Related
I'm working on an automated deployment of HCL Connections 6.5 using Ansible on CentOS 7. It already includes IBM IM, WAS (Dmgr + Node), DB2 and Connections itself. The HTTP Server (IHS) is installed, but now I need to configure it. I need to configure the WebSphere Plugin using WCT.
For education purpose, I did this in the past on another testserver using GUI mode like this:
cd /opt/IBM/WebSphere/Toolbox/WCT
./wct.sh
Now we get an wizard with several steps that asks for the plugin location, webserver definition name, port of the HTTP Server and so on.
Automate the wizard
I found wctcmd.sh
as CLI equivalent of wtc.sh to configure webservers automatically. So I made the following response file
configType=remote
enableAdminServerSupport=true
enableUserAndPass=true
enableWinService=false
ihsAdminCreateUserAndGroup=true
ihsAdminPassword=password
ihsAdminPort=8008
ihsAdminUnixUserGroup=ihsadmin
ihsAdminUnixUserID=ihsadmin
mapWebServerToApplications=true
wasMachineHostname=cnx65.internal
webServerConfigFile1=/opt/IBM/HTTPServer/conf/httpd.conf
webServerDefinition=webserver1
webServerHostName=cnx65.internal
webServerOS=operating_system_value
webServerPortNumber=80
webServerSelected=ihs
and ran wctcmd.sh like this:
cd /opt/IBM/WebSphere/Toolbox/WCT
./wctcmd.sh -tool pct -createDefinition -defLocPathname /opt/IBM/WebSphere/Plugins -response resp-file
It says that the tool was executed successfully. But when I open the webserver config /opt/IBM/HTTPServer/conf/httpd.conf it has added the following two lines:
LoadModule was_ap22_module ${WAS_PLUGIN_DRIVER}
WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-cfg.xml
This variable is not defined and raise an error when starting the webserver:
# /opt/IBM/HTTPServer/bin/apachectl start
httpd: Syntax error on line 915 of /opt/IBM/HTTPServer/conf/httpd.conf: Cannot load ${WAS_PLUGIN_DRIVER} into server: ${WAS_PLUGIN_DRIVER}: cannot open shared object file: No such file or directory
I assume that the presence of ${WAS_PLUGIN_DRIVER} indicates something went wrong with wctcmd.sh because I looked at another test server with Connections 6 installed manually (with GUI) and the manually installed server has no variable there:
LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-cfg.xml
A consultant with over 10 years of experience in WebSphere/Connections confirmed that LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so is correct when everything worked correctly, so there should be no variable.
Questions
Why does the tool place the ${WAS_PLUGIN_DRIVER} variable in my http config without resolving them?
What am I doing wrong that this occurs?
Figured out that I misinterpreted the operating_system_value value for webServerOS. I thought the script would detect the OS automatically, but the docs say
The valid values for the webServerOS parameter, which is used to specify the web server operating system, are Windows, Linux, Solaris, AIX, HPUX, OS390, and OS400.
I also set webServerType=IHS. Now it generates the following working configuration:
LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-cfg.xml
I'm using Mac OS X 10.10.3 Yosemite. Very recently upgraded from Snow Leopard (10.6.8) to Yosemite.
Step A
On my MacBook, I login into an Admin type privileged account. I installed the latest free XCode from the Apple App Store. With XCode, I also installed Command Line Tools, etc.
Step B
I installed Homebrew from https://brew.sh/. This is the command-line code I ran in Terminal, from the Homebrew website:
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
The script above checks for the presence of various necessary software & settings, and it showed (info & status inside Terminal window, on) what other commands or tools are needed to be obtained or executed. I followed those.
Step C
When Homebrew & related installation steps were done, I then installed openssl & unbound with the brew tool, via command-lines in Terminal:
brew help
brew update
brew install unbound openssl
sudo cp -fv /usr/local/opt/unbound/*.plist /Library/LaunchDaemons
sudo chown root /Library/LaunchDaemons/homebrew.mxcl.unbound.plist
sudo launchctl load -w /Library/LaunchDaemons/homebrew.mxcl.unbound.plist
brew upgrade --all
Step D
I restarted my MacBook once, and then tried the dig commands below. They did not show the ad flags in DNS query result, which indicates that DNSSEC authenticated DNS resolving is still not working and disabled!
dig #127.0.0.1 in TLSA _443._tcp.www.dnssec-validator.cz. +dnssec
dig #127.0.0.1 in TLSA _443._tcp.www.isc.org. +dnssec
dig #192.168.10.1 in TLSA _443._tcp.www.dnssec-validator.cz. +dnssec
dig #192.168.10.1 in TLSA _443._tcp.www.isc.org. +dnssec
The 192.168.10.1 is my (internet router) gateway for my primary network interface/adapter which is connected to the internet. My net adapter is currently using 192.168.10.50, a dynamic (not fixed) DHCP based IP address.
Unfortunately, the developers at https://unbound.net/ do not provide a standalone Unbound .pkg or .dmg installer file for Mac OS X. They do not actively develop the DNSSEC-Trigger app, either. In Snow Leopard, I was only using the Unbound portion of the DNSSEC-Trigger bundle. I was able to disable the DNSSEC-Trigger portion, and kept the Unbound portion running, after following tips shown in their mailing-list archive. In that way, I did not need to install any XCode command-line tools or Homebrew.
