Cant start httpd after CustomBuild update / SuexecUserGroup not allowed in <Directory> context

[websterPL]

So after standard server update by DirectAdmin->Custom Build the server httpd stopped and I cant run it.

Restarting apache.
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
2023/10/26 09:36:41  info executing task            task=action=directadmin&value=reload

Oct 26 09:37:13 s1.webster-studio.pl systemd[1]: Starting The Apache HTTP Server...
Oct 26 09:37:13 s1.webster-studio.pl httpd[34460]: AH00526: Syntax error on line 12 of /etc/httpd/conf/extra/httpd-hostname.conf:
Oct 26 09:37:13 s1.webster-studio.pl httpd[34460]: SuexecUserGroup not allowed in <Directory> context
Oct 26 09:37:13 s1.webster-studio.pl systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Oct 26 09:37:13 s1.webster-studio.pl systemd[1]: httpd.service: Failed with result 'exit-code'.
Oct 26 09:37:13 s1.webster-studio.pl systemd[1]: Failed to start The Apache HTTP Server.

Downgrade apache dont work:

cd /usr/local/directadmin/custombuild
echo "apache2.4:2.4.57:" > custom_versions.txt
./build update_data
./build apache

Please help, clients already call me about that.

 

[apogee]

Seems to be a Suexec problem, check line 12 in /etc/httpd/conf/extra/httpd-hostname.conf

 

[websterPL]

We have that code:

SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<Directory /var/www/html>
<FilesMatch "\.(inc|php[0-9]*|phtml|phps)$">
AddHandler "proxy:unix:/usr/local/php74/sockets/webapps.sock|fcgi://localhost" .inc .php .php5 .php74 .phtml
</FilesMatch>
        Options +SymLinksIfOwnerMatch +IncludesNoExec -Indexes
        AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,IncludesNOEXEC,Indexes,ExecCGI,MultiViews,SymLinksIfOwnerMatch,None
        AllowMethods reset

        Require all granted
        <IfModule !mod_ruid2.c>
                SuexecUserGroup webapps webapps
        </IfModule>
        <IfModule mod_lsapi.c>
                lsapi_user_group webapps webapps
                php_admin_value session.save_path /var/www/tmp
                php_admin_value upload_tmp_dir /var/www/tmp
        </IfModule>
</Directory>
<Directory /var/www/html/phpMyAdmin/log>
        Require all denied
</Directory>

 

[websterPL]

Any suggestions ? The server is still OFF

 

[websterPL]

Even not fixed when I removed all PHP versions and use only PHP 8.1

 

[websterPL]

Also changing PHP fpm to fastcgi dont work.

 

[websterPL]

After rewrite_confs

[root@s1 custombuild]# ./build rewrite_confs

Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
2023/10/26 10:40:07  info executing task            task=action=rewrite&value=ips
Using <IP> for your server IP
2023/10/26 10:40:09  info executing task            task=action=rewrite&value=httpd
Restarting apache.
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
2023/10/26 10:40:14  info executing task            task=action=directadmin&value=reload

 

[websterPL]

Trying "./build all d" and also cant start httpd.

 

[websterPL]

Apache configuration file:

#!/bin/sh
"./configure" \
    "--enable-systemd" \
    "--prefix=/etc/httpd" \
    "--exec-prefix=/etc/httpd" \
    "--bindir=/usr/bin" \
    "--sbindir=/usr/sbin" \
    "--sysconfdir=/etc/httpd/conf" \
    "--enable-so" \
    "--enable-dav" \
    "--enable-dav-fs" \
    "--enable-dav-lock" \
    "--enable-suexec" \
    "--enable-deflate" \
    "--enable-unique-id" \
    "--enable-cgi" \
    "--disable-cgid" \
    "--enable-mods-static=most" \
    "--enable-mpms-shared=all" \
    "--with-suexec-caller=apache" \
    "--with-suexec-docroot=/" \
    "--with-suexec-gidmin=100" \
    "--with-suexec-logfile=/var/log/httpd/suexec_log" \
    "--with-suexec-uidmin=100" \
    "--with-suexec-userdir=public_html" \
    "--with-suexec-bin=/usr/sbin/suexec" \
    "--with-included-apr" \
    "--with-pcre=/usr" \
    "--includedir=/usr/include/apache" \
    "--libexecdir=/usr/lib/apache" \
    "--libdir=/usr/lib/apache" \
    "--mandir=/usr/share/man" \
    "--datadir=/var/www" \
    "--localstatedir=/var" \
    "--enable-logio" \
    "--enable-ssl" \
    "--enable-rewrite" \
    "--enable-http2" \
    "--enable-proxy" \
    "--enable-expires" \
    "--enable-reqtimeout" \
    "--with-ssl=/usr" \
    "--disable-md" \
    "--enable-headers"

changed to (removed all with-suexec-caller):

#!/bin/sh
"./configure" \
    "--enable-systemd" \
    "--prefix=/etc/httpd" \
    "--exec-prefix=/etc/httpd" \
    "--bindir=/usr/bin" \
    "--sbindir=/usr/sbin" \
    "--sysconfdir=/etc/httpd/conf" \
    "--enable-so" \
    "--enable-dav" \
    "--enable-dav-fs" \
    "--enable-dav-lock" \
    "--enable-suexec" \
    "--enable-deflate" \
    "--enable-unique-id" \
    "--enable-cgi" \
    "--disable-cgid" \
    "--enable-mods-static=most" \
    "--enable-mpms-shared=all" \
    "--with-included-apr" \
    "--with-pcre=/usr" \
    "--includedir=/usr/include/apache" \
    "--libexecdir=/usr/lib/apache" \
    "--libdir=/usr/lib/apache" \
    "--mandir=/usr/share/man" \
    "--datadir=/var/www" \
    "--localstatedir=/var" \
    "--enable-logio" \
    "--enable-ssl" \
    "--enable-rewrite" \
    "--enable-http2" \
    "--enable-proxy" \
    "--enable-expires" \
    "--enable-reqtimeout" \
    "--with-ssl=/usr" \
    "--disable-md" \
    "--enable-headers"

This also dont fixed the problem. So im stuck and server still not working. Maybe it be something with server SSL ?

 

[websterPL]

I have also this message:

Configuring httpd-2.4.58
aclocal: warning: autoconf input should be named 'configure.ac', not 'configure.in'

 

[Zhenyapan]

try build apache with default configure, without your customizations, also update yum/deb packages first

 

[Zhenyapan]

also you can in custombuild customize version of apache to previous and keep it till bug fixed (if this is bug of new apache/DA)

 

[websterPL]

Also in options I cant set OFF mod_ruid2

 

[websterPL]

How to build apache with default conf ?

 

[websterPL]

Already change Apache version to older but that not work

 

[Zhenyapan]

if you don't have:
/usr/local/directadmin/custombuild/custom/ap2
with customized conf - you using default httpd,
if only you didn't put changes to
/usr/local/directadmin/custombuild/configure/ap2

 

[websterPL]

I have nothing in /usr/local/directadmin/custombuild/configure/ap2 . All my clients is now offline, I have nice mess now.

 

[websterPL]

The same when I change PHP to fastcgi. How I can remove mod_ruid2 ?

 

[websterPL]

I really cant do nothing - this is BUG in DirectAdmin update so server is gone for now ...

 

[websterPL]

Even change apache to ngix_apache dont fix the problem, whats happening here ? This is insane.