I’m configuring an Apache 2.4.9 with php-fpm 5.5.9 in my Ubuntu 14.04. What I want is to make a balancer for the php-fpm requests but It throws the following error:
AH01071: Got error 'Primary script unknownn'
When I try to access my php file. It seems that proxy balancer doesn’t grab the document root passed by ProxyPassMatch to it. I’m using UDS to make apache access the php-fpm sockets instead of using network tcp.
If I configure it without balancer, everything works fine.
WORKS
ProxyPassMatch ^/(.*.php(/.*)?)$ unix:/var/run/php5-fpm.sock1|fcgi://./var/www/html
NOT WORKS
ProxyPassMatch ^/(.*.php(/.*)?)$ balancer://localhost/var/www/html
<Proxy balancer://localhost/>
BalancerMember unix:/var/run/php5-fpm.sock1|fcgi://localhost:9001
BalancerMember unix:/var/run/php5-fpm.sock2|fcgi://localhost:9002
BalancerMember unix:/var/run/php5-fpm.sock3|fcgi://localhost:9003
BalancerMember unix:/var/run/php5-fpm.sock4|fcgi://localhost:9004
</Proxy>
This is the balancer’s config log:
[Sun Jun 15 12:32:30.839726 2014] [authz_core:debug] [pid 12217:tid 140330025703168] mod_authz_core.c(828): [client 10.1.1.2:52526] AH01628: authorization result: granted (no directives)
[Sun Jun 15 12:32:30.839899 2014] [lbmethod_byrequests:debug] [pid 12217:tid 140330025703168] mod_lbmethod_byrequests.c(97): AH01207: proxy: Entering byrequests for BALANCER (balancer://localhost)
[Sun Jun 15 12:32:30.839915 2014] [lbmethod_byrequests:debug] [pid 12217:tid 140330025703168] mod_lbmethod_byrequests.c(144): AH01208: proxy: byrequests selected worker "fcgi://localhost:9001" : busy 0 : lbstatus -3
[Sun Jun 15 12:32:30.839929 2014] [proxy_balancer:debug] [pid 12217:tid 140330025703168] mod_proxy_balancer.c(616): [client 10.1.1.2:52526] AH01172: balancer://localhost: worker (fcgi://localhost:9001) rewritten to fcgi://localhost:9001/var/www/html/info.php
[Sun Jun 15 12:32:30.839942 2014] [proxy:debug] [pid 12217:tid 140330025703168] proxy_util.c(1761): AH00924: worker unix:/var/run/php5-fpm.sock1|fcgi://localhost:9001 shared already initialized
[Sun Jun 15 12:32:30.839958 2014] [proxy:debug] [pid 12217:tid 140330025703168] proxy_util.c(1808): AH00927: initializing worker unix:/var/run/php5-fpm.sock1|fcgi://localhost:9001 local
[Sun Jun 15 12:32:30.840004 2014] [proxy:debug] [pid 12217:tid 140330025703168] proxy_util.c(1843): AH00930: initialized pool in child 12217 for (localhost) min=0 max=25 smax=25
[Sun Jun 15 12:32:30.840018 2014] [proxy:debug] [pid 12217:tid 140330025703168] mod_proxy.c(1138): [client 10.1.1.2:52526] AH01143: Running scheme balancer handler (attempt 0)
[Sun Jun 15 12:32:30.840039 2014] [proxy_fcgi:debug] [pid 12217:tid 140330025703168] mod_proxy_fcgi.c(768): [client 10.1.1.2:52526] AH01076: url: fcgi://localhost:9001/var/www/html/info.php proxyname: (null) proxyport: 0
[Sun Jun 15 12:32:30.840058 2014] [proxy_fcgi:debug] [pid 12217:tid 140330025703168] mod_proxy_fcgi.c(775): [client 10.1.1.2:52526] AH01078: serving URL fcgi://localhost:9001/var/www/html/info.php
[Sun Jun 15 12:32:30.840090 2014] [proxy:debug] [pid 12217:tid 140330025703168] proxy_util.c(2094): AH00942: FCGI: has acquired connection for (localhost)
[Sun Jun 15 12:32:30.840102 2014] [proxy:debug] [pid 12217:tid 140330025703168] proxy_util.c(2108): AH02545: FCGI: has determined UDS as /var/run/php5-fpm.sock1
[Sun Jun 15 12:32:30.840115 2014] [proxy:debug] [pid 12217:tid 140330025703168] proxy_util.c(2169): [client 10.1.1.2:52526] AH00944: connecting fcgi://localhost:9001/var/www/html/info.php to localhost:9001
[Sun Jun 15 12:32:30.840134 2014] [proxy:debug] [pid 12217:tid 140330025703168] proxy_util.c(2304): [client 10.1.1.2:52526] AH00947: connected /var/www/html/info.php to localhost:9001
[Sun Jun 15 12:32:30.840272 2014] [authz_core:debug] [pid 12217:tid 140330025703168] mod_authz_core.c(828): [client 10.1.1.2:52526] AH01628: authorization result: granted (no directives)
[Sun Jun 15 12:32:30.842988 2014] [proxy_fcgi:error] [pid 12217:tid 140330025703168] [client 10.1.1.2:52526] AH01071: Got error 'Primary script unknownn'
[Sun Jun 15 12:32:30.843095 2014] [proxy:debug] [pid 12217:tid 140330025703168] proxy_util.c(2132): AH00943: FCGI: has released connection for (localhost)
[Sun Jun 15 12:32:30.843134 2014] [proxy_balancer:debug] [pid 12217:tid 140330025703168] mod_proxy_balancer.c(670): [client 10.1.1.2:52526] AH01176: proxy_balancer_post_request for (balancer://localhost)
[Sun Jun 15 12:32:30.978315 2014] [authz_core:debug] [pid 12217:tid 140330017310464] mod_authz_core.c(802): [client 10.1.1.2:52526] AH01626: authorization result of Require all granted: granted
[Sun Jun 15 12:32:30.978346 2014] [authz_core:debug] [pid 12217:tid 140330017310464] mod_authz_core.c(802): [client 10.1.1.2:52526] AH01626: authorization result of <RequireAny>: granted
[Sun Jun 15 12:32:30.978387 2014] [core:info] [pid 12217:tid 140330017310464] [client 10.1.1.2:52526] AH00128: File does not exist: /var/www/html/favicon.ico
I seem to be getting these lines in my /var/log/apache2/error.log and the corresponding records in /var/log/apache2/access.log
/var/log/apache2/error.log
[Fri Sep 20 02:28:36.654357 2019] [proxy_fcgi:error] [pid 28619:tid 140003157985024] [client 49.233.5.191:37604] AH01071: Got error 'Primary script unknownn'
