Apache24 in jail doesn't start after jail restart

Hello,

I'm running www/apache24 on FreeBSD 11.2-RELEASE-p6 in a jail. To start on boot I add
Code:
apache24_enable="YES"
in /etc/rc.conf. After rebooting the hole system Apache starts without problems. If I restart the Apache jail only, Apache doesn't start.

Is there a log about starting the services? Any other ideas how to solve this?

Thanks!
 
How do you manage your jails? Do you use a helper program, for example, sysutils/ezjail or wrote /etc/jail.conf by yourself?

In the latter case you can add
Code:
$logfile = "/var/log/jail.$name.log";
exec.prestart = "rm -f $logfile";
exec.consolelog = "$logfile";
to common options in your /etc/jail.conf.

PS: Another option I could think of is, check whether address and port, you're trying to bind Apache to, are available after computer starts; run unjailed sockstat(1).
 
After rebooting the hole system Apache starts without problems. If I restart the Apache jail only, Apache doesn't start.
So what's in your /etc/jail.conf and how did you configure the Jail in /etc/rc.conf?

Also what command did you use to restart the Jail?

As to any logfiles: normally you'd consult the log of whatever service which gave you a problem, so in this case you should consult the Apache logfiles. The default error logfile (applicable to the whole service) is defined in httpd.conf by default, probably /var/log/httpd/error.log, that's the first place to look.
 
As others mentioned in their replies here, you should indicate how did you or what created your jail.

Personally, I like and use iocage(8) jail management utility.

# iocage --help

Code:
Usage: iocage [OPTIONS] COMMAND [ARGS]...

A jail manager.
Options:
-v, --version Display iocage's version and exit.
-f, --force   Allow iocage to rename datasets.
--help        Show this message and exit.

Commands:
activate    Set a zpool active for iocage usage.
chroot      Chroot to a jail.
clean      Destroy specified dataset types.
clone       Clone a jail.
console     Login to a jail.
create      Create a jail.
destroy    Destroy specified jail(s).
df          Show resource usage of all jails.
exec        Run a command inside a specified jail.
export     Exports a specified jail.
fetch       Fetch a version of FreeBSD for jail usage or...
fstab      Manipulate the specified jails fstab.
get         Gets the specified property.
import      Import a specified jail.
list        List a specified dataset type, by default...
migrate    Migrate all iocage_legacy develop basejails...
pkg         Use pkg inside a specified jail.
rename      Rename a jail.
restart    Restarts the specified jails or ALL.
rollback   Rollbacks the specified jail.
set         Sets the specified property.
snaplist    Show snapshots of a specified jail.
snapremove  Remove specified snapshot of a jail.
snapshot   Snapshots the specified jail.
start       Starts the specified jails or ALL.
stop        Stops the specified jails or ALL.
update      Run freebsd-update to update a specified jail...
upgrade     Run freebsd-update to upgrade a specified…
nd use “iocage” jail management utility.

No matter how or what created your jail, if it exists , show the “jls” output here

Here is blipped list of my jail:
# jls
Code:
JID  IP Address     Hostname                      Path

1  XX.XX.124.130  mydomain.com            /iocage/jails/webhost/root

Moreover, any TCP/IP service running in jail is started in jail's root dir, with /etc/rc.conf

To operate Apache server in jail, chroot to that jail and then do:
Edit:
use "jexec" with the following Aapache control commands:

apachectl stop

apachectl start

apachectl restart



If there are any issues with your Apache HTTPD server configuration or otherwise, the above commands will show stdout message(s) indicating so.
 
How do you manage your jails? Do you use a helper program, for example, sysutils/ezjail or wrote /etc/jail.conf by yourself?

I manage my /etc/jail.conf by myself.

Also what command did you use to restart the Jail?
sudo service jail restart apachejail

In the latter case you can add
Code:
$logfile = "/var/log/jail.$name.log";
exec.prestart = "rm -f $logfile";
exec.consolelog = "$logfile";
to common options in your /etc/jail.conf.

PS: Another option I could think of is, check whether address and port, you're trying to bind Apache to, are available after computer starts; run unjailed sockstat(1).

