500 error on all scripts

24 posts / 0 new
Last post
#1 Sun, 09/11/2011 - 14:15
GuineaPig

500 error on all scripts

Hi,

I'm trying to set up a CentOS 6 server with virtualmin GPL. Installation went fine, creating virtual servers works, ftp is ok, mail works, etc... Unfortunately, php scripts in virtual servers fail and result in a 500 error.

If I try with an info.php file in /var/www/html/ and open the url for the file (https) it works. If I put the info.php on one of the virtual servers I created, I get the error...

Apache error log says:

[Sun Sep 11 20:45:43 2011] [warn] [client 84.195.182.194] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Sun Sep 11 20:45:43 2011] [error] [client 84.195.182.194] Premature end of script headers: info.php

When I put the php execution mode on mod_php, the scripts work, but I don't really want to do that and I would like to get it working with fast cgi.

Can someone help me out or point me in the right direction? I've been looking at apache configuration, suexec setup, mod_fcgid setup, but I can't find something wrong...

Sun, 09/11/2011 - 14:23
andreychek

Howdy,

Well, the error you're getting there suggests that the script is running too long, and is timing out.

I'm curious, do you see the same issue if you use the "CGI" PHP Execution Mode?

-Eric

Sun, 09/11/2011 - 14:42 (Reply to #2)
GuineaPig

If I put php execution mode on CGI I get this:

[Sun Sep 11 21:37:09 2011] [error] [client 84.195.182.194] suexec failure: could not open log file
[Sun Sep 11 21:37:09 2011] [error] [client 84.195.182.194] fopen: Permission denied
[Sun Sep 11 21:37:09 2011] [error] [client 84.195.182.194] Premature end of script headers: php5.cgi

I'm not sure if the script is running too long as it is working in /var/www/html. Not on virtual servers though...

There are entries in the /var/log/httpd/suexec.log though, so I have no idea why I'm seeing this suexec failure...

[2011-09-11 21:37:09]: uid: (500/guineapig) gid: (500/guineapig) cmd: php5.cgi

Mon, 09/12/2011 - 04:41
GuineaPig

Update...

Since this is the initial setup of a VPS I have the luxury to start all over agains so that's what I did... I went back to a fresh install of Centos 6, installed perl and then virtualmin GPL (on my previous attempt I installed apache, mysql, php, dovecot, etc... before launching the virtualmin install script, this time I had the script install everything).

Virtualmin installation went flawless but unfortunately, I'm still having the same errors. In mod_php mode everything works but mod_fcgid is still not working.

Mon, 09/12/2011 - 08:48
andreychek

Mmm, that's pretty strange! The FCGID and CGI modes would typically work out of the box.

How are you uploading your files for the website to the server... are you by chance uploading them as root? If so, you may be seeing problems do to permission issues.

-Eric

Mon, 09/12/2011 - 12:54
GuineaPig

All files were uploaded through FTP by login in with the virtual server owner's user. I created an info.php file as root in one of the virtual servers but I did a chmod (755) and chown to the VS owner's user of that file so permissions are ok.

And indeed, I would consider this installation as 'out of the box', unless there's something special about the Centos 6 VPS image my hosting company provided. As far as I can tell the image is a basic server Centos install without extra packages. I only installed did yum install perl and then ran the virtualmin script. I've attached a txt file with the result of yum list installed to this message. Maybe this can help?

Mon, 09/12/2011 - 13:01
GuineaPig

All files were uploaded through FTP by login in with the virtual server owner's user. I created an info.php file as root in one of the virtual servers but I did a chmod (755) and chown to the VS owner's user of that file so permissions are ok.

And indeed, I would consider this installation as 'out of the box', unless there's something special about the Centos 6 VPS image my hosting company provided. As far as I can tell the image is a basic server Centos install without extra packages. I only installed did yum install perl and then ran the virtualmin script. I've attached a txt file with the result of yum list installed to this message. Maybe this can help?

Mon, 09/12/2011 - 13:13
andreychek

Hmm, I've never seen that error on a CentOS install before. But I also don't see any packages that appear unusual.

Is it still this error you're receiving when trying to use the CGI/FCGID modes:

fopen: Permission denied

If so, what does this command output:

ls -l $HOME/logs/
Mon, 09/12/2011 - 13:27 (Reply to #8)
GuineaPig

I assume that I have to run this command as the VS owner user? Then the output is:

lrwxrwxrwx 1 guineapig guineapig 43 Sep 12 10:16 access_log -> /var/log/virtualmin/guineapig.be_access_log
lrwxrwxrwx 1 guineapig guineapig 42 Sep 12 10:16 error_log -> /var/log/virtualmin/guineapig.be_error_log

Don't know if this is important, but there is another permission error I encountered earlier today... When I try to install Squirrelmail through the virtualmin script I get:

Configuration program failed : /config/conf.pl: /usr/bin/env: bad interpreter: Permission denied

No idea if this is related... Anyway, squirrelmail is not that important as usermin works great.

