apache2 재시작 실패 문제를 해결하는 방법은 무엇입니까?

tag-icon tag-icon raspberry-pi apache-httpd raspbian https
apache2 재시작 실패 문제를 해결하는 방법은 무엇입니까?

건강 상태:http://192.168.1.107/그리고http://192.168.1.107/owncloud(https 포함/제외) HTTPS에 설명된 대로 자체 서명된 SSL 인증서를 사용하여 설정을 재구성한 후 존재하지 않습니다.철사재부팅할 수 없을 때까지 모든 단계를 수행했습니다 apache2.
지원: apache2 재시작 실패

그래요

# http://www.slsmk.com/enabling-https-access-to-owncloud/
masi@raspberrypi:~ $ sudo vim /etc/apache2/conf-available/owncloud-ssl.conf 

masi@raspberrypi:~ $ a2enconf owncloud-ssl.conf
Conf owncloud-ssl already enabled

masi@raspberrypi:~ $ sudo service apache2 restart
Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.

masi@raspberrypi:~ $ sudo systemctl status apache2.service
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2)
   Active: failed (Result: exit-code) since Wed 2016-06-22 21:34:31 UTC; 28min ago
  Process: 14965 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 7474 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
  Process: 17524 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

Jun 22 21:34:31 raspberrypi apache2[17524]: Starting web server: apache2 failed!
Jun 22 21:34:31 raspberrypi apache2[17524]: The apache2 configtest failed. ... (warning).
Jun 22 21:34:31 raspberrypi apache2[17524]: Output of config test was:
Jun 22 21:34:31 raspberrypi apache2[17524]: AH00526: Syntax error on line 9 of /etc/apache2/conf-enabl...onf:
Jun 22 21:34:31 raspberrypi apache2[17524]: SSLCertificateFile: file '/etc/ssl/certs/my-public-cert.pe...mpty
Jun 22 21:34:31 raspberrypi apache2[17524]: Action 'configtest' failed.
Jun 22 21:34:31 raspberrypi apache2[17524]: The Apache error log may have more information.
Jun 22 21:34:31 raspberrypi systemd[1]: apache2.service: control process exited, code=exited status=1
Jun 22 21:34:31 raspberrypi systemd[1]: Failed to start LSB: Apache2 web server.
Jun 22 21:34:31 raspberrypi systemd[1]: Unit apache2.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.

masi@raspberrypi:~ $ sudo journalctl -xn
-- Logs begin at Tue 2016-05-31 16:20:51 UTC, end at Wed 2016-06-22 22:06:09 UTC. --
Jun 22 21:41:03 raspberrypi sudo[17644]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 21:41:51 raspberrypi sudo[17644]: pam_unix(sudo:session): session closed for user root
Jun 22 22:01:17 raspberrypi sudo[17801]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/journal
Jun 22 22:01:17 raspberrypi sudo[17801]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 22:02:36 raspberrypi sudo[17801]: pam_unix(sudo:session): session closed for user root
Jun 22 22:02:38 raspberrypi sudo[17812]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/systemc
Jun 22 22:02:38 raspberrypi sudo[17812]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 22:02:38 raspberrypi sudo[17812]: pam_unix(sudo:session): session closed for user root
Jun 22 22:06:08 raspberrypi sudo[17829]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/journal
Jun 22 22:06:09 raspberrypi sudo[17829]: pam_unix(sudo:session): session opened for user root by masi(uid=0)

설정

  • 내 중요한 구성 파일은 모두 /etc/apache2/sites-enabled/SSL 구성이 최종 완료되었습니다 .000-default.conf000-default-ssl.conf/etc/apache2/sites-enabled/000-default.conf

    # 000-default.conf
SSLEngine on
SSLCertificateFile    /usr/local/share/ca-certificates/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

    다른 파일은 다른 파일에 대한 심볼릭 링크일 뿐입니다.ls -la /etc/apache2/sites-enabled/

    total 8
drwxr-xr-x 2 root root 4096 Jun 22 15:32 .
drwxr-xr-x 8 root root 4096 Jun 22 21:41 ..
lrwxrwxrwx 1 root root   45 May 31 19:35 000-default.conf -> /etc/apache2/sites-available/000-default.conf
lrwxrwxrwx 1 root root   35 May 31 11:50 000-default-ssl.conf -> ../sites-available/000-default.conf

