Develop Reference

Ubuntu - Apache: Passenger not launching Rails app at all

I'm working on Ubuntu 16.04 with Apache. I try to start my rails application with Phusion Passeger. But the application is not started at all, I get HTML 403 "You don't have permission to access /kainji/ on this server" if I enter the URL: http://poyry.wo.local/kainji and the only log in other_vhosts_access.log:
poyry.wo.local:80 127.0.0.1 - - [13/Dec/2018:15:19:28 +0100] "GET /kainji/ HTTP/1.1" 403 513 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36" 2265
I have the following file in sites-available directory linked into sites-enabled directory:
<VirtualHost *:80>
ServerName poyry.wo.local
DocumentRoot /var/www/html/dev/rails
<Directory /var/www/html/dev/rails>
Options -Indexes
Allow from all
</Directory>
PassengerBaseURI /kainji
<Directory /var/www/html/dev/rails/v2p0-kanji/public>
RailsEnv development
Options -MultiViews
</Directory>
</VirtualHost>
If I remove the link I get HTML 404: "The requested URL /kainji was not found on this server." what is correct.
In Apache error log I see, that Passenger was started:
[ 2018-12-12 14:17:41.8778 4321/7efdbb745780 age/Wat/WatchdogMain.cpp:1291 ]: Starting Passenger watchdog...
[ 2018-12-12 14:17:41.8885 4324/7f0b49b28780 age/Cor/CoreMain.cpp:982 ]: Starting Passenger core...
[ 2018-12-12 14:17:41.8886 4324/7f0b49b28780 age/Cor/CoreMain.cpp:235 ]: Passenger core running in multi-application mode.
[ 2018-12-12 14:17:41.8908 4324/7f0b49b28780 age/Cor/CoreMain.cpp:732 ]: Passenger core online, PID 4324
[ 2018-12-12 14:17:41.9045 4356/7fd543c3b780 age/Ust/UstRouterMain.cpp:529 ]: Starting Passenger UstRouter...
[ 2018-12-12 14:17:41.9051 4356/7fd543c3b780 age/Ust/UstRouterMain.cpp:342 ]: Passenger UstRouter online, PID 4356
[Wed Dec 12 14:17:42.201857 2018] [ssl:warn] [pid 4318] AH01909: centos1.tibi1959.hu:443:0 server certificate does NOT include an ID which matches the server name
[Wed Dec 12 14:17:42.209447 2018] [mpm_prefork:notice] [pid 4318] AH00163: Apache/2.4.18 (Ubuntu) Phusion_Passenger/5.0.29 OpenSSL/1.0.2g configured -- resuming normal operations
[Wed Dec 12 14:17:42.209484 2018] [core:notice] [pid 4318] AH00094: Command line: '/usr/sbin/apache2'
Also the validating of the passenger installation is OK:
$ /usr/bin/passenger-config validate-install
What would you like to validate?
Use <space> to select.
If the menu doesn't display correctly, press '!'
⬢ Passenger itself
‣ ⬢ Apache
-------------------------------------------------------------------------
Checking whether there are multiple Apache installations...
Only a single installation detected. This is good.
-------------------------------------------------------------------------
* Checking whether this Passenger install is in PATH... ✓
* Checking whether there are no other Passenger installations... ✓
* Checking whether Apache is installed... ✓
* Checking whether the Passenger module is correctly configured in Apache... ✓
Everything looks good. :-)
What is wrong?

From a first look, I would guess that the issue is caused by the static file service overriding the application.
The 403 error is due to the fact that directory listings are disabled and there's no index.html file to display.
You might want to change the way you set up the static file service, so the url requires the "public" folder name. This way, you could set the application server to route to the /kainji path.
Maybe something like:
```
ServerName poyry.wo.local
DocumentRoot /var/www/html/dev/rails/kainji/public
PassengerBaseURI /kainji
RailsEnv development
Options -MultiViews
```

