Ubuntu 22.04 Apache Passengerfile.json not found

[amg-web]

After installing project on Ubuntu 22.04 with apache get error

Passenger error #2
An error occurred while trying to access '/home/redmine/public_html/Passengerfile.json': Error opening '/home/redmine/public_html/Passengerfile.json' for reading: Permission denied (errno=13)

Apache doesn't have read permissions to that file. Please fix the relevant file permissions.

Tested with libapache2-mod-passenger amd64 6.0.10-3build2 (from Ubuntu repository) and with libapache2-mod-passenger amd64 6.0.14 from https://oss-binaries.phusionpassenger.com/apt/passenger repository

Apache error log: [ E 2022-06-20 10:31:21.8624 2615/T0 apa/Hooks.cpp:175 ]: A filesystem exception occured. Message: Error opening '/home/redmine/public_html/Passengerfile.json' for reading: Permission denied (errno=13) Backtrace: in 'Passenger::AppLocalConfig Passenger::parseAppLocalConfigFile(Passenger::StaticString)' (AppLocalConfigFileUtils.h:60) in 'void Passenger::Apache2Module::DirectoryMapper::autoDetect()' (DirectoryMapper.h:150) in 'bool Passenger::Apache2Module::Hooks::prepareRequest(request_rec*, Passenger::Apache2Module::DirConfig*, const char*, bool)' (Hooks.cpp:447) Ruby 3.0 from Ubuntu 22.04 repository

[CamJN]

Does the mentioned file exist and does the user apache is running as have permission to read it?

[amg-web]

@CamJN everything is OK with it and same settings works great with Ubuntu 20.04 but not with Ubuntu 22.04 I think it's new OpenSSL 3.0 related, but not sure about it

also if I am right Passengerfile.json is used with nginx isn't it?

[CamJN]

It's definitely not an openssl thing, it might be a systemd thing or an apache thing or a passenger thing but openssl wouldn't be involved with this.

Passengerfile.json is usually used with Passenger standalone but can be used with other integrations like apache or nginx.

Can you share your apache config and the output of ls -lh /home/redmine/?

[amg-web]

@CamJN Both Ubuntu 20.04 and Ubuntu 22.04 is installed using same ansible script with same repositories and packages. 20.04 - works as expected 22.04 - does not work

I moved on 22.04 project folder to /var/www/html and got another error:

[Tue Jul 12 07:34:46.605542 2022] [mpm_event:notice] [pid 4541:tid 139638993598336] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 Phusion_Passenger/6.0.14 configured -- resuming normal operations
[Tue Jul 12 07:34:46.605967 2022] [core:notice] [pid 4541:tid 139638993598336] AH00094: Command line: '/usr/sbin/apache2'
/usr/lib/ruby/3.0.0/openssl/buffering.rb:80:in `sysread': SSL_read: unexpected eof while reading (OpenSSL::SSL::SSLError)
        from /usr/lib/ruby/3.0.0/openssl/buffering.rb:80:in `fill_rbuff'
        from /usr/lib/ruby/3.0.0/openssl/buffering.rb:130:in `read'
        from /usr/share/passenger/helper-scripts/prespawn:117:in `block in head_request'
        from /usr/lib/ruby/3.0.0/timeout.rb:97:in `block in timeout'
        from /usr/lib/ruby/3.0.0/timeout.rb:35:in `block in catch'
        from /usr/lib/ruby/3.0.0/timeout.rb:35:in `catch'
        from /usr/lib/ruby/3.0.0/timeout.rb:35:in `catch'
        from /usr/lib/ruby/3.0.0/timeout.rb:112:in `timeout'
        from /usr/share/passenger/helper-scripts/prespawn:116:in `head_request'
        from /usr/share/passenger/helper-scripts/prespawn:172:in `<main>'
[Tue Jul 12 07:34:49.609467 2022] [core:notice] [pid 4541:tid 139638993598336] AH00051: child pid 4558 exit signal Abort (6), possible coredump in /etc/apache2
[Tue Jul 12 07:34:50.611604 2022] [core:notice] [pid 4541:tid 139638993598336] AH00051: child pid 4557 exit signal Abort (6), possible coredump in /etc/apache2

