[linux/ubuntu] How to suppress useless mod_openssl/lighttpd error messages from appearing in /var/log/syslog

Sometimes you have a bunch of useless errors creating unnecessary disk I/O on your server, disk I/O that should be used towards serving your user’s requests efficiently.

In this case a site running on lighttpd keeps logging several times per second the following message, creating too much noise and making it hard to see meaningful things I should pay attention to could appear on /var/log/syslog.

Aug  7 19:36:03 ip-172-30-1-251 lighttpd[287019]: message repeated 44 times: [ 2020-08-07 19:36:02: (mod_openssl.c.1796) SSL: 1 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol]

I tried disabling syslog error messages for SSL, and all syslog output on the lighttpd configuration to no avail. Good thing you can configure rsyslog in Linux to do amazing things with log messages before they make it into the log.

To silence this message, all I had to do was edit an rsyslog config file to filter out my undesired message, and restart the service (no need to restart your host os)

  1. Edited /etc/rsyslog.d/50-default.conf before any mention of /var/log/syslog, to have the following condition (ideally at the top of the config file):
if $msg contains 'tls_early_post_process_client_hello' then stop
  1. Restarted the rsyslog service, no more noise on /var/log/syslog
     sudo service rsyslog restart

[CODING/SOLVED] gradle build (android) breaks after upgrading a dependency with NullPointerException thrown at ProgramClass.constantPoolEntryAccept

You’ve just upgraded one of your Android project’s dependencies and when you ./gradlew assembleRelease the build process breaks.

You invoke it again with --stacktrace to find the following exception:

 

java.lang.NullPointerException
at proguard.classfile.ProgramClass.constantPoolEntryAccept(ProgramClass.java:537)
at proguard.shrink.UsageMarker.markConstant(UsageMarker.java:1246)
at proguard.shrink.UsageMarker.visitRequiresInfo(UsageMarker.java:1040)
at proguard.classfile.attribute.module.ModuleAttribute.requiresAccept(ModuleAttribute.java:138)
at proguard.shrink.UsageMarker.visitModuleAttribute(UsageMarker.java:739)
at proguard.classfile.attribute.module.ModuleAttribute.accept(ModuleAttribute.java:99)
at proguard.classfile.ProgramClass.attributesAccept(ProgramClass.java:619)
at proguard.shrink.UsageMarker.markProgramClassBody(UsageMarker.java:124)
at proguard.shrink.UsageMarker.visitProgramClass(UsageMarker.java:94)
at proguard.classfile.visitor.MultiClassVisitor.visitProgramClass(MultiClassVisitor.java:67)
at proguard.classfile.visitor.MultiClassVisitor.visitProgramClass(MultiClassVisitor.java:67)
at proguard.classfile.visitor.ClassNameFilter.visitProgramClass(ClassNameFilter.java:128)
at proguard.classfile.ProgramClass.accept(ProgramClass.java:430)
at proguard.classfile.ClassPool.classesAccept(ClassPool.java:124)
at proguard.classfile.visitor.AllClassVisitor.visitClassPool(AllClassVisitor.java:45)
at proguard.classfile.visitor.MultiClassPoolVisitor.visitClassPool(MultiClassPoolVisitor.java:85)
at proguard.classfile.ClassPool.accept(ClassPool.java:110)
at proguard.shrink.Shrinker.execute(Shrinker.java:90)
at proguard.ProGuard.shrink(ProGuard.java:381)
at proguard.ProGuard.execute(ProGuard.java:145)
at proguard.ProGuard.main(ProGuard.java:572)

This is a ProGuard bug, which my friend, has been solved by the ProGuard team ages ago, and your build environment is using an old ProGuard version.

Add this to your build.gradle to force it to use the latest version (as of today it’s 6.2.2, check the latest version here)

buildscript {
    ...
    dependencies {
        ...
        classpath 'net.sf.proguard:proguard-gradle:6.2.2'
  }
}
}
force a newer proguard version for your android build

nginx server configuration for a wordpress instance served from a URL’s subdirectory

You want to serve a wordpress instance on a website’s domain url but not at the path’s root, you want it under a sub-directory, for example “blog”, the same as this blog:

https://www.gubatron.com/blog 

Here’s how my NGINX’s server block for ‘www.gubatron.com’ looks like at the moment (https/ssl hasn’t been configured yet)

server {
  server_name www.gubatron.com;
  listen 80;
  listen [::]:80;
  root /media/ebs/data/websites/gubatron.com/;
  index index.php index.html index.htm;

  # wordpress lives at gubatron.com/blog/...
  rewrite ^/blog/wp-admin/(.*) /blog/wp-admin/$1;
  #search redirect                                                                                                       
  rewrite ^/blog/(.*)s=(.*)$ /blog/index.php?s=$2;
  try_files $uri $uri/ /blog/index.php$is_args$args;

  location ~ \.php {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    include fastcgi_params;
  }
  location ~ \.git {
    deny all;
  }
}

Here is the equivalent in lighttpd, too bad lighttpd has no plans for HTTP2, it’s much friendlier and flexible to configure than nginx in my humble opinion.

$HTTP["host"] =~ "^gubatron.com$|^www.gubatron.com$" {
  server.document-root="/media/ebs/data/websites/gubatron.com/"

  $HTTP["url"] =~ "\.git" {
     url.access-deny = ("")
  }

  url.rewrite = (
            "^/blog/wp-admin/(.*)" => "$0",
            "^/blog/(.*)\.(.+)$" => "$0",
            "^/blog/(.+)/?$" => "/blog/index.php/$1"
  )
}

I used to host this website and wordpress on lighttpd, lighttpd’s config file is very powerful, it’s all based on matching server variables and applying rules, I will miss it dearly, things like having a compressed file cache and it’s flexibility, but I have to move on to nginx if I want to use http2, the lighttpd has no plans for http2 support and it’s just much faster and efficient than http 1.1.