Nexus returns error 502 (Bad Gateway) when publishing artifacts

I've just completed the installation of Sonatype Nexus 3.2.1-01 and I'm trying to publish some artifacts using a Jenkins job and the Nexus Artifact Uploader 2.9 plugin.
The upload starts fine:
100 % completed (572 kB / 572 kB).
But then it throws the the error:
Return code is: 502, ReasonPhrase:Bad Gateway.
Both the Jenkins and Nexus servers run behind a reverse proxy which I believe are the source of the issue.
The Apache log seems to suggest that the request was not replied by Nexus:
[Thu Apr 06 18:50:46.128569 2017] [proxy:error] [pid 10327] (32)Broken pipe:
[client some_ip:57928] AH01084: pass request body failed to 0.0.0.0:8081 (0.0.0.0)
[Thu Apr 06 18:50:46.128649 2017] [proxy_http:error] [pid 10327] [client some_ip:57928] AH01097: pass request body failed to 0.0.0.0:8081 (0.0.0.0) from some_ip ()
This is my VirtualHost config in Apache for the Sonar server:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin some#email.com
ServerName some.website.com
ServerAlias nsome.website.com
DocumentRoot /srv/www/nexus/public_html/
ErrorLog /srv/www/nexus/logs/error.log
CustomLog /srv/www/nexus/logs/access.log combined
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:8081/
ProxyPassReverse / http://0.0.0.0:8081/
ProxyPassReverse / https://some.website.com/
SSLCertificateFile /etc/letsencrypt/live/some.website.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/some.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/some.website.com/chain.pem
</VirtualHost>
</IfModule>
I've tried to add the following, as explained in other answers, but did not help:
1) Disabling the check on the SSL certificates (although these are valid):
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
2) Forcing the requests headers:
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
3) Settting the timeouts and keepalive options in the ProxyPass line:
ProxyPass / http://0.0.0.0:8081/ retry=1 acquire=3000 timeout=600 Keepalive=On

At the end the error 502 (bad gateway) had nothing to do with the root cause of the problem. The version listed on the artifact to be published for the snapshot version did not comply with the Nexus policy and this was triggering the error.

In my case it was an upgrade issue from Nexus2 to Nexus3: here the component URL changed from https://nexus.yourcompany.com/content/repositories/releases
to https://nexus.yourcompany.com/repository/releases.

I was having the same issue because my python script skip basic authentication. When forced, the problem was resolved.
It was weird because uploading a 'tar.gz' works fine but a 'zip' give me the 502 error.

Add this to your pom file
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>

Passenger 5.0.21 error: Cannot connect to the Passenger core

I have problem with deploying RoR-app with apache2+passenger.
OS is debian-like Astra Linux.
Kerberos auth with GSSAPI is enabled.
passenger-status shows:
Version : 5.0.21
Date : 2016-04-22 12:29:13 +0300
Instance: Dt5dmAVr (Apache/2.2.22 (Debian) mod_auth_kerb/5.4 Phusion_Passenger/5.0.21)
Phusion Passenger is currently not serving any applications.
With attempt to access app page from browser I get error message in /var/log/apache2/error.log :
[ 2016-04-22 12:23:58.4672 21392/7f741705c780 age/Cor/CoreMain.cpp:234 ]: Passenger core running in multi-application mode.
[ 2016-04-22 12:23:58.4685 21392/7f741705c780 age/Cor/CoreMain.cpp:707 ]: Passenger core online, PID 21392
[ 2016-04-22 12:23:58.4897 21407/7f4819471780 age/Ust/UstRouterMain.cpp:504 ]: Starting Passenger UstRouter...
[ 2016-04-22 12:23:58.4912 21407/7f4819471780 age/Ust/UstRouterMain.cpp:317 ]: Passenger UstRouter online, PID 21407
[Fri Apr 22 12:23:58 2016] [notice] Apache/2.2.22 (Debian) mod_auth_kerb/5.4 Phusion_Passenger/5.0.21 configured -- resuming normal operations
[ 2016-04-22 12:24:18.0666 21428/7f3a64646780 apa/Hooks.cpp:703 ]: Unexpected error in mod_passenger: Cannot connect to the Passenger core at unix:/tmp/passenger.N6n3OMb/agents.s/core
Backtrace:
in 'Passenger::FileDescriptor Hooks::connectToCore()' (Hooks.cpp:305)
in 'int Hooks::handleRequest(request_rec*)' (Hooks.cpp:573)
With passenger-5.0.27 everything looks same.
Passenger was installed as gem.
/etc/apache2/mods-enabled/passenger.load:
LoadModule passenger_module /usr/local/lib/ruby/gems/2.2.0/gems/passenger-5.0.21/buildout/apache2/mod_passenger.so
/etc/apache2/mods-enabled/passenger.conf:
<IfModule mod_passenger.c>
PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-5.0.21
PassengerDefaultRuby /usr/local/bin/ruby
</IfModule>
/etc/apache2/sites-enabled/myapp:
<VirtualHost *:80>
ServerName myapp.ru
ServerAlias www.myapp.ru
ServerAdmin webmaster#localhost
DocumentRoot /var/www/myapp/public
RailsEnv production
<Directory /var/www/myapp/public/>
AuthType Kerberos
KrbAuthRealms EXAMPLE.RU
KrbServiceName HTTP/astra-server.example.ru
Krb5Keytab /etc/apache2/keytab
KrbMethodNegotiate on
KrbMethodK5Passwd off
require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride None
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel warn
</VirtualHost>
Any help?

