Time to upgrade CB 2.0 to support Apache 2.4.9

interfasys

interfasys

Verified User
Joined
Oct 31, 2003
Messages
1,824
Location
Switzerland
Apache 2.4.9 will be released soon and some patches in CB won't be needed any more.

Changelog:
http://httpd.apache.org/dev/dist/CHANGES_2.4.9

Some of the changes which may affects the patches some of us use:
  • mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout. [Jan Kaluza]
  • mod_proxy: Added support for unix domain sockets as the backend server endpoint [Jim Jagielski, Blaise Tarr <blaise tarr gmail com>]
  • FreeBSD: Disable IPv4-mapped listening sockets by default for versions 5+ instead of just for FreeBSD 5
  • mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore, and IgnoreInherit to allow RewriteRules to be pushed from parent scopes to child scopes without explicitly configuring each child scope. PR56153. [Edward Lu <Chaosed0 gmail com>]


Patches still required:
 
Last edited:
I would like to add that UDS support is already included into 2.4.9 :) But they have not added https://gist.github.com/progandy/6ed4eeea60f6277c3e39/, which is sad, but I'll probably use it as a patch :) CB 2.0 is getting more stable very soon! I hope we may have RC7 this/next month and a stable release after it. Stay ready for a lot of changes in PHP-FPM part.

http://httpd.apache.org/dev/dist/CHANGES_2.4.9 said:
*) mod_proxy: Added support for unix domain sockets as the
backend server endpoint [Jim Jagielski, Blaise Tarr
<blaise tarr gmail com>]
Click to expand...
 
Martynas,
did you manage to:
- resolve subdomain webmail.domain.com problem ?
- resolve problem with hostname.com/ webmail and phpmyadmin

i didnt try php fpm for some time now but i am hoping that nginx apache will work ok because this is the fastest combination i think. Php-fpm is not as fast as nginx and apache with fastcgi or fpm.

But fastcgi and apache is even now with tuning working fine. I have 700 domains on one server and it works woth load 0.70. In avarage.

On the other way i am managing vps with nginx and a high load of users in internet store without a problem. So i am looking forward to nginx and apache.



And what do you think? :)
 
smtalk said:
I would like to add that UDS support is already included into 2.4.9 :) But they have not added https://gist.github.com/progandy/6ed4eeea60f6277c3e39/, which is sad, but I'll probably use it as a patch :) CB 2.0 is getting more stable very soon! I hope we may have RC7 this/next month and a stable release after it. Stay ready for a lot of changes in PHP-FPM part.
Click to expand...
mod_proxy_handler should simplify things :) and good news about RC7.

Arieh said:
Now that it's released (http://forum.directadmin.com/showthread.php?t=48588) - will it be in CB like normal or do we need to wait for changes?
Click to expand...
CB 2.0 definitely needs to be upgraded or you won't be able to upgrade Apache, but maybe a new version hit the servers.
 
Hello,

As an update, Martynas has already updated the 2.0 scripts, but I've not yet published them to the files servers.
The reason is that we're having issues in that Apache doesn't want to start up (not as likely related to CB itself).
It appears to be a change in their SSL checks for the "DH PARAMETERS", but we're still investigating what we need to do to jump through these new hoops.

I believe the 1.1/1.2 scripts, if set to use Apache 2.4, should be ok as they are, as they don't need the extra patches for fastcgi/php-fpm.
But they may also be affected by the DH PARAMETERS issue.

I'll post when we know more.

John
 
DirectAdmin Support said:
Hello,

As an update, Martynas has already updated the 2.0 scripts, but I've not yet published them to the files servers.
The reason is that we're having issues in that Apache doesn't want to start up (not as likely related to CB itself).
It appears to be a change in their SSL checks for the "DH PARAMETERS", but we're still investigating what we need to do to jump through these new hoops.

I believe the 1.1/1.2 scripts, if set to use Apache 2.4, should be ok as they are, as they don't need the extra patches for fastcgi/php-fpm.
But they may also be affected by the DH PARAMETERS issue.

I'll post when we know more.

John
Click to expand...

We had a cPanel box that we upgraded from 2.4.7 to 2.4.9 that had the same exact issue... Apache basically thinks every SSL cert is invalid... "Expecting DH Parameters".. Other boxes had no issues going from 2.4.7 to 2.4.9 though... This was on Cent 5.10 x64...
 
That's the one. Tried on CentOS 6, 64-bit, and it worked fine. Testing on CentOS 5 32-bit hit the issue.
Will continue to poke at, and may end up adding an override into the custombuilds to check if it's CentOS 5, and internally keep 2.4.7 for that case.
As we're not the only one seeing the issue, I would imagine the Apache devs already know something's up.

John
 
It's definitely something with 2.4.9 as once we rolled back to 2.2.x (2.4.7 was pulled from EasyApache due to CVE which prevented its use) everything worked just fine...

Whats odd is that boxes with the same OS revision/build/etc upgraded just fine and new installs went without a hitch.

cPanel wasn't able to determine the cause and is why we ultimately downgraded (in the meantime though we had just removed all the ssl vhosts from httpd.conf to get Apache online again)

We had tried even generating new DH params with a key length of 1024 and that didn't help. Being that the box was in production we weren't able to keep it online in that state for too long so our diag. and debug time was limited to about an hour.
 
