Page 1 of 3 123 LastLast
Results 1 to 20 of 44

Thread: Apache 2.4.17 released

  1. #1
    Join Date
    Nov 2009
    Location
    São Paulo - Brazil
    Posts
    166

    Apache 2.4.17 released

    https://svn.apache.org/repos/asf/htt.../2.4.x/CHANGES

    Changes with Apache 2.4.17

    *) mod_http2: added donated HTTP/2 implementation via core module. Similar
    configuration options to mod_ssl. [Stefan Eissing]

    *) mod_proxy: don't recyle backend announced "Connection: close" connections
    to avoid reusing it should the close be effective after some new request
    is ready to be sent. [Yann Ylavic]

    *) mod_substitute: Allow to configure the patterns merge order with the new
    SubstituteInheritBefore on|off directive. PR 57641
    [Marc.Stern <Marc.Stern approach.be>, Yann Ylavic, William Rowe]

    *) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
    PR 56687. [Arne de Bruijn <apache arbruijn.dds.nl>

    *) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3,
    and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",
    in accordance with RFC 7568. PR 58349, PR 57120. [Kaspar Brand]

    *) mod_ssl: append :!aNULL:!eNULL:!EXP to the cipher string settings,
    instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
    and later). Enables support for configuring the SUITEB* cipher
    strings introduced in OpenSSL 1.0.2. PR 58213. [Kaspar Brand]

    *) mod_ssl: Add support for extracting the msUPN and dnsSRV forms
    of subjectAltName entries of type "otherName" into
    SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment
    variables. Addresses PR 58020. [Jan Pazdziora <jpazdziora redhat.com>,
    Kaspar Brand]

    *) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
    an SSL connection. PR 58454.
    [Konstantin J. Chernov <k.j.chernov gmail.com>]

    *) mod_cache: r->err_headers_out is not merged into
    r->headers when mod_cache is enabled and the response
    is cached for the first time. [Edward Lu]

    *) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
    can't create new (clear) slots while previous children gracefully stopping
    still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to
    restart whenever the number of configured balancers/members changed during
    restart. PR 58024. [Yann Ylavic]

    *) core/util_script: make REDIRECT_URL a full URL. PR 57785. [Nick Kew]

    *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
    records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
    Jeff Trawick, Jim Jagielski, Yann Ylavic]

    *) mod_proxy: Fix a race condition that caused a failed worker to be retried
    before the retry period is over. [Ruediger Pluem]

    *) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are
    loaded. [Eric Covener]

    *) mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting
    ';' as an alternate separator. PR47241.
    [<bugzilla schermesser com>, Eric Covener]

    *) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
    apxs -q. PR58202. [Daniel Shahaf <danielsh apache.org>]

    *) mod_rewrite: Avoid a crash when lacking correct DB access permissions
    when using RewriteMap with MapType dbd or fastdbd. [Christophe Jaillet]

    *) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
    PR 57868. [Jose Kahan <jose w3.org>, Yann Ylavic]

    *) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
    long to keep idle connections with the memcache server(s).
    Change default value from 600 usec (!) to 15 sec. PR 58091
    [Christophe Jaillet]

    *) mod_dir: Prevent the internal identifier "httpd/unix-directory" from
    appearing as a Content-Type response header when requests for a directory
    are rewritten by mod_rewrite. [Eric Covener]

  2. #2
    Join Date
    Apr 2009
    Posts
    2,132
    Apache 2.4.17 is not official released yet, [... edit ...] However I see it is already in custombuild. Thanks!

    It is about to be released official on wednesday: http://www.gossamer-threads.com/lists/apache/dev/451365
    Thx to all testers and contributors. I will start the process
    of pushing to the mirrors and will announce on Weds.
    Last edited by ditto; 10-13-2015 at 02:04 AM.

  3. #3
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,056
    ditto, why do you think it's not an official release? It is. Apache needs the mirrors to catch up, and only when they do, the official announcement is placed on their page. This is the reason why a delay exists between the official tarballs and announcement of the release.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  4. #4
    Join Date
    Jul 2006
    Location
    isreal
    Posts
    466
    what about this?
    https://httpd.apache.org/docs/2.4/mod/mod_http2.html
    need changes to http2 ssl on virtualhost =]
    Quote Originally Posted by smtalk View Post
    ditto, why do you think it's not an official release? It is. Apache needs the mirrors to catch up, and only when they do, the official announcement is placed on their page. This is the reason why a delay exists between the official tarballs and announcement of the release.

