259

I'm looking for a command that checks the validity of the config files in Apache server on both Debian and RHEL distros. I need to do this prior to restart, so there will be no downtime.

ivanleoncz
  • 1,433
  • 4
  • 18
  • 32
Sigtran
  • 2,693
  • 2
  • 14
  • 5

6 Answers6

385

Check: http://httpd.apache.org/docs/2.2/programs/apachectl.html

apachectl configtest
keatch
  • 4,106
  • 1
  • 14
  • 3
  • I am getting this message running the above command `AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message` – Ciasto piekarz Sep 15 '16 at 16:18
  • 2
    Add a line "ServerName whateveryoulike" to your apache config. Replace whateveryoulike with what ever you like to name your server. – Pit Sep 26 '16 at 06:48
  • 4
    might require sudo ? – Miguel Mar 29 '17 at 10:29
  • Check everything apache with helpful suggestions ```curl -L https://raw.githubusercontent.com/richardforth/apache2buddy/master/apache2buddy.pl | perl``` – Richard Tyler Miles May 29 '22 at 23:22
54

Another way is httpd -t. Therefore, it's available in Windows-version of Apache. Check http://httpd.apache.org/docs/2.4/programs/httpd.html

guest
  • 541
  • 4
  • 2
  • 3
    Oddly, on Ubuntu, when I run `apachectl configtest` I get `Syntax OK`, but when I run `apache2 -t` I get `AH00526: Syntax error on line 74 of /etc/apache2/apache2.conf` (among other errors) – Buttle Butkus Dec 08 '18 at 02:02
  • @ButtleButkus but the server when you systemctl restart apache2 is ok right? – Benyamin Limanto Oct 06 '21 at 04:16
11

The Apache config test (apachectl configtest, or its equivalents) only tests the config file (and the files it recursively includes) for valid syntax. However, the original question asked for preventing downtime. Even when apachectl configtest does not return an error, an actual restart may still fail, causing downtime.

Common causes for such failures include missing or inaccessible SSL certificates, missing directories for log files or a missing website root directory. Often, such errors are caused by removing a vhost's directory without removing the vhost Apache config file. It is highly recommended to use a tool like puppet or ansible to prevent such inconsistencies.

Seeing that this question is the number one hit when googling "apache config lint" I thought I'd mention this little detail...

BertD
  • 251
  • 2
  • 3
  • Is there a way to test for common causes of failure per above? – Vishal Sep 22 '20 at 00:59
  • That would require a script, that parses the apache config and implements the missing checks. I'm not aware of any freely available scripts that does so. – BertD Sep 22 '20 at 12:26
  • 1
    I have written such a script. If I took the time to put it on github, would anyone use it? It specifically checks SSL configurations, that the files are in the correct location and that the modulos match using openssl, among other things. – James M. Lay Sep 27 '21 at 19:09
  • 1
    I would! Putting it on github definitely is a bonus. – BertD Sep 28 '21 at 20:40
  • @JamesM.Lay I hope you post the link to it on github... save many people from writing such scripts again and again. – Jakke Jul 20 '22 at 09:49
  • @Jakke PRs are welcome. https://github.com/jlmgtech/apache-config-auditor – James M. Lay Jul 20 '22 at 16:02
  • @BertD Idk if you still need it, but see my response to Jakke above – James M. Lay Jul 20 '22 at 16:04
  • @JamesM.Lay Thank you very much for that link. I'm good with PHP / bash but JS is a little outside my comfort zone... so I'm not sure I could contribute. I'll play around with it this weekend and see where I get with it. – Jakke Jul 20 '22 at 21:34
  • @Jakke I would have chosen a different option, but node had the best apache config parser library. Perhaps such a tool would be best written in Rust or the likes. – James M. Lay Jul 21 '22 at 00:43
9

apachectl configtest is the correct answer. Unfortunately I've got a windows installation where apachectl is missing. Here calling httpd also helps.

Matthias M
  • 221
  • 2
  • 4
3

What I usually do is

apache2ctl -t && apache2ctl graceful
mivk
  • 3,457
  • 1
  • 34
  • 29
  • 7
    Your answer would be more useful if you explained why this works. – crafter Jul 30 '21 at 10:56
  • 1
    I'll hazard a guess. The "-t" runs a syntax test for configuration files only. If that fails, the && prevents the next command from running. The next command, 'apache2ctl graceful' will restart the httpd service in a way that won't disconnect existing connections (hence, graceful). – Joseph Van Riper Jan 27 '22 at 16:06
0

I have actually tried before:

apachectl configtest

We can actually see the status code to know the error:

/etc/init.d/apache2 restart; systemctl status apache2.service

● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2021-05-30 17:16:45 +08; 41ms ago Docs: https://httpd.apache.org/docs/2.4/ Process: 168391 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE) CPU: 67ms

May 30 17:16:45 kali systemd[1]: Starting The Apache HTTP Server... May 30 17:16:45 kali apachectl[168394]: AH00526: Syntax error on line 13 of /etc/apache2/mods-enabled/security2.conf

Alvin567
  • 11
  • 1
  • 7