[Resolved] Cannot get php 7.2 working with LiteSpeed (resolved)

[websitejunkie]

We enabled PHP 7.2 from EA4 on our cPanel server. We have also configured php 7.2 in Litespeed admin portal under "External App" and "Script Handler"

However, when trying to configure php 7.2 for a particular account from WHM -> Multiphp manager, and trying to access the website, we get
"503 Service Unavalable" error

While tailing /usr/local/apache/error logs we see:

connection to [/tmp/lshttpd/APVH_xxxxxxx_Suphp72.sock.825] on request #0, confirmed, 1, associated process: 14544, running: 1, error: Connection reset by peer!
2018-01-26 09:45:21.065 [NOTICE] [xxxxxxx:59282] No request delivery notification has been received from LSAPI process group [14544], possible run away process.
2018-01-26 09:45:21.066 [NOTICE] [xxxxxxxx:59282] Retry with new process group.
2018-01-26 09:45:21.066 [NOTICE] Graceful stop process group lead by pid: 14544
2018-01-26 09:45:21.067 [INFO] [APVH_xxxxxxx_Suphp72:] PID: 23289, add child process pid: 14593, procinfo: 0x4e5e970
2018-01-26 09:45:21.155 [INFO] [xxxxxxxx:59282] connection to [/tmp/lshttpd/APVH_xxxxxx_Suphp72.sock.413] on request #0, confirmed, 1, associated process: 14593, running: 1, error: Connection reset by peer!
2018-01-26 09:45:21.155 [NOTICE] [xxxxxxx:59282] Max retries has been reached, 503!
2018-01-26 09:45:21.155 [NOTICE] [xxxxxxx:59282] oops! 503 Service Unavailable
2018-01-26 09:45:21.155 [NOTICE] [xxxxxxx:59282] Content len: 0, Request line: 'GET /~xxxxxxxx/ HTTP/1.1'
2018-01-26 09:45:21.155 [NOTICE] [xxxxxxx:59282] Redirect: #1, URL: /index.php
2018-01-26 09:45:21.155 [INFO] [xxxxxxx:59282] abort request..., code: 4
2018-01-26 09:45:21.155 [INFO] [xxxxx:59282] File not found [/home/xxxxx/public_html/503.shtml]

When trying to tail stderr.log, I do not find any helpful information:

2018-01-26 09:55:10.735 [STDERR] * Trying 5.172.155.189...
* TCP_NODELAY set
2018-01-26 09:55:10.745 [STDERR] * Connected to api.system.spektrix.com (5.172.155.189) port 443 (#0)
2018-01-26 09:55:10.747 [STDERR] * ALPN, offering http/1.1
2018-01-26 09:55:10.747 [STDERR] * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
2018-01-26 09:55:10.762 [STDERR] * successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
2018-01-26 09:55:10.792 [STDERR] * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL; CN=api.system.spektrix.com
* start date: Jun 27 00:00:00 2017 GMT
* expire date: Aug 14 23:59:59 2018 GMT
* subjectAltName: host "api.system.spektrix.com" matched cert's "api.system.spektrix.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
* SSL certificate verify ok.
2018-01-26 09:55:10.792 [STDERR] > GET /halifaxculturehub/api/v2/instances?api_key=fbdffe1f-e566-4dbd-a1c2-20c8ad4c2471&event_id=65602&all=true HTTP/1.1
Host: api.system.spektrix.com
Accept: */*
2018-01-26 09:55:10.862 [STDERR] < HTTP/1.1 200 OK
< Cache-Control: private
< Content-Length: 1498
< Content-Type: application/xml; charset=utf-8
< Date: Fri, 26 Jan 2018 09:55:11 GMT
<
* Connection #0 to host api.system.spektrix.com left intact

Can someone please help us to fix this problem?

 

[websitejunkie]

Some additional update.. The server is running Atomic Secured Linux (ASL) kernel and has its own kernel, mod_security and firewall rules installed on server. Could it be causing problem? Because /var/log/messages show following error:

Jan 26 11:05:19 xxxxxxx kernel: [1331781.378288] PAX: terminating task: /opt/cpanel/ea-php72/root/usr/bin/lsphp(lsphp):25821, uid/euid: 591/591, PC: 0000036c959c2010, SP: 000003d92b1a9c28

Jan 26 11:05:19 xxxxxxx kernel: [1331781.381445] PAX: bytes at PC: 53 41 57 41 56 41 55 55 48 8b df 48 83 ec 50 48 8b 43 10 48 

Jan 26 11:05:19 xxxxxxx kernel: [1331781.383039] PAX: bytes at SP-8: 0000036c92aa5460 00000000004c3253 000003d92b1a9cc0 00000000040b3d70 0000000004187f20 0000036c92a01900 0000036c92a01900 0000036c92a01909 000003d92b1a9cc0 0000000000000004 0000000000000000 

Jan 26 11:05:19 xxxxxxx kernel: [1331781.386756] grsec: From xxxxxxx: denied resource overstep by requesting 64 for RLIMIT_CORE against limit 0 for /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25821] uid/euid:591/591 gid/egid:589/589, parent /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25820] uid/euid:591/591 gid/egid:589/589

Jan 26 11:05:19 xxxxxxx PAM-hulk[25770]: Brute force detection active: 580 LOGIN DENIED -- EXCESSIVE FAILURES -- IP TEMP BANNED

Jan 26 11:05:19 xxxxxxx kernel: [1331781.391657] grsec: From xxxxxxx: denied resource overstep by requesting 120 for RLIMIT_CORE against limit 0 for /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25821] uid/euid:591/591 gid/egid:589/589, parent /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25820] uid/euid:591/591 gid/egid:589/589

Jan 26 11:05:19 xxxxxxx kernel: [1331781.396551] grsec: From xxxxxxx: denied resource overstep by requesting 176 for RLIMIT_CORE against limit 0 for /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25821] uid/euid:591/591 gid/egid:589/589, parent /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25820] uid/euid:591/591 gid/egid:589/589

Jan 26 11:05:19 xxxxxxx kernel: [1331781.401450] grsec: From xxxxxxx: denied resource overstep by requesting 232 for RLIMIT_CORE against limit 0 for /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25821] uid/euid:591/591 gid/egid:589/589, parent /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25820] uid/euid:591/591 gid/egid:589/589

Jan 26 11:05:19 xxxxxxx kernel: [1331781.406601] grsec: From xxxxxxx: bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds.  Please investigate the crash report for /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25821] uid/euid:591/591 gid/egid:589/589, parent /opt/cpanel/ea-php72/root/usr/bin/lsphp[lsphp:25820] uid/euid:591/591 gid/egid:589/589

 

[websitejunkie]

It was the grsec kernel that was preventing php 7.2 from running. The problem is fixed now by configuring system to run php insecurely.