[Fri Sep 20 02:28:38.136282 2019] [proxy_fcgi:error] [pid 28618:tid 140003082450688] [client 49.233.5.191:43806] AH01071: Got error 'Primary script unknownn'
/var/log/apache2/access.log
49.233.5.191 - - [20/Sep/2019:02:28:36 +0000] "GET /TP/html/public/index.php HTTP/1.1" 404 392 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.233.5.191 - - [20/Sep/2019:02:28:36 +0000] "GET /elrekt.php HTTP/1.1" 404 433 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
Those files obviously do not exist so this seems like a bot scan from the ip location and the behavior. However, when i request another file that does not exist. I do not get the ‘Got error ‘Primary script unknownn’ errors in the /var/log/apache2/error.log file
php-fpm configuration
<IfModule !mod_php7.c>
<IfModule proxy_fcgi_module>
# Enable http authorization headers
<IfModule setenvif_module>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
<FilesMatch ".+.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost"
</FilesMatch>
<FilesMatch ".+.phps$">
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
</IfModule>
</IfModule>
Is this something that i can do something about, configuration change maybe?
I know i can block the ip using iptables, i am more interested in getting rid of the log entry if possible by some configuration change.
Wondering how to fix AH01071: got error ‘primary script unknown’ in Plesk? We can help you.
Often our customers report to us that they found this error in the website error log after upgrading to Plesk Obsidian.
Here at Bobcares, we often handle requests from our customers to fix similar Plesk errors as a part of our Server Management Services. Today we will see how our support engineers fix this for our customers.
What causes AH01071: Got error ‘Primary script unknown’ in Plesk
Before going into the steps for fixing this error we will see what causes this error.
A typical error from the website error log looks like the one given below:
AH01071: Got error 'Primary script unknown' - Apache Error
Although all the services in the server run fine, we may see that the websites on php showing a “File not found” error.
Cause
Generally, this happens due to incorrect permissions on the domain’s folder.
Symptoms
Following are some of the symptoms that we notice with the error:
1. Unable to access File Manager for a certain domain or for all domains on a server:
Server Error 500 PleskUtilException Internal error: Unable to find the directory /var/www/vhosts/example.com/: filemng failed: filemng: opendir failed: Permission denied System error 13: Permission denied
2. Not being able to execute actions on File Manager: such as ZIP extraction, Copy, Rename, Changing Permissions, etc.
3. Unable to connect via FTP to a domain main folder or a sub-folder with the following error:
4. Unable to connect FTP: 421 Service not available, remote server has closed.
4. Alternatively, it is not possible to add files to archive in Domains > example.com > File Manager > Add to Archive:
Unable to create the archive: filemng failed: filemng: /usr/bin/zip execution failed: zip warning: Permission denied zip warning: Permission denied zip warning: Permission denied zip warning: Permission denied zip warning: Permission denied zip warning: Permission denied.
Next, we will see how to fix this error either from Plesk GUI or via SSH.
How to fix AH01071: got error ‘primary script unknown’ in Plesk
Now we will see the steps that our Support Engineers follow to fix this issue for our customers.
Plesk GUI
1. First, Log in to Plesk GUI
2. Then we have to install the Repair Kit extension
3. For this we can go to Tools & Settings > Diagnose & Repair > File System > Repair
SSH
1. First, we have to connect to the server via SSH
2. Then run the following command to repair file permissions:
# plesk repair fs -y example.comTo fix permissions for all the domains:
# plesk repair fs -y[Still, stuck with the error? We can help you]
Conclusion
In short, we saw how our Support Techs fix AH01071: got error ‘primary script unknown’ in Plesk for our customers.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
-
#1
I got this error on apache logs:
Code:
[Mon Oct 01 21:56:45.* 2018***] [proxy_fcgi:error] [pid 145*:*tid 14****] [client ****] AH01071: Got error 'Primary script unknownn'
[Mon Oct 01 21:56:4*** 2018] [proxy_fcgi:error] [pid 14535:tid 140****] [client *****] AH01071: Got error 'Primary script unknownn'
[Mon Oct 01 21:56:45.916027 2018] [proxy_fcgi:error] [pid 145***:tid 140*****] [client *****] AH01071: Got error 'Primary script unknownn'
[Mon Oct 01 21:56:46****2018] [proxy_fcgi:error] [pid 145***:tid 140*****2] [client ****] AH01071: Got error 'Primary script unknownn'
[Mon Oct 01 21:56:4*** 2018] [proxy_fcgi:error] [pid 145**:tid 1401*****] [client ****] AH01071: Got error 'Primary script unknownn'
[Mon Oct 01 21:56:47*2018] [**proxy_fcgi:error] [pid 14***:tid 140*****] [client ****] AH01071: Got error 'Primary script unknownn'
[Mon Oct 01 21:56:4* 2018] ***[proxy_fcgi:error] [pid 145***:tid 1401***] [client ********] AH01071: Got error 'Primary script unknownn'
Why im getting this error?
