2

I installed httpd on a CentOS 7 server, but systemctl start httpd.service is failing.

What specific sequence of commands need to be typed in order to get httpd to start correctly on CentOS 7?

Error Message

The precise error message extracted from the full results at bottom is as follows: 

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain.   
Set the 'ServerName' directive globally to suppress this message

Also, per @DopeGhoti's suggestion, the contents of the logs are: 

[root@localhost ~]# vi /var/log/httpd/error_log
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.

How httpd was installed:

1.) Install Apache:

sudo yum -y install httpd

2.) Enable Apache as a CentOS service so that it will automatically restart on reboot: 

sudo systemctl enable httpd.service

3.) Configure Firewalld 

sudo firewall-cmd --zone=public --add-service=http
sudo firewall-cmd --list-all
sudo firewall-cmd --zone=public --permanent --add-service=http

4.) Give the server a name:

vi /etc/httpd/conf/httpd.conf
//Uncomment the ServerName line and give it the IP of the machine:  
ServerName 192.168.1.5:80

The error message:

After installing httpd using the above commands, httpd is failing to start as follows: 

[root@localhost ~]# systemctl start httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.


[root@localhost ~]# systemctl status httpd.service -l
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2017-06-06 11:31:32 PDT; 15min ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 32268 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 32267 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 32267 (code=exited, status=1/FAILURE)

Jun 06 11:31:32 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Jun 06 11:31:32 localhost.localdomain httpd[32267]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Jun 06 11:31:32 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jun 06 11:31:32 localhost.localdomain kill[32268]: kill: cannot find process ""
Jun 06 11:31:32 localhost.localdomain systemd[1]: httpd.service: control process exited, code=exited status=1
Jun 06 11:31:32 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
Jun 06 11:31:32 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
Jun 06 11:31:32 localhost.localdomain systemd[1]: httpd.service failed.
[root@localhost ~]# systemctl status httpd.service -l

[root@localhost ~]# vi /var/log/httpd/error_log
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
~
"/var/log/httpd/error_log" 10L, 675C

@JeffSchaller's suggestion

After @JeffSchaller suggested to consider SELinux, I found that typing setenforce 0 as root resulted in the following: 

[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

[root@localhost ~]# setenforce 0

[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

[root@localhost ~]# systemctl start httpd.service -l
[root@localhost ~]# systemctl status httpd.service -l
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-06-06 12:28:38 PDT; 22s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 32577 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
 Main PID: 32690 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─32690 /usr/sbin/httpd -DFOREGROUND
           ├─32691 /usr/sbin/httpd -DFOREGROUND
           ├─32692 /usr/sbin/httpd -DFOREGROUND
           ├─32693 /usr/sbin/httpd -DFOREGROUND
           ├─32694 /usr/sbin/httpd -DFOREGROUND
           └─32695 /usr/sbin/httpd -DFOREGROUND

Jun 06 12:28:38 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Jun 06 12:28:38 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
[root@localhost ~]#
CodeMed
  • 5,199

3 Answers3

7

Apache failed to start, with an error saying

(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.

AH00015: Unable to open logs

Since SELinux was in enforcing mode, it prevented Apache from writing to the non-standard log directory. In order to keep Dan Walsh from weeping and CodeMed productive, we can apply the httpd_log_t policy to that directory:

semanage fcontext -a -t httpd_log_t "/var/www/mytestdeployment(/.*)?"
restorecon -Rv /var/www/mytestdeployment

and confirm with:

ls -lZ /var/www/mytestdeployment

If you don't have the semanage utility, you can install it with:

yum install policycoreutils-python
Community
  • 1
Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
  • Great help! This plagued me. Works for centos7 apache 2.4, latest. if you want your log in an alternate location, dont even bother disabling SELinux, just use the commands above on your site dir, and your good. – Brian Thomas Aug 30 '18 at 00:12
0

From your error log, we see this:

(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs

This implies to me that the directory into which you are trying to write logs, /var/www/mytestdeployment, does not exist.

Run sudo mkdir -p /var/www/mytestdeployment and try starting the service again.

If the directory already exists, its permission set precludes being written to; check the permissions of that directory to ensure apache can write its logs therein.

I would suggest, though changing your configuration to write the logs into /var/log/httpd/.

DopeGhoti
  • 76,081
  • No. The /var/www/mytestdeploymen already existed. That was not the problem. – CodeMed Jun 06 '17 at 19:13
  • Check the permissions of that directory then to ensure that httpd can write to it. – DopeGhoti Jun 06 '17 at 19:14
  • I had already typed sudo chmod -R 755 /var/www before the OP. Typing sudo chmod -R 755 /var/www again now and then retyping systemctl start httpd.service results in the same error. I wonder if the problem is related to ServerName in /etc/httpd/conf/httpd.conf (also in the OP). – CodeMed Jun 06 '17 at 19:17
  • given that custom WWW directory path, I wonder if it's configured as such in SELinux? – Jeff Schaller Jun 06 '17 at 19:22
  • @JeffSchaller [sudouser@localhost ~]$ sudo ls -ld /var/www gives drwxr-xr-x. 5 root root 57 Jun 6 10:57 /var/www – CodeMed Jun 06 '17 at 19:22
  • @JeffSchaller You nailed it. See results of setenforce 0 at end of OP that I added as a result of your suggestion. But now what do I need to type in order to have apache/httpd still work even when SELinux is enforcing? – CodeMed Jun 06 '17 at 19:34
  • 1
    https://unix.stackexchange.com/a/58112/117549 – Jeff Schaller Jun 06 '17 at 19:57
  • 1
    https://unix.stackexchange.com/a/179616/117549 – Jeff Schaller Jun 06 '17 at 19:57
0

as i can see from your previous screenshots when you disable selinux everything is going well. So make sure that every new file that you created have the right selinux context.

Blacky Bird
  • 81