Apache 2.4.27

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
8,500
Hello,

Apache 2.4.27 has been added to files1, and CustomBuild 2.0 has been updated (rev 1679).


Annoucement:
http://www.apache.org/dist/httpd/Announcement2.4.html

To update:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build apache
./build mod_ruid2    #if set
./build php n        #if mod_php is used
./build rewrite_confs
Anytime you update apache, we recommend recompiling and modules that are compiled against it, like mod_php, mod_ruid2, or anything else, like mod_security, etc.. If unsure, just run "./build all d".


Note that HTTP/2 will not work with mpm prefork anymore (mod_php).
So if you want to use HTTP/2, you must be using mpm_event,
which is done automatically when you use php-fpm.


Here is changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.27

If you have http2=1 set in the directadmin.conf and are using mpm_prefork (because of mod_php), a message will be shown:
Code:
**************************************


[B]Apache 2.4.27 and higher will not negotiate http2 with mpm_prefork. Use php-fpm for mpm_event, and not mod_php.${boldoff} or disable http2 in the directadmin.conf[/B]
http://www.apache.org/dist/httpd/CHANGES_2.4.27


**************************************
If http2 has sparked your interest, the install steps are here, with the requiment to install openssl 1.0.2k in a custom manner. See:
https://www.directadmin.com/features.php?id=1884

Please allow up to 24 hours for the other directadmin filesX mirrors to update.

Thanks!

John
 
I updated flawlessly on FreeBSD 11.

The http2=1 in directadmin.conf works fine too (http2 + alpn is supported). I am using OpenSSL from base and it is 1.0.2k:

/usr/local/directadmin/custombuild # openssl version
OpenSSL 1.0.2k-freebsd 26 Jan 2017

Good job DA staff!

P.S. You put a strange notice on the https://www.directadmin.com/features.php?id=1884 page

"DO NOT USE 1.0.2h or newer...".

Well 1.0.2k is newer and it works... It's also in your tutorial. Did you meant the 1.1.0 branch?

You should probably put a message on that page that FreeBSD users should disregard the info for installing OpenSSL - they have it by default...
 
Last edited:
The Apache upgrade was painless for me to. Regarding HTTP/2 I am going to wait for RedHat/CentOS 7.4 to be released, because it seems CentOS 7.4 will have whats needed in OpenSSL version, that way I can use the default OpenSSL from yum. Here is a quote from a article about RedHat 7.4 beta: http://www.zdnet.com/article/ready-for-more-red-hat-rhel-7-4-beta-released/

OpenSSL HTTP/2.0 enhancements. This enables several new OpenSSL Transport Layer Security (TLS) protocol features such as Application-Layer Protocol Negotiation (ALPN). With this application-layer protocols are encapsulated in the TLS and the protocol selection negotiation happens within the TLS handshake. The net result is faster security handshakes with higher level encryption protocols.

Hopefully it will not be to many months to wait for CentOS 7.4 to be released.
 
Apache 2.4.26 had issues with PHP-FPM, which could be fixed by adding "ProxyFCGIBackendType GENERIC".

The 2.4.27 release notes say:
- FastCGI compatibility with PHP-FPM is fixed

Does this mean that the "ProxyFCGIBackendType GENERIC" setting isn't required anymore?
 
Warnings ??
configuring httpd-2.4.27
aclocal: Warning: Autoconf input should be named 'configure.ac', not 'configure.in'
acinclude.m4:607: Warning: Underquoted definition of apache_check_systemd

checking for ldap support in apr/apr-util... no
configure: WARNING: apr/apr-util is compiled without ldap support

configure: WARNING: apr/apr-util is compiled without ldap support

configure: WARNING: Your APR does not include SSL/EVP support. To enable it: configure --with-crypto

libtool: warning: relinking 'libaprutil-1.la'

Problems or not while warnings?

Update succeeded and yep http2 the old way from SMTALK

centos7 and PHPfpm
 
Last edited:
Anytime you update apache, we recommend recompiling and modules that are compiled against it, like mod_php, mod_ruid2, or anything else, like mod_security, etc..

Usually, I rely on the custombuild cron checking daily. Can CB check options, and if these options are set, the cron will automatically recompile those modules?
 
I wouldn't advise that. It's better to update apache manually or write a script to update apache which will check for set options or just recompile the things you define.
 
Back
Top