Secure Proxy Server fails to startup

Document ID : KB000032436
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

SPS is failing to start after configuring it with a dedicated user, instead of the root user.

 

Cause:

When SPS is configured with a dedicated user, proxyserver.sh will be executed with this user, instead of root. During startup, sps.pid file is created under ${PROXY_HOME}/CA/secure-proxy/tmp directory. Hence, it requires this user to have write permission to this directory.

 

Following is observed when SPS is started with root account, while it was configured with a dedicated user:

[root@lod1111 proxy-engine]# ./sps-ctl start 
httpd (pid 7814) already running 
Successfully Started Apache.. 
Attempting to start Secure Proxy Engine.. 
Sending output to /opt/CA/secure-proxy/proxy-engine/logs/nohup.out.20151002_020336 
/opt/CA/secure-proxy/proxy-engine/proxyserver.sh: line 184: /opt/CA/secure-proxy/proxy-engine/tmp/sps.pid: Permission denied 
/opt/CA/secure-proxy/proxy-engine/proxyserver.sh: line 184: /opt/CA/secure-proxy/proxy-engine/logs/nohup.out.20151002_020336: Permission denied 
Successfully Started Proxy Engine.. 
(Proxy Engine initialization may take a few extra seconds).

 

Resolution:

On UNIX, make sure the following is updated in the httpd.conf file:

User <dedicated_user>

LoadModule env_module modules/mod_env.so

PassEnv LD_LIBRARY_PATH

 

Also, update /tmp and /logs folders owner to this dedicated user.

 

If you have configured SPS to be Federation Gateway, Federation Web Services Application is deployed inside the Tomcat web server. Hence, please ensure that the ${PROXY_HOME}/CA/secure-proxy/Tomcat/webapps/affwebservices folder owner is updated to this dedicated user with at least 755 permissions, else you will run into HTTP error 404 with the following exception logged in the nohup log:

  

 

Oct 26, 2015 7:07:00 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [jsp] in context with path [/affwebservices] threw exception [java.lang.IllegalStateException: No output folder] with root cause
java.lang.IllegalStateException: No output folder
So, please change the tmp and logs folders owner to nobody, maintaining the permissions to secure-proxy files and folders as 755 and try start up SPS again.