PassengerInstanceRegistryDir option helped me.
UPDATE
Whole solution for Apache+Passenger sockets processing on Astra Linux SE:
Apache user - www-data (/etc/apache2/envvars)
Passenger user switching is on (by default)
Passenger instance dir is moved to /var/passenger (PassengerInstanceRegistryDir option in /etc/apache2/mods-available/passenger.conf)
Astra Linux specific - www-data user has Linux (CAP_SETGID, CAP_SETUID) and PARSEC (PARSEC_CAP_PRIV_SOCK, PARSEC_CAP_SETMAC) priviledges. This priviledges can be set via usercaps command.
Directories /var/www, /var/passenger are owned by www-data

It could be that your /tmp dir is being cleaned by something. Check if the /tmp dir from the log actually exists or not if you see the error. You can fix that by stopping the cleaning or changing the PassengerInstanceRegistryDir to another place than /tmp.
Another possibility is that your shell is exiting somehow (Passenger uses the shell to execute commands, which will fail if the shell exits prematurely).
Either way setting the PassengerLogLevel to 7 should provide more information.

Rails App (Redmine) not served via Apache

I have a website, under which I wanted to install redmine(rails application) so that I could access redmine as a subdirectory (http://mywebsite.foobar.com/redmine). I have installed redmine, and I can access it locally (lynx http://localhost:3000), but when I try to access it via a browser by typing its address, I get the list of files. How can I make the application accessible? I do have passenger installed. My virtualhost file is as follows:
1 <VirtualHost *:80>
2 ServerName mywebsite.foobar.com
3 ServerAlias www.mywebsite.foobar.com
4 ServerAdmin admin#foobar.com
5 Redirect permanent / https://mywebsite.foobar.com/
6
7 DocumentRoot /path/to/www/
8 ReadmeName README.html
9 IndexOptions SuppressHTMLPreamble
10
11 <Directory "/path/to/www">
12 Options Indexes FollowSymLinks
13 Order allow,deny
14 Allow from all
15 → Require all granted
16 IndexIgnore ..
17 IndexIgnore README.html
18 </Directory>
19
20 RailsEnv production
21 → → RewriteEngine on
22 → → → Alias /redmine /path/to/www/redmine/public/
23 → → → <Directory "/path/to/www/redmine/public/">
24 → → → → Order allow,deny
25 → → → → allow from all
26 → → Options +Indexes +FollowSymLinks -MultiViews +ExecCGI
27 → → Require all granted
28 → → → </Directory>
29
30
31
32 Include aliases.conf
33 Include /etc/apache2/foobar/security.conf
34 </VirtualHost>
Also my https virtualhost looks like this:
1 <VirtualHost *:443>
2 SSLEngine On
3 SSLCertificateFile /etc/apache2/ssl/foobar.crt
4 SSLCertificateKeyFile /etc/apache2/ssl/foobar.key
5 SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt
6
7 ServerName mywebsite.foobar.com
8 ServerAlias www.mywebsite.foobar.com
9 ServerAdmin admin#foobar.com
10 UseCanonicalName Off
11
12 DocumentRoot /path/to/www/
13 RailsEnv Production
14 RewriteEngine on
15
16 <Directory "/path/to/www/">
17 Require all granted
18 </Directory>
19
20
21 Alias /redmine /path/to/www/redmine/public
22
23 <Location /redmine>
24 PassengerBaseURI /redmine
25 PassengerAppRoot /path/to/www/redmine/public/
26 </Location>
27
28 <Directory "/path/to/www/redmine/public">
29 Order allow,deny
30 allow from all
31 Options +Indexes +FollowSymLinks -MultiViews +ExecCGI
32 Require all granted
33 </Directory>
34
35 Include /etc/apache2/foobar/security.conf
36
37
38 </VirtualHost>
P.S: The website itself is served as a virtualhost, so redmine would be a directory under virtual host.

