After enabling Auto-TLS on cloudera cluster, Hue load balancer is not starting. We are getting below errors:
Error Message: Stderr
perl -pi -e 's#\{\{CLOUDERA_HTTPD_LOG_DIR}}#/mounts/edge/app/log/hue-httpd#' /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/httpd.conf /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/hue.conf /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/supervisor.conf Can't open /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/supervisor.conf: Permission denied, <> line 279. + replace_httpd_conf CLOUDERA_HTTPD_MODULE_DIR + VAR=CLOUDERA_HTTPD_MODULE_DIR + perl -pi -e 's#\{\{CLOUDERA_HTTPD_MODULE_DIR}}#/usr/lib64/httpd/modules#' /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/httpd.conf /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/hue.conf /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/supervisor.conf Can't open /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/supervisor.conf: Permission denied, <> line 279. + replace_conf_dir + echo CONF_DIR=/var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER + echo CMF_CONF_DIR= + EXCLUDE_CMF_FILES=('cloudera-config.sh' 'hue.sh' 'impala.sh' 'sqoop.sh' 'supervisor.conf' 'config.zip' 'proc.json' '*.log' '*.keytab' '*jceks' 'supervisor_status') ++ printf '! -name %s ' cloudera-config.sh hue.sh impala.sh sqoop.sh supervisor.conf config.zip proc.json '*.log' '*.keytab' '*jceks' supervisor_status + find /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER -type f '!' -path '/var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/logs/*' '!' -name cloudera-config.sh '!' -name hue.sh '!' -name impala.sh '!' -name sqoop.sh '!' -name supervisor.conf '!' -name config.zip '!' -name proc.json '!' -name '*.log' '!' -name '*.keytab' '!' -name '*jceks' '!' -name supervisor_status -exec perl -pi -e 's#\{\{CMF_CONF_DIR}}#/var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER#g' '{}' ';' + service_specific_actions + export HUE_HOME=/opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p3739.1842613/lib/hue + HUE_HOME=/opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p3739.1842613/lib/hue + echo HUE_HOME=/opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p3739.1842613/lib/hue + replace_httpd_conf HUE_HOME + VAR=HUE_HOME + perl -pi -e 's#\{\{HUE_HOME}}#/opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p3739.1842613/lib/hue#' /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/httpd.conf /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/hue.conf /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/supervisor.conf Can't open /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/supervisor.conf: Permission denied, <> line 279. + perl -pi -e 's#^SSLPassPhraseDialog(.*)\{\{AGENT_COMMON_DIR}}/sslpassphrase.sh#SSLPassPhraseDialog\1/opt/cloudera/cm-agent/service/common\/sslpassphrase.sh#g' /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/hue.conf + check_httpd_conf + /usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/httpd.conf -t Syntax OK + '[' 0 '!=' 0 ']' + '[' '' = refresh ']' + start_httpd + ARGS= + '[' -n true ']' + ARGS=-DCLOUDERA_HTTPD_USE_SSL + exec /usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/httpd.conf -DFOREGROUND -DCLOUDERA_HTTPD_USE_SSL AH00526: Syntax error on line 267 of /var/run/cloudera-scm-agent/process/1295-hue-HUE_LOAD_BALANCER/httpd.conf: SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers ('XXX:...:XXX' - see manual)
Hue Server log:
