Apache config error Invalid command ‘php_flag’ Ubuntu 16.04

I have just started to upgrade some servers to Ubuntu 16.04.  It looked good until I rebooted to the server and the Apache2 service didn’t start up properly.  I view the logs in systemd.  Using the command:

systemctl status apache2.service

● apache2.service – LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
Active: failed (Result: exit-code) since Tue 2016-04-26 13:29:37 EDT; 7min ago
Docs: man:systemd-sysv-generator(8)
Process: 1343 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

Apr 26 13:29:37 hostname apache2[1343]:  * The apache2 configtest failed.
Apr 26 13:29:37 hostname apache2[1343]: Output of config test was:
Apr 26 13:29:37 hostname apache2[1343]: AH00526: Syntax error on line 59 of /etc/apache2/apache2.conf:
Apr 26 13:29:37 hostname apache2[1343]: Invalid command ‘php_flag’, perhaps misspelled or defined by a module not included in the server configuration
Apr 26 13:29:37 hostname apache2[1343]: Action ‘configtest’ failed.
Apr 26 13:29:37 hostname apache2[1343]: The Apache error log may have more information.
Apr 26 13:29:37 hostname systemd[1]: apache2.service: Control process exited, code=exited status=1
Apr 26 13:29:37 hostname systemd[1]: Failed to start LSB: Apache2 web server.
Apr 26 13:29:37 hostname systemd[1]: apache2.service: Unit entered failed state.
Apr 26 13:29:37 hostname systemd[1]: apache2.service: Failed with result ‘exit-code’.

I did a Apache2ctl config test like so:

AH00526: Syntax error on line 59 of /etc/apache2/apache2.conf:
Invalid command ‘php_flag’, perhaps misspelled or defined by a module not included in the server configuration
Action ‘configtest’ failed.
The Apache error log may have more information.

The problem is the setting “php_flag engine off” and “php_admin_value engine Off” settings.  Which looks like so.  This setting stops php files being executed in certain folders (such a image folder etc).

<DirectoryMatch ^.*/somewhere/>
AllowOverride None
  php_flag engine off
php_admin_value engine Off

I removed both of these and restarted apache again using:

sudo systemctl start apache2.service

Hope this helps someone else.

Apache 2.4 Failed To Start AH00016: Configuration Failed

One of our Apache 2.4 web servers strangely stopped working and didn’t want to come back up. I tried to start it but it came back with a vague error message:

$ sudo service apache2 start
Starting web server
apache2 Action 'start' failed.
The Apache error log may have more information.

A quick look in /var/log/apache2/error.log just showed nothing useful:

$ tail var/log/apache2/error.log
AH00016: Configuration Failed, exiting

So, I ran the Apache configuration check tool on the configuration files but the syntax was okay.

$ sudo apache2ctl configtest
Syntax OK

This means that there isn’t anything wrong with the syntax of the Apache config and I generally find that this means either an SSL certificate isn’t installed incorrectly or there is something wrong with a more general configuration file. To find which host had configuration file problems – I used the strace command. This is really good because it shows all of Apache’s interactions with the file system. Therefore you can see the last file Apache opened before failing.

sudo apt-get update
sudo apt-get install strace
sudo strace -f apache2ctl start

The output from strace is quite large but you can clearly see where Apache failed.

[pid  6068] munmap(0x7f45c6c38000, 4096) = 0
[pid  6068] write(11, "[Sun Oct 05 07:35:44.207805 2014"..., 189) = 189
[pid  6068] write(2, "AH00016: Configuration Failed\n", 30) = 30
[pid  6068] select(0, NULL, NULL, NULL, {0, 10000}) = 0 (Timeout)

and just before this was this…

[pid  6068] munmap(0x7f45c6c38000, 4096) = 0
[pid  6068] open("/etc/ssl/private/a_website_ssl.key", O_RDONLY) = 45
[pid  6068] fstat(45, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
[pid  6068] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f45c6c38000
[pid  6068] read(45, "-----BEGIN PRIVATE KEY-----\nMIIE"..., 4096) = 1704
[pid  6068] close(45) 

This enabled me to quickly idenfity which ssl certicate was causing the problems and disable the site which was using that key.

sudo a2dissite a_weebsite.conf

I hope that someone finds this useful.

