Apache Automatically Stops Each Sunday – Why?

apache-2.2centos6

Every sunday at 3 Apache restarts. Problem is: there is a ceritificate on the server with an encrypted private key. Being the password not provided during automatic restart, apache stops and all my websites go down.

I want to stop Apache from restarting every week. How? Here is the apache log at that time. Before [notice] caught SIGTERM, shutting down there's nothing relevant, if you are wondering…

[Sun Feb 15 03:37:12 2015] [notice] caught SIGTERM, shutting down 
[Sun Feb 15 03:37:12 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) 

[Sun Feb 15 03:37:13 2015] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?] 
[Sun Feb 15 03:37:13 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag 
[Sun Feb 15 03:37:13 2015] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error 
[Sun Feb 15 03:37:13 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag 
[Sun Feb 15 03:37:13 2015] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error 
[Sun Feb 15 03:37:13 2015] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib 
[Sun Feb 15 03:37:13 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag 
[Sun Feb 15 03:37:13 2015] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error 
[Sun Feb 15 11:09:41 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) 
[Sun Feb 15 11:09:44 2015] [notice] Digest: generating secret for digest authentication ... 
[Sun Feb 15 11:09:44 2015] [notice] Digest: done 
[Sun Feb 15 11:09:44 2015] [notice] FastCGI: wrapper mechanism enabled (wrapper: /usr/sbin/suexec) 
[Sun Feb 15 11:09:44 2015] [notice] FastCGI: process manager initialized (pid 11309) 
[Sun Feb 15 11:09:44 2015] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 configured -- resuming normal operations

Additional info:

Cron Jobs: /usr/sbin/raid-check this is the only cron job that runs at sunday night (1AM), but if i run it manually nothing happens to Apache…

Best Answer

Probable cause is the postscript in logrotate script. Thats the script that runs after the logrotation. File should be called /etc/logrotate.d/apache2 or /etc/logrotate.d/httpd (depending od distro) and look something like:

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    postrotate
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript
}

Relevant part is 'service httpd reload'. One way to solve it is to just remove last 4 lines (from sharedscripts till endscript, including those two). Also, add copytruncate option, so your logrotate script becomes:

/var/log/httpd/*log {
    copytruncate
    missingok
    notifempty
}

copytruncate will eliminate need for apache restart because it will copy the contents of a log file, and then zero it, so file descriptor will remain the same and apache process won't notice any changes.

To test the logrotate, run:

logrotate -f /etc/logrotate.d/httpd

Also, consider setting up private key without password because this is bad practice, and obviously you see it now why :)

Related Solutions

Linux – Apache server keeps crashing regularly

I'm not saying this is what's happening but based on my own experience as a CentOS admin, it's most likely runaway apache/php processes taking down the server. I've seen this numerous times on CentOS 5. It's frustrating because there's usually not a trace of what happened in the log files. The machine just grinds to a halt due to physical memory and swap being sucked up by apache/php processes. You would think linux memory management or some daemon would jump in and say "hey stop" but it doesn't. It'll let apache grind your system to a halt.

Having said that, to see what's happening you'll need something that can monitor and log resource usage. I like to use a program called atop. Atop is a lot like the top program but it also takes a snapshot of resource usage at defined intervals. It's pretty simple to install.

wget http://www.atcomputing.nl/Tools/atop/packages/atop-1.23.tar.gz 
tar -zxvf atop-1.23.tar.gz
cd atop-1.23 && make install

Open /etc/atop/atop.daily with a text editor and change INTERVAL=600 to INTERVAL=60

Run the command /etc/atop/atop.daily from a command prompt to start it. Wait a few minutes and run atop -r /var/log/atop/atop_20091118 with the correct date of course.

Hit the t key to go forward in time and T to go back. Next time your server crashes do this and check the MEM free and SWP free lines. If you have memory problems these will be in red. Also look for numerous httpd lines under CMD. If apache/php is your problem there'll be a bunch of them.

If this is the case, I recommend looking at you're MaxClients setting in httpd.conf. If set too high, apache will gladly eat all of your memory causing your machine to crash. Apache/php can easily eat 40-50MB/process. If you multiply 40mb x MaxClients you'll get a rough idea of how much memory apache can potentially use. MaxClients usually defaults to 150 on CentOS so apache can potentially use 6GB of memory by default. This doesn't include memory your system needs for itself and other processes to run. Try setting it to a more realistic value based on the amount of memory you have like 40 if you have 2G of memory and see if that helps. Also if you have KeepAlive On, set KeepAliveTimeout to a low number like 2 or 3.

In my opinion CentOS's apache/php compilation is a real pos that should never have seen the light of day. It's buggy and crash prone. If you run a serious site, I highly recommend compiling your own version of apache/php or even using one of the newer high performance webservers like lighttpd or nginx with fgci php.

Finding out what user Apache is running as

ps aux | egrep '(apache|httpd)' typically will show what apache is running as.

Usually you do not need to change the default user, "nobody" or "apache" are typically fine users. As long as its not "root" ;)

edit: more accurate command for catching apache binaries too

Best Answer

Related Solutions

Linux – Apache server keeps crashing regularly

Finding out what user Apache is running as

Related Topic