Time Log Level Source Log Message 3:09:23.811 AM NA [proxy:error] [pid 10369:tid 140609482364672] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) failed 3:09:23.811 AM NA [proxy:error] [pid 10369:tid 140609482364672] AH00959: ap_proxy_connect_backend disabling worker for (usawe-ieedgep16.res.ds.quintiles.com) for 10s 3:09:23.811 AM NA [proxy_http:error] [pid 10369:tid 140609482364672] [client 192.168.167.234:54099] AH01114: HTTP: failed to make connection to backend: usawe-ieedgep16.res.ds.quintiles.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:23.811 AM NA [proxy:error] [pid 10369:tid 140609482364672] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.90:8888 (usawe-host.com) failed 3:09:23.811 AM NA [proxy:error] [pid 10369:tid 140609482364672] AH00959: ap_proxy_connect_backend disabling worker for (usawe-host.com) for 10s 3:09:23.811 AM NA [proxy_http:error] [pid 10369:tid 140609482364672] [client 192.168.167.234:54099] AH01114: HTTP: failed to make connection to backend: usawe-host.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:23.814 AM NA [proxy:error] [pid 10367:tid 140609482364672] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) failed 3:09:23.814 AM NA [proxy:error] [pid 10367:tid 140609482364672] AH00959: ap_proxy_connect_backend disabling worker for (usawe-ieedgep16.res.ds.quintiles.com) for 10s 3:09:23.814 AM NA [proxy_http:error] [pid 10367:tid 140609482364672] [client 192.168.167.234:54100] AH01114: HTTP: failed to make connection to backend: usawe-ieedgep16.res.ds.quintiles.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:23.815 AM NA [proxy:error] [pid 10367:tid 140609482364672] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.90:8888 (usawe-host.com) failed 3:09:23.815 AM NA [proxy:error] [pid 10367:tid 140609482364672] AH00959: ap_proxy_connect_backend disabling worker for (usawe-host.com) for 10s 3:09:23.815 AM NA [proxy_http:error] [pid 10367:tid 140609482364672] [client 192.168.167.234:54100] AH01114: HTTP: failed to make connection to backend: usawe-host.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:25.812 AM NA [proxy:error] [pid 10367:tid 140609473971968] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) failed 3:09:25.812 AM NA [proxy:error] [pid 10367:tid 140609473971968] AH00959: ap_proxy_connect_backend disabling worker for (usawe-ieedgep16.res.ds.quintiles.com) for 10s 3:09:25.812 AM NA [proxy_http:error] [pid 10367:tid 140609473971968] [client 192.168.167.234:61652] AH01114: HTTP: failed to make connection to backend: usawe-ieedgep16.res.ds.quintiles.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:25.812 AM NA [proxy:error] [pid 10367:tid 140609473971968] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.90:8888 (usawe-host.com) failed 3:09:25.812 AM NA [proxy:error] [pid 10367:tid 140609473971968] AH00959: ap_proxy_connect_backend disabling worker for (usawe-host.com) for 10s 3:09:25.812 AM NA [proxy_http:error] [pid 10367:tid 140609473971968] [client 192.168.167.234:61652] AH01114: HTTP: failed to make connection to backend: usawe-host.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:30.696 AM NA [proxy:error] [pid 10369:tid 140609473971968] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) failed 3:09:30.696 AM NA [proxy:error] [pid 10369:tid 140609473971968] AH00959: ap_proxy_connect_backend disabling worker for (usawe-ieedgep16.res.ds.quintiles.com) for 10s 3:09:30.696 AM NA [proxy_http:error] [pid 10369:tid 140609473971968] [client 192.168.167.234:49766] AH01114: HTTP: failed to make connection to backend: usawe-ieedgep16.res.ds.quintiles.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:30.696 AM NA [proxy:error] [pid 10369:tid 140609473971968] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.90:8888 (usawe-host.com) failed 3:09:30.696 AM NA [proxy:error] [pid 10369:tid 140609473971968] AH00959: ap_proxy_connect_backend disabling worker for (usawe-host.com) for 10s 3:09:30.696 AM NA [proxy_http:error] [pid 10369:tid 140609473971968] [client 192.168.167.234:49766] AH01114: HTTP: failed to make connection to backend: usawe-host.