Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherokee doesn't start with admin!ows!enabled #1218

Open
fuzzball1980 opened this Issue Jan 10, 2019 · 8 comments

Comments

Projects
None yet
2 participants
@fuzzball1980
Copy link

fuzzball1980 commented Jan 10, 2019

Hi guys, I have been using cherokee 1.2.101 for a while without problems. Recently my client asked to disable SSLv3 - SSLv2 TLSv1.0 and TLSv1.1. I have managed to disable the ciphers using the ciphers list but it seems that it is not passing a security test on his side anyway. So I decided to update to 1.2.104, I have cloned and compiled without problem, but when I run cherokee I got an error complaining that cherokee could not read the config file. If I replace my config file with the default config it runs without any problem. The output is just that no detail about the error, the key or the line breaking the conf.

The same config file works ok on v1.2.101

Is there any incompatibility between 101 and 104 config files?

I have run upgrade_config script and it doesnt detect any upgrade to be made. Should the script detect a version change? I believe that maybe in the past I used the script to upgrade to 1.4 and then rolled back but the config file remain with the version flag from 104, is it posible?

In any case is there a way to debug and detect which line is breaking the config?

Any help will be really appreciated.

Thank you very much!

@skinkie

This comment has been minimized.

Copy link
Member

skinkie commented Jan 10, 2019

Have you tried cherokee-admin to see if you can save it again?

@fuzzball1980

This comment has been minimized.

Copy link
Author

fuzzball1980 commented Jan 10, 2019

@skinkie

This comment has been minimized.

Copy link
Member

skinkie commented Jan 10, 2019

So your problem persists after admin save? Could you run cherokee -t?

@fuzzball1980

This comment has been minimized.

Copy link
Author

fuzzball1980 commented Jan 10, 2019

Yes it persist, the command cherokee -t return

Test on /usr/local/etc/cherokee/cherokee.conf: Failed
PID 4431:exited re=1

@skinkie

This comment has been minimized.

Copy link
Member

skinkie commented Jan 10, 2019

Technically you could debug it by compiling cherokee with 'trace'. --enable-trace
That might give some hints what happens. I would suggest to look first for empty values in the configuration (look in the configuration where a line ends with =)

CHEROKEE_TRACE="all" cherokee

@fuzzball1980

This comment has been minimized.

Copy link
Author

fuzzball1980 commented Jan 10, 2019

ok, will try that

I just changed the config!version=001002104 to 001002101 executed the upgrade_config it says

Upgrading cherokee.conf from 1002101 to 1002104.. Upgraded
Saving new configuration.. OK

but cherokee -r still fails

will try compiling with trace enabled

Thanks!

@fuzzball1980

This comment has been minimized.

Copy link
Author

fuzzball1980 commented Jan 10, 2019

Got it!!

I had one line at the end of the file
admin!ows!enabled = 0

and a path to the DH parameters PEM file that doesnt exist on my dev environment

I have deleted the DH params file and still got the error, deleted the admin!ows!enabled = 0 and it runs ok.

I dont know where that lines comes from.

Thank you very much!

@skinkie

This comment has been minimized.

Copy link
Member

skinkie commented Jan 10, 2019

Lets mark this as bug then, so we will also remove admin!ows!enabled from the admin upon migration.

@skinkie skinkie changed the title Could not read /usr/local/etc/cherokee/cherokee.conf Cherokee doesn't start with admin!ows!enabled Jan 10, 2019

@skinkie skinkie self-assigned this Jan 10, 2019

@skinkie skinkie added the t:bug label Jan 10, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.