User Tools

Site Tools


packages:apache

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
packages:apache [2013-06-11 19:26]
glen created
packages:apache [2015-02-12 17:06]
glen [Known Issues] links
Line 1: Line 1:
-====== Apache ======+====== Apache ​httpd ======
  
 +===== Known Issues =====
  
-Apache 2.4 has landed Th on June 7, 2013, see [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2013-June/​023560.html|announcement]].+[[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2014-October/​024055.html|Problem]]:​ Apache fails  to do ''​restart'',​ but succeeds if you do ''​stop''​ followed by ''​start''​. 
 +<​code>​ 
 +# service httpd restart 
 +Checking Apache 2.4 Web Server configuration.................................[ DONE ] 
 +Stopping Apache 2.4 Web Server service.......................................[ DONE ] 
 +Starting Apache 2.4 Web Server service.......................................[ FAIL ] 
 +(98)Address already in use: AH00072: make_sock: could not bind to address [::]:8080 
 +(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:​8080 
 +no listening sockets available, shutting down 
 +AH00015: Unable to open logs 
 +</​code>​ 
 + 
 +It's [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2014-October/​024061.html|php]] [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2014-October/​024062.html|session]] to blame, however, ''/​etc/​sysconfig/​httpd''​ has [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2014-October/​024065.html|some]] [[http://​git.pld-linux.org/?​p=packages/​apache.git;​a=commitdiff;​h=00ab488f59c5aacbcab9708a1c70b142520264d2|variable]] where you can adjust sleep between stop and start 
 + 
 +You should try enabling and increasing it 
 + 
 +===== Apache 2.4 ===== 
 + 
 +Apache 2.4 has landed ​in Th on June 7, 2013. See [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2013-June/​023560.html|announcement]]. 
 + 
 +<note important>​ 
 +**Access control incompatible changes** 
 + 
 +All webapps have been migrated to new [[https://​httpd.apache.org/​docs/​2.4/​mod/​mod_authz_host.html|mod_authz_host]] access syntax and usage of [[https://​httpd.apache.org/​docs/​2.4/​mod/​mod_access_compat.html|mod_access_compat]] is strongly discouraged. 
 +The rationale for it is that //​access_compat//​ and //​authz_host//​ are independent of each other and operate on separate namespaces. Main httpd configs contain only //​authz_host//​ directives and enabling //​access_compat//​ means allowing access to all locations/​directories that are not explicitly denied by //​authz_host//​. 
 + 
 +**Note:** 
 +In case there exist both //​authz_host//​ **and** //​access_compat//​ directives for a location, the **Deny** clause of **ANY** of them takes precedence (in short: **deny** always wins, regardless where it comes from). 
 +</​note>​ 
 + 
 +==== Upgrading ==== 
 + 
 +Detailed information about upgrading and all changes between apache 2.2 and 2.4 can be found [[https://​httpd.apache.org/​docs/​2.4/​upgrading.html|here]] 
 + 
 +as for more complex examples, require ip or password: 
 + 
 +<code apache Apache 2.x> 
 +Order Deny,​Allow 
 +Deny from all 
 + 
 +Allow from my.lan 
 +Allow from 2001:​1234:​5678::/​64 
 + 
 +AuthType Basic 
 +AuthName www.my.lan 
 +AuthBasicProvider ldap 
 +AuthLDAPURL "​ldap://​server:​389/​ou=People,​dc=example,​dc=com?​uid?​sub?​(objectClass=*)"​ 
 +Require valid-user 
 + 
 +Satisfy Any 
 +</​code>​ 
 + 
 +The solution is very simple, just list the requirements and 2.4 somehow magically knows what you mean: 
 + 
 +<code apache Apache 2.4> 
 +Require host my.lan 
 +Require ip 2001:​1234:​5678::/​64 
 + 
 +AuthType Basic 
 +AuthName www.my.lan 
 +AuthBasicProvider ldap 
 +AuthLDAPURL "​ldap://​server:​389/​ou=People,​dc=example,​dc=com?​uid?​sub?​(objectClass=*)"​ 
 + 
 +Require valid-user 
 +</​code>​ 
 + 
 +Source: http://​blog.hqcodeshop.fi/​archives/​63-Migrating-access-control-into-Apache-2.4.html 
 + 
 +If you need to ''​AND''​ multiple requires, wrap them inside [[http://​httpd.apache.org/​docs/​current/​mod/​mod_authz_core.html#​requireall|<​RequireAll></​RequireAll>​]] 
 + 
 +===== Apache 2.2 and 2.4 compatible configs ===== 
 + 
 +If you need to support both Apache 2.2 and 2.4, then, for example, if Apache 2.2 config contained:​ 
 + 
 +<code apache>​ 
 +Allow from all 
 +</​code>​ 
 + 
 +you need to use: 
 + 
 +<code apache>​ 
 +# Apache 2.x 
 +<​IfModule !mod_authz_core.c>​ 
 +    Order allow,​deny 
 +    Allow from all 
 +</​IfModule>​ 
 +# Apache 2.4 
 +<​IfModule mod_authz_core.c>​ 
 +    Require all granted 
 +</​IfModule>​ 
 +</​code>​
  
packages/apache.txt · Last modified: 2015-02-12 17:06 by glen