Ispconfig IE7 Xen

Hello,

I've created an debian Etch installation on vmware with ispconfig 2.2.27. Everything works as it should be without problems.

I now have installed Debian Etch on two vds on Xen I rent from an webhosting provider. Installation went oke. When I log in the secured control panel on port 81 i see something strange when I do netstat -tap on the commandline with ssh.

I see minimum 50 lines as these (I removed the IP and hostnames for privacy purposes)

tcp 0 0 domain.tld.:81 a00-000-000-000.a:54671 TIME_WAIT -
tcp 0 0 domain.tld.:81 a00-000-000-000.a:54665 TIME_WAIT -
tcp 0 0 domain.tld.:81 a00-000-000-000.a:54667 TIME_WAIT -
tcp 0 0 domain.tld.:81 a00-000-000-000.a:54666 TIME_WAIT -

Then the vds get stuck and a reboot is needed. Also the webserver is down.

When I login with firefox i still get those lines but they dissapear quickly.

I never had this problem with the Debian on vmware or even as a virtual machine in Windows Server 2008.

Is it a problem on Xen. Do you what I can do about it. I informed my provider but they have not yet responded, although a few days he said there were problems with OOM.

Can you help me on this one, you're tutorial for the perfect setup is great

Aurelius

 

Are there any errors in the error log in /root/ispconfig/httpd/logs?

 

in the errror log I found these messages

[Thu Oct 16 11:20:40 2008] [error] mod_ssl: SSL handshake failed (server domain.tld:81, client **.***.***.***) (OpenSSL library error follows)
[Thu Oct 16 11:20:40 2008] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:20 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:20 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:22 2008] [error] mod_ssl: SSL handshake failed (server domain.tld:81, client ***.***.***.***) (OpenSSL library error follows)
[Fri Oct 17 10:45:22 2008] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct 17 12:21:02 2008] [notice] caught SIGTERM, shutting down
[Fri Oct 17 12:23:15 2008] [notice] Apache configured -- resuming normal operations
[Fri Oct 17 12:23:15 2008] [notice] Accept mutex: sysvsem (Default: sysvsem)

 