  5. #5
    Join Date
    Jan 2011
    Posts
    16
    tried to build this version with http2 support,but failed..anyone can tell me how to enable http2 when using directadmin?

  6. #6
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,056
    It's most likely that your OpenSSL does not support ALPN extension. Please follow these steps to get HTTP/2 enabled with apache:
    1) Install OpenSSL, with ALPN support:
    Code:
    wget ftp://ftp.openssl.org/source/openssl-1.0.2e.tar.gz
    tar xzf openssl-1.0.2e.tar.gz
    cd openssl-1.0.2e
    ./config --prefix=/usr/local/lib_http2 no-ssl2 no-ssl3 zlib-dynamic
    make depend
    make install
    2) Install nghttp2:
    Code:
    cd /usr/local/directadmin/custombuild
    ./build update
    ./build nghttp2
    3) Enable http2 in Apache:
    Code:
    cd /usr/local/directadmin/custombuild
    mkdir -p custom/ap2
    cp -p configure/ap2/configure.apache custom/ap2/configure.apache
    Edit custom/ap2/configure.apache, find:
    Code:
        "--with-ssl=/usr" \
    Replace with:
    Code:
        "--enable-http2" \
        "--enable-ssl-staticlib-deps" \
        "--with-ssl=/usr/local/lib_http2" \
    Re-install apache:
    Code:
    ./build apache
    4) Configure Apache to run http2:
    Code:
    echo 'ProtocolsHonorOrder On' >> /etc/httpd/conf/extra/httpd-includes.conf
    echo 'Protocols h2 h2c http/1.1' >> /etc/httpd/conf/extra/httpd-includes.conf
    Update SSL Ciphers in /etc/httpd/conf/extra/httpd-ssl.conf:
    Code:
    cd /usr/local/directadmin/custombuild
    ./build rewrite_confs
    Restart apache now
    Last edited by smtalk; 12-19-2015 at 12:10 PM. Reason: Fixed download URL
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  7. #7
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    195
    Hi Martynas,

    Regarding your last 2 steps:
    httpd-includes.conf is empty (not anymore after the echo protocols step). SSLCipherSuite can be found in /etc/httpd/conf/extra/httpd-ssl.conf

    What is the reason we compile nghttp2? No libs are used to compile in apache and nghttp2 seems to be a proxy which you put in front of apache?
    Last edited by DutchTSE; 10-17-2015 at 02:22 AM.

  8. #8
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,056
    Please check:
    Code:
    ldd /usr/sbin/httpd
    And make sure it does not load libssl.so there
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  9. #9
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    195
    Quote Originally Posted by smtalk View Post
    Please check:
    Code:
    ldd /usr/sbin/httpd
    And make sure it does not load libssl.so there
    [root@]# ldd /usr/sbin/httpd
    linux-vdso.so.1 => (0x00007ffead7f6000)
    libnghttp2.so.14 => /usr/local/lib/libnghttp2.so.14 (0x00007f9cf48cb000)

    Got it
    However http2 isn't working (yet).. not sure why not.
    (Server Version: Apache/2.4.17 (Unix) OpenSSL/1.0.2d)

  10. #10
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,056
    Make sure your web browser supports it. Chrome has a good indicator for it called "HTTP/2 and SPDY indicator" Make sure you still have the protocol lines in /etc/httpd/conf/extra/httpd-includes.conf.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  11. #11
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    195
    I am testing it using gtmetrix, webpagetest.org and firefox 41 (my own browser). Just tested Chrome with the indicator which says h2 enabled, but the server is serving http/1.1 (access log of the domain says the same).
    httpd-includes is correct.

    Summary:
    [root@]# apachectl -t -D DUMP_MODULES | grep http2
    http2_module (static)

    [root@]# ldd /usr/sbin/httpd | grep http2
    libnghttp2.so.14 => /usr/local/lib/libnghttp2.so.14 (0x00007f3dea552000)

    [root@]# ldd /usr/sbin/httpd | grep ssl
    [root@]#

    [root@]# httpd -v
    Server version: Apache/2.4.17 (Unix)
    Server built: Oct 17 2015 11:45:49

    For some reason google Chrome is showing some more info now, however access log still says HTTP/1.1
    Last edited by DutchTSE; 10-17-2015 at 03:27 AM.

