User Tools

Site Tools


packages:apache

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
packages:apache [2013-06-11 19:31]
glen
packages:apache [2015-02-12 16:55]
glen record httpd restart problem
Line 1: Line 1:
-====== Apache ======+====== Apache ​httpd ======
  
-Apache 2.4 has landed in Th on June 7, 2013, see [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2013-June/​023560.html|announcement]].+===== Known Issues =====
  
 +Problem: Apache fails  to do ''​restart'',​ but succeeds if you do ''​stop''​ followed by ''​start''​.
 +<​code>​
 +# service httpd restart
 +Checking Apache 2.4 Web Server configuration.................................[ DONE ]
 +Stopping Apache 2.4 Web Server service.......................................[ DONE ]
 +Starting Apache 2.4 Web Server service.......................................[ FAIL ]
 +(98)Address already in use: AH00072: make_sock: could not bind to address [::]:8080
 +(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:​8080
 +no listening sockets available, shutting down
 +AH00015: Unable to open logs
 +</​code>​
  
-===== Authz compat ​=====+It's php session to blame, however, ''/​etc/​sysconfig/​httpd''​ has some variable where you can adjust sleep between stop and start 
 + 
 +You should try enabling and increasing it 
 + 
 +===== Apache 2.4 ===== 
 + 
 +Apache 2.4 has landed in Th on June 7, 2013. See [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2013-June/​023560.html|announcement]]. 
 + 
 +<note important>​ 
 +**Access control incompatible changes** 
 + 
 +All webapps have been migrated to new [[https://​httpd.apache.org/​docs/​2.4/​mod/​mod_authz_host.html|mod_authz_host]] access syntax and usage of [[https://​httpd.apache.org/​docs/​2.4/​mod/​mod_access_compat.html|mod_access_compat]] is strongly discouraged. 
 +The rationale for it is that //​access_compat//​ and //​authz_host//​ are independent of each other and operate on separate namespaces. Main httpd configs contain only //​authz_host//​ directives and enabling //​access_compat//​ means allowing access to all locations/​directories that are not explicitly denied by //​authz_host//​. 
 + 
 +**Note:** 
 +In case there exist both //​authz_host//​ **and** //​access_compat//​ directives for a location, the **Deny** clause of **ANY** of them takes precedence (in short: **deny** always wins, regardless where it comes from). 
 +</​note>​ 
 + 
 +==== Upgrading ==== 
 + 
 +Detailed information about upgrading and all changes between apache 2.2 and 2.4 can be found [[https://​httpd.apache.org/​docs/​2.4/​upgrading.html|here]] 
 + 
 +as for more complex examples, require ip or password: 
 + 
 +<code apache Apache 2.x> 
 +Order Deny,​Allow 
 +Deny from all 
 + 
 +Allow from my.lan 
 +Allow from 2001:​1234:​5678::/​64 
 + 
 +AuthType Basic 
 +AuthName www.my.lan 
 +AuthBasicProvider ldap 
 +AuthLDAPURL "​ldap://​server:​389/​ou=People,​dc=example,​dc=com?​uid?​sub?​(objectClass=*)"​ 
 +Require valid-user 
 + 
 +Satisfy Any 
 +</​code>​ 
 + 
 +The solution is very simple, just list the requirements and 2.4 somehow magically knows what you mean: 
 + 
 +<code apache Apache 2.4> 
 +Require host my.lan 
 +Require ip 2001:​1234:​5678::/​64 
 + 
 +AuthType Basic 
 +AuthName www.my.lan 
 +AuthBasicProvider ldap 
 +AuthLDAPURL "​ldap://​server:​389/​ou=People,​dc=example,​dc=com?​uid?​sub?​(objectClass=*)"​ 
 + 
 +Require valid-user 
 +</​code>​ 
 + 
 +Source: http://​blog.hqcodeshop.fi/​archives/​63-Migrating-access-control-into-Apache-2.4.html 
 + 
 +If you need to ''​AND''​ multiple requires, wrap them inside [[http://​httpd.apache.org/​docs/​current/​mod/​mod_authz_core.html#​requireall|<​RequireAll></​RequireAll>​]] 
 + 
 +===== Apache 2.2 and 2.4 compatible configs ===== 
 + 
 +If you need to support both Apache 2.2 and 2.4, then, for example, if Apache 2.2 config contained:
  
-If in Apache 2.0/2.2, you would write: 
 <code apache> <code apache>
 Allow from all Allow from all
 </​code>​ </​code>​
  
-Then having apache 2.4 and 2.x support, ​you can write:+you need to use: 
 <code apache> <code apache>
-<​IfModule mod_authz_core.c>​ +# Apache 2.x
-    ​# Apache 2.+
-    Require all granted +
-</​IfModule>​+
 <​IfModule !mod_authz_core.c>​ <​IfModule !mod_authz_core.c>​
     Order allow,deny     Order allow,deny
     Allow from all     Allow from all
 +</​IfModule>​
 +# Apache 2.4
 +<​IfModule mod_authz_core.c>​
 +    Require all granted
 </​IfModule>​ </​IfModule>​
 </​code>​ </​code>​
 +
packages/apache.txt · Last modified: 2015-02-12 17:06 by glen