Tested with different files owner (redmine, root, www-data) and system ruby 3.0.0 and with rbenv ruby 3.1.2

Letsencrypt TLS files was not updated or changed. just home dir changed in virtual host ls -al on sceenshots

[CamJN]

The new error seems to indicate that while the ssl gem is trying to perform a buffered read, it times out, and the connection is clsed so it encounters an unexpected eof. That seems like it might be more of an ssl issue like you suggested in your initial comment. I'll look into that soon.

[CamJN]

It's taking too long to read from your app during prespawn, indicating a spawning issue.

[amg-web]

@CamJN I know what is prespawn timeout ( Open Canvas LMS does not start without it )

redmine is very simple. and I get error screen immediately upon start. and again I would like to point that with same config everything works like a charm on Ubuntu 20.04

another thing I'd like to point your attention is ruby ruby 3.0 or less does NOT officially supports OpenSSL 3.0, this support was added to ruby 3.1 so ubuntu developers made some tweaks and workarounds to compile ruby 3.0 with OpenSSL 3.0.

I think we should check this point more carefully.

anyway if you have working config for Ubuntu 22.04, I'd like to see it. Also I can provide you with access to server if you send me your ssh key.

[amg-web]

in addition to openssl passenger does not change user context as it should.

when I changed owner to www-data, I've got same error as in /var/www folder

[CamJN]

Using the system ruby 3 and openssl 3 packages, I just created a blank rails app at /var/www/blog in a new Ubuntu 22.04 VM. I set the DocumentRoot for the default apache virtualhost to /var/www/blog/public and the site started fine. Then I enabled the ssl mod and made the same change to the DocumentRoot of the default ssl virtualhost, and enabled that site, after reloading apache everyhing works as expected. I used the system ruby to generate the rails site.

Whatever the issue is, i don't think it's with passenger.

[amg-web]

@CamJN Thanks. After your message I remembered that my config contain setting: PassengerHighPerformance on After disable this option I was able to start project.

anyway access problem is still there. Passenger does not change user context automatically as it was declared in the documentation and as it works on Ubuntu 20.04 or older.

So for the moment I have 2 issues on Ubuntu 22.04 little changed:

1. user context switch does not work (I have to change owner to www-data for user home folder) setting passenger user and group in virtualhost PassengerGroup redmine PassengerUser redmine does not resolve this issue
2. PassengerHighPerformance on - does not allow project to start (not critical)

[CamJN]

I just noticed you came from ubuntu 20.04 not 21.04, the change in permissions for the home dir is expected: https://ubuntu.com/blog/private-home-directories-for-ubuntu-21-04

www-data can't read /home/redmine from 21.04 forward. you need to either adjust the permissions or use another dir.

[amg-web]

@CamJN Thanks but it's not clear to me:

This screenshot shows that Passenger is started with root and then change user and run project on Ubuntu 20.04

And same we see on Ubuntu 22.04, Passenger is root again, but can not switch user:

log:

root@r5:~# tail -50 /var/log/apache2/redmine_errors.log
[Tue Aug 16 09:10:08.679731 2022] [core:error] [pid 846:tid 140012829988416] (13)Permission denied: [client 195.64.239.216:39546] AH00035: access to / denied (filesystem path '/home/redmine/public_html') because search permissions are missing on a component of the path
[Tue Aug 16 09:10:09.002063 2022] [core:error] [pid 846:tid 140012829988416] (13)Permission denied: [client 195.64.239.216:39546] AH00035: access to /favicon.ico denied (filesystem path '/home/redmine/public_html') because search permissions are missing on a component of the path, referer: https://r5.vhost.org/

[amg-web]

@CamJN Thanks. I moved project to /var/www/redmine with user and owner redmine project started. PassengerHighPerformance on - also works