  12. #12
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,056
    Access log still says 1.1, because it's not yet fixed in Apache 2.4.17 It'll show http/2 in 2.4.18. More info of how to check if FireFox is using http/2: https://icing.github.io/mod_h2/howto.html
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  13. #13
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    195
    Quote Originally Posted by smtalk View Post
    Access log still says 1.1, because it's not yet fixed in Apache 2.4.17 It'll show http/2 in 2.4.18. More info of how to check if FireFox is using http/2: https://icing.github.io/mod_h2/howto.html
    Among the response headers, you see this strange X-Firefox-Spdy entry listing "h2". That is the indication that HTTP/2 is used on this https: connection.

    Got that I assume it works then Thnx Martynas for your support.

  14. #14
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,056
    Quote Originally Posted by DutchTSE View Post
    What is the reason we compile nghttp2? No libs are used to compile in apache and nghttp2 seems to be a proxy which you put in front of apache?
    Please read https://httpd.apache.org/docs/2.4/mod/mod_http2.html before using the module Quote:
    This module relies on libnghttp2 to provide the core http/2 engine.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  15. #15
    Join Date
    Jan 2011
    Location
    New York
    Posts
    135
    Quote Originally Posted by smtalk View Post
    Code:
    wget http://openssl.org/source/openssl-1.0.2d.tar.gz
    tar xzf openssl-1.0.2d.tar.gz
    cd openssl-1.0.2d
    ./config --prefix=/usr/local/lib_http2 no-ssl2 no-ssl3 zlib-dynamic
    make depend
    make install
    How does this affect system installed OpenSSL version?
    Need to contact DirectAdmin? Use SafeSubmit
    PM me for great SSL prices
    Got questions? Shoot me a PM!
    Check out my blog

  16. #16
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,056
    Quote Originally Posted by scrupul0us View Post
    How does this affect system installed OpenSSL version?
    It does not affect it at all. Only static libraries, and only /usr/local/lib_http2 path is used for OpenSSL 1.0.2d So, system binaries do not see the installation of OpenSSL 1.0.2d at all. To remove everything you got installed with previous commands, it's enough to simply execute "rm -rf /usr/local/lib_http2"
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  17. #17
    Join Date
    Jan 2011
    Location
    New York
    Posts
    135
    Quote Originally Posted by smtalk View Post
    It does not affect it at all. Only static libraries, and only /usr/local/lib_http2 path is used for OpenSSL 1.0.2d So, system binaries do not see the installation of OpenSSL 1.0.2d at all. To remove everything you got installed with previous commands, it's enough to simply execute "rm -rf /usr/local/lib_http2"
    Thank you my good man!
    Need to contact DirectAdmin? Use SafeSubmit
    PM me for great SSL prices
    Got questions? Shoot me a PM!
    Check out my blog

  18. #18
    Join Date
    Jan 2011
    Location
    New York
    Posts
    135
    Actually one more thing, does compiling Apache with this version of OpenSSL allow us to use TLS 1.2 in Apache where the original OS version of OpenSSL might not support it?

    Thank you =)
    Last edited by scrupul0us; 10-27-2015 at 06:51 AM.
    Need to contact DirectAdmin? Use SafeSubmit
    PM me for great SSL prices
    Got questions? Shoot me a PM!
    Check out my blog

  19. #19
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,056
    Yes, it does
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  20. #20
    Join Date
    Jan 2011
    Location
    New York
    Posts
    135
    OK thanks... I am having an issue though since the openssl update, phpinfo() for customers shows:

    OpenSSL support enabled
    OpenSSL Library Version OpenSSL 1.0.2d 9 Jul 2015
    OpenSSL Header Version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

    But on the command line:

    OpenSSL support => enabled
    OpenSSL Library Version => OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    OpenSSL Header Version => OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

    Why the discrepancy? This appears to be causing segfaults in /var/log/httpd/error_log when customers run functionality of php_openssl in their scripts.
    Need to contact DirectAdmin? Use SafeSubmit
    PM me for great SSL prices
    Got questions? Shoot me a PM!
    Check out my blog

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •