Apache warning: Connection refused: connect to listener

I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b in
my server (freebsd 4.8) and everything seems to be working fine. I have apache
configured to serve both secure and insecure pages.

However, I keep getting the following line in my error log file (thousands of times):

[Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to listener

I have thousands of these warnings now in just a couple of days. I can't figure out any pattern to them.
I get this warning even when I don't have any activity going on with the web server.
It also happens if I don't have any SSL virtual hosts set up.
I notice no problems with any web pages, secure or not.

When I recompile apache without mod_ssl, the warning goes away.

I've scoured the Internet but I can't find a thing about this warning. Does anyone have any idea about why this is happening?

Alex Hart
http://atpmail.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache warning: Connection refused: connect to listener

On Mon, 29 Sep 2003, Alex Hart wrote:

> I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b in
> my server (freebsd 4.8) and everything seems to be working fine. I have
> apache configured to serve both secure and insecure pages.
>
> However, I keep getting the following line in my error log file
> (thousands of times):
>
> [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to
> listener
>
> I have thousands of these warnings now in just a couple of days. I can't
> figure out any pattern to them. I get this warning even when I don't
> have any activity going on with the web server. It also happens if I
> don't have any SSL virtual hosts set up. I notice no problems with any
> web pages, secure or not.
>
> When I recompile apache without mod_ssl, the warning goes away.
>
> I've scoured the Internet but I can't find a thing about this warning.
> Does anyone have any idea about why this is happening?


Okay, here's a couple of things for you to check on to help me track down
what's going on (I'm cc'ing dev@httpd in case anybody else has guesses).

1) Is your server compiled with -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT?
2) Which MPM are you using?

You can find out the answers to both of these by running ./httpd -V
from /usr/local/apache2/bin or wherever your httpd binary is
installed. For example:

----------------------------------------------------
root@deepthought:/root/apache/test/bin# ./httpd -V
Server version: Apache/2.1.0-dev
Server built: Aug 12 2003 16:43:24
Server's Module Magic Number: 20030213:1
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/worker"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/root/apache/test"
-D SUEXEC_BIN="/root/apache/test/bin/suexec"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
----------------------------------------------------

Thanks,
Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache warning: Connection refused: connect to listener

On Mon, Sep 29, 2003 at 11:06:31PM -0400, Alex Hart wrote:
> I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b in
> my server (freebsd 4.8) and everything seems to be working fine. I have apache
> configured to serve both secure and insecure pages.
>
> However, I keep getting the following line in my error log file (thousands of times):
>
> [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to listener
>
> I have thousands of these warnings now in just a couple of days. I can't figure out any pattern to them.
> I get this warning even when I don't have any activity going on with the web server.
> It also happens if I don't have any SSL virtual hosts set up.
> I notice no problems with any web pages, secure or not.
>
We need a few more details to guess what might be happening - something like
the output of httpd -V, the configure options used when building apache and
wether you have any other non standard modules installed (ie. php and such).
Also your SSL specific part of the configuration.

vh

Mads Toftum
--
Speaking at http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations"
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache warning: Connection refused: connect to listener

I sent this yesterday but never saw it, so sorry if this is double. Output of httpd -V at bottom.

- Alex

The following message was sent by Mads Toftum on Tue, 30 Sep 2003 10:32:42 +0200.

> On Mon, Sep 29, 2003 at 11:06:31PM -0400, Alex Hart wrote:
> > I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b in
> > my server (freebsd 4.8) and everything seems to be working fine. I have
> apache
> > configured to serve both secure and insecure pages.
> >
> > However, I keep getting the following line in my error log file (thousands
> of times):
> >
> > [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to
> listener
> >
> > I have thousands of these warnings now in just a couple of days. I can't
> figure out any pattern to them.
> > I get this warning even when I don't have any activity going on with
> the web server.
> > It also happens if I don't have any SSL virtual hosts set up.
> > I notice no problems with any web pages, secure or not.
> >
> We need a few more details to guess what might be happening - something
> like
> the output of httpd -V, the configure options used when building apache
> and
> wether you have any other non standard modules installed (ie. php and such).
> Also your SSL specific part of the configuration.
>
> vh
>
> Mads Toftum
> --
> Speaking at http://ApacheCon.com/
> T03, "Apache 2 mod_ssl tutorial" (3h)
> WE03, "Troubleshooting Apache configurations"
> WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>

../httpd -V
Server version: Apache/2.0.47
Server built: Sep 29 2003 18:29:13
Server's Module Magic Number: 20020903:4
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_FLOCK_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/usr/local/apache2"
-D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

- Alex Hart
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache warning: Connection refused: connect to listener

I am away until the 1st of October 2003.
I will get back to you as soon as i can when I return.
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online
then please contact one of the other members of the OLSU team.