  • /etc/apache2/envvars아직 살아있고 발길질(철사)

    # https://askubuntu.com/a/718551/25388
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

  • 열쇠는 이렇게 만들어졌어요

    # http://www.slsmk.com/enabling-https-access-to-owncloud/
sudo apt-get install ca-certificates
sudo mkdir /etc/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout /etc/ssl/private/apache.key \
    -out /usr/local/share/ca-certificates/apache.crt

# http://stackoverflow.com/questions/5244129/use-rsa-private-key-to-generate-public-key
sudo -i
openssl rsa -in /etc/ssl/private/apache.key -pubout \    
    > /etc/ssl/certs/my-pubkey.perm

  • 소유자/그룹/etc/ssl/

    sudo ls -la /etc/ssl/ | grep certs
drwxr-xr-x 2 root root 24576 Jun 22 13:13 certs

sudo ls -la /etc/ssl/ | grep private 
drwx--x---- 2 root ssl-cert 4096 Jun 22 13:11 private

그래요

masi@raspberrypi:~ $ sudo systemctl -l
  ... 
  session-c25.scope                                                           
● apache2.service                                                             
  avahi-daemon.service                                                        
  ...
  ssh.service                                                                 
● systemd-ask-password-console.service                                        
● systemd-ask-password-wall.service                                           
  systemd-fsck-root.service                                                   
  ...

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

116 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

그래요

masi@raspberrypi:~ $ sudo systemctl -l status apache2 
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2)
   Active: failed (Result: exit-code) since Wed 2016-06-22 21:34:31 UTC; 22h ago

Jun 22 21:34:31 raspberrypi apache2[17524]: Starting web server: apache2 failed!
Jun 22 21:34:31 raspberrypi apache2[17524]: The apache2 configtest failed. ... (warning).
Jun 22 21:34:31 raspberrypi apache2[17524]: Output of config test was:
Jun 22 21:34:31 raspberrypi apache2[17524]: AH00526: Syntax error on line 9 of /etc/apache2/conf-enabled/owncloud-ssl.conf:
Jun 22 21:34:31 raspberrypi apache2[17524]: SSLCertificateFile: file '/etc/ssl/certs/my-public-cert.pem' does not exist or is empty
Jun 22 21:34:31 raspberrypi apache2[17524]: Action 'configtest' failed.
Jun 22 21:34:31 raspberrypi apache2[17524]: The Apache error log may have more information.
Jun 22 21:34:31 raspberrypi systemd[1]: apache2.service: control process exited, code=exited status=1
Jun 22 21:34:31 raspberrypi systemd[1]: Failed to start LSB: Apache2 web server.
Jun 22 21:34:31 raspberrypi systemd[1]: Unit apache2.service entered failed state.

이해합니다/var/log/apache2/error.log

[Fri Jun 24 06:37:41.960434 2016] [ssl:emerg] [pid 3605] AH02580: Init: Pass phrase incorrect for key localhost:80:0
[Fri Jun 24 06:37:41.960823 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.960922 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Fri Jun 24 06:37:41.961001 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.961085 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Fri Jun 24 06:37:41.961165 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Fri Jun 24 06:37:41.961242 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.961324 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Jun 24 06:37:41.961363 2016] [ssl:emerg] [pid 3605] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Jun 24 06:37:41.961393 2016] [ssl:emerg] [pid 3605] AH02564: Failed to configure encrypted (?) private key localhost:80:0, check /etc/ssl/private/apache.key
AH00016: Configuration Failed
[Fri Jun 24 06:38:08.445081 2016] [ssl:emerg] [pid 3666] AH02580: Init: Pass phrase incorrect for key localhost:80:0
[Fri Jun 24 06:38:08.445296 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445346 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Fri Jun 24 06:38:08.445386 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445428 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Fri Jun 24 06:38:08.445470 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Fri Jun 24 06:38:08.445508 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445550 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Jun 24 06:38:08.445570 2016] [ssl:emerg] [pid 3666] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Jun 24 06:38:08.445586 2016] [ssl:emerg] [pid 3666] AH02564: Failed to configure encrypted (?) private key localhost:80:0, check /etc/ssl/private/apache.key
AH00016: Configuration Failed
[Fri Jun 24 06:38:21.111567 2016] [ssl:warn] [pid 3727] AH01906: localhost:80:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:21.111972 2016] [ssl:warn] [pid 3727] AH01909: localhost:80:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:21.163516 2016] [ssl:warn] [pid 3727] AH01906: localhost:80:1 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:21.163631 2016] [ssl:warn] [pid 3727] AH01909: localhost:80:1 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:21.168113 2016] [ssl:emerg] [pid 3727] AH02562: Failed to configure certificate 127.0.0.1:443:0 (with chain), check /etc/ssl/certs/my-pubkey.perm
[Fri Jun 24 06:38:21.168237 2016] [ssl:emerg] [pid 3727] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Fri Jun 24 06:38:21.168340 2016] [ssl:emerg] [pid 3727] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
[Fri Jun 24 06:38:52.430593 2016] [ssl:warn] [pid 3797] AH01906: localhost:80:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:52.430987 2016] [ssl:warn] [pid 3797] AH01909: localhost:80:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:52.482936 2016] [ssl:warn] [pid 3797] AH01906: localhost:80:1 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:52.483046 2016] [ssl:warn] [pid 3797] AH01909: localhost:80:1 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:52.484628 2016] [ssl:emerg] [pid 3797] AH02562: Failed to configure certificate 127.0.0.1:443:0 (with chain), check /etc/ssl/certs/my-pubkey.perm
[Fri Jun 24 06:38:52.484737 2016] [ssl:emerg] [pid 3797] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Fri Jun 24 06:38:52.484838 2016] [ssl:emerg] [pid 3797] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed

