294

I'm looking for a command that checks the validity of the config files in Apache server on both Debian and RHEL distros. I need to do this prior to restart, so there will be no downtime.

Improve this question

8 Answers 8

Reset to default
448

Check: http://httpd.apache.org/docs/2.2/programs/apachectl.html

apachectl configtest
Improve this answer
6
  • 1
    I am getting this message running the above command AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Commented Sep 15, 2016 at 16:18
  • 2
    Add a line "ServerName whateveryoulike" to your apache config. Replace whateveryoulike with what ever you like to name your server. Commented Sep 26, 2016 at 6:48
  • 10
    might require sudo ? Commented Mar 29, 2017 at 10:29
  • Check everything apache with helpful suggestions curl -L https://raw.githubusercontent.com/richardforth/apache2buddy/master/apache2buddy.pl | perl Commented May 29, 2022 at 23:22
  • If you have letsencrypt certificates you need sudo or will complain about missing certificate files. This applies to all files readable only by root. Commented May 13, 2024 at 13:21
63

Another way is httpd -t. Therefore, it's available in Windows-version of Apache. Check http://httpd.apache.org/docs/2.4/programs/httpd.html

Improve this answer
3
  • 5
    Oddly, on Ubuntu, when I run apachectl configtest I get Syntax OK, but when I run apache2 -t I get AH00526: Syntax error on line 74 of /etc/apache2/apache2.conf (among other errors) Commented Dec 8, 2018 at 2:02
  • @ButtleButkus but the server when you systemctl restart apache2 is ok right? Commented Oct 6, 2021 at 4:16
  • @ButtleButkus use apache2ctl -t as per askubuntu.com/questions/146688/… Commented May 16, 2024 at 17:39
15

The Apache config test (apachectl configtest, or its equivalents) only tests the config file (and the files it recursively includes) for valid syntax. However, the original question asked for preventing downtime. Even when apachectl configtest does not return an error, an actual restart may still fail, causing downtime.

Common causes for such failures include missing or inaccessible SSL certificates, missing directories for log files or a missing website root directory. Often, such errors are caused by removing a vhost's directory without removing the vhost Apache config file. It is highly recommended to use a tool like puppet or ansible to prevent such inconsistencies.

Seeing that this question is the number one hit when googling "apache config lint" I thought I'd mention this little detail...

Improve this answer
10
  • Is there a way to test for common causes of failure per above? Commented Sep 22, 2020 at 0:59
  • That would require a script, that parses the apache config and implements the missing checks. I'm not aware of any freely available scripts that does so. Commented Sep 22, 2020 at 12:26
  • 3
    I have written such a script. If I took the time to put it on github, would anyone use it? It specifically checks SSL configurations, that the files are in the correct location and that the modulos match using openssl, among other things. Commented Sep 27, 2021 at 19:09
  • 1
    I would! Putting it on github definitely is a bonus. Commented Sep 28, 2021 at 20:40
  • 2
    @Jakke PRs are welcome. github.com/jlmgtech/apache-config-auditor Commented Jul 20, 2022 at 16:02
8

apachectl configtest is the correct answer. Unfortunately I've got a windows installation where apachectl is missing. Here calling httpd also helps.

Improve this answer
7

What I usually do is

apache2ctl -t && apache2ctl graceful
Improve this answer
2
  • 7
    Your answer would be more useful if you explained why this works. Commented Jul 30, 2021 at 10:56
  • 2
    I'll hazard a guess. The "-t" runs a syntax test for configuration files only. If that fails, the && prevents the next command from running. The next command, 'apache2ctl graceful' will restart the httpd service in a way that won't disconnect existing connections (hence, graceful). Commented Jan 27, 2022 at 16:06
1

There is always a good idea to take a look at the error logs.

less /var/log/httpd/error_log

-- Paul

Improve this answer
1
0

I have actually tried before:

apachectl configtest

We can actually see the status code to know the error:

/etc/init.d/apache2 restart; systemctl status apache2.service

● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2021-05-30 17:16:45 +08; 41ms ago Docs: https://httpd.apache.org/docs/2.4/ Process: 168391 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE) CPU: 67ms

May 30 17:16:45 kali systemd[1]: Starting The Apache HTTP Server... May 30 17:16:45 kali apachectl[168394]: AH00526: Syntax error on line 13 of /etc/apache2/mods-enabled/security2.conf

Improve this answer
0

For me, this works (maybe because I had set different permissions on files and/or I have installed mod security2):

sudo apachectl -t

Without sudo it can't access some config files so it'll throw an error.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.