and in the syslog I found these messages

Oct 17 12:23:04 domaintld kernel: klogd 1.4.1#18, log source = /proc/kmsg started.
Oct 17 12:23:04 domaintld kernel: Linux version 2.6.18-xen (shand@endor) (gcc version 3.4.4 20050314 (prerelease) (Debian 3.4.3-13)) #1 SMP Fri Jun 1 15:01:20 BST 2007
Oct 17 12:23:04 domaintld kernel: BIOS-provided physical RAM map:
Oct 17 12:23:04 domaintld kernel: Xen: 0000000000000000 - 0000000020800000 (usable)
Oct 17 12:23:04 domaintld kernel: 0MB HIGHMEM available.
Oct 17 12:23:04 domaintld kernel: 520MB LOWMEM available.
Oct 17 12:23:04 domaintld kernel: NX (Execute Disable) protection: active
Oct 17 12:23:04 domaintld kernel: On node 0 totalpages: 133120
Oct 17 12:23:04 domaintld kernel: DMA zone: 133120 pages, LIFO batch:31
Oct 17 12:23:04 domaintld kernel: ACPI in unprivileged domain disabled
Oct 17 12:23:04 domaintld kernel: Allocating PCI resources starting at 30000000 (gap: 20800000:df800000)
Oct 17 12:23:04 domaintld kernel: Detected 1995.084 MHz processor.
Oct 17 12:23:04 domaintld kernel: Built 1 zonelists. Total pages: 133120
Oct 17 12:23:04 domaintld kernel: Kernel command line: root=/dev/sda1 ro
Oct 17 12:23:04 domaintld kernel: Enabling fast FPU save and restore... done.
Oct 17 12:23:04 domaintld kernel: Enabling unmasked SIMD FPU exception support... done.
Oct 17 12:23:04 domaintld kernel: Initializing CPU#0
Oct 17 12:23:04 domaintld kernel: PID hash table entries: 4096 (order: 12, 16384 bytes)
Oct 17 12:23:04 domaintld kernel: Xen reported: 1995.000 MHz processor.
Oct 17 12:23:04 domaintld kernel: Console: colour dummy device 80x25
Oct 17 12:23:04 domaintld kernel: Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Oct 17 12:23:04 domaintld kernel: Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Oct 17 12:23:04 domaintld kernel: Software IO TLB disabled
Oct 17 12:23:04 domaintld kernel: vmalloc area: e1000000-f51fe000, maxmem 2d7fe000
Oct 17 12:23:04 domaintld kernel: Memory: 513920k/532480k available (2100k kernel code, 10084k reserved, 740k data, 196k init, 0k highmem)
Oct 17 12:23:04 domaintld kernel: Checking if this processor honours the WP bit even in supervisor mode... Ok.
Oct 17 12:23:04 domaintld kernel: Calibrating delay using timer specific routine.. 4009.10 BogoMIPS (lpj=20045547)
Oct 17 12:23:04 domaintld kernel: Security Framework v1.0.0 initialized
Oct 17 12:23:04 domaintld kernel: Capability LSM initialized
Oct 17 12:23:04 domaintld kernel: Mount-cache hash table entries: 512
Oct 17 12:23:04 domaintld kernel: CPU: After generic identify, caps: bfebc3f1 20100000 00000000 00000000 0004e33d 00000000 00000001
Oct 17 12:23:04 domaintld kernel: CPU: After vendor identify, caps: bfebc3f1 20100000 00000000 00000000 0004e33d 00000000 00000001
Oct 17 12:23:04 domaintld kernel: CPU: L1 I cache: 32K, L1 D cache: 32K
Oct 17 12:23:04 domaintld kernel: CPU: L2 cache: 4096K
Oct 17 12:23:04 domaintld kernel: CPU: After all inits, caps: bfebc3f1 20100000 00000000 00000940 0004e33d 00000000 00000001
Oct 17 12:23:04 domaintld kernel: Checking 'hlt' instruction... OK.
Oct 17 12:23:04 domaintld kernel: SMP alternatives: switching to UP code
Oct 17 12:23:04 domaintld kernel: Freeing SMP alternatives: 12k freed
Oct 17 12:23:04 domaintld kernel: Brought up 1 CPUs
Oct 17 12:23:04 domaintld kernel: migration_cost=0
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 16
Oct 17 12:23:04 domaintld kernel: Brought up 1 CPUs
Oct 17 12:23:04 domaintld kernel: PCI: setting up Xen PCI frontend stub
Oct 17 12:23:04 domaintld kernel: ACPI: Interpreter disabled.
Oct 17 12:23:04 domaintld kernel: Linux Plug and Play Support v0.97 (c) Adam Belay
Oct 17 12:23:04 domaintld kernel: pnp: PnP ACPI: disabled
Oct 17 12:23:04 domaintld kernel: xen_mem: Initialising balloon driver.
Oct 17 12:23:04 domaintld kernel: PCI: System does not support PCI
Oct 17 12:23:04 domaintld kernel: PCI: System does not support PCI
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 2
Oct 17 12:23:04 domaintld kernel: IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
Oct 17 12:23:04 domaintld kernel: TCP established hash table entries: 131072 (order: 8, 1048576 bytes)
Oct 17 12:23:04 domaintld kernel: TCP bind hash table entries: 65536 (order: 7, 524288 bytes)
Oct 17 12:23:04 domaintld kernel: TCP: Hash tables configured (established 131072 bind 65536)
Oct 17 12:23:04 domaintld kernel: TCP reno registered
Oct 17 12:23:04 domaintld kernel: IA-32 Microcode Update Driver: v1.14a-xen <[email protected]>
Oct 17 12:23:04 domaintld kernel: audit: initializing netlink socket (disabled)
Oct 17 12:23:04 domaintld kernel: audit(1224238975.348:1): initialized
Oct 17 12:23:04 domaintld kernel: VFS: Disk quotas dquot_6.5.1
Oct 17 12:23:04 domaintld kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
Oct 17 12:23:04 domaintld kernel: Initializing Cryptographic API
Oct 17 12:23:04 domaintld kernel: io scheduler noop registered
Oct 17 12:23:04 domaintld kernel: io scheduler anticipatory registered
Oct 17 12:23:04 domaintld kernel: io scheduler deadline registered
Oct 17 12:23:04 domaintld kernel: io scheduler cfq registered (default)
Oct 17 12:23:04 domaintld kernel: Floppy drive(s): fd0 is unknown type 15 (usb?), fd1 is unknown type 15 (usb?)
Oct 17 12:23:04 domaintld kernel: Failed to obtain physical IRQ 6
Oct 17 12:23:04 domaintld kernel: floppy0: no floppy controllers found
Oct 17 12:23:04 domaintld kernel: RAMDISK driver initialized: 16 RAM disks of 16384K size 1024 blocksize
Oct 17 12:23:04 domaintld kernel: loop: loaded (max 8 devices)
Oct 17 12:23:04 domaintld kernel: Xen virtual console successfully installed as tty1
Oct 17 12:23:04 domaintld kernel: Event-channel device installed.
Oct 17 12:23:04 domaintld kernel: netfront: Initialising virtual ethernet driver.
Oct 17 12:23:04 domaintld kernel: Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
Oct 17 12:23:04 domaintld kernel: ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
Oct 17 12:23:04 domaintld kernel: PNP: No PS/2 controller found. Probing ports directly.
Oct 17 12:23:04 domaintld kernel: i8042.c: No controller found.
Oct 17 12:23:04 domaintld kernel: mice: PS/2 mouse device common for all mice
Oct 17 12:23:04 domaintld kernel: xen-vbd: registered block device major 8
Oct 17 12:23:04 domaintld kernel: blkfront: sda1: barriers enabled
Oct 17 12:23:04 domaintld kernel: md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
Oct 17 12:23:04 domaintld kernel: md: bitmap version 4.39
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 1
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 17
Oct 17 12:23:04 domaintld kernel: Using IPI No-Shortcut mode
Oct 17 12:23:04 domaintld kernel: blkfront: sda2: barriers enabled
Oct 17 12:23:04 domaintld kernel: netfront: device eth0 has copying receive path.
Oct 17 12:23:04 domaintld kernel: XENBUS: Device with no driver: device/console/0
Oct 17 12:23:04 domaintld kernel: md: Autodetecting RAID arrays.
Oct 17 12:23:04 domaintld kernel: md: autorun ...
Oct 17 12:23:04 domaintld kernel: md: ... autorun DONE.
Oct 17 12:23:04 domaintld kernel: EXT2-fs warning (device sda1): ext2_fill_super: mounting ext3 filesystem as ext2
Oct 17 12:23:04 domaintld kernel: VFS: Mounted root (ext2 filesystem) readonly.
Oct 17 12:23:04 domaintld kernel: Freeing unused kernel memory: 196k freed
Oct 17 12:23:04 domaintld kernel: serial_core: no version for "struct_module" found: kernel tainted.
Oct 17 12:23:04 domaintld kernel: Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled
Oct 17 12:23:04 domaintld kernel: Adding 1048568k swap on /dev/sda2. Priority:-1 extents:1 across:1048568k
Oct 17 12:23:04 domaintld kernel: device-mapper: ioctl: 4.7.0-ioctl (2006-06-24) initialised: [email protected]
Oct 17 12:23:04 domaintld kernel: NET: Registered protocol family 10
Oct 17 12:23:04 domaintld kernel: lo: Disabled Privacy Extensions
Oct 17 12:23:04 domaintld kernel: IPv6 over IPv4 tunneling driver