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:30.696 AM NA [proxy:error] [pid 10367:tid 140609465579264] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) failed 3:09:30.696 AM NA [proxy:error] [pid 10367:tid 140609465579264] AH00959: ap_proxy_connect_backend disabling worker for (usawe-ieedgep16.res.ds.quintiles.com) for 10s 3:09:30.696 AM NA [proxy_http:error] [pid 10367:tid 140609465579264] [client 192.168.167.234:49767] AH01114: HTTP: failed to make connection to backend: usawe-ieedgep16.res.ds.quintiles.com, referer: http://usawe-host.com:8889/hue/editor/?type=impala 3:09:30.696 AM NA [proxy:error] [pid 10367:tid 140609465579264] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.90:8888 (usawe-host.com) failed 3:09:30.696 AM NA [proxy:error] [pid 10367:tid 140609465579264] AH00959: ap_proxy_connect_backend disabling worker for (usawe-host.com) for 10s 3:09:30.696 AM NA [proxy_http:error] [pid 10367:tid 140609465579264] [client 192.168.167.234:49767] AH01114: HTTP: failed to make connection to backend: usawe-host.com, referer: http://usawe-host.com:8889/hue/editor/?type=impala 3:09:30.734 AM NA [proxy:error] [pid 10369:tid 140609465579264] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) failed 3:09:30.734 AM NA [proxy:error] [pid 10369:tid 140609465579264] AH00959: ap_proxy_connect_backend disabling worker for (usawe-ieedgep16.res.ds.quintiles.com) for 10s 3:09:30.734 AM NA [proxy_http:error] [pid 10369:tid 140609465579264] [client 192.168.167.234:49768] AH01114: HTTP: failed to make connection to backend: usawe-ieedgep16.res.ds.quintiles.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:09:30.735 AM NA [proxy:error] [pid 10369:tid 140609465579264] (111)Connection refused: AH00957: HTTP: attempt to connect to 192.168.167.90:8888 (usawe-host.com) failed 3:09:30.735 AM NA [proxy:error] [pid 10369:tid 140609465579264] AH00959: ap_proxy_connect_backend disabling worker for (usawe-host.com) for 10s 3:09:30.735 AM NA [proxy_http:error] [pid 10369:tid 140609465579264] [client 192.168.167.234:49768] AH01114: HTTP: failed to make connection to backend: usawe-host.com, referer: http://usawe-host.com:8889/hue/editor?editor=1893&type=hive 3:15:09.117 AM NA [proxy_http:error] [pid 10369:tid 140609457186560] (20014)Internal error: [client 192.168.167.234:50427] AH01102: error reading status line from remote server usawe-ieedgep16.res.ds.quintiles.com:8888, referer: http://usawe-host.com:8889/hue/editor/?type=impala 3:15:09.117 AM NA [proxy:error] [pid 10369:tid 140609457186560] [client 192.168.167.234:50427] AH00898: Error reading from remote server returned by /hue/editor, referer: http://usawe-host.com:8889/hue/editor/?type=impala 3:15:09.483 AM NA [mpm_event:notice] [pid 10195:tid 140609608697984] AH00491: caught SIGTERM, shutting down 3:16:13.230 AM NA [ssl:warn] [pid 16023:tid 140278018885760] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] 3:16:13.231 AM NA [mpm_event:notice] [pid 16023:tid 140278018885760] AH00489: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips configured -- resuming normal operations 3:16:13.231 AM NA [core:notice] [pid 16023:tid 140278018885760] AH00094: Command line: '/usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/764-hue-HUE_LOAD_BALANCER/httpd.conf -D FOREGROUND' 10:10:43.306 AM NA [mpm_event:notice] [pid 16023:tid 140278018885760] AH00491: caught SIGTERM, shutting down 10:11:47.463 AM NA [ssl:warn] [pid 7864:tid 140353752414336] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] 10:11:47.464 AM NA [mpm_event:notice] [pid 7864:tid 140353752414336] AH00489: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips configured -- resuming normal operations 10:11:47.464 AM NA [core:notice] [pid 7864:tid 140353752414336] AH00094: Command line: '/usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/838-hue-HUE_LOAD_BALANCER/httpd.conf -D FOREGROUND' 4:50:27.129 PM NA [mpm_event:notice] [pid 7864:tid 140353752414336] AH00491: caught SIGTERM, shutting down 4:51:32.085 PM NA [ssl:warn] [pid 1368:tid 139837794330752] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] 4:51:32.086 PM NA [mpm_event:notice] [pid 1368:tid 