What should I do now so that all apps on my MacBook can use the Unbound DNSSEC resolver for all apps/clients? I want Unbound's resolver to be listening on 127.0.0.1 port 53 for DNSSEC & DNS queries.
These set of steps worked on Mac OS X Yosemite MacBook.
I'm self-answering with general elaboration to make it more clear for newbies, if you are not newbie then please skip whatever is unnecessary for you.
If you don't want to install very large installation of XCode, then see Step E below, first. Otherwise, start with the steps in the original question.
Step E
E1
My own account in Mac OS is Erik-user. It is a standard user account, which I generally use for general purposes.
But the Erik account is for administrative purposes. It is an "Admin" type, privileged user account. I'm using the Erik account.
E2
To enable showing hidden files inside Finder file browser, use the commands below in Terminal:
defaults write com.apple.Finder AppleShowAllFiles TRUE
defaults write com.apple.finder AppleShowAllFiles TRUE
and then log out & log back into your MacOS user account, or restart MacOS. Now "Finder" should show you all files & folders, in [ | | ] column mode.
If you have already installed "XCode" and homebrew, then skip the rest of Step E and continue from Step F.
E3
If you want to avoid installing the multi-gigabyte XCode,
Run this command inside Terminal: xcode-select --install and a new window will appear. In it, select only "Command Line Tools" (CLT) option/portion, even though it suggests that you install full XCode.
Then verify CLT installation: so in Terminal, run: xcode-select -p
If it displays: /Library/Developer/CommandLineTools then CLT installation succeeded.
Mac OS X Yosemite allows you to install only the CLT portion. Some previous Mac OS X versions did not allow CLT without XCode.
Also check if the gcc tool is now present or not: in Terminal, run: gcc --version
E4
Install Homebrew. In Terminal run:
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Please see https://brew.sh/ website for the actual & current ruby command.
Then in Terminal, run these commands:
brew help
brew update
brew install unbound openssl
E5
sudo cp -fv /usr/local/opt/unbound/*.plist /Library/LaunchDaemons
sudo chown root:wheel /Library/LaunchDaemons/homebrew.mxcl.unbound.plist
sudo launchctl load -w /Library/LaunchDaemons/homebrew.mxcl.unbound.plist
If you followed Steps E3 to E5, then skip Step F, and start to follow from Step G.
Step F
The homebrew.mxcl.unbound.plist file (which starts the Unbound DNS server) specifically needs to have proper ownership, so that Mac OS X's system itself can start it during boot or restart. Execute this command in Terminal:
sudo chown root:wheel /Library/LaunchDaemons/homebrew.mxcl.unbound.plist
Note: After upgrading Homebrew apps, we may need to execute this command again, if Unbound fails to start after a reboot.
Step G
Download Lingon from SourceForge. Install it. Start Lingon.
Step H
Inside Lingon, locate homebrew.mxcl.unbound under "USER DAEMONS."
In the "What" textbox, it is supposed to show like below:
/usr/local/opt/unbound/sbin/unbound -d -c /usr/local/etc/unbound/unbound.conf
Select & copy that last portion /usr/local/etc/unbound/unbound.conf.
Step I
Open /usr/local/etc/unbound/unbound.conf with your favorite text editor.
Step J: unbound.conf file content
The unbound.conf file has many pages of configuration info & config-command examples.
See below codes, add only these below config-command code lines at bottom of unbound.conf file or in appropriate section.
server:
verbosity: 1
num-threads: 2
interface: 127.0.0.1
interface: ::1
port: 53
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
#module-config: "[dns64] [validator] iterator"
module-config: "validator iterator"
auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
#dlv-anchor-file: "/usr/local/etc/unbound/dlv.isc.org.key"
Note: I skipped showing instruction for DLV DNSSEC, so added the (shown-above) # symbol in front of the dlv-anchor-file line, to disable it. And one of the module-config lines is also disabled, as I don't want DNS64 related resolution, for now.
Step K: unbound.conf file permissions
Set file ownership:
sudo chown root /usr/local/etc/unbound/unbound.conf
Set file permissions for different ownerships:
sudo chmod 644 /usr/local/etc/unbound/unbound.conf
A short discourse on file permission and ownership
Permission level 4 = read, 2 = write, 1 = execute. 3-digit number is for 3-types of ownership: Owner-Group-Other.
By using Finder's GUI interface, you can also set permissions & ownerships of a file, instead of using command-lines in Terminal: select a file in Finder, press Cmd+i buttons together, go below in "Sharing & Permissions" section, the "Name" column shows list of users/groups who owns ownership, the "Privilege" column shows file's read/write permissions level for different ownership. Change into recommended choices & preference level shown here.
Except for very reliable person, and only-this computer's core (operating-system) system components, no one else (and no other entity) should have the ability to (edit & change or) write, into some of the sensitive files & folders, that is why we need to set "Permissions-level" on files & folders. The "6" in "644" (which is used in "chmod" command-line) is indicating current-user's (aka "Me") permissions-level, and current user ("Me") has ("6" can be broken down into 4+2) read+write level permissions. The middle "4" in "644" is permission for user-type or user-group, and that group/type of users have ("4") read level permissions. Then right-most side "4" in "644" is permission for Everyone/Other/World users and they have ("4") read level permissions.
