Home Web Server

[titan]

So, I decided to setup my own personal web server that'll be used by my family. Since I'm also trying to get a job in IT/Networking, this will be an important experience.

The absolute basic function I need is just to serve a static HTML site for Christmas lists. My grandma would like a way to post things too. Something along the lines of "Here's the plan for this get together..." type deal. So, it will need to be interactive to an extent. Maybe not a full out forums, but maybe more blog type with comments. Or if forums are better, I can go that route. This also brings up that my dad will need to have access to the server. He's in Minnesota and I'm in Texas.

All of this will take place on a Gentoo Linux PII 233MHz 384MB 150GB RAID0 machine. I've already emerged Apache 2.x. (I've installed other things, but that's the only one related to the web server.)

So, I have a few starter questions. First, I've been nosing around for a decent guide on setting up an extremely basic web server, but haven't had much luck so far. Anybody know of a good HOWTO? Second, I'd like it to send email notifications when new content is added. What's a good program for that? Third, I don't have a static IP, but I know there's a way around it so that my dynamic IP can still be used with a domain name/URL. What do I need to do to accomplish that?

Thank you in advance for your tutelage.

[Usacomp2k3]

Easy one: register with no-ip.com for a free account, then use the linux tool to update their DNS with your dynamic IP address.

For the e-mail notification you'll need to test if the ISP blocks port 25.

[titan]

How do I test port 25? Would I just ping a server or what? I've never had to test a port before.

[Usacomp2k3]

How do I test port 25? Would I just ping a server or what? I've never had to test a port before.

Nope, it's a little more complicated than that:
http://www.google.com/search?hl=en&q=test+port+25

What kind of connection do you have?

[titan]

I've got a cable internet connection through Time Warner. 8mb down 512kb up.

[Usacomp2k3]

I've got a cable internet connection through Time Warner. 8mb down 512kb up.

My parents Time Warner (now Bright House Networks) didn't have any blocked ports.

[titan]

I found this neat web page for testing ports.

http://www.canyouseeme.org/

[Usacomp2k3]

I found this neat web page for testing ports.

http://www.canyouseeme.org/

Unfortunately that seems to be checking the incoming port 25, as opposed to the outgoing. I don't know if the ISP would filter it with that distinction.

[bitvector]

For the e-mail notification you'll need to test if the ISP blocks port 25.

You don't have to do your own delivery to handle e-mail notification. In fact, even if outbound 25 isn't blocked, doing your own delivery from a dynamic IP is a perfect way to get your email bounced or marked as spam by many organizations.

You should just have your local MTA smarthost through your ISP's mail server (which won't be blocked) or some other server that'll let you send via SMTP w/ TLS on port 587 (or maybe SSL on 465).

[titan]

For the e-mail notification you'll need to test if the ISP blocks port 25.

You don't have to do your own delivery to handle e-mail notification. In fact, even if outbound 25 isn't blocked, doing your own delivery from a dynamic IP is a perfect way to get your email bounced or marked as spam by many organizations.

You should just have your local MTA smarthost through your ISP's mail server (which won't be blocked) or some other server that'll let you send via SMTP w/ TLS on port 587 (or maybe SSL on 465).

Well, it looks like no-ip has a solution for that if it becomes an issue. Also, I do have an email account with GMail and Time Warner Cable. The TWC account I'm not using.

[titan]

According to everything I'm reading, Apache should just work. Well, it doesn't. Here's my error.

Code: Select all

Atlas etc # /etc/init.d/apache2 start
 * Starting apache2 ...
apache2: apr_sockaddr_info_get() failed for Atlas
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     [!!]

What/where do I need to configure?

[titan]

I figured it out. I needed to add my computer's name, Atlas, to the hosts file.

[Usacomp2k3]

I assume you have the web port forwarded through your firewall?

[titan]

It have a Netgear Router between the computer and the cable modem. Port forwarding enabled and all that jazz.

Now, where's a good howto and what to use for email notification?

[notfred]

There are two parts to this:
1) Adding the content triggers a notification.
2) The notification gets sent to a subscription list.

How you solve 1 may determine how you solve 2, if it doesn't then you will need to install a Mail Transfer Agent (sendmail being the most notorious, but I'm partial to exim4) and set it up to do lists. Once you have chosen the MTA then we can point you at how to setup lists if you can't find it with a quick Google.

The content management system that you choose may already support sending notifications to a bunch of emails anyway.

[steelcity_ballin]

For the e-mail notification you'll need to test if the ISP blocks port 25.

You don't have to do your own delivery to handle e-mail notification. In fact, even if outbound 25 isn't blocked, doing your own delivery from a dynamic IP is a perfect way to get your email bounced or marked as spam by many organizations.