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache warning: Connection refused: connect to listener

On Tue, Sep 30, 2003 at 12:13:42PM -0400, Alex Hart wrote:
> I sent this yesterday but never saw it, so sorry if this is double. Output of httpd -V at bottom.
>
> ./httpd -V
> Server version: Apache/2.0.47
> Server built: Sep 29 2003 18:29:13
> Server's Module Magic Number: 20020903:4
> Architecture: 32-bit
> Server compiled with....
> -D APACHE_MPM_DIR="server/mpm/prefork"
> -D APR_HAS_SENDFILE
> -D APR_HAS_MMAP
> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
> -D APR_USE_FLOCK_SERIALIZE
> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

Right, this was part of what we needed - then there is the configuration.
Specifically there are two settings that might be worth taking a closer
look at - SSLMutex and SSLSessionCache. What are they currently set to?
and if you feel adventurous, try switching between different types.

http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslmutex
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslsession cache

vh

Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations"
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache warning: Connection refused: connect to listener

>
> > On Mon, Sep 29, 2003 at 11:06:31PM -0400, Alex Hart wrote:
> > > I just installed Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7b
> > > However, I keep getting the following line in my error log file (thousands
> > of times):
> > >
> > > [Wed Sep 24 12:51:15 2003] [warn] (61)Connection refused: connect to listener
> > >
> > > I have thousands of these warnings now in just a couple of days.
>
> ./httpd -V
> Server version: Apache/2.0.47
> Server built: Sep 29 2003 18:29:13
> Server's Module Magic Number: 20020903:4
> Architecture: 32-bit
> Server compiled with....
> -D APACHE_MPM_DIR="server/mpm/prefork"
> -D APR_HAS_SENDFILE
> -D APR_HAS_MMAP
> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
> -D APR_USE_FLOCK_SERIALIZE
> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
> -D APR_HAS_OTHER_CHILD
> -D AP_HAVE_RELIABLE_PIPED_LOGS
> -D HTTPD_ROOT="/usr/local/apache2"
> -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
> -D DEFAULT_PIDLOG="logs/httpd.pid"
> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> -D DEFAULT_LOCKFILE="logs/accept.lock"
> -D DEFAULT_ERRORLOG="logs/error_log"
> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>

More Info:

SSLSessionCache dbm:logs/ssl_scache
SSLMutex file:logs/ssl_mutex

I will try out different values for these, but I reinstalled without modssl, so I have to install modssl first. Seems like these are pretty standard settings. I'm surprised no one else has run across this warning.

Please let me know if there is anything else I can provide to help out.

- Alex Hart
http://atpmail.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache warning: Connection refused: connect to listener

On Thu, Oct 02, 2003 at 11:58:35PM -0400, Alex Hart wrote:
> More Info:
>
> SSLSessionCache dbm:logs/ssl_scache

Ususally I'd suggest using an shm based cache for performance reasons,
but that probably isn't the cause.

> SSLMutex file:logs/ssl_mutex
>
I seem to recall some sort of trouble with mutexes on bsd that has been
fixed recently - although your error message doesn't seem directly
related, it might be worth looking into. Or possibly even going for the
latest cvs version in APACHE_2_0_BRANCH (a new release should be right
around the corner anyway).

> I will try out different values for these, but I reinstalled without modssl, so I have to install modssl first. Seems like these are pretty standard settings. I'm surprised no one else has run across this warning.
>
I have heard one reporting similar problems on irc, but that's it.

vh

Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations"
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache warning: Connection refused: connect to listener

I know everyone forgot about this already, but I still have this problem. I was hoping the new release of apache (2.0.48) would somehow fix this, but it didn't.

To rehash, apache works fine, but when I run with openssl, I consistently (thousands of times in day) get the warning:

[warn] (61)Connection refused: connect to listener.

Everything seems to work fine.

I'm now running 2 copies of apache, one on port 80 and one on 443. When I run it like this, I get no warnings. It's only when I run both secure and insecure on the same server that I get warnings. Does that make any sense? It seems like openssl with my insecure pages are causing the warning, but I seem to get these even when no activity is going on.

Here's my version info:
[root@www /usr/local/apache2/bin]# ./httpd -V
Server version: Apache/2.0.48
Server built: Oct 30 2003 23:42:59
Server's Module Magic Number: 20020903:4
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_FLOCK_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/usr/local/apache2"
-D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

SSLSessionCache dbm:logs/ssl_scache
SSLMutex file:logs/ssl_mutex

Oh well, I'm probably switching off of FreeBSD soon anyway. So I guess the problems will dissappear then.

Alex Hart
President and Head Honcho
ATP Solutions, Inc.
http://www.althepal.com
ATPmail - Your Webmail Solution

The following message was sent by Mads Toftum on Fri, 3 Oct 2003 10:49:13 +0200.

> On Thu, Oct 02, 2003 at 11:58:35PM -0400, Alex Hart wrote:
> > More Info:
> >
> > SSLSessionCache dbm:logs/ssl_scache
>
> Ususally I'd suggest using an shm based cache for performance reasons,
> but that probably isn't the cause.
>
> > SSLMutex file:logs/ssl_mutex
> >
> I seem to recall some sort of trouble with mutexes on bsd that has been
> fixed recently - although your error message doesn't seem directly
> related, it might be worth looking into. Or possibly even going for the
> latest cvs version in APACHE_2_0_BRANCH (a new release should be right
> around the corner anyway).
>
> > I will try out different values for these, but I reinstalled without
> modssl, so I have to install modssl first. Seems like these are pretty
> standard settings. I'm surprised no one else has run across this warning.
> >
> I have heard one reporting similar problems on irc, but that's it.
>
> vh
>
> Mads Toftum
> --
> Speaking at ApacheCon 2003 - http://ApacheCon.com/
> T03, "Apache 2 mod_ssl tutorial" (3h)
> WE03, "Troubleshooting Apache configurations"
> WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org