Step L: Verify unbound.conf
Check if unbound.conf file configuration has any error, by using this command, in Terminal:
sudo /usr/local/opt/unbound/sbin/unbound-checkconf "/usr/local/etc/unbound/unbound.conf"
Step M: Obtaining a root.key anchor
Follow instruction shown in OPTION-1, if you dont have a "root.key" file for "unbound" DNS server/Resolver, and you want to manually create an "initial" root.key file by yourself with very thorough checking, and if you want unbound DNS Server daemon to update that initial root.key, with a working full root.key code & timestamps.
Follow instruction shown in OPTION-2, if you dont have a (initial or working) "root.key" file, and if you want the "unbound-anchor" tool to QUICKLY create it for you.
Follow instruction shown in OPTION-3, if you dont have a (initial or working) "root.key" file, but you have securely obtained "icannbundle.pem" file, from IANA/ICANN authority website, and you want "unbound-anchor" tool to create it (full working root.key) very securely.
Follow instruction shown in OPTION-4, if you don't have a (initial or working) "root.key" file, but you have access to another "safe" or "secured" computer, where you can securely obtain files from authority websites, or you can copy a working "root.key" file from it, for your MacOSX computer.
M option 1: Manually creating a new root.key
A regular user may want to view or obtain (or manually create) correct "initial" "root.key" (aka, initial root-trust-anchor) via HTTPS (encrypted & non-eavesdropped & secured) connection from IANA authority website: root-anchors.xml, or obtain initial anchor from ICANN authority website, and then regular user MUST compare+verify xml file's content code, with local initial root.key file.
Click on the above xml URL-link, and then check presence of a LOCK-icon shown in web-browser's url-bar (which is an indicative that a HTTPS encrypted connection is being used), and also check color of "DNSSEC-Validator" (and "TLSA-Validator") status icon, (it must display a picture of green-colored KEY-icon).
Either download the xml file or copy-paste the content shown in xml file, into the "root-anchors.xml" file, and place/move it in same folder where "unbound.conf" file is located.
And now copy the file "root-anchors.xml" file in same folder, and rename the "root-anchors Copy.xml" file into "root.key".
And edit this "root.key" file (by using nano or Bluefish text-editor app). And change/re-arrange existing XML syntax/format, into the format shown in below "DS" code line. Make sure all numbers & hash codes in "root.key" are exactly same number & hash, shown on that IANA authority webpage "root-anchors.xml" file. Format/Syntax will be different in those two files, but code & hash numbers must be same.
Currently (June, 2015), the 2010-2011 initial trust anchor (initial root.key) for the root zone, looks like below.
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
And then set file ownership: sudo chown root /usr/local/etc/unbound/root.key
and set permissions: sudo chmod 644 /usr/local/etc/unbound/root.key
Codes shown in above "DS" code-line, (which must also be present in INITIAL "root.key" file), is known as "Initial Anchor". Unbound server daemon or "unbound-anchor" tool can update initial file with a working full root.key, with appropriate codes & timestamps.
M option 2: Creating a new root.key with unbound-anchor using local certificates
Another QUICK (short) way (and not very secure/trustworthy way) to obtain+create the "root.key" file, is to, use the unbound tool "unbound-anchor", via a command in Terminal:
sudo /usr/local/opt/unbound/sbin/unbound-anchor -a "/usr/local/etc/unbound/root.key"
With above command, unbound-anchor tool obtains appropriate codes or files from authority websites (if a newer version is found) by using internal certificates, and then creates the "root.key" file, containing working codes & timestamps.
And then set file ownership on it: sudo chown root /usr/local/etc/unbound/root.key
and set permissions: sudo chmod 644 /usr/local/etc/unbound/root.key
M option 3: Creating a new root.key with unbound-anchor using ICANN certificates
unbound-anchor can also obtain and create a working root.key even more securely, if an icannbundle.pem file is supplied/used.
So 1st obtain icannbundle.pem file securely from the IANA authority website (and make sure your web browser's address bar is showing LOCK-icon & green-colored dnssec KEY-icon), and download the pem file into this directory: /usr/local/etc/unbound
And then set file ownership: sudo chown root /usr/local/etc/unbound/icannbundle.pem
and set permissions: sudo chmod 644 /usr/local/etc/unbound/icannbundle.pem
Then obtain+create a working root.key very securely, by using this command in Terminal:
sudo /usr/local/opt/unbound/sbin/unbound-anchor -a "/usr/local/etc/unbound/root.key" -c "/usr/local/etc/unbound/icannbundle.pem"
With above command, unbound-anchor tool obtains appropriate codes or files from authority websites (if a newer version is found) by using internal certificates, and then checks authenticity of received code by using the icannbundle.pem cryptographic key file, and then creates the "root.key" file, containing working codes & timestamps.