You should just have your local MTA smarthost through your ISP's mail server (which won't be blocked) or some other server that'll let you send via SMTP w/ TLS on port 587 (or maybe SSL on 465).

You could also create a simple asp or .net script to send emails for you from a web form, and setup the authentication with a remote mail server like a gmail account, "smithFamily@gmail.com" or something - and then configure this authentication encrypted in the web.config file. It sounds complicated, but it really isn't. Google for email through ASP for starteds.

BitVector is correct though, I can almost guarantee your mail gets flagged as spam if you try to serve it yourself - the problem is most ISP flag huge ranges of IP addresses so chances are that your ISP already has your IP flagged as spam before you send your first email.

[titan]

Well, I'm not familiar the .Net or ASP. I'm a total newbie I guess. For now, I'll ignore an automatic notification and just send an email manually.

I have a problem right now with ProFTPd. I can't get anonymous logins to work. I get an "Error 530: Login incorrect." I took the example configuration and edited it slightly to suit my purposes. Gogling hasn't been helping me with finding an answer. Half the time the results I get are in foreign languages.

Code: Select all

/etc/proftpd/proftpd.conf

#This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anonymous access.

ServerName         "Atlas"
ServerType         standalone
DefaultServer      on
RequireValidShell   off
AuthPAM            off
AuthPAMConfig      ftp
# Port 21 is the standard FTP port.
Port            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask            022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit the maximum number of processes per service
# (such as xinetd).
MaxInstances      30

# Set the user and group under which the server will run.
User            proftpd
Group            proftpd

#Lock people into their home directory
DefaultRoot /home/media media
DefaultRoot /home/media/pub ftp

#Root access disabled for unsecure connection
RootLogin off

# Normally, we want files to be overwriteable.
<Directory>
   AllowOverwrite      on
</Directory>

# A basic anonymous configuration, with no upload directories.
<Anonymous /home/media/pub>
   User            ftp
   Group            ftp

   # We want clients to be able to login with "anonymous" as well as "ftp".
   UserAlias         anonymous ftp

   # Limit the maximum number of anonymous logins.
   MaxClients         10

   # We want 'welcome.msg' displayed at login, and '.message' displayed
   # in each newly chdired directory.
   DisplayLogin         welcome.msg
   #DisplayFirstChdir      .message

   # Limit WRITE everywhere in the anonymous chroot.
   <Limit WRITE>
      DenyAll
   </Limit>
</Anonymous>


Did I miss something? "ftp" isn't in the ftpusers list. It is present as user and group on my system. I can't figure it out. The client I've been using on my XP machine is FireFTP.

[UberGerbil]

I don't know, if I was trying to accomodate a small handful of unsophisticated users, I think I'd look at just setting up something with Movable Type or Wordpress.

[bitvector]

I don't know, if I was trying to accomodate a small handful of unsophisticated users, I think I'd look at just setting up something with Movable Type or Wordpress.

Or, hell, a Wiki was made for that kind of use-case (i.e. mostly unsophisticated users collaborating with simple editing facilities). It'd be easy to get a MoinMoin wiki set up quick for this kind of use (or any number of other good Wikis -- MediaWiki is the one everyone seems to think of first, but, IMO, is overkill for most kinds of single site + small groups uses).

[titan]

The anonymous is to download files: program files, zips, et cetera. It's just there in case I need it. The user login works fine which will be what my dad will use. He knows how to use this stuff.

[notfred]

You could also create a simple asp or .net script to send emails for you from a web form,

Umm, this is on a Linux box, why would you use those Microsoft things? Much better to use a form driven cgi or even a cron job that just stats the web directories for changes and then notifies of them.

Email will not be blocked as spam if it is sent via "smarthost" i.e. your Linux box sends the email to your ISPs mail servers for them to send out, just the same way that everyone at your ISP does when running their email client. Content, a large number of recipients or return domain not matching sender domain may trigger some spam detection further down the line though.

I'm not familiar with ProFTPD, but you may want to try some things like logging in as "ftp" on your Linux box to ensure that the user id really is working, also try using the command line FTP client (from your Windows box), also see if you have any messages in the system logs on your Linux box and whether you can increase the debug / logging level of ProFTPD.

[titan]

So, I deleted the user ftp with the hopes of adding that user back in might trigger something. Well, no dice. I don't think my system liked that. So, I emerged ftpbase again. I watched what it was doing carefully and saw that the package set the shell as "/sbin/nologin". Would that have anything to do with it?

Also, I'm having trouble understanding Apache. I put a simple HTML file in /home/media/www. For some reason that isn't working. On top of that, I don't see the default page that Apache displays when no content has been added yet.

Here's my Apache configuration file. If I understand things right, this is the only configuration file for a Gentoo system.

Code: Select all

# This is a modification of the default Apache 2.2 configuration file
# for Gentoo Linux.
#
# Support:
#   http://www.gentoo.org/main/en/lists.xml   [mailing lists]
#   http://forums.gentoo.org/                 [web forums]
#   irc://irc.freenode.net#gentoo-apache      [irc chat]
#
# Bug Reports:
#   http://bugs.gentoo.org                    [gentoo related bugs]
#   http://httpd.apache.org/bug_report.html   [apache httpd related bugs]
#
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo.log"
# with ServerRoot set to "/usr" will be interpreted by the
# server as "/usr/var/log/apache2/foo.log".

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/usr/lib/apache2"

# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
# GENTOO: Automatically defined based on apache2-builtin-mods at compile time
#
# The following modules are considered as the default configuration.
# If you wish to disable one of them, you may have to alter other
# configuration directives.
#
# Change these at your own risk!

LoadModule userdir_module modules/mod_userdir.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfDefine CACHE>
LoadModule cache_module modules/mod_cache.so
</IfDefine>
LoadModule cgi_module modules/mod_cgi.so
<IfDefine DAV>
LoadModule dav_module modules/mod_dav.so
</IfDefine>
<IfDefine DAV>
LoadModule dav_fs_module modules/mod_dav_fs.so
</IfDefine>
<IfDefine DAV>
LoadModule dav_lock_module modules/mod_dav_lock.so
</IfDefine>
LoadModule dbd_module modules/mod_dbd.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
<IfDefine CACHE>
LoadModule disk_cache_module modules/mod_disk_cache.so
</IfDefine>
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
<IfDefine CACHE>
LoadModule file_cache_module modules/mod_file_cache.so
</IfDefine>
LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
<IfDefine INFO>
LoadModule info_module modules/mod_info.so
</IfDefine>
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
<IfDefine CACHE>
LoadModule mem_cache_module modules/mod_mem_cache.so
</IfDefine>
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
<IfDefine PROXY>
LoadModule proxy_module modules/mod_proxy.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_connect_module modules/mod_proxy_connect.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_http_module modules/mod_proxy_http.so
</IfDefine>
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
<IfDefine INFO>
LoadModule status_module modules/mod_status.so
</IfDefine>
<IfDefine SUEXEC>
LoadModule suexec_module modules/mod_suexec.so
</IfDefine>
LoadModule unique_id_module modules/mod_unique_id.so
<IfDefine USERDIR>
LoadModule userdir_module modules/mod_userdir.so
</IfDefine>
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User apache
Group apache

# Supplemental configuration
#
# Most of the configuration files in the /etc/apache2/modules.d/ directory can
# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
# or to modify the default configuration of the server.
#
# To know which flag to add to APACHE2_OPTS, look at the first line of the
# the file, which will usually be an <IfDefine OPTION> where OPTIONS is the
# flag to use.
Include /etc/apache2/modules.d/*.conf

# Virtual-host support
#
# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
# include a default vhost (enabled by adding -D DEFAULT_VHOST to
# APACHE2_OPTS in /etc/conf.d/apache2).
Include /etc/apache2/vhosts.d/*.conf

# vim: ts=4 filetype=apache

#Name of host
ServerName Atlas
#Protect / from everyone and .htaccess
UserDir disabled root
<Directory />
 Order Deny,Allow
 Deny from all
 AllowOverride None
</Directory>

DocumentRoot /home/media/www
DirectoryIndex index.html

#Allow access to www
<Directory "/home/media/www">
Order Deny,Allow
Allow from all
</Directory>
<Directory "/home/media/pub">
Order Deny,Allow
Allow from all
</Directory>


[titan]

After days of trying to solve the problem with anonymous logins with ProFTPd, I finally solved it. The problem was with ACL. I review the logs and found that the directory was not accessible. I plugged that into the search on ProFTPd's forum, and got <A HREF="http://forums.proftpd.org/smf/index.php?topic=2868.0">this</A> page back.

The solution: add "-acl" to the USE flags in my make.conf.

[notfred]

Glad to hear you get the FTP stuff sorted out, I assume you still have the problem with apache.

Do you have anything in /etc/apache2/vhosts.d/ as per:

Code: Select all

# Virtual-host support
#
# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
# include a default vhost (enabled by adding -D DEFAULT_VHOST to
# APACHE2_OPTS in /etc/conf.d/apache2).
Include /etc/apache2/vhosts.d/*.conf

Have you tried creating /home/media/www/index.html and making sure that it is accessible by user apache?

Apache is pretty good at logging, do you have anything in either the access log or the error log.

[just brew it!]

Re the Apache issue:

Is the server running? Do a ps -A | grep httpd and see if anything is listed.