139837794330752] AH00489: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips configured -- resuming normal operations 4:51:32.086 PM NA [core:notice] [pid 1368:tid 139837794330752] AH00094: Command line: '/usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/884-hue-HUE_LOAD_BALANCER/httpd.conf -D FOREGROUND' 12:02:46.652 AM NA [mpm_event:notice] [pid 1368:tid 139837794330752] AH00491: caught SIGTERM, shutting down 12:04:18.907 AM NA [ssl:warn] [pid 31262:tid 140382759028864] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] 12:04:18.908 AM NA [mpm_event:notice] [pid 31262:tid 140382759028864] AH00489: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips configured -- resuming normal operations 12:04:18.908 AM NA [core:notice] [pid 31262:tid 140382759028864] AH00094: Command line: '/usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/973-hue-HUE_LOAD_BALANCER/httpd.conf -D FOREGROUND' 8:07:39.563 PM NA [mpm_event:notice] [pid 31262:tid 140382759028864] AH00491: caught SIGTERM, shutting down 9:22:52.500 PM NA [ssl:warn] [pid 8636:tid 139663826663552] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] 9:22:52.501 PM NA [mpm_event:notice] [pid 8636:tid 139663826663552] AH00489: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips configured -- resuming normal operations 9:22:52.501 PM NA [core:notice] [pid 8636:tid 139663826663552] AH00094: Command line: '/usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/1237-hue-HUE_LOAD_BALANCER/httpd.conf -D FOREGROUND' 9:25:04.668 PM NA [ssl:error] [pid 8839:tid 139663700330240] [remote 192.168.167.90:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 9:25:04.668 PM NA [proxy:error] [pid 8839:tid 139663700330240] AH00961: HTTPS: failed to enable ssl support for 192.168.167.90:8888 (usawe-host.com) 9:25:05.035 PM NA [ssl:error] [pid 8841:tid 139663700330240] [remote 192.168.167.139:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 9:25:05.035 PM NA [proxy:error] [pid 8841:tid 139663700330240] AH00961: HTTPS: failed to enable ssl support for 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) 9:25:33.524 PM NA [ssl:error] [pid 8841:tid 139663691937536] [remote 192.168.167.139:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 9:25:33.524 PM NA [proxy:error] [pid 8841:tid 139663691937536] AH00961: HTTPS: failed to enable ssl support for 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) 9:25:33.952 PM NA [ssl:error] [pid 8841:tid 139663612311296] [remote 192.168.167.90:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 9:25:33.952 PM NA [proxy:error] [pid 8841:tid 139663612311296] AH00961: HTTPS: failed to enable ssl support for 192.168.167.90:8888 (usawe-host.com) 9:30:41.044 PM NA [mpm_event:notice] [pid 8636:tid 139663826663552] AH00491: caught SIGTERM, shutting down 9:30:51.083 PM NA [ssl:warn] [pid 15092:tid 140033754507392] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] 9:30:51.084 PM NA [mpm_event:notice] [pid 15092:tid 140033754507392] AH00489: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips configured -- resuming normal operations 9:30:51.084 PM NA [core:notice] [pid 15092:tid 140033754507392] AH00094: Command line: '/usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/1245-hue-HUE_LOAD_BALANCER/httpd.conf -D FOREGROUND' 9:32:49.407 PM NA [ssl:error] [pid 15290:tid 140033628174080] [remote 192.168.167.90:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 9:32:49.407 PM NA [proxy:error] [pid 15290:tid 140033628174080] AH00961: HTTPS: failed to enable ssl support for 192.168.167.90:8888 (usawe-host.com) 9:32:50.125 PM NA [ssl:error] [pid 15285:tid 140033628174080] [remote 192.168.167.139:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 9:32:50.125 PM NA [proxy:error] [pid 15285:tid 140033628174080] AH00961: HTTPS: failed to enable ssl support for 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) 2:57:51.708 PM NA [ssl:error] [pid 15290:tid 140033619781376] [remote 