Fun with Apache2 – httpd not running, trying to start (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down

Have you ever gotten this error message when trying to (re)start Apache

httpd not running, trying to start
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down

If you are running with an SSL certificate on your box, Apache cannot start up without the correct passphrase. I’ve run into this problem a couple times. Once when I rebuilt my virtual server from Mosso and the reboot process (obviously) required Apache to be started up when the machine came back up. Not being there when the start up phase required the correct passphrase Apache was up but not handling requests. The other time my server crashed when it ran out of memory. It was a 256 meg O’RAM box running a Rails app. Go figure!

Fortunately, there is an easy solution. Kill Apache and start it up again. If you’re in the console you’ll be prompted for the passphrase. Enter it correctly and everything will be fine. Here’s how I did it.

ps aux | grep apache
root      3948  0.0  0.2   4028   668 ?        S    17:48   0:00 /bin/sh -e /etc/rc2.d/S91apache2 start
root      3959  0.0  0.2   4028   616 ?        S    17:48   0:00 /bin/sh /usr/sbin/apache2ctl start
root      3964  0.0  2.4 133564  6472 ?        S    17:48   0:00 /usr/sbin/apache2 -k start
root      4069  0.0  0.2   6268   660 pts/0    R+   17:49   0:00 grep apache

I took at a look at the running processes and grep for apache. The one I wanted was the 2nd to last.
Look for the process id and kill it with the -9 option. The process id will be in the second column to the left

kill -9 3964

After it’s dead you can restart Apache like so

apache2ctl start

You’ll get the prompt for the passphrase. Enter it and everything should be fine.

Postfix, ActionMailer and OpenSSL Fix on Ubuntu

If you run into problems using ActionMailer > 2.2, Postfix and OpenSSL while sending mail from your application, try changing the following:

  vim /etc/postfix/main.cf

Change

 smtpd_use_tls=yes

to

smtpd_use_tls=no

OpenSSL support with Postfix does not work out of the box. You can either generate valid certificates or tell Postfix not to use the certificates. More information is available in this discussion forum.

http://forum.slicehost.com/comments.php?DiscussionID=2656

Rails, SSL, Ubuntu, Apache2 with Phusion on Ubuntu

Here are all the commands for setting up your Rails application to server requests over SSL -on Ubuntu, of course.

There are great resources and tutorials at these websites.

http://www.tc.umn.edu/~brams006/selfsign.html

http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html

https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration

The first thing, of course, is that you need OpenSSL installed.

apt-get install openssl

Once you have it installed, you can use this program to generate certificates. The generation process is interactive. It will prompt you for your name, company details, domain etc.  It will also prompt for a passphrase for your certificate. Remember this because you’ll be prompted for it when restarting your webserver. If your doing this to test things out, you can make stuff up. If you are doing this for real, and will eventually want to have a certificate authority (CA) validate your generated certs, this information needs to be accurate. This is the purpose of a CA, to validate the identity of companies using certificates!

openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key.insecure
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The program will output certificate files. I assumed you were in your home directory when you generated them. It doesn’t really matter where they are located, but for purposes of organization, let’s move them to a location that makes sense.

cp server.crt /etc/ssl/certs
cp server.key /etc/ssl/private

We’ll need to install two modules for apache to use Rails over SSL. If you don’t have them installed already, run  these commands.

sudo a2enmod ssl
sudo a2enmod headers

The headers module for apache lets us pass the https:// protocol to our Rails application so that it knows to use https.

The next step involves creating a VirtualHost that is listening on port 443. Port 443, is the standard port that https:// runs on.

#create your virtual host on port 443

NameVirtualHost *:443

<VirtualHost *:443>

  ServerName secure.example.com
  DocumentRoot /var/www/secure_website/public
  SSLEngine On
  RequestHeader set X_FORWARDED_PROTO "https"
  #***note*** some tuts mention the +CompatEnvVars options here... ignore it b/c it doesn't work
  SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  #you'll recog these paths, where we stored the certs here
  SSLCertificateFile /etc/ssl/certs/server.crt
  SSLCertificateKeyFile /etc/ssl/private/server.key
  #force app into production mode...
  RailsEnv production
</VirtualHost>

You’ll also need to tell Apache to listen on port 443, if SSL module is loaded. This logic should be included out of the box. Take a look in /etc/apache2/ports.conf. If you don’t see Listen 443, wrapped in a conditional if mod statement… add Listen 443 to that file.

Force a complete reload of Apache so your certs and modules will be loaded.

/etc/init.d/apache2 force-reload
/etc/init.d/apache2 restart

You’ll want to restart your Rails application as well.

cd path/to/rails/root/app
#if using phusion passenger
touch tmp/restart.txt

Now visit your website https://my-ssl.example.railswebsite.com (or whatever it is) and confirm that it is working. You’ll be forced to add an exception to your browsers security checks for the domain that is running a self signed certificate. Add the exception and test out your Rails application.