And now we can set file ownership on root.key: sudo chown root /usr/local/etc/unbound/root.key
and set permissions: sudo chmod 644 /usr/local/etc/unbound/root.key
For more detail info, goto: https://unbound.net/documentation/howto_anchor.html and also check https://unbound.net/documentation/unbound-anchor.html
M option 4: Obtaining a root.key from another computer where it has been created
Note: User/visitor suppose to use already pre-setup safe computer & web-browser software to "securely" obtain/download those files (root-anchors.xml, or, icannbundle.pem, etc) from ICANN or IANA authority website. Web-browser software, MUST have "DNSSEC-Validator" (and "TLSA-Validator") (also known as DNSSEC/TLSA-Validator) extension/addon (from this https://www.dnssec-validator.cz/ website), and that computer must also have a local full DNSSEC supported DNS Server or resolver.
And then in such web-browser, a user/visitor can see correct DNSSEC & DANE/TLSA status icon (green-colored KEY-icon), for each visiting websites (which are appropriately DNSSEC-Signed).
If an "unbound" DNS Server/Resolver is used in that "SAFE" & "SECURED" computer, then you can copy that "root.key" file from it, into your MacOSX computer, when you want to avoid going into authority websites & want to avoid checking very thoroughly, and when you want to quickly configure a 2nd/other computer.
Also load these firefox extensions/addons, and then enable "add-on bar" (similar to statusbar) at bottomside of firefox, for viewing more info on web server location & reverse DNS address, and more info on server's TLS/SSL certificate:
CipherFox, Cert Viewer Plus, Calomel SSL Validation, HTTPS-Everywhere, WorldIP, Classic Theme Restorer, etc.
Step N
In your Mac OS X computer, goto "System Preferences" > Network > choose each "WiFi" and each "Ethernet" Network Interface Card/Adapter, which is/are connected with internet in your Apple MacBook computer > goto/click "Advanced" > goto "DNS" tab > (write-down which adapter has which set of DNS Servers in a paper, and then, one by one adapter) remove the DNS-servers which are listed there, and make sure, that, only one DNS server is listed/specified: 127.0.0.1
Above steps will create+add "nameserver 127.0.0.1" code, inside /etc/resolv.conf file.
Step O
If you are using 10.10.3 or earlier, then keep mDNS (mDNSResponder) completely disabled. By using "Lingon" app, look for mDNS ("com.apple.mDNSResponder"), check all 4 sections inside Lingon, specially under SYSTEM DAEMONS, click on the text "Show" next to each section, to view full list.
mDNS is re-included back in 10.10.4 (by Apple updates), so if you are using 10.10.4 then disable it temporarily just for these steps-o.
If it is active or found in 10.10.3 or earlier, then uncheck/unselect the "Enabled" option in Lingon to disable it, enter administrative user pass, save/ok.
When mDNS is active, it starts to resolve DNS and it also does bunch of other activity automatically, (like, discovering & configuring UPnP IGD & NAT-PMP, etc) without taking computer-owner's permission or without showing any info (or table of info) to computer's owner, what exactly its doing. So mDNS does not show computer's owner, any information on which apps are allowed by it, to do what, and what port/traffic activities are going on on or through your computer, etc, none are displayed to computer's owner, so mDNS is not an app with some good technologies for people & their computer's safety & security & privacy in mind. And mDNS by itself does not support full DNSSEC either, unless at-least one local/remote BIND or Unbound full dnssec dns server is used.
Step P
If you are using 10.10.3 or earlier, then disable it temporarily just for these steps-p. By using Lingon, find "com.apple.networking.discoveryd" under SYSTEM DAEMONS. Uncheck/unselect the "Enabled" option in Lingon to disable it temporarily, enter administrative user pass, save/ok. We are disabling it, so that it can completely forget the previous/old DNS Servers, which were obtained from network adapter's DNS setting, (it will forget after one restart from this stage).
Discoveryd is removed from 10.10.4 (by Apple updates), so if you are using 10.10.4 then disable it completely, if still exists.
Step Q
By using Lingon, find "com.apple.dnsextd" under SYSTEM DAEMONS. Uncheck/unselect the "Enabled" option in Lingon to disable/de-activate it, enter administrative user pass, save/ok.
Step R
In Terminal, run
dig #127.0.0.1 in TLSA _443._tcp.www.isc.org. +dnssec
And open "App Store" and see if it can pull homepage contents/items.
Reboot/restart MacOSX once.
Step S
S1
If you are using 10.10.3 or earlier, then enable "discoveryd" back, now, at this stage of this instruction steps-s. Again use Lingon, find the "com.apple.networking.discoveryd". Select/checkmark the "Enabled" option, enter administrative user pass, save/ok.
Discoveryd is removed from 10.10.4 (by Apple updates), so if you are using 10.10.4, then still keep "discoveryd" disabled, if still exists.
S2
If you are using 10.10.4 or later, then enable "mDNS" back, now, at this stage. Again use Lingon, find the "com.apple.mDNSResponder" under SYSTEM DAEMONS. Select/checkmark the "Enabled" option, enter administrative user pass, save/ok.
S3
Many apps use system/default DNS resolving when allowed & serviced by the (above shown) "discoveryd" daemon (aka, Discovery Daemon), in 10.10.3 & earlier Mac OS X, or DNS resolving service is allowed to be accessed by mDNS daemon in 10.10.4 or later Mac OS X. Either of this daemon should be now able to learn & allow other apps to use the new DNSSEC DNS Server service running at 127.0.0.1 port-53, which is specified in Network adapter's DNS settings, (after one restart from this stage).