192.168.167.139:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 2:57:51.709 PM NA [proxy:error] [pid 15290:tid 140033619781376] AH00961: HTTPS: failed to enable ssl support for 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) 2:57:52.063 PM NA [ssl:error] [pid 15285:tid 140033619781376] [remote 192.168.167.90:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 2:57:52.063 PM NA [proxy:error] [pid 15285:tid 140033619781376] AH00961: HTTPS: failed to enable ssl support for 192.168.167.90:8888 (usawe-host.com) 4:07:07.352 PM NA [ssl:error] [pid 15285:tid 140033611388672] [remote 192.168.167.90:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 4:07:07.353 PM NA [proxy:error] [pid 15285:tid 140033611388672] AH00961: HTTPS: failed to enable ssl support for 192.168.167.90:8888 (usawe-host.com) 4:07:07.572 PM NA [ssl:error] [pid 15290:tid 140033611388672] [remote 192.168.167.139:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 4:07:07.572 PM NA [proxy:error] [pid 15290:tid 140033611388672] AH00961: HTTPS: failed to enable ssl support for 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) 4:39:10.766 PM NA [mpm_event:notice] [pid 15092:tid 140033754507392] AH00491: caught SIGTERM, shutting down 4:39:21.105 PM NA [ssl:warn] [pid 17785:tid 140606613371008] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] 4:39:21.106 PM NA [mpm_event:notice] [pid 17785:tid 140606613371008] AH00489: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips configured -- resuming normal operations 4:39:21.106 PM NA [core:notice] [pid 17785:tid 140606613371008] AH00094: Command line: '/usr/sbin/httpd -f /var/run/cloudera-scm-agent/process/1282-hue-HUE_LOAD_BALANCER/httpd.conf -D FOREGROUND' 4:40:37.652 PM NA [ssl:error] [pid 18000:tid 140606487037696] [remote 192.168.167.90:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 4:40:37.652 PM NA [proxy:error] [pid 18000:tid 140606487037696] AH00961: HTTPS: failed to enable ssl support for 192.168.167.90:8888 (usawe-host.com) 4:40:37.927 PM NA [ssl:error] [pid 18002:tid 140606487037696] [remote 192.168.167.139:8888] AH01961: SSL Proxy requested for usawe-host.com:80 but not enabled [Hint: SSLProxyEngine] 4:40:37.927 PM NA [proxy:error] [pid 18002:tid 140606487037696] AH00961: HTTPS: failed to enable ssl support for 192.168.167.139:8888 (usawe-ieedgep16.res.ds.quintiles.com) 4:45:22.154 PM NA [mpm_event:notice] [pid 17785:tid 140606613371008] AH00491: caught SIGTERM, shutting down
Solution:Â
From the httpd.conf , I see that few properties need to set:
<IfDefine CLOUDERA_HTTPD_USE_SSL>
SSLEngine on
SSLProxyEngine on
# From Mozilla Recommended Configuration:
# https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
SSLProtocol
SSLProxyProtocol
SSLCipherSuite
SSLHonorCipherOrder on
</IfDefine>
To resolve this, add the protocol versions and cipher suites through CM:
– In Cloudera Manager, navigate to Hue => ConfigurationÂ
Scope: => Load Balancer, Category: =>Advanced
– Configure the SSLProtocol and SSLCipherSuite properties with the following values:
SSLProtocol: all -SSLv2 -SSLv3
SSLCipherSuite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128
-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM
-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE
-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE
-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE
-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA
-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256
-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
– Save, and restart the Hue Load Balancer role
Note that the value set in SSLCipherSuite is a long colon-delimited set, but should be all one line. Be aware of any extraneous whitespace when you set the value.
I would also like to point out that the “permission denied” error we observed in stderr for supervisor.conf is really a red herring and has no bearing on this issue.