Time to upgrade CB 2.0 to support Apache 2.4.9

Thank you, @smtalk. I have now upgraded two servers to Apache 2.4.9, they are running CentOS 6.5 64bit, one with php 5.5.x and another with php 5.4.x, and there was no problems. I will now upgrade the rest of my servers. I did not run ./build rewrite_confs, because I am thinking it is better to wait until the next version of DirectAdmin is released before I do that.

However when I check my servers at https://www.ssllabs.com/ssltest/index.html , I get "only" a "A-", it would be nice to get a "A" without the "-". :) Is this something that you can consider to change/improve as default for custombuild/apache? Here are the reason I get the "-" when running test on the link above:

RC4 cipher is used with TLS 1.1 or newer protocols, even though stronger ciphers are available. Grade reduced to A-. MORE INFO »
Click to expand...

The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-. MORE INFO »
Click to expand...

(Click on "MORE INFO" link in the quoted text for information about these things.) It would be great if the default DirectAdmin settings for Apache could be with changes for these two things. Thanks!
 
Hello,

Check the following file:
Code: 
/etc/httpd/conf/extra/httpd-ssl.conf
we're looking for this code:
Code: 
SSLHonorCipherOrder On
SSLCipherSuite HIGH:!aNULL:!MD5
which should actually appear twice.

Once globally before the section
Code: 
<VirtualHost _default_:443>
and once within that section. That *should* be killing RC4.

John
 
Thank you, John. When I replaced "SSLCipherSuite RC4-SHA:HIGH:!ADH" with "SSLCipherSuite HIGH:!aNULL:!MD5" both places in httpd-ssl.conf, and then run the test at https://www.ssllabs.com/ssltest/index.html again, it fixed both warning about RC4 and Forward Secrecy, and I now get a "A" without "-".

Also when I test by doing I ./build rewrite_confs, I can see that you have added those changes to httpd-ssl.conf as default, great, then I don't need to think about this again, it's now default in DirectAdmin. :)
 
Last edited:
Maybe im still missing something
I have DA 1.45.1
CB 2.0 and downloading from server1
but still dont see apache 2.4.9 when i do ./build versions
As far i can see some people already update this trough CB 2.0, how did thy do this ?

any quick how to ?
 
DirectAdmin Support said:
You can grab it now, but only with CustomBuild 1.2, as CB2.0 has patches which won't work.
So for 1.2, type:
Code: 
cd /usr/local/directadmin/custombuild
perl -pi -e 's/2.4.7/2.4.9/' versions.txt
./build apache
./build php n
John
Click to expand...

I tought this was for CB 1.2 i have CB 2.0

EDIT: It seems to work also with CB 2.0, just upgraded to 2.4.9 :)
Thanks !
 
Last edited:
works like a charm, upgraded with visually no problems but in error log there is a problem:
Warning: Unknown: open_basedir restriction in effect. File(//.htaccess) is not within the allowed path(s): (/home/user1/:/tmp/:/var/tmp/:/usr/local/php55/lib/:/usr/local/php54/lib/:/usr/local/php55/lib/:/usr/local/lib/php/) in Unknown on line 0\nPHP message: PHP Warning: Unknown: open_basedir restriction in effect. File(//home/.htaccess) is not within the allowed path(s): (/home/user1/:/tmp/:/var/tmp/:/usr/local/php55/lib/:/usr/local/php54/lib/:/usr/local/php55/lib/:/usr/local/lib/php/) in Unknown on line 0\n'
Click to expand...

tried rewrite_confs but did not solve the issue.
PHP 5.5 installed, apache 2.4.9
 
Are you using PHP-FPM? Please try:
Code: 
cd /usr/local/directadmin/custombuild
./build set htscanner no
perl -pi -e 's|extension=htscanner.so|;extension=htscanner.so|' /usr/local/php55/lib/php.conf.d/directadmin.ini
service php-fpm55 restart
 
smtalk said:
Are you using PHP-FPM? Please try:
Code: 
cd /usr/local/directadmin/custombuild
./build set htscanner no
perl -pi -e 's|extension=htscanner.so|;extension=htscanner.so|' /usr/local/php55/lib/php.conf.d/directadmin.ini
service php-fpm55 restart
Click to expand...

Using PHP-fpm indeed, tried solution as you mentioned and this works flawlessly. Thanks!
 
On Centos 5 with Custombuild 2.0 I am now getting theis error
Code: 
Sorry, I cannot run apxs.  Possible reasons follow:

1. Perl is not installed
2. apxs was not found. Try to pass the path using --with-apxs2=/path/to/apxs
3. Apache was not built using --enable-so (the apxs usage page is displayed)

The output of /usr/sbin/apxs follows:
[Fri May 02 00:35:37.096230 2014] [core:crit] [pid 17049] AH00102: [Fri May 02 00:35:37 2014] file mod_setenvif.c, line 637, assertion "is_header_regex_regex != NULL" failed
sh: line 1: 17049 Aborted                 /usr/sbin/httpd -l
apxs:Error: Sorry, no shared object support for Apache.
apxs:Error: available under your platform. Make sure.
apxs:Error: the Apache module mod_so is compiled into.
apxs:Error: your server binary `/usr/sbin/httpd'..
configure: error: Aborting

*** There was an error while trying to configure php. Check the configure file
On my servers with Centos 6 I do not encounter any problems. I might try to correct it, but maybe you should make some changes for the other Centos 5 users out there.
 
gate2vn said:
It's a bug https://issues.apache.org/bugzilla/show_bug.cgi?id=56413. It got this with one of my servers when converting from php-fpm to mod_php + mod_ruid2. Working around by build mod_ruid2 first in apache 2.4.7, then upgrade to 2.4.9
Click to expand...