The fopen error only shows in cgi mode. In fcgid it's:

[Mon Sep 12 20:25:53 2011] [warn] [client 84.195.182.194] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Mon Sep 12 20:25:53 2011] [error] [client 84.195.182.194] Premature end of script headers: info.php
Mon, 09/12/2011 - 13:29 (Reply to #9)
GuineaPig

Just to give all the info... in CGI mode the error log shows:

[Mon Sep 12 20:28:34 2011] [error] [client 84.195.182.194] suexec failure: could not open log file
[Mon Sep 12 20:28:34 2011] [error] [client 84.195.182.194] fopen: Permission denied
[Mon Sep 12 20:28:34 2011] [error] [client 84.195.182.194] Premature end of script headers: php5.cgi
Mon, 09/12/2011 - 13:32
andreychek

Do you by chance have a /proc/user_beancounters file?

If so, can you paste in it's contents?

-Eric

Mon, 09/12/2011 - 13:38
GuineaPig

No, don't have such a file...

Mon, 09/12/2011 - 14:05
andreychek

Okay, just a shot in the dark :-)

What is the output of this command:

ls -l /var/log/virtualmin/

Mon, 09/12/2011 - 14:09
GuineaPig
-rw-rw---- 1 guineapig apache 78939 Sep 12 20:58 guineapig.be_access_log
-rw-rw---- 1 guineapig apache 37234 Sep 12 20:58 guineapig.be_error_log
Mon, 09/12/2011 - 14:13
andreychek

Sorry, wrong command... try this one:

ls -la /var/log/virtualmin/

Mon, 09/12/2011 - 14:18
GuineaPig
drwx--x--x 2 root      root    4096 Sep 12 10:16 .
drwxr-xr-x 7 root      root    4096 Sep 12 14:38 ..
-rw-rw---- 1 guineapig apache 79718 Sep 12 21:14 guineapig.be_access_log
-rw-rw---- 1 guineapig apache 37780 Sep 12 21:14 guineapig.be_error_log

Tnx already for helping out and looking into this...

Mon, 09/12/2011 - 14:27
andreychek

Hrm, I'm having a bear of a time trying to determine what's wrong... that all looks just fine.

What about the log files here:

ls -la /var/log/httpd/

Mon, 09/12/2011 - 14:31
GuineaPig
drwx------ 2 root root    4096 Sep 12 10:28 .
drwxr-xr-x 7 root root    4096 Sep 12 14:38 ..
-rw-r--r-- 1 root root   15258 Sep 12 20:42 access_log
-rw-r--r-- 1 root root   15075 Sep 12 20:58 error_log
-rw-r--r-- 1 root root     232 Sep 12 20:27 ssl_access_log
-rw-r--r-- 1 root root    2653 Sep 12 20:42 ssl_error_log
-rw-r--r-- 1 root root     272 Sep 12 20:27 ssl_request_log
-rw-r--r-- 1 root apache  1756 Sep 12 20:58 suexec.log

All logs have entries in them btw...

Mon, 09/12/2011 - 14:42
andreychek

All logs have entries in them btw...

Well, I was puzzled by that at first too, though I realized that since it works in mod_php, any of the log entries could have been generated while the site was in the mod_php mode.

Anyhow, all that output looks good -- that's how things should be on a default setup.

What does the command "mount" show?

Also, I don't imagine this will make a difference... but just to be super-sure, what if you create a file named "test.php" in your domain's public_html folder, and put this in it:

<?php phpinfo(); ?>

If you set your domain to use the CGI execution mode, do you get the same error when calling the above file?

-Eric

Mon, 09/12/2011 - 14:58 (Reply to #19)
GuineaPig

All the log entries posted here were base on a test with a phpinfo file ;-)

I get log entries in all modes (in apache error and access logs).

Mount returns:

/dev/xvda2 on / type ext3 (rw,grpquota,errors=remount-ro,usrquota)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
Tue, 09/13/2011 - 11:33 (Reply to #20)
GuineaPig

I'm still thinking that this problem is related to suexec (I believe suexec only comes into play when fcgid or cgi mode are chosen) but troubleshooting suexec seems to be quite difficult... I spent several hours today searching on google and trying all kinds of stuff... Is there any way to remove or eliminate suexec from the proces? And maybe just test a php file with php in fcgid mode but without suexec?
Or any tips on troubleshooting or testing suexec?

Sat, 09/24/2011 - 02:57
GuineaPig

Well, still no solution. cgi or fcgi modes are still not working... I'm under a bit of time pressure here as I have to move my website to this server very soon... (or I will have to pay another year at my old host) With mod_php everything works as it should so what are the consequences of leaving it at that? Is the fcgi setup with suexec mainly a security measure to protect server owner against virtual server owners? Or is it more than that? In any case, all virtual servers are owned by me and I'm the only one who has access to the server (and the virtual servers) and I think I can trust myself... Or are there any other security risks by using mod_php?

Sat, 09/24/2011 - 09:48
andreychek

Yeah, I'm kind of stuck as to what the issue you're seeing is... but you're correct that the FCGID+suexecc system is largely for security across a shared hosting server.

For just one user -- there's not the same sort of benefit, and mod_php should work just fine.

-Eric

Sun, 09/25/2011 - 02:14 (Reply to #23)
GuineaPig

Ok! Thanks for your replies and for trying to help.

Topic locked