/other_vsftp: line 37: ` fi'
Active: active (running) since Tue 2019-08-20 17:47:31 HKT; 1 months 1 days ago
Active: active (running) since Tue 2019-08-20 17:47:31 HKT; 1 months 1 days ago
vmware-guestd is not running
Active: active (running) since Tue 2019-08-20 17:47:31 HKT; 1 months 1 days ago
[root@moodle /]#
[root@moodle /]# netstat -tulpn | grep :443
tcp6 0 0 :::443 :::* LISTEN 3053/httpd
[root@moodle /]# netstat -tulpn | grep :80
tcp6 0 0 :::80 :::* LISTEN 3053/httpd
[root@moodle /]#
[root@moodle /]# whatis httpd
httpd: nothing appropriate.
[root@moodle /]#
We are not trying to run a loadbalancer.
The moodle is running normally. The web server should be on, I don't understand why it shows the status of httpd is inactive.
The error screen only shows one time two weeks ago. It disappears after rebooting httpd.
In reply to Dave Weninger
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Ken Task -
All I can say is 'WOW!" ... that's one messed up server - from typical AMP stacks on CentOS.
Purpose of these forums isn't how to install/admin/ an AMP stack, but Moodle. Really stretching the stated purpose of these forums - and free advice to boot - appreciated or not!
Some hints/clues for you (from what you have shared) ... just a few ...
Loaded: loaded (/etc/rc.d/init.d/httpd; bad; vendor preset: disabled)
Huh??!!! bad vendor preset????!!! Where in the world did you get httpd from - what repo? Uhhhhh ... don't answer that ... or even try to ... don't wanna know!
/etc/init.d/httpd: line 95: lynx: command not found
Lynx is a text based browser!!!! How did it get entered in the init.d of httpd ... the daemon for apache? In CentOS 7 there is no /etc/init.d/httpd ... 7 doesn't use the old but the new (that's a hint)
[root@moodle /]# netstat -tulpn | grep :80 returning ...
tcp6 0 0 :::443 :::* LISTEN 3053/httpd ... port 3053
http://www.adminsub.net/tcp-udp-port-finder/3503
And see it's really a CentOS 7 Guest OS on VM-Ware?
You can backup moodle code and moodledata using tar and archive those backups to another location.
MySQL appears to be running so you can use mysqldump to get an sql dump of the moodle DB. Then archive that off onto another location.
scp the backups off onto some other server.
Now the biggy ... 2 choices ...
Wipe out the VM Instance of CentOS 7 and start over with a fresh CentOS 7 this time keeping it simple. This might be best as it could be you tried what many have tried and failed to do ... upgrade a CentOS 6 in place to a CentOS 7. Reason I say that ... 'old mixed with new'.
OR - the more difficult road for you at present me thinks ...
Use yum and erase httpd, httpd-development and anything related ... which also might remove php drivers and php itself - dependencies.
Reboot server. Basically rebuild an AMP stack. Set that up with valid/working repos for things like PHP and test a static page ... don't forget your valid certs for https:// as well as a php info page.
Then restore your Moodle.
Too much for ya? Fine ... one time offer ... I'll do it for $15,000.00 US ...
$10,000.00 up front payable via PayPal and the remainder due when server is up. No work done until funds have been transferred - ie, the first $10,000.00 (that ought to price me out of the market, ya think?)
Opion: $5,000.00 US for direct Email support ... $2500.00 up front via PayPal. Condition ... you will not argue with what I tell you to do!
(that ought to price me out of the support market also, ya think?)
OR ... role up sleeves and find a tutorial on how to install an AMP stack on CentOS 7 ... properly.
OR ... role up sleeves and find a tutorial on how to install an AMP stack on CentOS 7 ... properly.
No! The repeat above is NOT a mistake!
A Google search for that will find several good tutorials on how to do that ... might have to make minor adjustments.
Not being mean nor cruel nor impolite ... just 100% honest in remote assessmet/free support exchange of public posted info via a forum that shouldn't be used for such.