How to fix?
-
#2
I guess that means the php file does not exist (404), primary with bots/etc trying to find vulnerable scripts, but the htaccess is wrong.
See here
-
#3
I guess that means the php file does not exist (404), primary with bots/etc trying to find vulnerable scripts, but the htaccess is wrong.
See here
little confused, to which htaccess code should i use?
-
#4
@rtdirect,
I guess you need to check the link in the post #2 suggested by Peter, and you will probably understand what has it to do with .htaccess.
-
#5
@rtdirect,
I guess you need to check the link in the post #2 suggested by Peter, and you will probably understand what has it to do with .htaccess.
my htaccess code not like that.
there is no /fc2/ on me.
-
#6
Yeah but that htaccess code isnt same with mine.
-
#7
my htaccess code not like that.
there is no /fc2/ on me.
Try
-
#8
i appreciate with your help but my htaccess is similar to wordpress default htaccess.
Like this:
Code:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPressThere are also some plugin added codes in it.
-
#9
I’m actually seeing this myself without even realising
No error pages appear to the browser, just a «File not found» appears for .php pages…….
Looks like it’s a deeper problem than I first thought.
Erm…. Apache and php-fpm.
-
#10
I have just noticed the same thing (never did before, no real reason to check for 404s errors )
I also found the solutions for both Nginx and Nginx+Apache
If you’re using only Nginx and php-fpm use this when you’re calling the PHP handler:
Code:
fastcgi_intercept_errors on;(https://serverfault.com/questions/628810/serve-a-custom-404-page-generated-by-php)
If you’re using Nginx+Apache (or only Apache) and php-fpm use this when you’re calling the PHP handler:
(https://stackoverflow.com/questions/33843786/custom-404-message-when-using-php-fpm-with-apache=
Quick example for Apache:
Code:
ProxyErrorOverride on
AddHandler "proxy:unix:/usr/local/php56/sockets/cn.sock|fcgi://localhost" .php56I think is more likely to be better to change the templates using custom versions, but probably much better if DA add this option as default.
I am going to forward the URL to this thread to John.
PLEASE NOTE: Enabling this option might disable the per-site custom error pages (as for instance the one generated by WP) in Nginx (it does NOT in Apache, I tested, but Apache uses .htaccess to override this, on Nginx there is no .htaccess so I am not sure how the custom error pages in WP do works and if this might cause an issue.
In Nginx I presum Custom HTTPD Templates will be used, so it still might be fine actually.
Regards
Last edited: Oct 11, 2018
-
#11
I wonder if this was an oversight, as, like Sellerone, I dont check errors etc….
-
#12
A fix for Apache has been addded, now in pre-release: https://www.directadmin.com/features.php?id=2211
For Nginx has not yet been implemented because John wasn’t able to replicate (as for Apache, but since there were 3 ppl having this issue did just make sense to fix it)
Regards
-
#13
A fix for Apache has been addded, now in pre-release: https://www.directadmin.com/features.php?id=2211
For Nginx has not yet been implemented because John wasn’t able to replicate (as for Apache, but since there were 3 ppl having this issue did just make sense to fix it)
You write «a fix for Apache», but the feature page says «nginx+apache», I sure hope it is not added for plain Apache.
I don’t know about Nginx and Nginx+Apache, but you must not add «ProxyErrorOverride on» for plain Apache, that will break Drupal «Maintenance Mode page», because Drupal is actually sending a HTTP status 503 for their Maintenance Mode page. It is also likely that this will cause trouble for other CMS.
-
#14
Apache doesn’t care if it’s the only webserver, the fix is on the check for PHP-FPM, regardless of Nginx, that’s why is a fix for Apache, it would work on any Apache related configuration when using PHP-FPM.
Wouldn’t Drupal use a .htaccess file to override the error pages?
-
#15
All I am saying is that DirectAdmin should not add «ProxyErrorOverride on» to /etc/httpd/conf/extra/httpd-default.conf for us that use plain Apache (I don’t know about Nginx and don’t use it). I have tested this because DirectAdmin added «ProxyErrorOverride on» in the beginning of march 2018, and I got support tickets from customers complaining that Drupal maintainance page did not work any more. I sent a ticket to DirectAdmin wich reverted this change in CustomBuild 2.0 rev. 1846. I have now sent a new ticket to DirectAdmin to let them know about this again.
Regarding Drupal and their «Maintenance Mode page», this thread might give some information about that: https://www.drupal.org/project/drupal/issues/2674900 (please note Drupal is not going to change this, because the status says «Closed (works as designed)».
