Apache 2.4: Either all Options must start with + or -, or no Option may

I followed the Ubuntu 12.04 to 14.04 upgrade guide which went well so far using Virtualmin GPL. I did not upgrade an server with existing Virtual servers yet but a test instance using a fresh 12.04 system.

After virtualmin restore-domain 'ing a Virtual server from a production server I got this error during restoring:

Applying web server configuration ..
.. failed! An Apache configuration error was detected : AH00526: Syntax error on line 11 of /etc/apache2/sites-enabled/foo.bar.conf:
Either all Options must start with + or -, or no Option may.
Action 'configtest' failed.

Problem seems to be the mixing of Apache Options with a + or - with those without which is not valid syntax, and will be rejected during server startup by the syntax check with an abort. according to http://httpd.apache.org/docs/2.4/mod/core.html#options

Are there any workarounds I can use right now? Do you plan to fix this in future Virtualmin Server releases?

Status: 
Closed (fixed)

Comments

Howdy -- thanks for the report!

I will talk to Jamie about whether it's possible to automatically correct this particular problem.

If not, what we would do instead is include instructions in the upgrade documentation that explains what to look for and how to correct it.

To help make sure we understand the problem correctly, could you paste in the Apache config for a domain that would receive this particular error? Thanks!

Sure, here it is:

<VirtualHost 78.46.60.162:80>
SuexecUserGroup "#1243" "#1061"
ServerName foo.bar
ServerAlias www.foo.bar
DocumentRoot /home/foo.bar/public_html
ErrorLog /home/foo.bar/logs/error_log
CustomLog /home/foo.bar/logs/access_log combined
ScriptAlias /cgi-bin/ /home/foo.bar/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/foo.bar/public_html>
Options -Indexes SymLinksifOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php5.3
AddHandler fcgid-script .php5.4
FCGIWrapper /home/foo.bar/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/foo.bar/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/foo.bar/fcgi-bin/php5.3.fcgi .php5.3
FCGIWrapper /home/foo.bar/fcgi-bin/php5.4.fcgi .php5.4
</Directory>
<Directory /home/foo.bar/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php5.3
RemoveHandler .php5.4
RedirectMatch /cgi-bin/mailman/([^/\.]*)(.cgi)?(.*) https://foo.bar:10000/virtualmin-mailman/unauthenticated/$1.cgi$3
RedirectMatch /mailman/([^/\.]*)(.cgi)?(.*) https://foo.bar:10000/virtualmin-mailman/unauthenticated/$1.cgi$3
Alias /pipermail /var/lib/mailman/archives/public
</VirtualHost>

BTW:

  • When creating a new Virtual server on Ubuntu 14.04 I get the same error. So at least it seems not to be related to the restored Virtual server.
  • Virtualmin identifies itself as 4.07.gpl GPL at its Web UI.

I did contact Jamie with some information about that particular problem, we'll see what he says regarding automatically correcting that issue.

Regarding creating a new Virtual Server -- I wasn't able to reproduce that in my tests, which may mean that your Apache Server Template is different than the default one that I'm using.

However, that may be simple to correct -- if you look in System Settings -> Server Templates -> Default -> Apache Website, what does the "Options" line in the "public_html" section look like?

By default, it should look like this:

Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch

You are right, I have customized Server Templates which contained Options without plus sign (and even the unsecure FollowSymLinks). I changed that and creating new servers now works as expected. Thanks for pointing that out!

The next Virtualmin release will not create these invalid Options lines, and will fix up existing lines when restoring backups on Apache 2.4 systems.

Automatically closed -- issue fixed for 2 weeks with no activity.