Tag Archives: apache

27Jul/16

Enable mpm-itk in Webmin

The Apache HTTP Server is designed to be a powerful and flexible web server that can work on a very wide variety of platforms. Apache web server shipts with a selection of Multi-Processing Modules (MPMs) which are responsible for binding to network ports on the machine, accepting requests, and dispatching children to handle the requests.  Two MPMs thats comes with Apache on Linux is prefork and worker.

What is the default apache module used ?

In webmin by default prefork MPM is enabled. mpm-itk is another type MPM thats supported by Apache.

What are the benifits of using mpm-itk ?

The apache2-mpm-itk or mpm-itk is an MPM (Multi-Processing Module) for the Apache web server. mpm-itk allows us to run each of our  website vhost under a separate uid and gid. in other words, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts.

mpm-itk is based on the traditional prefork MPM, which means it’s non-threaded. We can run non-thread-aware code (like many PHP extensions) without problems. On the other hand, We will also take an additional performance hit over prefork, since there’s an extra fork per request.

With mpm-itk we can enable php opcode caching like APC, Xcache etc.  This is one of the main benefits of mpm-itk when it compared to suphp.

The latest version is 2.4.7-04 for Apache 2.4 and 2.2.17-01 Apache 2.2.x.

Installation

Virtualmin running on Ubuntu

apt-get install apache2-mpm-itk

Virtualmin running on Centos

yum install httpd-itk

If get any errors like erros like unmet dependencies with apache2.2-common missing. First we need to install the apache2.2-common .deb or rpm package manually after downloading package.

We can use commands like dpkg -i *.deb (debian) or rpm -ivh *.rpm ( Centos) bases servers.

Once the installation is completed we need to configure the webmin for mpm-itk. mpm-itk is configured on a per-vhost basis. Which means we don’t have to set any global options, and there’s only one directive we need to set in a vhost, AssignUserId, which takes two parameters, the user name and the group that the vhost will run as.

In case of webmin we perform this action using the Server Templates option. For example, add this to Virtualmin Server Templates:

<ifmodule mpm_itk_module>
AssignUserId ${USER} ${USER}
</ifmodule>
30Oct/15

Error: Failed to create temporary file

Issue
======

The apache error log shows

[Wed Oct 28 23:49:30 2015] [error] [client xx.xx.xxx.xxx] ModSecurity: Input filter: Failed to create temporary file: /root/tmp/[email protected]_body-nKiZdT [hostname "www.xxxx.com"] [uri "/wp-admin/admin.php"] [unique_id "[email protected]"]

The issue is because the modsecurity has no access on /root/tmp directory.

So while accessing /root/tmp it will show the error “Failed to create temporary file”

Fix
===

The issue can be fixed by adding the following lines on the configuration file of modsecurity.

# vi /usr/local/apache/conf/modsec2.conf

Add these below lines in /usr/local/apache/conf/modsec2.conf

SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecRequestBodyAccess On

Now you need to restart apache to make the changes effective

 service httpd restart

This will fix the issue normally

23Jul/14

Error : “Identifier removed: couldn’t grab the accept mutex” in apache error logs

Apache was getting stopped automatically with the below logs in the Apache Error log:

[Tue Jul 22 22:29:35 2014] [alert] Child 30758 returned a Fatal error… Apache is exiting!
[Tue Jul 22 22:29:35 2014] [emerg] (43)Identifier removed: couldn’t grab the accept mutex
[Tue Jul 22 22:29:35 2014] [emerg] (43)Identifier removed: couldn’t grab the accept mutex
[Tue Jul 22 22:29:35 2014] [emerg] (43)Identifier removed: couldn’t grab the accept mutex

These type of errors occur on systems low on memory or file handlers.The AcceptMutex directives sets the method that Apache uses to serialize multiple children accepting requests on network sockets.

One suggested resolution for the error message would be to try adding the following line to /usr/local/apache/conf/httpd.conf file:

AcceptMutex fcntl

If you add this above “<IfModule prefork.c>” in tht file, you could then try running these commands to distill the change and restart Apache:

Continue reading