after enabling mod ssl apache stops listening on port 80

Question

I have an ubuntu 12.04 server with zend server CE installed. I now wanted to enable https but after the first steps according to the documentation, 'a2enmod ssl' and 'apache service restart', apache does not listen on 443 but neither on 80, according to netstat -tap | grep http(s)!

This is what I see in my error log, but I can't make much of it:

    [Fri May 25 19:52:39 2012] [notice] caught SIGTERM, shutting down
[Fri May 25 19:52:41 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri May 25 19:52:41 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured.
[Fri May 25 19:52:41 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.6"
[Fri May 25 19:52:41 2012] [warn] ModSecurity: Loaded APR do not match with compiled!
[Fri May 25 19:52:41 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15"
[Fri May 25 19:52:41 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Fri May 25 19:52:41 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8"
[Fri May 25 19:53:11 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured.
[Fri May 25 19:53:11 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.6"
[Fri May 25 19:53:11 2012] [warn] ModSecurity: Loaded APR do not match with compiled!
[Fri May 25 19:53:11 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15"
[Fri May 25 19:53:11 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Fri May 25 19:53:11 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8"
[Fri May 25 19:53:12 2012] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.8-ZS5.5.0 configured -- resuming normal operations

and here is my httpd.conf:

    # Name based virtual hosting
<virtualhost *:80>

    ServerName www-redirect

    KeepAlive Off

    RewriteEngine On 
    RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$ 
    RewriteRule ^/(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

</virtualhost>

Alias /shared/js "/home/web/library/js"
Alias /shared/image "/home/web/library/image"

<IfModule mod_expires.c>
          <FilesMatch "\.(jpe?g|png|gif|js|css|doc|rtf|xls|pdf)$">
                      ExpiresActive On
                      ExpiresDefault "access plus 1 week"
          </FilesMatch>
</IfModule>

ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
        allow from all
</Directory>

<Location />
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} -s [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^.*$ /index.php [NC,L]
</Location>

netstat -tap gives:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:mysql                 *:*                     LISTEN      765/mysqld      
tcp        0      0 *:pop3                  *:*                     LISTEN      744/dovecot     
tcp        0      0 *:imap2                 *:*                     LISTEN      744/dovecot     
tcp        0      0 *:http                  *:*                     LISTEN      19861/apache2   
tcp        0      0 *:smtp                  *:*                     LISTEN      30365/master    
tcp        0      0 *:4444                  *:*                     LISTEN      634/sshd        
tcp        0      0 *:kamanda               *:*                     LISTEN      1167/lighttpd   
tcp        0      0 *:imaps                 *:*                     LISTEN      744/dovecot     
tcp        0      0 *:amandaidx             *:*                     LISTEN      1167/lighttpd   
tcp        0      0 localhost.loc:amidxtape *:*                     LISTEN      19861/apache2   
tcp        0      0 *:pop3s                 *:*                     LISTEN      744/dovecot     
tcp        0    384 mail.mysite.:4444 231.214.14.37.dyn:41909 ESTABLISHED 19039/sshd: web [pr
tcp        0      0 localhost.localdo:mysql localhost.localdo:48252 ESTABLISHED 765/mysqld      
tcp        0      0 mail.mysite.:http 231.214.14.37.dyn:54686 TIME_WAIT   -               
tcp        0      0 mail.mysite.:4444 231.214.14.37.dyn:42419 ESTABLISHED 19372/sshd: web [pr
tcp        0      0 localhost.localdo:48252 localhost.localdo:mysql ESTABLISHED 19884/auth      
tcp        0      0 mail.mysite.:http 231.214.14.37.dyn:54685 TIME_WAIT   -               
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      744/dovecot     
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      744/dovecot     
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      30365/master    
tcp6       0      0 [::]:4444               [::]:*                  LISTEN      634/sshd        
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      744/dovecot     
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      744/dovecot  

Anyone knows what I am doing wrong? Perhaps I should take some additional steps to make apache listen 0n 443 but that it stops listening on 80 altogether I can't understand.

Answer 1

I was not doing anything wrong but SSL support in Zend Server CE was broken after upgrade to Ubuntu server 12.04. In the mean time Zend fixed the issue by making available a separate Zend Server 5.6 repository for Ubuntu 12.04. Add this line to /etc/apt/sources.list

"deb http://repos.zend.com/zend-server/5.6.0_ubuntu1204/deb server non-free"

Here is the related thread: http://forums.zend.com/viewtopic.php?f=8&t=65613

Answer 2

you can enable the default-ssl site like so;

ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl 

there are some notes here;
http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html

---

Can you paste your output of the netstat command, something like this;

# netstat -ltp | grep http
tcp        0      0 *:https                     *:*                         LISTEN      2592/httpd          
tcp        0      0 *:http                      *:*                         LISTEN      2592/httpd  

also you can log any specific startup errors to a log file like so;

 apachectl -E /var/log/httpd/startup-err.log -k start

and if that doesn't tell you the problem, then jack it up to max like so;

apachectl -e debug -E /var/log/httpd/startup-err.log -k restart

also, apachectl -S will show the virtualhost configurations as seen by httpd;

# apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443          workstation001.config (/etc/httpd/conf.d/ssl.conf:75)
*:80                   is a NameVirtualHost
         default server www-redirect (/etc/httpd/conf.d/mystupidsite.com.conf:1)
         port 80 namevhost www-redirect (/etc/httpd/conf.d/mystupidsite.com.conf:1)
Syntax OK

Answer 3

Disable the Curl Module and the server will start up fine.

To Disable Manually (because the Zend Web Interface won't work with the server down):

1) edit /usr/local/zend/etc/ext.d/curl.ini

2) place a single colon ; in front of extension=curl.so and you should be good to go till the fix is released

PS Zend says a fix for Ubuntu should be coming out shortly.

Answer 4

Look at /var/log/syslog there you will find some description like:

May 30 19:15:39 virtualdev kernel: [  397.265473] apache2[2009]: segfault at 0 ip 00007fa17e522eb6 sp 00007fffb5468f98 error 4 in libc-2.15.so[7fa17e3e7000+1b3000]

This shows that there seems to be a issue with libc-2.15.so when mod ssl is enabled. Not sure who will fix this issue.