monit – can't connect from browser

I'm teaching myself networking by building an internet server. I am
running Debian Linux 3.1 on host jupiter.obliqueuniverse.org (a Dell
Dimension 4100 desktop). This host (192.168.2.2) is part of my LAN,
which is connected to the Internet through a Dell Truemobile 2300
Broadband Router (which does NAT). My domain is obliqueuniverse.org,
and I have the static IP address 207.237.37.110.

Many thanks to Chris Davies, Bit Twister, and a number of others who
have helped me get this far!

On jupiter, I have installed apache 2.0.54 and ISPConfig.

I installed and configured monit 4.5, and created the certificate
using this guide: http://howtoforge.com/server_monitoring_monit_munin_p2.
(For the moment, on my training server, I am committed to Debian 3.1,
and 4.5 is prescribed release of monit.)

From Firefox on the Windows XP host (192.16.2.3) on my LAN, I can
connect to the apache server:

http://192.168.2.2:80

and I can connect to ISPConfig:

http://192.168.2.2:81

However, when I try to connect to the Monit Server Manager

https://192.168.2.2:2812

I get the following error message:
- - - - - - - - - - - - - - - - - - - - - - - -
Server Connection Failed
192.168.2.2 uses an invalid security certificate
The certificate is not trusted because it is self-signed.
The certificate is valid only for jupiter.obliqueuniverse.org
(Error code: sec_error_ca_cert_invalid)
- - - - - - - - - - - - - - - - - - - - - - - -

There ia an "Alert!" pop-up that says:

The certificate is only valid for <a id="cert_domain_link"
title="jupiter.obliqueuniverse.org">jupiter.obliqueuniverse.org</a>

The Windows XP Firewall is disabled. I have configured the Dell
Truemobile Router to forward any traffic directed to port 2812 at
207.237.37.110 to port 2812 on 192.168.2.2. (However, on the LAN side
of my router, I don't think this should make any difference.)

ps and "monit status" indicates that monit is running, but that
"Connection failed" for apache:

monit status | sed –n '57,70p'

Process 'apache'
status Connection failed
monitoring status monitored
pid -1
parent pid -1
uptime 0m
childrens 0
memory kilobytes 0
memory kilobytes total 0
memory percent 0.0%
memory percent total 0.0%
cpu percent 0.0%
cpu percent total 0.0%
port response time -1.000s to www.obliqueuniverse.org:80/monit/token
[HTTP]

# monit validate

/etc/monit/monitrc:414: Warning: TOTALMEMORY statement does not work
properly on Linux
'MB'
HTTP error: Server returned status 404
'apache' failed protocol test [HTTP] at INET[www.obliqueuniverse.org:
80].
'apache' trying to restart
'apache' stop: /etc/init.d/apache2
'apache' start: /etc/init.d/apache2

# cat /etc/monit/monitrc | sed –n '414p'

if totalmem > 500 MB for 5 cycles then restart

Inspection reveals that there are 6 instances of apache2 running:

ps-aux | awk 'NR==1 || $11 ~/apache2/'

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 5291 1.6 2.5 23044 9776 ? Ss 21:03 0:00 /usr/
sbin/apache2 -k start -DSSL
www-data 5295 0.0 2.5 23044 9796 ? S 21:03 0:00 /usr/
sbin/apache2 -k start -DSSL
www-data 5296 0.0 2.5 23044 9796 ? S 21:03 0:00 /usr/
sbin/apache2 -k start -DSSL
www-data 5297 0.0 2.5 23044 9796 ? S 21:03 0:00 /usr/
sbin/apache2 -k start -DSSL
www-data 5298 0.0 2.5 23044 9796 ? S 21:03 0:00 /usr/
sbin/apache2 -k start -DSSL
www-data 5299 0.0 2.5 23044 9796 ? S 21:03 0:00 /usr/
sbin/apache2 -k start –DSSL

If I kill one of these processes another is spawned, keeping the total
at 6.

/var/log/syslog shows that monit tries to restart apache2 about every
60 seconds.