I did it and it confirms your suspicion:

Code:
Starting apache24.
(49)Can't assign requested address: AH00072: make_sock: could not bind to address [00::::::00]:80 no listening sockets available, shutting down
AH00015: Unable to open logs
/etc/rc: WARNING: failed to start apache24

Any idea how to fix this?
 
Any idea how to fix this?
Now I'm confused: when did that error ("could not bind address") show up? Problem is that the error is not consistent with your original problem description. When rebooting a Jail all the network devices would already be present, so it couldn't prevent Apache from booting.

But more so: if this was an actual symptom then it would also have happened when you rebooted the entire server, yet you claim that this doesn't happen.

So something doesn't add up here.

Anyway, check httpd.conf and share what Listen settings you're using.
 
Have you assigned an IPv6 to your jail? Seems like Apache is unable to bind to IPv6 equivalent of 0.0.0.0.
 
Now I'm confused: when did that error ("could not bind address") show up?

The error occures if I restart the Apache jail only and not the hole system.

Anyway, check httpd.conf and share what Listen settings you're using.

Code:
Listen 10.0.0.1:80
Listen 10.0.0.1:443
Listen [00:::::00]:80
Listen [00:::::00]:443

Have you assigned an IPv6 to your jail?

Yes. This is my /etc/jail.conf:
Code:
# /etc/jail.conf

# Global settings applied to all jails.

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;

$logfile = "/var/log/jail.$name.log";
exec.prestart = "rm -f $logfile";
exec.consolelog = "$logfile";

apachejail {
    host.hostname = "apache";
    path = "/usr/jails/apachejail";
    ip4.addr = lo1|10.0.0.1;
    ip6.addr = vtnet0|00:::::00/64;
    mount.fstab = "/usr/jails/fstab.apachejail";
}

Jail log after rebooting the hole system:
Code:
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/perl5/5.26/mach/CORE
32-bit compatibility ldconfig path: /usr/lib32
/etc/rc: WARNING: $hostname is not set -- see rc.conf(5).
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting redis.
Performing sanity check on php-fpm configuration:
[16-Dec-2018 21:27:21] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful

Starting php_fpm.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
Starting cron.

Sun Dec 16 21:27:22 CET 2018

Jail log after restarting the Apache jail only:
Code:
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/perl5/5.26/mach/CORE
32-bit compatibility ldconfig path: /usr/lib32
/etc/rc: WARNING: $hostname is not set -- see rc.conf(5).
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting redis.
Performing sanity check on php-fpm configuration:
[16-Dec-2018 21:29:37] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful

Starting php_fpm.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
(49)Can't assign requested address: AH00072: make_sock: could not bind to address [00::::::00]:80
no listening sockets available, shutting down
AH00015: Unable to open logs
/etc/rc: WARNING: failed to start apache24
Starting cron.

Sun Dec 16 21:29:37 CET 2018
 
I'm not doing much with IPv6 myself but I'm pretty sure that 00:::::00 isn't a valid IP address, thus also a cause of your problems (as shown by the error message earlier). Change that to a valid entry and things should behave better.
 
I'm pretty sure that 00:::::00 isn't a valid IP address,
You're right! It's my (maybe confusing) attempt to anonymize the IP (the originally starts with 2a03:...).

To clarify my question: There seems to be a problem to bind the IPv6 that prevents the automatic start of the Apache server after restarting the Apache jail. A later manual Apache start is no problem...
 
I'm not sure you can anonymize your address this way. You'll have to "hide" behind a reverse proxy, or some web server protection service, where proxy's address will be publicly visible, whereas your server's address will be hidden.

I also don't believe you can assign any address -- 0.0.0.0 for IPv4 or 00::00 for IPv6 -- to a network interface. Even if you made-up an IPv6 address noone will route requests to you, hence clients will be unable to reach your server.

If you want everything to work, as it should, better assign a correct IPv6 address or disable IPv6 bindings in Apache.
 
Is there anything else on the Host or in another jail that is also trying to bind the same IPv6 address?. It could be that on host restart the other service hasn't started at the point the Apache jail binds the address so Apache starts ok but afterwards when you only restart the jail, this other service has now bound the IPv6 address and thus Apache is then unable to do so.
 
Back
Top