Posts tagged lighttpd

My neverending lighttpd troubles

Jul 16th

Posted by Christian in Life

Well, after a day or so my lighttpd troubles reappeared. But this time, the lighttpd process would simply put out this:

(mod_fastcgi.c.2913) backend is overloaded; we'll disable it for 2 seconds and send the request to another backend instead: reconnects: 0 load: 131
(mod_fastcgi.c.2668) fcgi-server re-enabled:  0 /var/run/lighttpd/lighttpd-fastcgi-php-17242.socket
(mod_fastcgi.c.2913) backend is overloaded; we'll disable it for 2 seconds and send the request to another backend instead: reconnects: 0 load: 131
(mod_fastcgi.c.2668) fcgi-server re-enabled:  0 /var/run/lighttpd/lighttpd-fastcgi-php-17242.socket

And as the message says, PHP (or rather mod_fastcgi?) would simply stop to process requests. In the end, I tuned some of the lighttpd/mod_fastcgi parameters.

  "max-procs"         => 2
  "idle-timeout"      => 20,
  "socket"            => "/tmp/php.socket-" + var.PID,
  "bin-path"          => "/usr/bin/php-cgi",
  "bin-environment"   => ( "PHP_FCGI_CHILDREN" => "6",
                           "PHP_FCGI_MAX_REQUESTS" => "7000" )

Up till now (I made the change on July 14th), these changes seem to have fixed the issue, guess I’m still hoping (with the saying “Hope dies last” in mind) it’s gonna fix my problems once and for all.

, ,

Lighttpd issues

Jul 11th

Posted by Christian in Life

1 comment

At first, it seemed that my lighttpd issues were resolved by updating PHP/remerging lighttpd. But apparently not. After putting in a crontab entry, that restarts lighttpd every 15 minutes (which completely sucks), the issue was minimized in it’s impact but not really solved.

*/15 * * * * root    /etc/init.d/lighttpd restart &>/dev/null

Thanks to Michél (I guess, again) — who helped me looking at the strace logs, and of course Christian (aka hoffie — one of my old Gentoo buddies), the issue seems finally resolved. It turns out it was neither a PHP nor lighttpd issue. It was a simple matter of (stale) symlinks in /etc/ssl/certs if you can imagine that. Apparently a stale symlink forced PHP into a loop or something, from which it couldn’t recover on it’s own.

So the thank you is probably to the one, who introduced those lines to the ca-certificates ebuild (guess, that would be vapier, the old code monkey):

  if [[ $badcerts -eq 1 ]]; then
    ewarn "You MUST remove the above broken symlinks"
    ewarn "Otherwise any SSL validation that use the directory may fail!"
    ewarn "To batch-remove them, run:"
    ewarn "find -L ${ROOT}etc/ssl/certs/ -type l -exec rm {} +"
  fi

After letting the find run through /etc/ssl/certs and restarting lighttpd in the process, everything is back to working order! Finally!

, ,

Lighttpd troubles resolved

Jun 28th

Posted by Christian in Life

1 comment

Well, after last weeks lighttpd troubles with PHP (or was it without ?), they finally seem resolved. First thing I did, was upgrade to the new php-version (5.2.10). After that, I ran revdep-rebuild, which apparently found issues with lighttpd being linked to a wrong pcre-version. After remerging lighttpd the issues seem to be gone!

Well, guess I was to quick in saying the problem was resolved .. it’s still there, just not happening as fast as it would in the past ….

, ,

Weird lighttpd troubles

Jun 17th

Posted by Christian in Life

1 comment

Well, since about a week or so I keep having troubles with my vHost and lighttpd. The point being, after some time (up till now it’s been something between days and minutes) lighttpd completely freezes and doesn’t serve no content anymore. I don’t know if this is related to PHP (might be, I did perform an update to dev-lang/php-5.2.9-r2 on Thu May 28 12:18:57 2009), but I have to figure this out since the restart cron-job is getting annoying.

Well, it seems like lighttpd is getting stuck in mod_fastcgi …

2009-06-23 21:34:40: (mod_access.c.135) -- mod_access_uri_handler called
2009-06-23 21:34:40: (mod_fastcgi.c.3675) handling it in mod_fastcgi
2009-06-23 21:34:40: (mod_fastcgi.c.3005) got proc: pid: 11151 socket: unix:/var/run/lighttpd/lighttpd-fastcgi-php-11147.socket-0 load: 85

Usually the last line is followed by a line telling that it released the proc, but not always.

, ,

Firefox: Hosting Xmarks (formerly Foxmarks) on lighttpd

May 3rd

Posted by Christian in Life

Well, I am an enthusiastic user of Xmarks (or Foxmarks) and played with this again and again. So this weekend, I finally decided to do it properly. I sat down, recreated the whole WebDAV stuff (even if I cheated of this HowtoForge article).

Always redirect traffic to HTTPS, since transmitting username and passwords via HTTP ain’t that secure (MITM)

Okay, so here are the shortended setup instructions:

  1. Enable mod_access, mod_auth, mod_redirect and mod_webdav in /etc/lighttpd/lighttpd.conf
  2. Create the necessary directories
  3. Create the htpasswd-file
  4. Configure the redirections
mkdir -p /var/www/dav/{web,auth,sql}
chown -R lighttpd:lighttpd/var/www/dav/{web,sql}
htpasswd -c /var/www/dav/auth/htpasswd chrischie

Since we just created the necessary directories, as well as a htpasswd-file containing a user we should be able to change the configuration now:

$SERVER["socket"] == ":80" {
    $HTTP["host"] == "dav" {
        url.redirect = ( "^/(.*)" => "https://%1/$1" )
    }
}

$SERVER["socket"] == ":443" {
    $HTTP["host"] == "dav" {
        webdav.activate = "enable"
        webdav.is-readonly = "disable"
        webdav.sqlite-db-name = "/var/www/dav/sql/sqlite.db"
        auth.backend = "htpasswd"
        auth.backend.htpasswd.userfile = "/var/www/dav/auth/htaccess"
        auth.require = ( "" => ( "method" => "basic",
                                 "realm" => "webdav",
                                 "require" => "valid-user" ) )
    }
}

Now, just restart the lighttpd service and watch your WebDAV shine. Seriously, there are a couple of things you should be aware of:

  1. When using a home-grown WebDAV server with HTTPS (meaning, custom certificate), Firefox is gonna be blocking the site at first (and Xmarks is gonna fail with a rather cryptic “Error 8172“). Navigate to the URL manually and add an Exception for the certificate.
  2. Before changing the URL’s in Xmarks, I made the error and manually created directories named “bookmarks” and “passwords”, which I then entered in the respective dialogboxes in the settings window. That however made Xmarks cry horribly when running the synchronization.
------ Xmarks/3.1.0 (/Places) starting upload with https://dav ------
>>> PUT https://chrischie@dav/xmarks/bookmarks
>>> Body is: {"commands":[{"action":"insert","nid":"ROOT","args":...
>>> Callback ({status:403, errormsg:""})
Got a 403
False alarm? ({status:403, errormsg:"", auth:(void 0)})
Returned error: Forbidden(403)
Will retry at Sun May 03 2009 16:25:41 GMT+0200

After deleting the folders, it works just fine.

, ,