/etc/apache2/sites-enabled/000-default-ssl.confSSL 키 및 기타 설정으로 인해 문제가 발생할 수 있음

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName localhost

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined

SSLEngine on

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIU
SSLCertificateFile /usr/local/share/ca-certificates/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

SetEnvIf User-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

</VirtualHost>
</IfModule>

시스템: Raspbian Jessie
스토리지 시스템: Apache 하드웨어의 ownCloud 8.2.5
: Raspberry Pi 3b

답변1

@garethTheRed의 의견은 문제를 해결합니다. sudo systemctl -l status apache2명확한 로그를 제공하고(질문 텍스트 참조) 개인 키와 공개 키의 경로를 수정하여 문제를 해결 하지만 http/https 액세스에서는 여전히 작동하지 않으므로 /etc/apache2/conf-enabled/owncloud-ssl.conf적합하지 않을 수 있습니다.ownCloud

<VirtualHost *:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
    ServerName 127.0.0.1
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/my-pubkey.perm
    SSLCertificateKeyFile /etc/ssl/private/apache.key
    DocumentRoot /var/www/owncloud

    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    </IfModule>
</VirtualHost>

Apache2를 다시 시작하고 다음을 수행했습니다.

masi@raspberrypi:~ $ sudo systemctl -l status apache2 
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2)
   Active: active (exited) since Thu 2016-06-23 19:58:00 UTC; 5s ago
  Process: 1280 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)

Jun 23 19:58:00 raspberrypi apache2[1280]: Starting web server: apache2Action 'start' failed.
Jun 23 19:58:00 raspberrypi apache2[1280]: The Apache error log may have more information.
Jun 23 19:58:00 raspberrypi apache2[1280]: .
Jun 23 19:58:00 raspberrypi systemd[1]: Started LSB: Apache2 web server.

출력: http/https 주소가 작동하지 않습니다. 기대: 효과가 있을 것입니다. 다른 것도 잘못되었습니다.

  • 테스트 1. ping 192.168.1.107정상적으로 작동하여 교통 통제에 문제가 발생함

    PING 192.168.1.107 (192.168.1.107) 56(84) bytes of data.
64 bytes from 192.168.1.107: icmp_seq=1 ttl=64 time=0.661 ms
64 bytes from 192.168.1.107: icmp_seq=2 ttl=64 time=0.653 ms
...

/etc/apache2/sites-available/000-default-ssl.confSSLCertificateFile또한 (공개 키가 아닌 여기에서 인증서) 및 (개인 키) 를 SSLCertificateKeyFile적절하게 변경합니다.

SSLCertificateFile /usr/local/share/ca-certificates/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

우연히 인증서 위치에 있는 파일에 공개 키가 있었습니다. 전체 문서는 텍스트를 참조하세요. 출력: 여전히 HTTP URL에 액세스할 수 없습니다. 예상 출력: HTTP를 통해 액세스됩니다.

관련 정보