Maybe you don't have the software firewall configured to allow incoming traffic on port 80?

[titan]

First and foremost: there is no firewall between me and the server. It's internal for right now.

JBI, "ps -A | grep httpd" didn't return anything. Running "top" showed apache2 in the process list. I know it was running because I was able to type in 192.168.1.4 in the address bar of Firefox and it popped up a page that showed "Index of /". That's changed now, however, because I changed one file and Firefox now waits for something from the server.

notfred, there are three files in my /etc/apache2/vhosts.d/ directory: 00_default_ssl_vhost.conf, 00_default_vhost.conf, and default_vhost.include.

I just changed the content of 00_default_vhost.include today. Now, Firefox connects to the server, but waits indefinitely for content to be returned. I have a file for Apache to read. Index.html was created by user media, and is readable by all.

Contents of /home/media/www/index.html

Code: Select all

<HTML>
<BODY>
Hello world!
</BODY>
</HTML>

Contents of /etc/apache2/vhosts.d/00_default_vhost.conf

Code: Select all

# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

<IfDefine DEFAULT_VHOST>
# see bug #178966 why this is in here

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

# Use name-based virtual hosting.
NameVirtualHost *:80

# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
#
# If you disable this vhost by removing -D DEFAULT_VHOST from
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
# the default.
<VirtualHost *:80>
   Include /etc/apache2/vhosts.d/default_vhost.include

   <IfModule mpm_peruser_module>
      ServerEnvironment apache apache
   </IfModule>
</VirtualHost>
</IfDefine>

# vim: ts=4 filetype=apache


Contents of /etc/apache2/vhosts.d/default_vhost.include

Code: Select all

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
ServerAdmin root@localhost

# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName 192.168.1.4:80

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
# If you change this to something that isn't under /var/www then suexec
# will no longer work.
DocumentRoot "/home/media/www"

# This should be changed to whatever you set DocumentRoot to.
<Directory "/home/media/www">
   # Possible values for the Options directive are "None", "All",
   # or any combination of:
   #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
   #
   # Note that "MultiViews" must be named *explicitly* --- "Options All"
   # doesn't give it to you.
   #
   # The Options directive is both complicated and important.  Please see
   # http://httpd.apache.org/docs/2.2/mod/core.html#options
   # for more information.
   Options Indexes FollowSymLinks

   # AllowOverride controls what directives may be placed in .htaccess files.
   # It can be "All", "None", or any combination of the keywords:
   #   Options FileInfo AuthConfig Limit
   AllowOverride All

   # Controls who can get stuff from this server.
   Order allow,deny
   Allow from all
</Directory>

<IfModule alias_module>
   # Redirect: Allows you to tell clients about documents that used to
   # exist in your server's namespace, but do not anymore. The client
   # will make a new request for the document at its new location.
   # Example:
   #   Redirect permanent /foo http://www.example.com/bar

   # Alias: Maps web paths into filesystem paths and is used to
   # access content that does not live under the DocumentRoot.
   # Example:
   #   Alias /webpath /full/filesystem/path
   #
   # If you include a trailing / on /webpath then the server will
   # require it to be present in the URL.  You will also likely
   # need to provide a <Directory> section to allow access to
   # the filesystem path.

   # ScriptAlias: This controls which directories contain server scripts.
   # ScriptAliases are essentially the same as Aliases, except that
   # documents in the target directory are treated as applications and
   # run by the server when requested rather than as documents sent to the
   # client.  The same rules about trailing "/" apply to ScriptAlias
   # directives as to Alias.
   ScriptAlias /cgi-bin/ "/home/media/www/cgi-bin/"
</IfModule>

# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/home/media/www/cgi-bin">
   AllowOverride None
   Options None
   Order allow,deny
   Allow from all
</Directory>

# vim: ts=4 filetype=apache


[just brew it!]

Ahh, OK. Didn't realize your distro renamed the Apache process... the canonical name for the server process is httpd.

Sorry for the confusion!

[titan]

Yeah, Gentoo does things a bit differently than others. It makes sense to me if only because I've been working with Gentoo for years now.

[titan]

Alright, here's an error I've got from the log.

From /var/log/apache2/error_log

[Wed Oct 10 10:31:59 2007] [warn] Init: (192.168.1.4:80) You configured HTTPS(443) on the standard HTTP(80) port!
[Wed Oct 10 10:31:59 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Oct 10 10:32:00 2007] [notice] Digest: generating secret for digest authentication ...

From /var/log/apache2/ssl_error_log

[Wed Oct 10 10:31:59 2007] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?

[just brew it!]

Sounds like the HTTPS configuration is whacked. Since you probably don't even care about serving secured pages, you can probably just disable everything related to HTTPS.