-
#16
I see your point, but that’s not where has been added actually
Code:
Relates to not passing errors to nginx, and instead let php/apache generate the error pages.
The 4 virtual_host2*.conf files will have:
ProxyErrorOverride on
just before the AddHandler for both php1-fpm and php2-fpm.I will check that Drupal report, do you have by any chance a test server where Drupal is configured and I can run some confs tests so to find a better solution if this doesn’t work?
-
#17
Drupal is actually responding with a 503 which is an HTTP Server code, so I don’t see the problem on using the HTTP Server to handle them.
Then, if you want to have a custom page that says «Mantainance mode on» that’s up to the customer and can (and should) be managed by .htaccess.
I don’t see nor understand how PHP would handle that better, I would need an example
-
#18
I found some example to have custom 503 Page on Drupal and not the server one (which I repeat, are the correct one to be showed for every normal case), sites have been using standard web server error page for ages, I don’t see how Drupal can have a «say» on that
https://groups.drupal.org/node/256708
https://gist.github.com/perusio/3778833
Custom code for the Nginx config:
Code:
error_page 503 = @503;
location @503 {
if ($upstream_http_etag) {
return 503 "Site down for maintenance. We'll be back shortly";
}
}Best regards
-
#19
@SeLLeRoNe, Well this is how Drupal handle Maintenance page, and we are a shared hosting and we need to support Drupal out of the box. The Drupal Maintenance page does not work when «ProxyErrorOverride on» is added, but instead show the default Apache 503 status page. As a shared host, we can’t tell customers to use different solutions, we need to support Drupal out of the box.
Again I ask that «ProxyErrorOverride on» is not added for us that use plain Apache. If it is added by DirectAdmin, we will remove it manually on every update. I am not going into a debate on this. I have said all I have to say.
-
#20
Is not matter of Apache or Nginx+Apache, that is not what is causing the problem, the problem is Apache+PHP-FPM and Nginx+PHP-FPM and Nginx+Aoache+PHP-FPM.
If you use Apache+MOD_PHP you would have the error pages handled by Apache aswell, even in that case you wouldn’t use the Drupal one unless you have custom .htaccess or customizations in Apache configuration.
That option is used when you are using a Proxy after Apache (as PHP-FPM work).
If Drupal is working as stand-alone application it would means you’re proxying it, so you wouldn’t put that option on that proxy coniguraiton, while DA is adding that for the specific AddHandler bit when PHP-FPM is in place, not as a default option.
Here an example of configuration from last update from my server:
Code:
<FilesMatch ".(inc|php|phtml|phps|php72)$">
ProxyErrorOverride on
AddHandler "proxy:unix:/usr/local/php72/sockets/cn.sock|fcgi://localhost" .inc .php .phtml .php72
</FilesMatch>
<FilesMatch ".(inc|php|phtml|phps|php56)$">
ProxyErrorOverride on
AddHandler "proxy:unix:/usr/local/php56/sockets/cn.sock|fcgi://localhost" .php56
</FilesMatch>
If you’re bypassing somehow PHP-FPM for Drupal (not sure, never used Drupal so mine are just hypotesis), than you should be fine.
If Drupal is working as any other PHP Application, which is run from PHP (either mod_php or PHP-FPM) than the result shouldn’t change with that option.
Again, the change is not in the default template as you wrote, so that shouldn’t even affect you.
Best regards
Topic starter 16/06/2018 8:36 am
Another silly error I had to fix on same server as .htaccess: Option FollowSymLinks not allowed here. After I got rid of that .htaccess error from Apache2 logs, bunch of following lines started to appear.
[proxy_fcgi:error] [pid 17763:tid 140531061487360] [client xx.xx.xx.xxx:16953] AH01071: Got error 'Primary script unknownn'
And php files started to give 404 not found errors. So it still seemed like something related to mod_rewite or .htaccess. I checked everything and restarted Apache2 and PHP a couple times. But still nothing changed.
Since I already have a perfectly working php app on the server I compared both Apache2 virtual hosts and they were almost identical. I was clueless at this point. I was well over an hour into this error and was pulling my hair. I decided to take a break and did a system reboot.
That magically fixed it.
Yes, a simple system reboot fixed it. I still have no idea why a system reboot would fix it and not Apache2 restart. I’m thinking this is related to Virtualmin I was using as the control panel.
Here’s the background:
In Docker, a container Alpine runs Apache (2.4.33, MPm_Event),
The other container runs PHP-FPM (7.2.8), so Apache and PHP-FPM are in remote linkage mode.
Many Settings refer to a large number of night data debugging, and all errors are reported:
AH01071: Got error ‘Primary script unknownn’
After verification of configuration one by one, it is inconceivable that the problem is found. Let’s first give the correct configuration:
1. HTTPD. Conf
* Clear out lines like AddType Application/x-httpd-PHP PHP php7, which are not used by PHP-FPM.
* Similar paragraphs like the following are not required in httpd.conf:
< FilesMatch .php$> SetHandler “proxy:fcgi://php-fpm:9000” < /FilesMatch>
2. The correct configuration requires only one line:
ProxyPassMatch ^/(.*.php(/.*)?) $ fcgi://php-fpm:9000/v/php-fpm/www/$1
Put this line in your vhost.conf < VirtualHost> In the water.
Pay special attention!