Step T
In Terminal, run
dig #127.0.0.1 in TLSA _443._tcp.www.isc.org. +dnssec
And open "App Store" and see if it can pull homepage contents/items.
Reboot/restart one more time again.
Step U
Now in Terminal, run below "dig" commands, and check if query results are showing "ad" in flag, and status is showing "NOERROR". If those indicators are present, then full dnssec dns resolving is working from a local dnssec resolver, running-at & listening-on 127.0.0.1 port 53/DNS. :)
dig #127.0.0.1 in TLSA _443._tcp.www.dnssec-validator.cz. +dnssec
dig #127.0.0.1 in TLSA _443._tcp.www.isc.org. +dnssec
dig #127.0.0.1 in TLSA _443._tcp.www.statdns.net. +dnssec
ping yahoo.com
nslookup yahoo.com
If nslookup or ping worked, then it indicates that the default DNS Server is working.
Remove the "#127.0.0.1" portion from above "dig" commands, and check if results are same (that is, "ad" flag is still shown, and if dig results are still showing it has by-default used the 127.0.0.1 as DNS server), then it is indicating, by default local 127.0.0.1 DNS Server is being used as system-wide DNS Server/Resolver (for allmost all apps/tools), and dnssec based resolving is also working.
Step V
Some tools & apps do not completely use other DNS servers, they contain their own internal full DNSSEC/DNS resolving library & related codes or contains partial library-codes, so checking DNS with only such tools are not enough.
You must check it via other apps (which you daily use or) which are known to use system network adapter's DNS servers.
So you must fireup Firefox and Apple App Store, and check if you can see & visit all websites normally, as those apps will be using the "default" (aka, "system") DNS resolver/server, which is now set-to 127.0.0.1 by us, what we have specified inside network adapter configuration.
Step W
Firewall based restrictions & assistance:
By using application-aware firewall + network port/packet control firewall, if we set firewall-rules shown below, then entire system can be FORCED TO USE, only ONE full dnssec DNS Server/Resolver 127.0.0.1 & nothing else:
system-wide/global firewall rule #1: only "unbound" app can connect with any other DNS-Server's port 53/DNS using TCP or UDP connection.
system-wide/global firewall rule #2: any app/software which is NOT-"unbound", can only use one "unbound" DNS-Server running-at & listening-on 127.0.0.1 port 53/DNS using TCP or UDP connection. (So all other port 53 traffics are dropped for non-unbound app/software).
Steps X and Y
(Deleted)
Step Z: Notes, Disclaimers, and References
I have followed (and borrowed instructions, and discussion comments from) various other websites, (and copy-pasted instructions & comments here with slight modifications done by me). Some references i showed, under the paragraph, when related content was first mentioned, in this article/answer page. So, for even more detail understanding, please search in ddg/yahoo/bing/google engines with terms/words taken from here.
Different computer may & very likely to have different versions and configurations and components. So you MUST research & use your own best educated knowledge & judgement, before using any of these shown instructions on your own computer at your own risk.
While trying to start Apache using XAMPP, I was receiving - "Attempting to start Apache service..." message in XAMPP UI. No further details were available.
Where can I see the logs (I was running XAMPP as Admin) ?
IF PORT 80 IS NOT THE ISSUE!
Check to see if the port 80 is in use first as this can be an issue.
You can do this by typing "netstat -an" into cmd. The look for 0.0.0.0:80 under Local Address, if you find this is in use then follow the solution from #Karthik. However, I had a similar issue but my port 80 was not in use.
My XAMPP had wrong paths locations, steps to fix this:
1.Find out the Apache version you are using, you can find this by looking in Services (Control panel, Admin Tools, Services) and finding Apache in my case it was listed as Apache2.4
2.Close XAMPP.
3.Run cmd as admin.
4.execute 'sc delete "Apache2.4"' (put your version in place of mine and without the surrounding ' ', but with the " " around Apache).
5.execute 'sc delete "mySQL"', again remove the '' when you type it.
6.reopen XAMPP and try starting Apache
If you are having trouble with FileZill, Mercury, or Tomcat you could try it here too, but I have not tested that myself.
Hope this helps!
I realized it was a port issue since I was running IIS and other web servers in my machine. But I was more interested to see a detailed error message with the port number in the UI.
Seems like it was not logged in the UI or log file (at least in my case), but in the Event viewer (Control panel -> View Event Logs). Under the Even viewer -> Windows Logs -> Application
I could see a permission error something like the below one:
An attempt was made to access a socket in a way forbidden by its access permissions. : AH00072: make_sock: could not bind to address 0.0.0.0:443
To fix this permission issue for SSL port, Please change the below line in httpd-ssl.conf (C:\xampp\apache\conf\extra)
# When we also provide SSL we have to listen to the
standard HTTP port (see above) and to the HTTPS port
Listen xxx
Replace XXX with any valid port number that is open in your machine
If you are having issues with Port 80, then change the httpd.conf file (C:\xampp\apache\conf)
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 127.0.0.1:8000
I have also summarized other solutions that I came across:
Most often Skype blocks the Apache port. So terminate it and try again.
Find the process id (PID) that is using the Blocked port ( netstat -ano) and kill the corresponding process in Windows Task Manager.
For those who have accidentally (or not) changed one of the .conf files and apache does not run even after trying all the above solutions.
