Issues with Web-based Services after Recent Update

If you are asking for support for an issue, please include the following information at the top of your post:

• Whether your FreedomBox is plugged into a router at home or not (if not, please specify how it is connected to the internet)
• The month and year you bought your kit (feel free to omit if you want to preserve some privacy, but this could be helpful information)
• The version of FreedomBox your are running (available by clicking on the “?” in the top menu → “About”)

• FreedomBox is connected to router, behind NAT and set up with port forwarding.
• I’ve had it for a couple of years. Cannot remember the date.
• As of today I’m on FreedomBox version 23.18. Yesterday, I was on 23.6.2 as I’m running stable and letting the unattended upgrades do the work. (I did change firewalld.conf manually during the dist-upgrade from Debian 11 to Debian 12).

Hello!

I’ve encountered a problem with my FreedomBox Pioneer Edition and wanted to seek some feedback. On 9 October, my device underwent an update with several packages. Following a scheduled restart on 10 October at 02:00, I noticed all my web-based services became inaccessible.

Interestingly, other services like MiniDLNA, XMPP, SSH, and Samba are running without issues. I’m inclined to believe there might be a change affecting the Apache web server, but I’m not entirely certain.

Has anyone else encountered similar problems with the latest update? I rely heavily on my Radicale server, so any guidance to rectify this issue would be greatly appreciated. I’ll attach logs detailing the installed packages to this post.

unattended-upgrades.log

2023-10-09 06:15:03,369 INFO Starting unattended upgrades script
2023-10-09 06:15:03,438 INFO Allowed origins are: origin=Debian,codename=bookworm,label=Debian, origin=Debian,codename=bookworm,label=Debian-Security, origin=Debian,codename=bookworm-security,label=Debian-Security, o=Debian Backports,a=bookworm-backports,l=Debian Backports
2023-10-09 06:15:03,443 INFO Initial blacklist: 
2023-10-09 06:15:03,448 INFO Initial whitelist (not strict): 
2023-10-09 06:18:25,077 INFO Packages that will be upgraded: base-files curl dbus dbus-bin dbus-daemon dbus-session-bus-common dbus-system-bus-common dbus-user-session debian-archive-keyring debianutils firewalld firmware-ath9k-htc freedombox freedombox-doc-en freedombox-doc-es ghostscript inetutils-telnet libcups2 libcurl3-gnutls libcurl4 libdbus-1-3 libgs-common libgs10 libgs10-common libgssapi-krb5-2 libhwy1 libk5crypto3 libkrb5-3 libkrb5support0 libldb2 libmariadb3 libnftables1 libnss-myhostname libpam-modules libpam-modules-bin libpam-runtime libpam-systemd libpam0g libssl3 libsystemd-shared libsystemd0 libudev1 libunbound8 libwbclient0 linux-image-armmp-lpae linux-libc-dev mariadb-client mariadb-client-core mariadb-common mariadb-plugin-provider-bzip2 mariadb-plugin-provider-lz4 mariadb-plugin-provider-lzma mariadb-plugin-provider-lzo mariadb-plugin-provider-snappy mariadb-server mariadb-server-core nftables openssh-client openssh-server openssh-sftp-server openssl python3-firewall python3-ldb python3-nftables python3-samba samba samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules systemd systemd-sysv systemd-timesyncd telnet udev
2023-10-09 06:18:25,080 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
2023-10-09 07:23:56,184 INFO All upgrades installed
2023-10-09 07:25:45,321 INFO Packages that were successfully auto-removed: linux-image-6.1.0-11-armmp-lpae
2023-10-09 07:25:45,328 INFO Packages that are kept back: 
2023-10-09 07:25:49,620 WARNING Found /var/run/reboot-required, rebooting
2023-10-09 07:25:49,909 WARNING Shutdown msg: b"Reboot scheduled for Tue 2023-10-10 02:00:00 UTC, use 'shutdown -c' to cancel."
2023-10-09 18:30:39,295 INFO Starting unattended upgrades script
2023-10-09 18:30:40,316 INFO Allowed origins are: origin=Debian,codename=bookworm,label=Debian, origin=Debian,codename=bookworm,label=Debian-Security, origin=Debian,codename=bookworm-security,label=Debian-Security, o=Debian Backports,n=bookworm-backports,l=Debian Backports
2023-10-09 18:30:40,320 INFO Initial blacklist: 
2023-10-09 18:30:40,323 INFO Initial whitelist (not strict): 
2023-10-10 06:43:43,073 INFO Starting unattended upgrades script
2023-10-10 06:43:43,084 INFO Allowed origins are: origin=Debian,codename=bookworm,label=Debian, origin=Debian,codename=bookworm,label=Debian-Security, origin=Debian,codename=bookworm-security,label=Debian-Security, o=Debian Backports,n=bookworm-backports,l=Debian Backports
2023-10-10 06:43:43,088 INFO Initial blacklist: 
2023-10-10 06:43:43,091 INFO Initial whitelist (not strict): 
2023-10-10 06:44:02,839 INFO Packages that will be upgraded: freedombox freedombox-doc-en freedombox-doc-es
2023-10-10 06:44:02,843 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
2023-10-10 06:48:47,030 INFO All upgrades installed