1. My DocumentRoot path and the last path of ProxyPassMatch do not match!
(DocumentRoot/V/Apache/WWW) Apache startup needs to actually detect the existence of DocumentRoot path memory. That is, my data is in the Apache container, and after fCGI :// pushes the data to the PHP-FPM container, the PHP-FPM container needs to read this/V/Apache/WWW path, if it does not read, it will report an error AH01071. The foreground page says “File Not Find!”
Therefore, the core idea of the solution is to make the two containers have a common accessible file address. This is not redundant, with mount and other ways to solve.
2. Note the phP-FPM listen Settings
php-fpm.dwww.conf
My listen = 172.0.0.3:9000
Here you cannot write 127.0.0.1, two containers in a virtual Intranet segment, and you can also write the Intranet address of the segment.
Read More:
-
#1
Hello,
I’ve these errors in my Apache log
[Sat Oct 05 17:05:05.220094 2019] [proxy_fcgi:error] [pid 8034:tid 47199407486720] [client 66.249.64.147:42456] AH01071: Got error ‘Primary script unknownn’
[Sat Oct 05 17:33:43.955785 2019] [proxy_fcgi:error] [pid 8035:tid 47199497000704] [client 52.192.73.251:28947] AH01071: Got error ‘Primary script unknownn’
Could anyone guide me about how to solve this?
Thanks!
-
#2
Hello,
I’ve these errors in my Apache log
[Sat Oct 05 17:05:05.220094 2019] [proxy_fcgi:error] [pid 8034:tid 47199407486720] [client 66.249.64.147:42456] AH01071: Got error ‘Primary script unknownn’
[Sat Oct 05 17:33:43.955785 2019] [proxy_fcgi:error] [pid 8035:tid 47199497000704] [client 52.192.73.251:28947] AH01071: Got error ‘Primary script unknownn’Could anyone guide me about how to solve this?
Thanks!
Post server details to help guide you better.
Apache version, C-panel and others
-
#3
Apache 2.4.41
PHP 7.2.23
cPanel 82.0 (build 16)
MariaDB 10.1.41
Is this enough? pls let me know.
thanks!
-
#4
Hello,
What (if anything) is noted in the PHP-FPM error logs? You can find them per PHP version at /opt/cpanel/ea-phpXX/root/usr/var/log/php-fpm/error.log
Do you have any rewrite rules added in the .htaccess for the sites you’re seeing this occur with (if you’re able to pin it down to a specific site)
-
#5
Hello!
I’ve got hundreads of lines like this
[08-Oct-2019 19:08:55] NOTICE: [pool todoperros_com] child 18693 started
[08-Oct-2019 19:08:59] NOTICE: [pool todoperros_com] child 18665 exited with code 0 after 62.181765 seconds from start
[08-Oct-2019 19:08:59] NOTICE: [pool todoperros_com] child 18695 started
[08-Oct-2019 19:09:28] NOTICE: [pool todoperros_com] child 18682 exited with code 0 after 58.940302 seconds from start
[08-Oct-2019 19:09:28] NOTICE: [pool todoperros_com] child 18744 started
[08-Oct-2019 19:09:45] NOTICE: [pool todoperros_com] child 18689 exited with code 0 after 57.722906 seconds from start
[08-Oct-2019 19:09:45] NOTICE: [pool todoperros_com] child 18757 started
[08-Oct-2019 19:09:55] NOTICE: [pool todoperros_com] child 18692 exited with code 0 after 60.578018 seconds from start
[08-Oct-2019 19:09:55] NOTICE: [pool todoperros_com] child 18762 started
[08-Oct-2019 19:10:00] NOTICE: [pool todoperros_com] child 18695 exited with code 0 after 61.794768 seconds from start
[08-Oct-2019 19:10:00] NOTICE: [pool todoperros_com] child 18764 started
[08-Oct-2019 19:10:00] NOTICE: [pool todoperros_com] child 18693 exited with code 0 after 65.109071 seconds from start
[08-Oct-2019 19:10:00] NOTICE: [pool todoperros_com] child 18765 started
[08-Oct-2019 19:10:28] NOTICE: [pool todoperros_com] child 18744 exited with code 0 after 60.538661 seconds from start
[08-Oct-2019 19:10:28] NOTICE: [pool todoperros_com] child 18883 started
[08-Oct-2019 19:10:45] NOTICE: [pool todoperros_com] child 18757 exited with code 0 after 60.214805 seconds from start
[08-Oct-2019 19:10:45] NOTICE: [pool todoperros_com] child 18926 started
[08-Oct-2019 19:10:57] NOTICE: [pool todoperros_com] child 18762 exited with code 0 after 61.690406 seconds from start
[08-Oct-2019 19:10:57] NOTICE: [pool todoperros_com] child 18937 started
[08-Oct-2019 19:11:01] NOTICE: [pool todogatos_com] child 18797 exited with code 0 after 47.239572 seconds from start
[08-Oct-2019 19:11:01] NOTICE: [pool todogatos_com] child 18945 started
[08-Oct-2019 19:11:06] NOTICE: [pool todoperros_com] child 18764 exited with code 0 after 65.841152 seconds from start
[08-Oct-2019 19:11:06] NOTICE: [pool todoperros_com] child 18947 started
[08-Oct-2019 19:11:06] NOTICE: [pool todoperros_com] child 18765 exited with code 0 after 65.844983 seconds from start
[08-Oct-2019 19:11:06] NOTICE: [pool todoperros_com] child 18948 started
Yes, I have many rewrite rules in my main site.
What could be causing this? any ideas?
Thanks for your help! I don’t know what is going on…
-
#6
Those are just notices, this issue is commonly attributed to script errors or rewrite rules, you may need to go through the rewrite rules thoroughly to pinpoint the problem.
-
#7
I’ve just started seeing these errors, I guess since enabling FPM.
I don’t see anything which gives away the cause in the fpm error.log.
Any pointers ?
The Apache HTTP Server, or Apache for short, is a very popular web server, developed by the Apache Software Foundation.
This article describes how to set up Apache and how to optionally integrate it with PHP.
Installation
Install the apache package.
Configuration
Apache configuration files are located in /etc/httpd/conf. The main configuration file is /etc/httpd/conf/httpd.conf, which includes various other configuration files.
The default configuration file should be fine for a simple setup. By default, it will serve the directory /srv/http to anyone who visits your website.
To start Apache, start httpd.service using systemd.
Apache should now be running. Test by visiting http://localhost/ in a web browser. It should display a simple index page.
For optional further configuration, see the following sections.
Advanced options
See the full list of Apache configuration directives and the directive quick reference.
These options in /etc/httpd/conf/httpd.conf might be interesting for you:
User http
- For security reasons, as soon as Apache is started by the root user (directly or via startup scripts) it switches to this UID. The default user is http, which is created automatically during installation.
Listen 80
- This is the port Apache will listen to. For Internet-access with router, you have to forward the port.
- If you want to setup Apache for local development you may want it to be only accessible from your computer. Then change this line to
Listen 127.0.0.1:80.
ServerAdmin you@example.com
- This is the admin’s email address which can be found on e.g. error pages.
DocumentRoot "/srv/http"
- This is the directory where you should put your web pages.
- Change it, if you want to, but do not forget to also change
<Directory "/srv/http">to whatever you changed yourDocumentRootto, or you will likely get a 403 Error (lack of privileges) when you try to access the new document root. Do not forget to change theRequire all deniedline toRequire all granted, otherwise you will get a 403 Error. Remember that the DocumentRoot directory and its parent folders must allow execution permission to others (can be set withchmod o+x /path/to/DocumentRoot), otherwise you will get a 403 Error.
AllowOverride None
- This directive in
<Directory>sections causes Apache to completely ignore.htaccessfiles. Note that this is now the default for Apache 2.4, so you need to explicitly allow overrides if you plan to use.htaccessfiles. If you intend to usemod_rewriteor other settings in.htaccessfiles, you can allow which directives declared in that file can override server configuration. For more info refer to the Apache documentation.
Tip: If you have issues with your configuration you can have Apache check the configuration with: apachectl configtest
More settings can be found in /etc/httpd/conf/extra/httpd-default.conf:
To turn off your server’s signature:
ServerSignature Off
To hide server information like Apache and PHP versions:
ServerTokens Prod
User directories
User directories are available by default through http://localhost/~yourusername/ and show the contents of ~/public_html (this can be changed in /etc/httpd/conf/extra/httpd-userdir.conf).
If you do not want user directories to be available on the web, comment out the following line in /etc/httpd/conf/httpd.conf:
Include conf/extra/httpd-userdir.conf
The factual accuracy of this article or section is disputed.
You must make sure that your home directory permissions are set properly so that Apache can get there. Your home directory and ~/public_html must be executable for others («rest of the world»):
$ chmod o+x ~ $ chmod o+x ~/public_html $ chmod -R o+r ~/public_html
Restart httpd.service to apply any changes. See also Umask#Set the mask value.
TLS
Firstly obtain a certificate. If you own a public domain, you can use Transport Layer Security#ACME clients.
In /etc/httpd/conf/httpd.conf, uncomment the following three lines:
LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Include conf/extra/httpd-ssl.conf
If using Certbot (certbot --apache), the following line needs to be uncommented as well:
LoadModule rewrite_module modules/mod_rewrite.so
After obtaining a key and certificate, make sure the SSLCertificateFile and SSLCertificateKeyFile lines in /etc/httpd/conf/extra/httpd-ssl.conf point to the key and certificate. If a concatenated chain of CA certificates was also generated, add that filename against SSLCertificateChainFile.
Finally, restart httpd.service to apply any changes.
Virtual hosts
Note: You will need to add a separate <VirtualHost *:443> section for virtual host SSL support.
See #Managing many virtual hosts for an example file.
If you want to have more than one host, uncomment the following line in /etc/httpd/conf/httpd.conf:
Include conf/extra/httpd-vhosts.conf
In /etc/httpd/conf/extra/httpd-vhosts.conf set your virtual hosts. The default file contains an elaborate example that should help you get started.
To test the virtual hosts on your local machine, add the virtual names to your /etc/hosts file:
127.0.0.1 domainname1.dom 127.0.0.1 domainname2.dom
Restart httpd.service to apply any changes.
Managing many virtual hosts
If you have a huge amount of virtual hosts, you may want to easily disable and enable them. It is recommended to create one configuration file per virtual host and store them all in one folder, eg: /etc/httpd/conf/vhosts.