Finally figured it out.. I think. Spent a few too many hours at it, but got some results.
I've posted it here:
http://www.directadmin.com/features.php?id=1575

Basically from what I've observed, on CentOS 5, any SSL VirtualHost requires a SSLCACertificateFile entry.
If this is a working fix (more testing needed), we can move on to the other things, like testing the new files without the patches.

John
 
That is great news. However, would it be possible to make Apache 2.4.9 available already now for us that use CentOS 6.x, so that we don't have to wait so long before we can upgrade? I am running CentOS 6.x with cb 2.0, mod_php and mod_ruid2 on all my servers, and really would like to upgrade Apache as soon as possible.
 
You can grab it now, but only with CustomBuild 1.2, as CB2.0 has patches which won't work.
So for 1.2, type:
Code: 
cd /usr/local/directadmin/custombuild
perl -pi -e 's/2.4.7/2.4.9/' versions.txt
./build apache
./build php n
John
 
Martynas has updated CustomBuild 2.0 a version check for the patches, so do a "./build update" and use the above versions.txt changes to install Apache 2.4.9.

As mentioned before, CentOS 5 needs actual changes to DA itself in how the VirtualHosts are written.
I've finished those changes, and they are available in the pre-release guide.
You'll need a full ./build rewrite_confs, after getting the latest build scripts and DA (else, you'll get the DH PARAMETERS errors).
I hope to get a release candidate of DA 1.45.1 out within the next week or two, to address some bugs/code-rewrites.

John
 
Hi John.
Hi Martynas.

Compiled on Debian 6.0 64-bit
Compile Date Apr 14 2014, 13:44:28

#PHP Settings
php1_release=5.3
php1_mode=php-fpm
php2_release=no
php2_mode=php-fpm
htscanner=yes
php_ini=no
php_timezone=CEST
php_ini_type=production
ioncube=yes
zend=yes
x_mail_header=yes
#WEB Server Settings
webserver=apache
apache_ver=2.4
mod_ruid2=no
secure_htaccess=no
harden_symlinks_patch=no
use_hostname_for_alias=auto
redirect_host=
redirect_host_https=no

We get the "OLD" error "Got error 'Primary script unknown\n'" and the side shows File not found.

We will try it now on centos6.5 (64)
 
Last edited:
Same on Centos 6.5 (64)

Compiled on CentOS 6.0 64-Bit
Compile Date Apr 14 2014, 13:44:38

#PHP settings.
#Default version of PHP is always php1_release. Possible values for php1/php2_release: 5.3, 5.4, 5.5, no. php1/php2_mode: mod_php, fastcgi, php-fpm or suphp)
php1_release=5.3
php2_release=5.5
php1_mode=php-fpm
php2_mode=php-fpm
htscanner=yes
php_ini=no
php_timezone=CET
#Possible values - production or development
php_ini_type=production
ioncube=yes
x-mail-header=yes
zend=yes

#HTTP server. Possible values: apache, nginx
webserver=apache

#Apache settings
#Possible value: 2.4
apache_ver=2.4
mod_ruid2=no
secure_htaccess=yes
harden-symlinks-patch=no
use_hostname_for_alias=no
redirect_host=
redirect_host_https=yes
 
Sorry guys, the User httpd.conf templates have not yet been updated for the new Apache 2.4.9 changes with php-fpm.
We've done some very early testing with the new syntax, but the heartbleed bug, and then the apache 2.4.9 running issues threw a wrench in that timeline.
Until we add them, 2.4.7 would be needed, else use fastcgi or CLI+mod_ruid2.

If anyone is curious, we have a "commented out" section which would never get triggered in the pre-release binaries.. but only in the virtual_host2.conf (at which point, we noticed the apache run bug with CentOS 5 and got side-tracked)
It looks something like this, but we've not yet got around to even start it's testing, so not sure if it's correct:
Code: 
|*if HAVE_PHP1_FPM_NEW="1"|
    <Proxy "unix:/usr/local/php|PHP1_RELEASE|/sockets/|USER|.sock|fcgi://php-fpm|PHP1_RELEASE|.|USER|/">
        ProxySet min=0
    </Proxy>
    <FilesMatch "\.(inc|php|phtml|phps|php|PHP1_RELEASE|)$">
        AddHandler "proxy:fcgi://php-fpm|PHP1_RELEASE|.|USER|/" .inc .php .phtml .php|PHP1_RELEASE|
    </FilesMatch> 
|*endif|
If you want to try it out, basically, change the HAVE_PHP1_FPM_NEW to be HAVE_PHP1_FPM, and then change HAVE_PHP1_FPM to be HAVE_PHP1_FPM_OLD so they don't get triggered.
Similar entries would be needed in the other 3 virtual_host2*.conf files, modified accordingly for their types.

Once we get around to the changes, we'd have extra checks for which version of apache it is, as that would be important in case some have not yet updated the Apache version to 2.4.9... it need to work for both old and 2.4.9 version.

John
 
Thanks. But in CB 2.0 the newest Apache version is still 2.4.7. So I guess we need to wait until the next DirectAdmin version is released with all the patches?

By the way, I am running CentOS 6.5 64bit, mod_php + mod_ruid2, and after what I understand, it should be safe to upgrade to Apache 2.4.9. Would it be possible to add Apache 2.4.9 to those of us running CB 2.0, CentOS 6.5 and mod_php + mod_ruid2? If not, I will just wait for next DirectAdmin version ...
 
Yes, it should be safe to move to 2.4.9 using CB 2.0 by editing the versions.txt file.
 
You must log in or register to reply here.
Back
Top