apache 2.4.49,2.4.52 strange unreachable after pass few hours

I have the same issue Apache 2.4.52 nginx combo + csf + php_mode php-fpm
Centos 7
Just for recording
 
Last edited:
Thanks Martynas!

Saw the same here on debian 11 and at least one of my customers is very happy that I switched back to 2.4.51.
 
Due to many complaints, we've reverted the version back to 2.4.51, if you'd like to get 2.4.52 installed, you'd need to add the following line to custom_versions.txt:
Code:
apache2.4:2.4.52:
Martynas, I can't speak for others of course, but I'd find this kind of announcement a good use of the DA 'My Messages' feature. I made a feature request to silence DirectAdmin licensing and update notifications, which are just noise IMO, but I would find it useful to be alerted when software has been downgraded and the reason why.
 
very weird, we also have the problem but only since 3 days and also only on all cPanel servers. On the DA servers with Apache (V 2.4.52) the problem does not occur until now?!

I suspect it is due to the event MPM worker, so I changed all to prefork
 
I suspect it is due to the event MPM worker,
Cant confirm this, all our servers has Event MPM and not single of them have this problem.
Al our server have the latest Apache 2.4.52 installed
 
I also have http2 enabled and on some sites hsts, but that is a customer's choice to have that, not ours.

Due to many complaints, we've reverted the version back to 2.4.51,
I don't really like that now the default was set to 2.4.51 again. Now by accident I downgraded my servers when running an update_versions command for imagemagick while my servers (like a lot of others) were running just fine. :(
There might be lots of complaints here, but there also lots of users reported not having this issue. The normal way is that those who have problems use the custom versions to revert back. Unless almost everybody has an issue, which does not seem the case here.
 
I also have http2 enabled and on some sites hsts, but that is a customer's choice to have that, not ours.


I don't really like that now the default was set to 2.4.51 again. Now by accident I downgraded my servers when running an update_versions command for imagemagick while my servers (like a lot of others) were running just fine. :(
There might be lots of complaints here, but there also lots of users reported not having this issue. The normal way is that those who have problems use the custom versions to revert back. Unless almost everybody has an issue, which does not seem the case here.
Hi,

According to this https://bz.apache.org/bugzilla/show_bug.cgi?id=65769 the error is random
Is safer to have a stable server than crashed randomly
 
very weird, we also have the problem but only since 3 days and also only on all cPanel servers. On the DA servers with Apache (V 2.4.52) the problem does not occur until now?!

I suspect it is due to the event MPM worker, so I changed all to prefork
Hi this change solve the problem ?
Downgrade didnt solved my problem.
 
I’ve also seen this issue with 2.4.52. Cannot pinpoint a pattern, but so far I’ve had 3 incidents where sites were no longer being served.

Considering 2.4.52 involves security enhancements, I have decided to just dedicate some eyes to rebooting httpd when the issue arises and will apply the patch that resolves this (rather than downgrading to 2.4.51). If it proves too cumbersome, then I may just write a script to reboot httpd if it isn’t serving pages.

That said, since it seems like Apache is aware of the issue, I’ll probably just sit tight. I don’t expect it’ll be long before we see the patch hit our servers. Glad I caught this thread!
 
Considering 2.4.52 involves security enhancements,

This security fixes but:
DirectAdmin does not use mod_lua and any forward proxying by default.
 
Hi this change solve the problem ?
Downgrade didnt solved my problem.
Yes the problem was solved on all cPanel servers (CL6 & CL 7 & CL8), on the DA servers (CL 7 & CL8) I have not changed it because they never had apache hangs until today. We monitor everything with an external script which checks the status every minute and if necessary connects via ssh and restart apache if it should hang.


Hi prefork then no http2 possible for example sofar i know. ;)
Indeed! Server load has increased noticeably
 

This security fixes but:

Ah, good catch! However, I would still prefer to run a version with all CVE's patched. Less thought required if I ever do choose to modify my installation in the future.
 
Ah, good catch! However, I would still prefer to run a version with all CVE's patched. Less thought required if I ever do choose to modify my installation in the future.

I would agree with this. But, I would also say that the chances of you being compromised because of this - especially in DirectAdmin, and if you have no idea of whether or not you are using any of the two exploitable components - are really low. You would just have to weigh the instability of Apache 2.4.52 vs. the potential of being compromised in Apache 2.4.51.

Having said all of that. The fix for this was picked up in a revision - https://svn.apache.org/viewvc?view=revision&revision=1896505 - so this should get fixed when Apache 2.4.53 is released, but there's no known timetable for that.

Additionally - you can apply the patch yourself - https://bz.apache.org/bugzilla/attachment.cgi?id=38149&action=diff&collapsed=&headers=1&format=raw - to Apache 2.4.52 to supposedly fix this instability bug. I believe that's what the people over at the other control panel did.

Is there a way to insert custom patches into the build process for Apache through CustomBuild? I'm not familiar with one, but that doesn't mean there isn't one.

Personally, that would be the route I'd prefer. Instead of DirectAdmin applying this patch to their own Apache source tarball or within their own CustomBuild system (like the other control panel did), I'd prefer to just have instructions on how the patch can be applied after the Apache source tarball is downloaded and extracted. Is there some hook within the the CustomBuild process that executes after tarball extraction but before ./configure ?

That would seem to be ideal. Have a hook that runs after extraction but before ./configure - with specific parameters passed to it - for all CustomBuild options, such as the shortname of the application (i.e. apache) and the version (i.e 2.4.52) so that a script could be written:

#!/bin/bash if [ "${1}" == "apache" ] && [ "${2}" == "2.4.52" ] then wget -O /tmp/instability.patch "https://bz.apache.org/bugzilla/attachment.cgi?id=38149&action=diff&collapsed=&headers=1&format=raw" patch -p0 -d %pathofextractedhttpdtarball% < /tmp/instability.patch

I guess you'd need to know the full path of where CustomBuild extracts all of it's source tarballs.
 
That would seem to be ideal. Have a hook that runs after extraction but before ./configure - with specific parameters passed to it - for all CustomBuild options, such as the shortname of the application (i.e. apache) and the version (i.e 2.4.52)
The following file can be used for this: configure/ap2/configure.apache (for permanent changes: custom/ap2/configure.apache)
 
I can see that apache 2.4.52 is available for update again in custombuild. Any changes since last problems with "strange unreachables" ? Problem solved ?
 
  • Like
Reactions: Kal
Back
Top