One easy way to track where the issue is located, is to run Apache via command prompt:
(On windows) : open command prompt as admin then navigate inside the bin folder of Apache , next run
httpd in order to run apache
C:\xampp\apache\bin\httpd
For my case it was :
someone had added a virtual host in the specific file that caused the problem . I commented the lines and Apache ran fine.
start xampp (as administrator),
(1) right click C:\xampp\xampp-control.exe, and run as administrator.
(2) unistall service module and then install service module.
(3) now try start the apache and mysql.
Check your DocumentRoot path (in httpd.conf); a typo there can cause this problem.
Had the same issue while updating to PHP7.2
Problem:
First I closed skype and then checked whether port 80 is not an issue. How you can check that? See #AlexT comment above.
In my case, port 80 wasn't an issue. So now I had to figure out what was wrong. So I checked Error Logs Control Panel > Even viewer > Windows Logs > Application and found following error against Apache2.4
httpd.exe: Syntax error on line 520 of C:/xampp/apache/conf/httpd.conf: Syntax error on line 18 of C:/xampp/apache/conf/extra/httpd-xampp.conf: Cannot load C:/xampp/php/php7ts.dll into server: The Apache service named is not a valid Win32 application.
Which means I had installed wrong PHP version. Actually I downloaded win64 version while the required version was Win32 for me.
So I downloaded correct version from: Download PHP 7.2.0 extracted it in C:/xampp/php folder, restarted the apache and it worked :)
I had the same issue, executing "setup_xampp.bat" in xampp folder solved my issue.
I had the same problem but it was because I had a previous version of xampp already installed and I tried to install a newer version. I had installed the newer version in another file directory (I had named the file directory xampp2). I solved the problem by uninstalling the newer version, renaming the old one (I renamed it xamppold) and I installed xampp again.
I guess if you haven't installed xampp in another file directory , it should be enough to reinstall xampp. If you are worried about your files , you always can make a backup before reinstalling xampp.
I solved the problem after watching the xampp activity log (the list of the bottom) and realizing xampp was trying to open the custom file path but I had another route path. If the first option didn't work, at least you can scroll up in the activity log and see what's error you get while starting as admin and trying to re install the Apache module or trying to start the module.
You may wander why I didn't just simply uninstall the whole thing from the beginning , and the answer would be because I had to tweak a couple of things in xampp for some different projects (from changing the ports , to add .dll to run mongo.db in Apache), and I was just too lazy to re-do everything again :b
I hope my answer can be helpful for anyone since this is my first time writing in stackoverflow :)
Cheers
In my case, with the same problem and Xampp window, I had copied \apache\conf\extra\httpd-vhosts.conf entries from an old Xampp version to a newly installed one so I could continue to open local projects in browsers. One of the vhosts paths was wrong. After deleting that entry Apache started without problem.
The reference by #Karthik to "in the Event viewer (Control panel -> View Event Logs" saved me time. It's all too easy to presume Xampp logs will point to the problem. It doesn't.
Also check if your xampp is installed in the main directory like C or D or E and not in or within a folder of that directory? i.e. ( "D:/Xampp" or is it "D:/something/Xampp") if its not in the main path of the directory, it will show this error.
copy your xampp directory from "D:\Something\Xampp" to "D:"
So it becomes like this "D:\Xampp"
and the issue will be resolved.
Starting Xampp as a console application (simply by doubleclicking xampp_start.exe in the Xampp root folder) was the only thing that worked for me on Windows 10 (no Skype, no Word Wide Web Publishing Service). WampServer and UwAmp also didn't work.
I had a hard-coded IP in httpd.conf and my local IP had changed which was causing my issue, changed IP over and all worked again
My scenario was different after I tested all the possible options. If you have changed the ports and still get the same problem, well here's something you can try out. This was done in Windows 7.
Step 1: Confirm the cause of the error by going to Control Panel -> System and Security -> Administrative Tools -> Event Viewer -> Windows Logs -> Application -> Error. Mine said "The Apache service named reported the following error:
httpd.exe: Syntax error on line 424 of C:/xampp/apache/conf/httpd.conf: Cannot load c:\xampp\php\php5apache.dll into server: The specified module could not be found." So I needed to change \php5apache.dll to the version of my php and apache version installed which was php7apache2_4.dll
Step 2: To get the correct name for your .dll php and apache file, got to C:\xampp\php. You will see something like php7apache2_4.dll with other files in the folder.
Step 3: Go to C:/xampp/apache/conf/httpd.conf and edit the configuration file and change "c:\xampp\php\php5apache.dll" to "c:\xampp\php\php7apache2_4.dll" in my case. Make sure you open the file as administrator save changes made.
Step 4: Run the xampp server and everything should work fine. Do not forget to shut down the xampp server before doing the changes to the apache configuration file.
Hope this helps. Cheers! :)
Try to install x86 version of XAMPP. The default XAMPP version on their website is x64 (maybe because I'm using x64 Windows 7).
download link here
I had this issue when I installed under Program Files, which they do not recommend due to write issues. This might only be a problem if you are not logged in as an admin and use a password to install. I just uninstalled and installed in a directory that did not need admin privileges.
Make sure Apache didn't get Disabled in Services (Control panel, Admin Tools, Services). If it's Disabled then Set it to Manual and it should run. That was my case, I found Apache Disabled.