'spirit of sharing', Ken
In reply to Ken Task
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Dave Weninger -
Sorry, I really don't understand what you mean. The moodle is still working normally, just appears an error message once. What is AMP stack? I don't know what it is.
We can start apache because have the below symbolic link.
/etc/rc.d/init.d/httpd->/usr/local/apache2/bin/apachectl
We can start apache because have the below symbolic link.
/etc/rc.d/init.d/httpd->/usr/local/apache2/bin/apachectl
My boss compiled source code to install Apache, not yum install. He thought that it was easiler to upgrade because the version of downloaded code is known.
I don't know how he do that because he prepared the LAMP platform for me. I just installed the Moodle. As the Moodle has been launched, it is difficult for us to do too much maintenance on the Moodle or platform.
What I want is just to avoid the re-occurrence of that error message.
In reply to Dave Weninger
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Ken Task -
AMP stack is LAMP ... without the Linux.
"My boss compiled source code to install Apache, not yum install. He thought that it was easiler to upgrade because the version of downloaded code is known."
Tell your boss he was wrong. Back before repo's ... many/many/many moons ago, I compiled AMP stack. Depending upon what issues there were as announced by CentOS ... which gets their info from the folks at Red Hat ... one could have to dive deep into deciding if a vulnerability marked/tagged as 'important' was significant enough to warrant re-compling a 'slice of the pie' ... in other words, just one of the three that make up AMP ... Apache as an example.
Recompling of just Apache could also mean re-compiling of PHP in some cases ... longer down time.
Let's say it's PHP that has a security issue ... happens fairly often ... and it has to be re-compiled ... same problem ... that might require re-compiling of Apache and MySQL as well.
".... easiler to upgrade because the version of downloaded code is known."
Even easier with repos. and yum ... and the version is known.
yum list httpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.den1.denvercolo.net
* extras: repos.dfw.quadranet.com
* updates: mirror.dal10.us.leaseweb.net
* webtatic: us-east.repo.webtatic.com
Installed Packages
httpd.x86_64 2.4.6-90.el7.centos @base
The real package manager on CentOS is still RPM - Red Hat Package Manager. Now there is something you'd prefer not to learn. On top of or in front of that now is YUM (Yellow Dog Package Manager) ... which began it's life on Mac's, believe it or not. It's more 'intelligent' but it still uses RPM. Yum figures out the 'dependencies'.
I know you might be too young for this ... remember on Windows DLL Hell? Well, same kinda thing on Linux only it's 'dependencies' - libraries that are needed to run daemons/services/etc., etc.
Ask your boss ... if there were a zero day flaw in PHP and known to be in the wild, how quickly could your boss secure your server?
Me thinks your boss has given you pretty much mission impossible.
Ok ... enough ...can't suggest how to make the error go away - ask your Boss ... after all, he compiled the AMP stack. And to make it go away, your boss can also hack core code.
Good Luck, Kelvin!
'spirit of sharing', Ken
In reply to Ken Task
Re: Error message "Web server software (Apace/2.4.29 (Unix) OpenSSL/1.0.2k-fips PHP/7.2.16) is not supported, sorry."
by Ken Task -
Just one more ... resource for you if your boss insist on compiling AMP ... you will need to refer to often me thinks.
https://lists.centos.org/pipermail/centos-announce/
Here is September:
https://lists.centos.org/pipermail/centos-announce/2019-September/thread.html
https://lists.centos.org/pipermail/centos-announce/2019-September/023405.html
Here's one on Firewalled
https://lists.centos.org/pipermail/centos-announce/2019-September/023412.html
Unless you are still using iptables might want to acquire the update to firewalled.
I happen to like the new firewall as it has a zone for dropped ... easy to have your server inaccessible to a bot network - all services/all ports - or a particularly agreessive scanner which sucks your server of bandwidth/resource usage. Let the researchers research ... just not at your server .... considering it's current issues, might want to consider using drop zone.
Ok, now am done!
'SoS', Ken