End-user error can prevent Apache from restarting

1 post / 0 new
#1 Sat, 01/30/2016 - 21:05

End-user error can prevent Apache from restarting

In a shared web-hosting environment, with a single web server serving many websites, user error might cause that user's website to go offline, but it should not cause the web server to die.

Still experimenting with Virtualmin 5.0GPL on CentOS 7.2.1511, I created an end-user account, then while logged in as that user, accidentally copied ssl.crt to ssl.key.

(Actually it was both deliberate and accidental. I used the command openssl x509 -text -in ssl.crt to get a human-readable version of the certificate, then edited ssl.crt to contain both that and the private key from ssl.key. And then I copied ssl.crt to ssl.key, so I would have only one file containing both the certificate and the key -- a configuration that Apache considers valid. Except that I screwed up the editing and left out the key entirely.)

Some time later, while logged in as root, I restarted httpd -- and it failed to restart because it could not find a valid key for the above end-user's virtualhost.

This is a fairly serious situation. Any end-user could accidentally or even deliberately corrupt his own website's SSL key file. This is now a time-bomb. The next time Apache restarts, which will happen sooner or later, all the websites hosted on the same server will go offline. And the server owner will be left scratching his head until he figures out what went wrong and fixes it.

I don't see an easy way of preventing this. Apache when invoked as httpd -t does not seem to check any SSL certificates, so it won't detect a configuration error. Perhaps one could invoke a new test instance of Apache with different port numbers or IP addresses, and let it check the configuration, before reloading the production Apache.