Solution for my particular scenario (It had been working a couple days before getting borked):
Port 80 was not the problem, but something I had done while messing around with Services and Startup.
Type msconfig on Windows' Start menu
Click System Configuration
Screenshot for System Configuration
In the Services tab, search for Apache24 (Click "Hide all Microsoft services" in the checkbox at the bottom of the window to make it easier to find)
If its checkbox isn't checked, check it
If it was already checked, then this guide isn't going to help. However if it is:
Click OK, your PC will have to restart
Try once again! In my case Apache was already running once I opened Xampp
I had the same issue.Just click on services button.Then find apache and right cick > properties > set startup type as Automatic/ Manual. Now close apache and try again.It will work!
For me it wasn't a port or service issue; I had to re-run the XAMPP setup script. Although this didn't directly fix the issue for me, the script was much more verbose than the XAMPP log, pointing me in the right direction to actually solve the problem.
From the XAMPP GUI, click on Shell, type set, press Tab to autocomplete to the setup_xampp.bat file, and then press Enter to run it.
In my case I got the following output:
[ERROR]: Test php.exe failed !!!
[ERROR]: Perhaps the Microsoft C++ 2008 runtime package is not installed.
[ERROR]: Please try to install the MS VC++ 2008 Redistributable Package from the Mircrosoft page first
[ERROR]: http://www.microsoft.com/en-us/download/details.aspx?id=5582
This particular error is misleading. Although it specifies the Visual C++ 2008 Redistributable Package, PHP 7.4.x requires the Visual C++ 2019 Redistributable Package.
After installing that and following the prompt to restart, sure enough I'm now able to start Apache as normal.
make sure no space in front of the port number if you ever edited it.
From Xampp control panel, click on config (next to Apache), then choose Apache(httpd.config), search for listen 80 and change the port to another port.
If nothing works with you, I would suggest you download MAMP and use it instead.
It does the same thing, if not better.
Comment this lines from httpd.conf:
# Virtual hosts
#Include etc/extra/httpd-vhosts.conf
In the case you're using them it may solve.
when i run xampp control panel normal:
I had been run
I can’t start apache
So, I will run it with administrator:
I can run apache
Since upgrading to OS X Yosemite DP I have had trouble using Apache on my Mac, and previously fell back to using MAMP. Since OS X 10.10 DP5, now MAMP does not work either. So I figured I had to fix this issue the hard way (I am not very skilled with raw server setup). I have tried however, without success, and I do now know where to look next.
This is what I have done:
After seeing this result I of course checked if the Aoache service was indeed running:
OK. Then I figured it must indeed have been my Apache configuration that was wrong. And rightfully so, prompting apachectl in Terminal I found that the Apache config had parsing errors (probably because Apache was updated when updating to OS X 10.10, but the config file not following? Anyway, I followed instructions to get a valid config file with a minimum of installed modules (.so-files taken from location of previous installation).
A copy of my httpd.conf can be seen on http://pastebin.com/VU5aZ6vL, but key variables are listed here:
ServerRoot "/usr"
Listen 127.0.0.1:80
LoadModule authz_core_module libexec/apache2/mod_authz_core.so
User daemon
Group daemon
ServerName localhost:80
<Directory />
AllowOverride none
Require all granted
</Directory>
DocumentRoot "/Users/casparjespersen/Sites/"
Still, the result is the same. Any ideas where to look next?
I had the same problem. Quick fix: http://www.ampps.com/ does still work for me for a basic Apache/MySQL setup.
But AMPPS lacks of many great features I love with MAMP.
This will help you just follow the instructions:
http://coolestguidesontheplanet.com/get-apache-mysql-php-phpmyadmin-working-osx-10-10-yosemite/
After researching setting up Apache on Yosemite this issue was explained - the solution is to implicitly add localhost at the top, before your Virtualhost block pointing to 127.0.0.1... Sorry I can seem to find the YouTube link that explained this.
I have been googling for the past few hours but I simply can't get my apache on wamp to start. My skype isn't running, and the test port 80 shows it isn't being used by anything. Before this happened, I was trying to add a new vhost, but now I have reverted back all of the files where I made changes. Anyway to debug why apache won't start?
Clicking on start/resume service for apache doesn't show any errors either.
Also just in case, I am running Win7 64bit
If you have an issue in the httpd.conf or any files included by it there are a couple of ways to find out what the problem is
First look at your Windows Event Viewer. Click on the Windows link in the menu on the left, and then submenu Applications.
Look for messages from Apache with the red error icon.
Secondly, open a command window, then CD into \wamp\bin\apache\apache2.x.y\bin, replace x,y with your actual version.
Now you can run this command to get Apache(httpd) to validate the httpd.conf file.
httpd.exe -t
This should give errors with line numbers related to the http.conf file.
It stops on the first error, so you will have to keep running it and fixing the error and then run it again until it gives the all OK message.
Use apaches startup debug tool from command: httpd.exe -e warn
press Win+R
type cmd and press enter
goto directory which contains your apache httpd.exe file. for example if your wamp is installed in e:\wamp type cd /d e:\wamp\bin\apache\ApacheX.X.X\bin in cmd and press enter.
type httpd.exe -e warn (or httpd.exe -e debug for more details) to see error message about problem which is prohibiting apache to start.