 

It seems that it is not only happening when I login on the control panel. When I login with pop3 to get my mail there are 5 or 6 of these lines, it takes more than 45 seconds before these dissapear

 

Please recreate the SSL certificate: http://www.howtoforge.com/forums/showthread.php?t=121

 

I also found this in the error log, does it also has to do with the certificate

[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:17 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:17 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:20 2008] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri Oct 17 10:45:20 2008] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Fri Oct 17 10:45:22 2008] [error] mod_ssl: SSL handshake failed (server domain.tld:81, client ***.***.***.***) (OpenSSL library error follows)
[Fri Oct 17 10:45:22 2008] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct 17 12:21:02 2008] [notice] caught SIGTERM, shutting down
[Fri Oct 17 12:23:15 2008] [notice] Apache configured -- resuming normal operations
[Fri Oct 17 12:23:15 2008] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Sat Oct 18 18:03:09 2008] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Sat Oct 18 18:03:09 2008] [error] System: Connection reset by peer (errno: 104)
[Sat Oct 18 18:03:12 2008] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Sat Oct 18 18:03:12 2008] [error] System: Connection reset by peer (errno: 104)

 

Thanks for your help falko, I know now for sure that the problems occurs with https. I didn't use https on the vmware, On another vm I had https and I see know the same messages

Another question, can a faulty certificate cause server hanging,