Tag Archives: apache

Apache error — No space left on device: Couldn’t create accept lock

Apache: [emerg] (28)No space left on device: Couldn’t create accept lock

[notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[crit] (28)No space left on device: mod_rewrite: Parent could not create RewriteLock file /usr/local/apache/logs/rewrite_lock

semget: [emerg] (28) No space left on device OR Apache: No space left on device: Couldn’t create accept lock

You might check if disk space is full and can easily confirm that is not the reason for this error.

The reason behind the error message is Semaphores. You will have to kill the hung/stuck semaphore processes in order

To list the PIDs of the active semaphore processes, execute:

# ipcs -s
—— Semaphore Arrays ——– key
semid owner perms nsems
0×00000000 366673220 apache 600 1
0×00000000 366706589 apache 600 1
0×00000000 366732358 apache 600 1
0×00000000 366734353 apache 600 1

To kill those process, use the command :

# ipcrm -s PID

Once those stuck/hung processes are cleared, restart your apache service.

 

Racktable, Apache+LDAP authentication

Login to the Rack tables as admin:

Add the following line under configuration–> permission

allow {$tab_default}

* This is for read only account, assign extra permissions if required

Configure Apache + LDAP

< Directory /var/www/racktables >
Options +Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AuthName "Rack Tables"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldaps://ldaphost.com/dc=company,dc=com?uid?sub?(objectClass=< depends_on_ldap >)"

# Bind if required
AuthLDAPBindDN "uid=userid,ou=people,dc=company,dc=com"
AuthLDAPBindPassword "xxxxxx"
AuthLDAPGroupAttribute uniqueMember
AuthLDAPGroupAttributeIsDN on
require ldap-group cn=group_name,dc=company,dc=com
require ldap-attribute cn=group-name-allowed
< /Directory >

* Most of LDAP configs based on your setup

Configure Rack Tables:

Edit the inc/secret.php

Set :

$user_auth_src = 'httpd';
$require_local_account = FALSE;

NOTE: to get the logout working properly make sure the Apache AuthName matches with the one configured for Rack tables authentication.

Referene : http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide

Reference

./arun

Hardening Apache webserver

Tips to harden apache webserver:

Disable weak SSLV2 siphers
edit ssl.conf and add
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP

Restrict apache to giveout minimum informations
Edit httpd.conf and change
ServerTokens ProductOnly

Disable track and trace in every virtual hosts
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

Always better to configure apache to Loan minimal/required modules and include only necessary config files.

./arun

Fix for – – mixing * ports and non-* ports with a NameVirtualHost address is not supported

If you happend to see this error in apache logs,

– mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

Check your apache configuration, to make sure that there is no VirtualHost defined without port numbers like : <VirtualHost 127.0.0.1>, if existing fix it with port number.