If you receive the following error when browsing to a SSL+sharedIP+suPHP site, then these directions are for you:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@training.nts.wustl.edu and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Server at training.nts.wustl.edu Port 443
The following errors will show up in the log file:
root@prism [/usr/local/apache/logs]# cat /usr/local/apache/logs/suphp_log | grep Mismatch [Fri May 13 14:11:29 2011] [warn] Mismatch between target UID (99) and UID (1006) of file "/home/training/public_html/test.php" [Fri May 13 14:11:35 2011] [warn] Mismatch between target UID (99) and UID (1006) of file "/home/training/public_html/test.php" [Mon May 16 08:27:48 2011] [warn] Mismatch between target UID (99) and UID (1006) of file "/home/training/public_html/test.php"
Original Files:
=============================
root@prism [/var/cpanel/userdata]# cat /var/cpanel/userdata/nobody/main
---
addon_domains: {}
main_domain: prism.nts.wustl.edu
parked_domains: []
sub_domains:
- training.nts.wustl.edu
root@prism [/var/cpanel/userdata]# cat /var/cpanel/userdata/nobody/training.nts.wustl.edu_SSL
---
documentroot: /home/training/public_html
group: nobody
hascgi: 1
homedir: /usr/local/apache/htdocs
ip: 128.252.69.1
owner: root
phpopenbasedirprotect: 1
port: 443
serveradmin: webmaster@training.nts.wustl.edu
serveralias: www.training.nts.wustl.edu
servername: training.nts.wustl.edu
ssl: 1
sslcacertificatefile: /etc/ssl/certs/training.nts.wustl.edu.cabundle
sslcertificatefile: /etc/ssl/certs/training.nts.wustl.edu.crt
sslcertificatekeyfile: /etc/ssl/private/training.nts.wustl.edu.key
usecanonicalname: 'Off'
user: nobody
userdirprotect: -1
The above files generated the following snippet from /usr/local/apache/conf/httpd.conf:
ServerName training.nts.wustl.edu
ServerAlias www.training.nts.wustl.edu
DocumentRoot /home/training/public_html
ServerAdmin webmaster@training.nts.wustl.edu
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/training.nts.wustl.edu combined
CustomLog /usr/local/apache/domlogs/training.nts.wustl.edu-bytes_log "%{%s}t %I .\n%{%s}t %O ."
## User nobody # Needed for Cpanel::ApacheConf
suPHP_UserGroup nobody nobody
ScriptAlias /cgi-bin/ /home/training/public_html/cgi-bin/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/training.nts.wustl.edu.crt
SSLCertificateKeyFile /etc/ssl/private/training.nts.wustl.edu.key
SSLCACertificateFile /etc/ssl/certs/training.nts.wustl.edu.cabundle
CustomLog /usr/local/apache/domlogs/training.nts.wustl.edu-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLOptions +StdEnvVars
# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/ssl/2/nobody/training.nts.wustl.edu/*.conf"
Following These Directions:
====================================
* Manually adjust the files in /var/cpanel/userdata
* moving the SSL host file from the "nobody" user folder
to the actual/original user (training),
* edit the file to change the user and group names,
* edit the "main" file to remove that domain from the
nobody user.
* Remove the cache files for any files you've moved or changed,
* Run /scripts/updateuserdomains and then /scripts/rebuildhttpdconf
* This should results in the suPHP_UserGroup being the "training"
instead of nobody in httpd.conf. At this point you can restart
apache to make sure everything works as expected still.
Detailed Commands run:
===================================
root@prism [/var/cpanel/userdata/nobody]# mv training.nts.wustl.edu_SSL ../training/
root@prism [/var/cpanel/userdata/nobody]# rm training.nts.wustl.edu_SSL.cache
rm: remove regular file `training.nts.wustl.edu_SSL.cache'? y
root@prism [/var/cpanel/userdata/nobody]# vi main
root@prism [/var/cpanel/userdata/nobody]# rm main.cache
rm: remove regular file `main.cache'? y
root@prism [/var/cpanel/userdata/nobody]# cd ../training/
root@prism [/var/cpanel/userdata/training]# vi training.nts.wustl.edu_SSL
root@prism [/var/cpanel/userdata/training]# /scripts/updateuserdomains
root@prism [/var/cpanel/userdata/training]# /scripts/rebuildhttpdconf
Built /usr/local/apache/conf/httpd.conf OK
root@prism [/var/cpanel/userdata/training]# /etc/init.d/httpd restart
Updated Files:
===============================
root@prism [/var/cpanel/userdata]# cat /var/cpanel/userdata/nobody/main
---
addon_domains: {}
main_domain: prism.nts.wustl.edu
parked_domains: []
sub_domains: []
root@prism [/var/cpanel/userdata]# cat /var/cpanel/userdata/training/training.nts.wustl.edu_SSL
---
documentroot: /home/training/public_html
group: training
hascgi: 1
homedir: /usr/local/apache/htdocs
ip: 128.252.69.1
owner: root
phpopenbasedirprotect: 1
port: 443
serveradmin: webmaster@training.nts.wustl.edu
serveralias: www.training.nts.wustl.edu
servername: training.nts.wustl.edu
ssl: 1
sslcacertificatefile: /etc/ssl/certs/training.nts.wustl.edu.cabundle
sslcertificatefile: /etc/ssl/certs/training.nts.wustl.edu.crt
sslcertificatekeyfile: /etc/ssl/private/training.nts.wustl.edu.key
usecanonicalname: 'Off'
user: training
userdirprotect: -1
The above files generated the following snippet from /usr/local/apache/conf/httpd.conf:
ServerName training.nts.wustl.edu
ServerAlias www.training.nts.wustl.edu
DocumentRoot /home/training/public_html
ServerAdmin webmaster@training.nts.wustl.edu
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/training.nts.wustl.edu combined
CustomLog /usr/local/apache/domlogs/training.nts.wustl.edu-bytes_log "%{%s}t %I .\n%{%s}t %O ."
## User training # Needed for Cpanel::ApacheConf
suPHP_UserGroup training training
php4_admin_value open_basedir "/home/training:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
php5_admin_value open_basedir "/home/training:/usr/lib/php:/usr/local/lib/php:/tmp"
php_admin_value open_basedir "/home/training:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
php_admin_value open_basedir "/home/training:/usr/lib/php:/usr/local/lib/php:/tmp"
php_admin_value open_basedir "/home/training:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
SuexecUserGroup training training
ScriptAlias /cgi-bin/ /home/training/public_html/cgi-bin/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/training.nts.wustl.edu.crt
SSLCertificateKeyFile /etc/ssl/private/training.nts.wustl.edu.key
SSLCACertificateFile /etc/ssl/certs/training.nts.wustl.edu.cabundle
CustomLog /usr/local/apache/domlogs/training.nts.wustl.edu-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLOptions +StdEnvVars
# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/ssl/2/training/training.nts.wustl.edu/*.conf"
Does it matter what type of ssl you are using i have just bought a ev ssl so i dont really want to have to buy a new one. I tried this a guide a couple of times and i cant seem to get it to work. any ideas???
ReplyDeleteIts highly informative. I would be visiting your blog hereafter regularly to gather valuable information. Networking Setup Melbourne
ReplyDelete@Tim - What is the exact problem you are having?
ReplyDelete