That is what I did and it helped me to find out what my Apache-PHP needed:
C:\Users\Admin>cd C:\wamp\bin\apache\apache2.4.9\bin
C:\wamp\bin\apache\apache2.4.9\bin>httpd -t
Syntax OK
C:\wamp\bin\apache\apache2.4.9\bin>httpd -k start
[Thu Apr 23 14:14:52.150189 2015] [mpm_winnt:error] [pid 3184:tid 112]
(OS 2)The system cannot find the file specified. : AH00436:
No installed service named "Apache2.4".
C:\wamp\bin\apache\apache2.4.9\bin>
The most simple solution:
Uninstall and reinstall WAMP (do not even try to set it up on top of existing installation - it would not help)
P.S.
If you wonder how did I get to this situation, here is the answer: I was trying to install WAMP and it throws me an error in the middle of installation saying:
httpd.exe - System Error
The program can't start because MSVCR110.dll is missing from your computer.
Try reinstalling the program to fix this problem.
OK
I got and installed Microsoft Visual C++ 2012 Redistributable from here http://www.microsoft.com/en-us/download/details.aspx?id=30679#
And it gave me the "dll" and the MYSQL started working, but not Apache.
To make Apache to work I uninstalled and reinstalled WAMP.
This solved the issue for me:
Right click on the WAMP system try icon -> Tools -> Reinstall all services
Go to C directory and then go to below mentiond path of you wamp server.
C:\wamp64\bin\apache\apache2.4.46\bin>
Then in Address bar enter "CMD" and press enter.that wil open the command prompt.
Now past below comman
httpd.exe -e warn
to see error message about problem which is prohibiting apache to start.
If you error is releated to port then
Right click on wamp server than on apache and then on httpd.confg,
Now search 80 and replace with 81 in that file and close and restart wamp
Invalid Command '80HostnameLookups' , perhaps misspelled or defined by a module not included in the server configuration
I got this error when I debug the issue (wamp server was not going online) by the procedure defined by #RiggsFolly. Just comment the line 80HostnameLookups Off by changing it to #80HostnameLookups Off.
This solution worked for me and apache starts running.Note:80HostnameLookups Off can be found on line 222 of httpd.conf file located in C:\wamp\bin\apache\apache2.4.9\conf
phpmyadmin.conf opened with apacheconf.exe and contents chained so you must do the following:
copy contents of phpsysinfo.conf [C:\wamp\alias]
paste into phpmyadmin.conf [C:\wamp\alias]
change Alias /phpsysinfo "c:/wamp/apps/phpsysinfo3.1.12/" to Alias /phpmyadmin "c:/wamp/apps/phpmyadmin4.1.14/"
change <Directory c:/wamp/apps/phpsysinfo3.1.12/ /> to <Directory c:/wamp/apps/phpmyadmin4.1.14/ />
its worked for me.
My solution was that 2 .dll files(msvcp110.dll, msvcr110.dll) were missing from the directory :
C:\wamp\bin\apache\apache2.4.9\bin
So I copied these 2 files to all these locations just in case and restarted wamp it worked
C:\wamp
C:\wamp\bin\apache\apache2.4.9\bin
C:\wamp\bin\apache\apache2.4.9
C:\wamp\bin\mysql\mysql5.6.17
C:\wamp\bin\php\php5.5.12
I hope this helps someone out.
Sometimes it is Skype or another application "Holding" on to port 80. Jusct close Skype
My solution on Windows 10 was just to stop IIS (Internet Information Services).
If Apache is installed as a Windows service, any errors will show up in the Windows System event log. To view the System event log, navigate to Windows Administrative Tools->Event Viewer and open the System log in the Windows Logs folder. Or, you can see the same errors by running httpd.exe at the command line. In my case, httpd.exe is located here: C:\Bitnami\wampstack-5.6.26-2\apache2\bin.
If there is a problem with starting Apache, most likely the problem can be fixed by editing the httpd.conf file located in the \apache2\conf folder.
As already suggested, you can check the syntax of the httpd.conf file by running httpd.exe -t at the command line.
I found that the I had to
Change SetEnv PATH "C:\Bitnami\wampstack-5.6.26-2\apache2\bin;${PATH}" in httpd.conf
to
SetEnv PATH "C:\Bitnami\wampstack-5.6.26-2\apache2\bin;%PATH%"
I had the same problem. My port 80 was not in use.
After thorough research, all I did was to download Update for Universal C Runtime.
Once installed and my PC restarted, all was OK.
I was having the same problem, the mysql service was starting but not the apache service, the main problem about that is one of your virtual hosts isn't config. correctly, all i did was deleted the virtual host that i created "D:\wamp\bin\apache\apache2.4.23\conf\extra\httpd-vhosts, restarted all services apache service started working correctly and so i just went to localhost and added a virtual host automatically and so it worked!!
I was having same problem.
I followed this steps, problem solved.
run command line (CMD) with Administrator Permission.
cd c:/wamp64/bin/apache/apache2.4.27/bin
httpd.exe -k uninstall
httpd.exe -k install
at last restart all services from wamp system tray icon
It turns out I didn't have Microsoft visual c++ installed, installing it solved the problem for me.
If you have Microsoft Visual Studio running at time of running, try to disconnect it and try again