Weird ssl_error_rx_record_too_long error after upgrading from Ubuntu 13.04 to Ubuntu 13.10

I upgrade one of our servers from Ubuntu 13.04 to Ubuntu 13.10 and immediately one of the apache sites went wrong. It is was an odd problem because the Apache configuration had not changed and there was nothing unusual about it. I was getting and SSL error like so:

ssl_error_rx_record_too_long error

It turns out that all I needed to do was rename the configuration file (adding .conf). I.e.




How strange!

How to list what Apache modules are enabled in Ubuntu

If you are trying to configure Apache, it can be handy to see what Apache modules are enabled Ubuntu. Here is how to check which apache modules are enabled/installed.

apache2ctl -M

This will provide a list the apache modules which are enabled like so:

Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 expires_module (shared)
 filter_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php5_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)

a2ensite ERROR: Site www.example.com does not exist! Ubuntu 13.10

On our Ubuntu 13.10 server, I had created an apache configuration file for a virtual host however, I could not enable it using a2ensite. The file was here:


I tried to enable it:

a2ensite www.example.com

However, the command complained that ERROR: Site www.example.com does not exist! The files clearly exists. It turns out the this command only works if the file ends with .conf. So

mv www.example.com www.example.com.conf
a2ensite www.example.com.conf

Voila it now work. Why or why doesn’t the developer give useful error messages. For example they should have write. Error – the files doesn’t have a .conf on the end!

How to send Apache error.log to debugchannel

DebugChannel.com is a great new service / downloadable server to help debug your web application. The key things are that it speeds up debugging because all your debug output can be clearly formatted and shown in the same place. So you can get debug information from php scripts or even apache error logs. This post shows you how to send your Apache error logs or even Apache access lots to a debugchannel server.

Step 1 – Download the debugchannel tail client called dctail. This small python script is a wrapper for the the Linux tail command to watch files and send them up a debugchannel server.

wget https://github.com/debugchannel/debugchannel-tail-client/archive/master.zip

Step 2 – Extract the download and run the installer script which will install the command in /usr/bin/local/dctail and also create a service script in /etc/init.d/. This allows you to run dctail as a service on Ubuntu.

unzip master.zip

You need to run the installer script as root.

sudo ./install.sh

Step 3 – Setup the configuration files. The installer script creates a configuration files in /etc/debugchannel/dctail.conf . This is a json files. The key things to specify are the debugchannel server and which files you want to watch. To watch an Apache error.log you might need want a configuration file like this:

    "address": "https://debugchannel.com",
    "apiKey": "someApiKey",
    "files": { "/var/log/apache/error.log":"apachelogs" }

Note: we are sending the /var/log/apache/error.log -> https://debugchannel.com/apachelogs

Step 4 – Start running dctail as root (because it need permissions to read the Apache error.logs. You can either run it once using:

sudo dctail

Or (in Ubuntu) as a service

sudo service dctail start

I hope this helps someone.

How to pipe Apache logs to a python script

I wanted to pipe the output of my Apache’s error logs to a Python script. To do this you need to set the a CustomLog directive in your Apache Config.

Edit /etc/apache2/sites-available/default and add the following line:

CustomLog "| /usr/bin/yourscript" combined

To read the input into Python you need to setup a non-blocking read from stdin.

#! /usr/bin/python
import sys
import select

while sys.stdin in select.select([sys.stdin], [], [], 0)[0]:
    line = sys.stdin.readline()

    if line:
        # Read a line

        # End of file
    # Nothing to read

Obviously, this script just exit’s at end point but you could put logic at each point to process the text as it is read, not read or eof by python.

Let me know if you have any improvements to this script.

How completely reconfigure apache2 configuration files

I tried upgrading one of our servers from Apache 2.2 -> Apache 2.4. It didn’t work so I purged the PPA but the configurations needed rolling back too (which ppa-purge command didn’t do). So, to completely remove Apache2 configuration files and reinstall them use the following command:

sudo apt-get remove --purge apache2 apache2-utils apache2.2-common 

and then had to also reinstall php5:

sudo apt-get install --reinstall apache2-utils apache2 libapache2-mod-php5

Hope this helps someone get out of a pickle.