SELinux in permissive mode - AH00952: FCGI: error creating fam 2 socket for target 127.0.0.1

Hi,

the old thread “trying to setup HTTPS” got a little long, so I decided to sum up & repost the issue:

When I try to access my https server-address from WAN I get

Service Unavailable
The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.
Apache/2.4.7 (Ubuntu) Server at xx.xx-xx.xx Port 443

OS is Ubuntu, and the .tar seafile-installation file used is the one for raspberry.
Seafile and Seahub Server are running.

apache.log file says

[Fri Nov 11 17:38:48.627827 2016] [proxy:error] [pid 12721:tid 2934961200] (13)Permission denied: AH00952: FCGI: error creating fam 2 socket for target 127.0.0.1
[Fri Nov 11 17:38:48.628010 2016] [proxy:error] [pid 12721:tid 2934961200] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 60s
[Fri Nov 11 17:38:48.628041 2016] [proxy_fcgi:error] [pid 12721:tid 2934961200] [client 192.168.20.21:56429] AH01079: failed to make connection to backend: 127.0.0.1
[Fri Nov 11 17:38:49.208150 2016] [proxy:error] [pid 12721:tid 3044013104] AH00940: FCGI: disabled connection for (127.0.0.1)

ccnet.conf

android@localhost:~/seafile/conf$ cat ccnet.https

[General]
USER_NAME = Madagascar
ID = xy
NAME = Madagascar
SERVICE_URL = https://xy.org

[Client]
PORT = 13419

android@localhost:/etc/apache2/sites-enabled$ cat 000-default.conf

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.

ServerName xy.org    
ServerAdmin webmaster@localhost
DocumentRoot /var/www
# /var/www/html 
Alias /media  /home/android/seafile/seafile-server-latest/seahub/media
RewriteEngine On
<Location /media>
        Require all granted
    </Location>
#
    # seafile fileserver
    #
    
ProxyPass /seafhttp localhost:8082
    ProxyPassReverse /seafhttp localhost:8082
    RewriteRule ^/seafhttp - [QSA,L]
#
    # seahub
    #
    
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    ProxyPass / fcgi://127.0.0.1:8000/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

<VirtualHost *:443>
ServerName xy.org
DocumentRoot /var/www

SSLEngine On
SSLCertificateFile /home/android/seafile/cacert.pem
SSLCertificateKeyFile /home/android/seafile/privkey.pem

Alias /media /home/android/seafile/seafile-server-latest/seahub/media

<Location /media>
Require all granted

RewriteEngine On

seafile fileserver

ProxyPass /seafhttp localhost:8082
ProxyPassReverse /seafhttp localhost:8082
RewriteRule ^/seafhttp - [QSA,L]

seahub

SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
ProxyPass / fcgi:/localhost:8000/

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Please help me debug. It does not seem to be SELinux issue (Trying to setup HTTPS access).
Thank you.

Someone over in the Apache Forum gave the following suggestions:

Permission denied: AH00952: FCGI: error creating fam 2 socket for target 127.0.0.1

The options are .

A) The fast cgi server isn’t running at all.

B) The fast cgi server does listen on a different port.

c) sea* are running with a different user and apache can not access the socket.

please, can someone give guidance: how can c) be verified ?

Update:

changing /etc/apache2/envvars solves the problem:

change www-data > seafile

APACHE_RUN_USER=seafile
APACHE_RUN_GROUP=seafile

Seahub works with https now: but is this the way it is supposed to be ?