First create the folder:
# mkdir /etc/httpd/conf/vhosts
Then place the single configuration files in it:
# nano /etc/httpd/conf/vhosts/domainname1.dom # nano /etc/httpd/conf/vhosts/domainname2.dom ...
In the last step, Include the single configurations in your /etc/httpd/conf/httpd.conf:
#Enabled Vhosts: Include conf/vhosts/domainname1.dom Include conf/vhosts/domainname2.dom
You can enable and disable single virtual hosts by commenting or uncommenting them.
A very basic vhost file will look like this:
/etc/httpd/conf/vhosts/domainname1.dom
<VirtualHost *:80>
ServerAdmin webmaster@domainname1.dom
DocumentRoot "/home/user/http/domainname1.dom"
ServerName domainname1.dom
ServerAlias domainname1.dom
ErrorLog "/var/log/httpd/domainname1.dom-error_log"
CustomLog "/var/log/httpd/domainname1.dom-access_log" common
<Directory "/home/user/http/domainname1.dom">
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@domainname1.dom
DocumentRoot "/home/user/http/domainname1.dom"
ServerName domainname1.dom:443
ServerAlias domainname1.dom:443
SSLEngine on
SSLCertificateFile "/etc/httpd/conf/server.crt"
SSLCertificateKeyFile "/etc/httpd/conf/server.key"
ErrorLog "/var/log/httpd/domainname1.dom-error_log"
CustomLog "/var/log/httpd/domainname1.dom-access_log" common
<Directory "/home/user/http/domainname1.dom">
Require all granted
</Directory>
</VirtualHost>
Extensions
PHP
First install PHP, then follow one of the next three subsections below. Finally, test the installation as described in the final subsection.
Using libphp
This method is probably the easiest, but is also the least scalable: it is suitable for a light request load. It also requires you to change the mpm module, which may cause problems with other extensions (e.g. it is not compatible with #HTTP/2).
Install php7-apache[broken link: package not found] for PHP 7 or php-apache for PHP 8, as appropriate.
In /etc/httpd/conf/httpd.conf, comment the line:
#LoadModule mpm_event_module modules/mod_mpm_event.so
and uncomment the line:
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
Note: The above is required, because libphp.so included with the package does not work with mod_mpm_event, but will only work mod_mpm_prefork instead. (FS#39218)
Otherwise you will get the following error:
Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP. AH00013: Pre-configuration failed httpd.service: control process exited, code=exited status=1
As an alternative, you can use mod_proxy_fcgi (see #Using php-fpm and mod_proxy_fcgi below).
To enable PHP, add these lines to /etc/httpd/conf/httpd.conf:
- Place this at the end of the
LoadModulelist:
LoadModule php_module modules/libphp.so AddHandler php-script .php
- Place this at the end of the
Includelist:
Include conf/extra/php_module.conf
For php7:
AddHandler php7-script .php Include conf/extra/php7_module.conf LoadModule php7_module modules/libphp7.so
Restart httpd.service.
Using apache2-mpm-worker and mod_fcgid
This method provides improved performance and memory usage when serving multiple requests.
Install mod_fcgidAUR and php-cgi.
Create the needed directory and symlink it for the PHP wrapper:
# mkdir /srv/http/fcgid-bin # ln -s /usr/bin/php-cgi /srv/http/fcgid-bin/php-fcgid-wrapper
Create /etc/httpd/conf/extra/php-fcgid.conf with the following content:
/etc/httpd/conf/extra/php-fcgid.conf
# Required modules: fcgid_module
<IfModule fcgid_module>
AddHandler php-fcgid .php
AddType application/x-httpd-php .php
Action php-fcgid /fcgid-bin/php-fcgid-wrapper
ScriptAlias /fcgid-bin/ /srv/http/fcgid-bin/
SocketPath /var/run/httpd/fcgidsock
SharememPath /var/run/httpd/fcgid_shm
# If you don't allow bigger requests many applications may fail (such as WordPress login)
FcgidMaxRequestLen 536870912
# Path to php.ini – defaults to /etc/phpX/cgi
DefaultInitEnv PHPRC=/etc/php/
# Number of PHP childs that will be launched. Leave undefined to let PHP decide.
#DefaultInitEnv PHP_FCGI_CHILDREN 3
# Maximum requests before a process is stopped and a new one is launched
#DefaultInitEnv PHP_FCGI_MAX_REQUESTS 5000
<Location /fcgid-bin/>
SetHandler fcgid-script
Options +ExecCGI
</Location>
</IfModule>
Edit /etc/httpd/conf/httpd.conf:
- Uncomment the loading of the actions module:
LoadModule actions_module modules/mod_actions.so
- Load the FCGID module after the loading of the unixd module (on which it is dependent) — you may wish to place this within the
<IfModule unixd_module>block:LoadModule fcgid_module modules/mod_fcgid.so
- Ensure that the inclusion of the MPM configuration is uncommented (it is uncommented in the default installed version of this file):
Include conf/extra/httpd-mpm.conf
- Add an inclusion of your new FCGID configuration:
Include conf/extra/php-fcgid.conf
Restart httpd.service.
Using php-fpm and mod_proxy_fcgi
This method provides «an alternative PHP FastCGI implementation with some additional features (mostly) useful for heavy-loaded sites» [1].
Note: Unlike the widespread setup with ProxyPass, the proxy configuration with SetHandler respects other Apache directives like DirectoryIndex. This ensures a better compatibility with software designed for libphp, mod_fastcgi and mod_fcgid.
If you still want to try ProxyPass, experiment with a line like this:
ProxyPassMatch ^/(.*.php(/.*)?)$ unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/srv/http/$1
Install php-fpm.
