I'm getting odd errors in log/error.log with things like Code: [Sat Dec 19 18:48:49.282982 2020] [fcgid:warn] [pid 1338693:tid 140035303130880] (104)Connection reset by peer: [client 207.46.13.125:9346] mod_fcgid: ap_pass_brigade failed in handle_request_ipc function and [Sat Dec 19 18:44:18.943158 2020] [log_config:warn] [pid 1336611:tid 140036478859008] (32)Broken pipe: [client 108.51.90.131:65531] AH00646: Error writing to | /usr/local/ispconfig/server/scripts/vlogger -s access.log -t "%Y%m%d-access.log" /var/log/ispconfig/httpd now I've read these can be due to resource problems - but server has 256gb of ram and 128gb is free... i've also been looking at fcgid values in the vhosts which are: Code: <IfModule mod_fcgid.c> FcgidIdleTimeout 300 FcgidProcessLifeTime 3600 # FcgidMaxProcesses 1000 FcgidMaxRequestsPerProcess 5000 FcgidMinProcessesPerClass 0 FcgidMaxProcessesPerClass 10 FcgidConnectTimeout 3 FcgidIOTimeout 600 FcgidBusyTimeout 3600 FcgidMaxRequestLen 1073741824 </IfModule> I've put entries at the end in the /etc/httpd/conf/httpd.conf: RequestHeader unset Proxy early FcgidMaxProcesses 2000 FcgidMaxProcessesPerClass 200 now I didnt comment the FcgidMaxProcesses line in the vhost where did that get commented out? I dont have any entries in the Options tab to explain these entries... maybe they are too small in a template?? does the httpd.conf value take precedence if its larger? output from systemctl status httpd: anyway your comments would be appreciated!
No. If you want to raise them for a website, use the apache directives field of the site or if you want to change the defaults for all sites, create a custom vhost template and change it in that template.
ENLIGHTENMENT - the messages above are NOT due to resource problems but by the other end killing the connection after a 500 error. For example on the first one: [Sat Dec 19 18:48:49.282982 2020] looking in access.log we fine 207.46.13.125 - - [19/Dec/2020:18:48:43 -0500] "GET /supportlogin/ HTTP/1.1" 500 1391600 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" same ip - same time. the bingbot is generating a 500 error by accessing /supportlogin. and then aborts the connection leading to the broken pipe. now of course GET /supportlogin/ should NOT generate a 500 error. so .. thats an additional question. but the broken pipe error is NOT a problem in and of itself its just saying the other end aborted the connection. now - more interesting connection why would a perfectly good page (theeldestgeek.com/supportlogin) generate a 500 error??
.... but another logging error - on a different site: Code: [Sun Dec 20 03:20:05.913929 2020] [ssl:error] [pid 1336601:tid 140037132736832] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=toptechva.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 04A1452C24A5B466FEAD4E470D4284A094E0 / notbefore: Oct 28 06:08:15 2020 GMT / notafter: Jan 26 06:08:15 2021 GMT] [Sun Dec 20 03:20:05.913945 2020] [ssl:error] [pid 1336601:tid 140037132736832] AH02604: Unable to configure certificate toptechva.com:443:0 for stapling [root@ns10 web]# now from my vhost file - Code: SSLEngine on SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 # SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on # <IfModule mod_headers.c> # Header always add Strict-Transport-Security "max-age=15768000" # </IfModule> SSLCertificateFile /var/www/clients/client0/web83/ssl/toptechva.com-le.crt SSLCertificateKeyFile /var/www/clients/client0/web83/ssl/toptechva.com-le.key SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off </IfModule> I dont have a chain cert listed, but I dont on other sites that dont generate the error either! final but of strangeness - https://www.toptechva.com pulls up just fine and is secure gives LE cert with valid dates! so ... are the above errors significant? sure would like to expunge them! so... what does the error above actually mean?