I also have the logs for unattended-upgrades-dpkg.log but the file is too long to include in this post. I can add relevant lines on demand.

I’ve just checked the status of apache2. This is the result:

Oct 10 06:51:55 freedombox systemd[1]: Starting apache2.service - The Apache HTTP Server...
Oct 10 06:51:56 freedombox apachectl[8163]: apache2: Syntax error on line 222 of /etc/apache2/apache2.conf: Syntax error on line 4 of /etc/apache2/conf-enabled/sharing-freedombox.conf: Coul>
Oct 10 06:51:56 freedombox apachectl[8160]: Action 'start' failed.
Oct 10 06:51:56 freedombox apachectl[8160]: The Apache error log may have more information.
Oct 10 06:51:56 freedombox systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Oct 10 06:51:56 freedombox systemd[1]: apache2.service: Failed with result 'exit-code'.
Oct 10 06:51:56 freedombox systemd[1]: Failed to start apache2.service - The Apache HTTP Server.
Oct 10 06:53:13 freedombox systemd[1]: apache2.service: Unit cannot be reloaded because it is inactive.
Oct 10 07:06:15 freedombox systemd[1]: apache2.service: Unit cannot be reloaded because it is inactive.

Has anyone else experienced this “syntax error”?

After manually restarting apache2 successfully, I’ve got these messages. I’m just sharing for future reference.

Oct 10 22:45:00 freedombox apachectl[4624]: [core:warn] [pid 4624:tid 4624] AH00114: Useless use of AllowOverride in line 2 of /etc/apache2/includes/freedombox-sharing.conf.
Oct 10 22:45:00 freedombox apache-error[4625]: [ssl:warn] [pid 4624:tid 4624] AH01909: freedombox.example.com:443:0 server certificate does NOT include an ID which matches the >
Oct 10 22:45:00 freedombox apache-error[4625]: [ssl:error] [pid 4624:tid 4624] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=freedombox / issuer: CN=freed>
Oct 10 22:45:00 freedombox apache-error[4625]: [ssl:error] [pid 4624:tid 4624] AH02604: Unable to configure certificate freedombox.example.com:443:0 for stapling
Oct 10 22:45:00 freedombox systemd[1]: Started apache2.service - The Apache HTTP Server.
Oct 10 22:45:00 freedombox apache-error[4628]: [ssl:warn] [pid 4627:tid 4627] AH01909: freedombox.example.com:443:0 server certificate does NOT include an ID which matches the >
Oct 10 22:45:00 freedombox apache-error[4628]: [ssl:error] [pid 4627:tid 4627] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=freedombox / issuer: CN=freed>
Oct 10 22:45:00 freedombox apache-error[4628]: [ssl:error] [pid 4627:tid 4627] AH02604: Unable to configure certificate freedombox.example.com:443:0 for stapling
Oct 10 22:45:00 freedombox apache-error[4628]: [mpm_event:notice] [pid 4627:tid 4627] AH00489: Apache/2.4.57 (Debian) mod_auth_pubtkt/0.13 OpenSSL/3.0.11 configured -- resuming normal opera>
Oct 10 22:45:00 freedombox apache-error[4628]: [core:notice] [pid 4627:tid 4627] AH00094: Command line: '/usr/sbin/apache2'

I have a new onset problem on PC platform but can’t troubleshoot until I get home. The problem seems to not be just Pioneer, but in Freedombox or up in Debian.