Ok. So I found my solution on passenger documentation: I basically had to change the options. The related options look like:
39 Alias /redmine /path/to/www/redmine/public/
40 <Location /redmine>
41 PassengerBaseURI /redmine
42 PassengerAppRoot /path/to/www/redmine
43 </Location>
44 <Directory /path/to/www/redmine/public>
45 Allow from all
46 Options +Indexes +FollowSymLinks -MultiViews +ExecCGI
47 Require all granted
48 </Directory>

nginx redirects POST requests to GET request

I have Rails 4.1 application with runs on puma web server. I use nginx as a proxy server. Several days ago everything worked very well. I updated my application, and suddenly some POST requests started to redirected to same url but as GET request. I've tried rollback to previous working versions, no success.
I found very interesting behaviour. I tested my API with curl.
If I did POST request to the url
http://myapp.com/tasks/easy_task/calculate/ it redirects to same url
but as GET request.
Then I did POSTrequest to http://myapp.com/, returned 404
Then I did POSTrequest to http://myapp.com/tasks, returned 404
Then I did POSTrequest to http://myapp.com/tasks/easy_task, returned 404
Then I did POSTrequest to http://myapp.com/tasks/easy_task/calculate, returned 200. YAY!
Same thing happened when I used chrome's app Postman. First it redirected, but after previous steps it works well.
I use this app in my other application. I use RestClient to make http requests. When I try to make POST request it raises an exception RestClient::MovedPermanently (301 Moved Permanently).
I reinstalled nginx to 1.7.3.
Restarted server (virtual machine)
re deployed my app, deployed previous versions
no success :(
I found similar questions on stackoverflow, but non of them gave me clue to fix this issue. I hope you can help me to solve this problem. Thanks in advance!
Similar questions:
- POST request turns into GET request
- POST request mysteriously turn into GET request
nginx config:
$ cat /etc/nginx/sites-enabled/myapp.com.conf
# The file generated by Chef for mycompany
upstream myapp_mycompany_com {
server unix:/tmp/myapp.com-puma.sock;
}
server {
server_name myapp.com;
listen 80;
access_log /var/log/nginx/myapp.com-access.log;
error_log /var/log/nginx/myapp.com-error.log;
root /home/projects/mycompany/myapp.com/current/public;
gzip on;
gzip_types text/plain text/xml application/xml application/xml+rss
text/css text/javascript application/javascript application/json;
error_page 551 =503 #maintenance;
location #maintenance {
rewrite ^(.*)$ /system/maintenance.html break;
}
set $maintenance 0;
if (-f $document_root/system/maintenance.html) {
set $maintenance 1;
}
if ($request_uri = /favicon.ico) {
# Browsers will try to get favicon if it's not returned with 200ok status
set $maintenance 0;
}
if ($maintenance) {
# There can be several reasons for 503 error. We custom return 551 error
# to ensure maintenance.html is only shown when it's really maintenance
return 551;
}
rewrite ^/(.*)/$ /$1 permanent; # Truncate trailing slashes
try_files $uri #rails;
expires -1;
location = /favicon.ico {
try_files $uri =204;
access_log off;
log_not_found off;
}
location #rails {
proxy_pass http://myapp_mycompany_com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_intercept_errors on;
expires -1;
}
error_page 500 502 503 504 /500.html;
error_page 403 /403.html;
error_page 404 /404.html;
client_max_body_size 50M;
keepalive_timeout 10;
}
Puma
$ bundle exec puma -d -e production -b unix:///tmp/myapp.com-puma.sock --pidfile /home/projects/mycompany/myapp.com/shared/tmp/pids/puma.pid
$
Example of access.log
123.123.123.123 - - [11/Jul/2014:05:44:17 +0000] "POST /tasks/easy_task/calculate/ HTTP/1.1" 301 184 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2073.0 Safari/537.36"
123.123.123.123 - - [11/Jul/2014:05:44:17 +0000] "GET /tasks/easy_task/calculate HTTP/1.1" 404 713 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2073.0 Safari/537.36"
...
123.123.123.123 - - [11/Jul/2014:06:04:17 +0000] "POST / HTTP/1.1" 404 713 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2073.0 Safari/537.36"
123.123.123.123 - - [11/Jul/2014:06:04:26 +0000] "POST /tasks HTTP/1.1" 404 713 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2073.0 Safari/537.36"
123.123.123.123 - - [11/Jul/2014:06:04:36 +0000] "POST /tasks/easy_task HTTP/1.1" 404 713 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2073.0 Safari/537.36"
123.123.123.123 - - [11/Jul/2014:06:04:42 +0000] "POST /tasks/easy_task/calculate HTTP/1.1" 200 104 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2073.0 Safari/537.36"

