Apache on cPanel weirdness: "combined combined combined."

[reddragdiva]

If you have this problem, where you can't get anything out of awstats and it turns out to be because your Apache logs contain nothing but the word "combined", once per line, over and over — this is because cPanel b0rked your httpd.conf and left out the LogFormat lines. Apache then presumes the word "combined" at the end of the CustomLog line is not a direction on how to log, but the actual log format. Cut'n'paste them from httpd.conf.orig and somehow beat cPanel into putting them into its RCS.

(cPanel is source-available proprietary software to make LAMP stupid. Our host is at the stage where I'm very glad I have years of expertise beating Apache around, and sudo.)

Comments

[tcpip]

Thanks Diva. I've just encountered a similar problem.

[vampwillow]

On the topic of Apache, have you ever managed to create (in httpd.conf) a way of using the *domain* name within an Alias construct (as opposed to just the non-root page request or using rewrite).

I'm trying to find a way to direct different https:// (port 443) domains on the server. Can't use mod-rewrite as the secure stuff comes first, and annoyingly

Alias / /var/wws/{HOST_NAME}/

fails miserably.

[denny]

mod_vhost_alias ?

[vampwillow]

iirc that one also suffered from the do-security-before-knowing-which-domain issue, but I might try coding it and seeing if it actually blows up or works. I've found a few things already which the manual says don't work but in practice seem to do so

[denny]

Ah, yes. Um. Isn't that a fairly hard limit until Apache 2.2? I don't remember the details, but something about the domain name being inside the encrypted stuff by design.

[reddragdiva]

The SSL virtual hosting thing is indeed new in Apache - but so little used as yet that in every interview I did this round, the "correct" answer was "you need an IP per SSL host." i.e. this stuff needs experimenting with! Does anyone big actually use virtual SSL hosting as yet?

Does anyone big actually use virtual SSL hosting as yet?

[vampwillow]

which is, en effet, what I am trying to manufacture a method to produce ;-P

[vampwillow]

http://en.wikipedia.org/wiki/Server_Name_Indication

[reddragdiva]

So that's "will never be widely supported until XP falls off teh intarweb."

[vampwillow]

"We can but hope"

[vampwillow]

it is - allegedly - a design intention that you only have one secure domain per IP address, and thus mod-rewrite can't work as at the point the instruction is reached the domain name isn't actually known! Me, I run my own servers and want to try and find a way around it other than using multiple ports (one per secure site but people need to know in advance) or a structure which use Alias to put each in a separate directory (which would be accessible by "../" etc so not secure really)

[reddragdiva]

mod_macro - it's ace. I found it last month, we're using it on live and it's made our lives so much easier already.

(The author is absolutely determined it will not become Turing-complete - it does only very stupid substitution. He says if you want anything fancier, use Perl and abandon all hope.)

We have a pile of stuff like this in our apache/conf/ directories:

vhost-default.conf (relevant section, at end):

...
<Macro FOO_LOCAL_CUSTOM_LOG $APPLICATION $DOMAIN>
CustomLog "|/usr/local/apache/bin/rotatelogs /data/apache/$APPLICATION/logs/$DOMAIN_server0000123.server.not_access_log.%Y-%m-%d 86400" withcookies
</Macro>

<Macro FOO_SERVER_ALIAS_FARNARKLE>
ServerAlias farnarkle-04.host.example.com
</Macro>
Include conf/vhost-farnarkle.conf
...

httpd.conf (load the module, define the macro, use the macro)

 ...
LoadModule macro_module       modules/mod_macro.so
 ...
Include conf/vhost-default.conf
 ...
Include conf/vhost-farnarkle.conf
 ...

vhost-farnarkle.conf:

 ...
Use FOO_SERVER_ALIAS_FARNARKLE
 ...
Use FOO_LOCAL_CUSTOM_LOG farnarkle www.foofarnarkle.cam
 ...

[vampwillow]

When you first mentioned macro I took a look at it but found it wouldn't co-exist with something or other (will have to check again what the issue was) so I couldn't use it.

[reddragdiva]

Do let me know. It's about as simple as a module gets (it's one 30KB C file, you can even review the code yourself!), so I'm interested to know.

We're using 1.1.6 because our Apaches are all 2.0-series - the current 1.10 is for Apache 2.2.

[vampwillow]

found it. the module requires apxs to compile and install. To use apxs your apache must support DSO httpd binary has to be built with the mod_so module, which mine isn't (Ubuntu variant) so I couldn't use the apxs which meant I couldn't install it.

[reddragdiva]

So why don't you use loadable modules?

[vampwillow]

seems not. Default ubuntu server install doesn't use them in the same way. I've found [http://ubuntuforums.org/showthread.php?t=1145086 this] though which talks about compiling apache from source to do so. Not sure it is best way to go though.

[reddragdiva]

Should be fine. It does compile pretty cleanly on Linux, after all ...

(if it's 2.x series. Compiling 1.3 from source is TEH HORROR TEH HO̵R҉R͏O͘R͜ ̶ ̵T̀͝E̡͜҉H̵̢ H̡͘Ó͘R̷̛҉R͏̨O̶̷̸R̢͢ ̸TE͝H ̡͘͡H̡Ó͡R̡̧̀R̕O̕Ŗ

[denny]

cPanel has constantly impressed me with its shockingly poor quality. My first exposure to 'control panel' software was Plesk, which I understood to be a poor man's cPanel, and hence I cheerfully 'upgraded' a few years later (about six months ago) to the real thing. Good lord.

Plesk is a commercial quality product, with (afaict) weaknesses only where you would expect them from any fuzzy hand-holding sysadmin-a-like tool, i.e. a lack of flexibility etc. cPanel is horrible shite cooked up in the bedroom of two-dozen 14 year olds who've basically stuck PHP scripts over the top of various config files and then run off giggling. I'm looking forward to moving back to Plesk, although I fear the process of trying to transfer my user email back across (cPanel had a Plesk import script, I don't think a similar tool exists to go the other way).

[reddragdiva]

cPanel is basically courtesy the hosting company our virtual box lives on. It's probably more hassle to rip it out than it is to just stumble on with it at present - there's still a few other people using hosting on the box.

And, I was surprised to learn, it is also the box that lemonparty.org and k-k-k.com are hosted on :-O

[(Anonymous)]

d00d, you should be starting from a bare OS install, and rolling your own gcc, shouldn't you? (;

[topbit.livejournal.com]

You mean FromScratch, or Gentoo (GD&R).

We hates cpanel, we do.

[reddragdiva]

cPanel is something people use to convince them they can make money fast selling mediocre hosting. Thankfully the wefixtech principals got real jobs, so it's now a box running at mates' rates prices with mates' rates quality. Ripping out cPanel would mean actual effort, however.

[hellsop.livejournal.com]

Hmm... somehow it logged me out. That was me.