Hi folks, I have a headless server which requires "pass phrase" to start Apache at boot. After remote rebooting I can ssh connect the server. But I can't start Apache because I have no way to keyin the password remotely. After connection, running; $ sudo /etc/init.d/apache2 restart Code: * Forcing reload of apache 2.0 web server... [Sat Jun 28 10:33:50 2008] [warn] NameVirtualHost *:0 has no VirtualHosts (98)Address already in use: make_sock: could not bind to address [::]:443 no listening sockets available, shutting down Unable to open logs [fail] Is there any glue. TIA B.R. satimis
That seems to be a problem with sudo not with apache, sudo is not changing your privilage level to root to allow you to bind to port 443
Hi topdog, Thanks for your advice. If ssh connect the remote server as root can it starts Apache remotely? On Internet some folks suggest running SSLPassPhraseDialog directive. But I haven't got experience on it before. on /etc/apache2/httpd.conf adding follows; Code: <IfModule mod_ssl.c> # Pass Phrase Dialog: # #SSLPassPhraseDialog builtin SSLPassPhraseDialog exec:/content/ssl/pp/pp.out </..> File pp.out Code: #!/bin/sh PASS1=somepass1 PASS2=somepass2 case $1 in www.pass1.com:443) echo $PASS1;; www.pass2.com:443) echo $PASS2;; esac exit 0 But I haven't figured out what shall I replace "somepass1" and "somepass2"? Whether the request for "Pass Phrase" will popup on running ssh-connect the remote server? Where shall I create the path "/content/ssl/pp/pp.out" ? Any additional Apache package needed to install? B.R. satimis
If you are running only one secure site then you only need one password. You can place the file in /etc/httpd/conf/ (if on centos | use the relevant directory for other distros) just make sure the file is only readable to the apache user otherwise there password will be compromised.
Hi topdog, If I understand your advice correctly. One secure site = only one site/pc from where to boot the server remotely. password=the password with it to boot the remote server on the secure site. I can select any combination of character and number to replace "somepass". So the pp.out will look like Code: #!/bin/sh PASS=acd123 case $ in 123.123.456.456:443) echo $PASS;; esac exit 0 123.123.456.456 is the public IP of the secure site. OR can I replace is with www.domain.com? ( domain.com is domain of the secure site to boot the server remotely) On Ubuntu if I create a directory /etc/apache2/pp I can put the file on /etc/apache2/pp/pp.out Then on the file Code: SSLPassPhraseDialog exec:/etc/apache2/ssl/pp/pp.out What will be the permission and owership of the directory /pp/ and the file pp.out? If I'm wrong, please correct me. TIA Any additional package I need to install? B.R. satimis
By one site i mean site hosted on the machine, using the domain name on ip address depends on how you have configured your ssl server apache has to be able to search the pp directory meaning the x flag has to be set, the script can be rx for the owner (apache)
Hi topdog, Performed following test without success. $ sudo mkdir /etc/apache2/ssl/pp $ sudo nano /etc/apache2/ssl/pp/pp.out Copying following content on it; Code: #!/bin/sh PASS=abcde case $ in 192.168.0.10:443) echo $PASS;; esac exit 0 Remark: 192.168.0.10 is the IP of the local PC $ sudo chmod +x -c /etc/apache2/ssl/pp/pp.out Code: mode of `/etc/apache2/ssl/pp/pp.out' changed to 0755 (rwxr-xr-x) $ sudo nano /etc/apache2/httpd.conf adding follows at the bottom of the file; Code: <IfModule mod_ssl.c> # Pass Phrase Dialog: # #SSLPassPhraseDialog builtin SSLPassPhraseDialog exec:/etc/apache2/ssl/pp/pp.out </IfModule> $ cat /etc/apache2/httpd.conf Code: # This is here for backwards compatability reasons and to support # installing 3rd party modules directly via apxs2, rather than # through the /etc/apache2/mods-{available,enabled} mechanism. # #LoadModule mod_placeholder /usr/lib/apache2/modules/mod_placeholder.so ServerName lampserver <IfModule mod_ssl.c> # Pass Phrase Dialog: # #SSLPassPhraseDialog builtin SSLPassPhraseDialog exec:/etc/apache2/ssl/pp/pp.out </IfModule> $ sudo reboot and ssh connect the server remotely. Nothing happens. No dialog starts I think the steps are wrong. Before the test Apache/2.0.55 mod_ssl/2.0.55 (Pass Phras Dialog) starts after booting on the server locally waiting for input of password. After editing /etc/apache2/httpd.conf on reboot the dialog doesn't start at all. B.R. satimis
Your script is incorrect you need $1 as the variable, but in any case since you only have one host there is no need for a switch statement this script should do it. Code: #!/bin/bash PASS=abcde echo $PASS exit 0
Your advice works for me. Thanks. To make it more difficult. PassPhrase won't start automatically. It only works under following 2 conditions; 1) The server detects the pre-set IP of the remote site on ssh connection. 2) The PassPhrase must be keyined by the remote site. Is it possible? If YES how to achieve it? TIA B.R. satimis
I dont understand what you mean the point of using that script is to allow apache start with a private key that is password protected, so what are you talking about ?
Oh sorry NOT the script. I was talking new steps/new setup. So non authorized person can't restart the web server without the PassPhrase which won't be stored on the server. Regarding IP I was talking 2 sites. Thanks satimis
In that case the default builtin mechanism should be sufficient as they will need to know the pass phrase
Noted with thanks. Having tried 2 sites version on Intranet without success. Site-1 to reboot the server, IP=192.168.0.10 Site-2 to reboot the server, IP=192.168.0.55 No port forwarded to the server variation on pp.out tested Code: #!/bin/sh PASS1=abcde PASS2=vwxyz case $1 in 192.168.0.10 echo $PASS1;; 192.168,0.55 echo $PASS2;; esac exit 0 Code: #!/bin/sh PASS1=abcde PASS2=vwxyz case $1 in 192.168.0.10) echo $PASS1;; 192.168,0.55) echo $PASS2;; esac exit 0 Code: #!/bin/sh PASS1=abcde PASS2=vwxyz case $1 in 192.168.0.10 ) echo $PASS1;; 192.168,0.55 ) echo $PASS2;; esac exit 0 Code: #!/bin/sh PASS1=abcde PASS2=vwxyz case $1 in 192.168.0.10 echo $PASS1; 192.168,0.55 echo $PASS2; esac exit 0 etc. Run $ sudo chmod +x /var/www/apache2/ssl/pp/pp.out each time after change made. None of them can work. satimis