Enable proxy modules:
/etc/httpd/conf/httpd.conf
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
Create /etc/httpd/conf/extra/php-fpm.conf with the following content:
DirectoryIndex index.php index.html
<FilesMatch .php$>
SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/"
</FilesMatch>
And include it at the bottom of /etc/httpd/conf/httpd.conf:
Include conf/extra/php-fpm.conf
Note: The pipe between sock and fcgi is not allowed to be surrounded by a space! localhost can be replaced by any string. More here
You can configure PHP-FPM in /etc/php/php-fpm.d/www.conf, but the default setup should work fine.
Start and enable php-fpm.service. Restart httpd.service.
Test whether PHP works
To test whether PHP was correctly configured, create a file called test.php in your Apache DocumentRoot directory (e.g. /srv/http/ or ~<username>/public_html/) with the following contents:
<?php phpinfo(); ?>
Then go to http://localhost/test.php or http://localhost/~<username>/test.php as appropriate.
HTTP/2
Note:
- While Apache supports unencrypted HTTP/2 over TCP (
h2c), common browsers do not. Thus for use with the latter, #TLS must be enabled first. - If supporting clients do not use HTTP/2 instead of HTTP/1.1 and Mozilla’s configuration generator (which already includes the
Protocolsline below) was used to setup #TLS, tryIncludeinghttpd-ssl.confafter the latter’s output. - Ways to test include
curl -sI https://your.websiteor this Chrome extension[dead link 2022-09-17 ⓘ].
To enable HTTP/2 over TLS support, uncomment the following line in httpd.conf:
LoadModule http2_module modules/mod_http2.so
And add the following line:
Protocols h2 http/1.1
To debug, you can set only the module rather than the entire server to debug or info:
<IfModule http2_module>
LogLevel http2:info
</IfModule>
For more information – including extra HTTP/2 feature settings – see the mod_http2 documentation.
Warning: The http2_module is incompatible with the mpm_prefork_module that old configurations widely use to setup PHP. Consider using php-fpm instead.
Troubleshooting
Apache Status and Logs
See the status of the Apache daemon with systemctl.
Apache logs can be found in /var/log/httpd/
Error: PID file /run/httpd/httpd.pid not readable (yet?) after start
Comment out the unique_id_module line in httpd.conf: #LoadModule unique_id_module modules/mod_unique_id.so
/run/httpd not being created at boot
If systemd-tmpfiles --create as the root user complains about «unsafe path transition», check ownership of your root directory.
ls -la / chown root:root /
Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.
If when loading php_module the httpd.service fails, and you get an error like this in the journal:
Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP.
This is because PHP includes support for a module that is not threadsafe, and you are trying to use a threaded MPM. One solution to fix this is to use a non-threaded MPM. Try replacing mpm_event_module with mpm_prefork_module:
/etc/httpd/conf/httpd.conf
LoadModule mpm_event_module modules/mod_mpm_event.soLoadModule mpm_prefork_module modules/mod_mpm_prefork.so
and restart httpd.service.
Warning: Some other modules, like the http2_module, will disable themselves when mpm_prefork is active.
AH00534: httpd: Configuration error: No MPM loaded.
You might encounter this error after a recent upgrade. This is only the result of a recent change in httpd.conf that you might not have reproduced in your local configuration.
To fix it, uncomment the following line.
/etc/httpd/conf/httpd.conf
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
and restart httpd.service.
AH00072: make_sock: could not bind to address
This can be caused by multiple things. Most common issue being that something is already listening on a given port, check via ss that this is not happening:
# ss -lnp | grep -e :80 -e :443
If you get any output, stop the given service that’s taking up the port or kill the runaway process that is causing the port to be bound, and try again.
Another issue could be that Apache is not starting as root for some reason — try starting it manually and see if you still get the AH0072 error.
# httpd -k start
Finally, you can also have an error with your configuration and you are listening twice on the given port. Following is an example of a bad configuration that will trigger this issue:
Listen 0.0.0.0:80 Listen [::]:80
AH01071: Got error ‘Primary script unknown’
This can be caused by ProtectHome=true in the php-fpm systemd unit file if you are serving files in /home such as in a virtual host environment. You can disable this feature by editing the php-fpm unit file and restarting php-fpm. Alternatively, move your document root.
Changing the max_execution_time in php.ini has no effect
If you changed the max_execution_time in php.ini to a value greater than 30 (seconds), you may still get a 503 Service Unavailable response from Apache after 30 seconds. To solve this, add a ProxyTimeout directive to your http configuration right before the <FilesMatch .php$> block:
/etc/httpd/conf/httpd.conf
ProxyTimeout 300
and restart httpd.service.
PHP-FPM: errors are not being logged separately per virtual host
If you have multiple virtual hosts, it may be desirable to have each of them output their error logs to separate files (using the ErrorLog Apache directive). If this is not working for you, confirm that PHP-FPM is configured to log errors to syslog:
/etc/php/php-fpm.conf
error_log = syslog
It is also possible that the pool configuration is overriding it. Ensure the following line is commented out:
/etc/php/php-fpm.d/www.conf
;php_admin_value[error_log] = /var/log/fpm-php.www.log
See also
- Apache Official Website
- Apache documentation
- Apache wiki
- Apache documentation — Security Tips
- Apache Wiki — Troubleshooting
- Apache on wiki.debian.org