It seems I am in a very similar situation.

Today, I noticed that my mobile phone fails to synchronize calendar and contacts with my freedombox. I can connect to plinth, I ran diagnostics.

The following apps are installed: BIND Coturn ejabberd Postfix/Dovecot Matrix Synapse OpenVPN Quassel Radicale Roundcube Syncthing WireGuard

I have the following diagnostics failed:

• for ejabberd, rspamd, synapse, radicale and syncthing:

exactly the same 12 diagnostics to access URLs with addresses 127.0.0.1, [::1], 192.168.10.66, a global IPv6 address, fe80::6c26:65fc:6e1b:799b , 10.84.01, fe80::da70:8fc:a1d0:6b42, 10.91.0.1, fe80::6c26:65fc:6e1b:799b, localhost ipv4, localhost ipv6, fbox.

• “static configuration xxx is setup properly” fails for

/etc/apache2/conf-available/matrix-synapse-plinth.conf
/etc/fail2ban/jail.d/matrix-auth-freedombox.conf
/etc/fail2ban/filter.d/matrix-auth-freedombox.conf
/etc/apache2/conf-available/radicale2-freedombox.conf
/etc/apache2/conf-available/roundcube-freedombox.conf
/etc/fail2ban/jail.d/roundcube-auth-freedombox.conf
/etc/apache2/conf-available/syncthing-plinth.conf

I am away from home, then I can’t check whether there are connectivity issues. I have very limited time to spend on this now. I apparently can use ejabberd and email seem to work.

I think we’re all in the same situation.
For the Olimex FB, Syncthing and Transmission just required a separate update & restart to get working (through plinth), I won’t be able to test on Debian FB’s until Friday.

I also had issues with calendar sync using radicale after the most recent update. To fix it I went to Apps > Radicale and there I saw an additional “Update” button. After clicking that (and then restarting) my calendar was syncing again.

Perhaps updating from the App tab also helps you?

I’ve been digging deeper into the issue by going through logs and relevant forum posts. Here’s my theory based on the evidence:

It seems the recent update made changes in the /etc/ directory, replacing actual files with symlinks pointing to /usr/share/. This might be the root cause of my problem.

In the logs I previously shared, apache2 crashed due to its inability to load a module connected to the Sharing app. I have a few web server shares set up through this app.

The unattended-upgades-dpkg.log suggests the file in question was deemed obsolete and deleted. It’s possible this file was replaced with a symlink pointing to its new location.

Relevant Log Extracts and Files:

apache2 status log:

Oct 10 06:51:56 freedombox apachectl[8163]: apache2: Syntax error on line 222 of /etc/apache2/apache2.conf: Syntax error on line 4 of /etc/apache2/conf-enabled/sharing-freedombox.conf: Coul>

apache2.conf (line 222):

IncludeOptional conf-enabled/*.conf

sharing-freedombox.conf (line 4):

Include includes/freedombox-sharing.conf

freedombox-sharing.conf:

Options +Indexes -FollowSymLinks -ExecCGI -Includes -IncludesNOEXEC
AllowOverride None

unattended-upgrades-dpkg.log:

Removing obsolete conffile /etc/apache2/includes/freedombox-sharing.conf ...

So, piecing everything together, my hypothesis is that during apache2’s initialization, it attempted to load a module. However, due to the file’s absence (perhaps caused by the symlink change), the server crashed.

Given what I have found in the logs, I’m inclined to think that this is what led to the malfunction of my FreedomBox’s web-based services.

Thank you both for the feedback! Unfortunately, I didn’t have access to the web interface as apache2 had crashed. I had to restart the apache2 service manually and, afterwards, everything worked as usual.

I did that for radicale, roundcube, syncthing and synapse.

It has fixed everything except synapse. Going to Synapse in plinth shows errors, then it tries to update automatically and at the end errors again. Diagnostics for Synapse are still failed.

I don’t really use matrix so not a big problem to me but I will look at it further at some point.

FreedomBox was unable to perform its setup routines as a dependency for matrix-synapse package was only available in bookworm-backports. A fix available in next version of FreedomBox. A workaround for the problem is to run the following command:

sudo apt install -t bookworm-backports matrix-synapse python3-canonicaljson

For more information see this thread: Matrix Synapse no longer working, update error "matrix-synapse is kept back"