TL;DR
If you want to completely redirect to a new resource and method and body of the requests should not be changed use 308 instead of 301 or 302.
301 is permanent redirect but 302 is temporary so search engines don't change urls associated with that website when 302 is used.
301 and 302 indicated method and body should not be altered, but not all user agents align with that. Read this explanation from Mozilla:
The HyperText Transfer Protocol (HTTP) 302 Found redirect status response code indicates that the resource requested has been temporarily moved to the URL given by the Location header. A browser redirects to this page but search engines don't update their links to the resource (in 'SEO-speak', it is said that the 'link-juice' is not sent to the new URL). Even if the specification requires the method (and the body) not to be altered when the redirection is performed, not all user-agents conform here - you can still find this type of bugged software out there. It is therefore recommended to set the 302 code only as a response for GET or HEAD methods and to use 307 Temporary Redirect instead, as the method change is explicitly prohibited in that case. In the cases where you want the method used to be changed to GET, use 303 See Other instead. This is useful when you want to give a response to a PUT method that is not the uploaded resource but a confirmation message such as: 'you successfully uploaded XYZ'.
308 and 307 both permanently redirect to a new resource but they guarantee body and method of request won't be altered. the difference is that 308 is permanent and 307 is temporary, so 308 will signal search engines to change urls. see this:
The only difference between 307 and 302 is that 307 guarantees that the method and the body will not be changed when the redirected request is made. With 302, some old clients were incorrectly changing the method to GET: the behavior with non-GET methods and 302 is then unpredictable on the Web, whereas the behavior with 307 is predictable. For GET requests, their behavior is identical.

I've found solution. When I did POST request, I used url which ends with slash, like http://myapp.com/tasks/easy_task/calculate/
When I used url without slash in the end, like http://myapp.com/tasks/easy_task/calculate everything works perfectly!
I think it is because of this rule
rewrite ^/(.*)/$ /$1 permanent; # Truncate trailing slashes
I am closing this issue. Tomorrow.

In my case, the redirect meant if I POST to http://... the proxy_pass is converted to a GET.
Change the URL to an https://... and it is passed on as a POST as intended.
location /dc1 {
proxy_pass http://localhost:8000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host www.example.com;
}