Nov 24 20:06:30 jupiter monit[2655]: 'apache' failed protocol test
[HTTP] at INET[www.obliqueuniverse.org:80].
Nov 24 20:06:31 jupiter monit[2655]: 'apache' trying to restart
Nov 24 20:06:31 jupiter monit[2655]: 'apache' stop: /etc/init.d/
apache2
Nov 24 20:06:32 jupiter monit[2655]: 'apache' start: /etc/init.d/
apache2
Nov 24 20:07:37 jupiter monit[2655]: 'apache' failed protocol test
[HTTP] at INET[www.obliqueuniverse.org:80].
Nov 24 20:07:37 jupiter monit[2655]: 'apache' trying to restart
Nov 24 20:07:37 jupiter monit[2655]: 'apache' stop: /etc/init.d/
apache2
Nov 24 20:07:38 jupiter monit[2655]: 'apache' start: /etc/init.d/
apache2
Nov 24 20:08:43 jupiter monit[2655]: 'apache' failed protocol test
[HTTP] at INET[www.obliqueuniverse.org:80].
Nov 24 20:08:43 jupiter monit[2655]: 'apache' trying to restart
Nov 24 20:08:43 jupiter monit[2655]: 'apache' stop: /etc/init.d/
apache2
Nov 24 20:08:44 jupiter monit[2655]: 'apache' start: /etc/init.d/
apache2
Nov 24 20:09:49 jupiter monit[2655]: 'apache' failed protocol test
[HTTP] at INET[www.obliqueuniverse.org:80].
Nov 24 20:09:49 jupiter monit[2655]: 'apache' trying to restart
Nov 24 20:09:49 jupiter monit[2655]: 'apache' stop: /etc/init.d/
apache2
Nov 24 20:09:50 jupiter monit[2655]: 'apache' start: /etc/init.d/
apache2
Nov 24 20:10:55 jupiter monit[2655]: 'apache' failed protocol test
[HTTP] at INET[www.obliqueuniverse.org:80].
Nov 24 20:10:55 jupiter monit[2655]: 'apache' trying to restart
Nov 24 20:10:55 jupiter monit[2655]: 'apache' stop: /etc/init.d/
apache2
Nov 24 20:10:56 jupiter monit[2655]: 'apache' start: /etc/init.d/
apache2
Nov 24 20:12:01 jupiter monit[2655]: 'apache' failed protocol test
[HTTP] at INET[www.obliqueuniverse.org:80].
Nov 24 20:12:01 jupiter monit[2655]: 'apache' trying to restart
Nov 24 20:12:01 jupiter monit[2655]: 'apache' stop: /etc/init.d/
apache2
Nov 24 20:12:02 jupiter monit[2655]: 'apache' start: /etc/init.d/
apache2
Nov 24 20:13:07 jupiter monit[2655]: 'apache' failed protocol test
[HTTP] at INET[www.obliqueuniverse.org:80].

A thread in the archives
http://www.nabble.com/-monit--Monit-%22connection-failure%22-for-apache-td13377005.html
suggests that there is a bug in monit < 4.9: the error flag is not
cleared when monit restarts a process, even though the process is
restarted correctly. Hence, it keeps spawning the process (subject to
the constraints in monitrc, which I don't fully understand).

However, I don't see a suggested remedy. I can set apache to "mode
passive" in monitrc, but presumably that means that monit won't
restart apache when it *really needs* to be restarted.

I am guessing (hoping) that the 2 problems are related: I can't
connect to monit because monit thinks apache is not running.
(However, I *can* connect to ISPConfig and apache itself.)

Thanks for having read all of the above! As always, interested to
hear your thoughts.

Best Regards,
Vwaju
New York City
.

Relevant Pages

  • Re: [opensuse] Apache2 and environment variables
    ... in '/etc/profile.d' which allows me to start apache2 with oci8 ... BUT if the server is restarted apache2 starts without oci8 ... module and I have to restart manually. ...
    (SuSE)
  • Re: [opensuse] Apache2 and environment variables
    ... If it is not, you can simply add it to the line, or run yast, network services, http server, tab, scroll down and enable env. ... SetEnv MYVAR=value... ... Then restart apache: ... I have not yet discovered the best way to doctor apache's PATH in apache2 & opensuse. ...
    (SuSE)
  • Re: Debian on a Dedicated Server
    ... that its no trouble keeping it in shape, but for remote machines its ... there is a debate whether to use apache2 or 1.3 (some of the third ... party modules and external libraries may not be thread safe). ... though that you can use the forking server to be safe (which is what I ...
    (Debian-User)
  • Re: Setting up a simple Web Server
    ... I have installed the apache2 package, ... I would like to set up a Virtual Server but don't know how... ... > I wold like to install a simple Web Server on my Ubuntu 6.06. ... I wold like to make a few pictures available to my family overseas. ...
    (Ubuntu)
  • Re: [opensuse] Apache2 and environment variables
    ... If it is not, you can simply add it to the line, or run yast, network services, http server, tab, scroll down and enable env. ... SetEnv MYVAR=value... ... I have not yet discovered the best way to doctor apache's PATH in apache2 & opensuse. ... i've added oci8 support for apache2 on a server and defined variables ...
    (SuSE)