I do not have a problem with 2.4.9. I installed 2.4.7 with mod_php + mod_ruid2 and then upgraded to 2.4.9 via CB2. Everything worked nicely and compiled without errors, but I'm also on CentOS 6.5. Why not upgrade to 6.5 if 5 throw errors? I know that it can be a hassle and require time and patience, but in the long run you do yourself a favor by staying a little ahead. Just a thought and a confirmation on 2.4.9.
 
Centos 5.9 64bit
Apache 2.4.9
PHP 5.3
CB 2.0

after ./build php n I got this error:

File already exists: php-5.3.28.tar.gz
MD5 Checksum on php-5.3.28.tar.gz passed.
Found /usr/local/directadmin/custombuild/php-5.3.28.tar.gz
Extracting ...
Done.
Disabling asm/atomic in /usr/include/mysql/my_global.h
Configuring php-5.3.28...
creating cache ./config.cache
checking for Cygwin environment... no
checking for mingw32 environment... no
checking for egrep... grep -E
checking for a sed that does not truncate output... /bin/sed
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking how to run the C preprocessor... gcc -E
checking for icc... no
checking for suncc... no
checking whether gcc and cc understand -c and -o together... yes
checking how to run the C preprocessor... gcc -E
checking for AIX... no
checking whether ln -s works... yes
checking for system library directory... lib
checking whether to enable runpaths... yes
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking for gawk... gawk
checking for bison... bison -y
checking for bison version... 2.3 (ok)
checking for re2c... no
configure: warning: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking whether to enable computed goto gcc extension with re2c... no
checking whether to force non-PIC code in shared modules... no
checking whether /dev/urandom exists... yes
checking for pthreads_cflags... -pthread
checking for pthreads_lib...
Configuring SAPI modules
checking for AOLserver support... no
checking for Apache 1.x module support via DSO through APXS... no
checking for Apache 1.x module support... no
checking whether to enable Apache charset compatibility option... no
checking for Apache 2.0 filter-module support via DSO through APXS... no
checking for Apache 2.0 handler-module support via DSO through APXS...
Sorry, I cannot run apxs. Possible reasons follow:
1. Perl is not installed
2. apxs was not found. Try to pass the path using --with-apxs2=/path/to/apxs
3. Apache was not built using --enable-so (the apxs usage page is displayed)
The output of /usr/sbin/apxs follows:
[Fri May 02 11:04:05.762221 2014] [core:crit] [pid 14134] AH00102: [Fri May 02 11:04:05 2014] file mod_setenvif.c, line 637, assertion "is_header_regex_regex != NULL" failed
sh: line 1: 14134 Aborted /usr/sbin/httpd -l
apxs:Error: Sorry, no shared object support for Apache.
apxs:Error: available under your platform. Make sure.
apxs:Error: the Apache module mod_so is compiled into.
apxs:Error: your server binary `/usr/sbin/httpd'..
configure: error: Aborting
*** There was an error while trying to configure php. Check the configure file
Click to expand...
 
Last edited:
We upgraded one of our servers from Apache 2.4.7 to Apache 2.4.9 but right after that we had an issue which was the same issue as a few months back, we have the following config:

php1_release=5.5
php2_release=no
php1_mode=php-fpm
php2_mode=php-fpm
htscanner=no
php_ini=no
php_timezone=Europe/Amsterdam
#Possible values - production or development
php_ini_type=production
ioncube=yes
x-mail-header=yes
zend=yes

#HTTP server. Possible values: apache, nginx, (alpha: nginx_apache)
webserver=apache

#Apache settings
#Possible value: 2.4
apache_ver=2.4
mod_ruid2=no
secure_htaccess=no
Click to expand...

The problem is with PHP 5.5.11, Apache/2.4.9 in combination with PHP-FPM.

The problem is that the rewrite rules in the .htaccess are not working correctly, the following error comes in the error log:

[Fri May 02 09:21:02.165279 2014] [core:error] [pid 32668:tid 140065889134336] [client 123.123.123.123:45316] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
Click to expand...

I just reverted back to Apache/2.4.7 with PHP 5.5.11 (PHP-FPM) and everything is fine now.
 
Trans-IX B.V. said:
We upgraded one of our servers from Apache 2.4.7 to Apache 2.4.9 but right after that we had an issue which was the same issue as a few months back, we have the following config:



The problem is with PHP 5.5.11, Apache/2.4.9 in combination with PHP-FPM.

The problem is that the rewrite rules in the .htaccess are not working correctly, the following error comes in the error log:



I just reverted back to Apache/2.4.7 with PHP 5.5.11 (PHP-FPM) and everything is fine now.
Click to expand...

Are you sure you are using DA 1.45.1 and no custom templates in /usr/local/directadmin/data/templates/custom ?
 
Hi Martynas,

Once again Happy Birthday :)

The DA version is 1.45.1 and we are not using any custom templates.

I already tried the following:

Code: 
cd /usr/local/directadmin/custombuild
./build set htscanner no
perl -pi -e 's|extension=htscanner.so|;extension=htscanner.so|' /usr/local/php55/lib/php.conf.d/directadmin.ini
service php-fpm55 restart

But no luck..
 
Apache builds and installs, but then strange things happens. After building and installing apache, I am getting this:
Code: 
bash-3.2# ./build versions
Latest version of DirectAdmin: 1.45.1
Installed version of DirectAdmin: 1.45.1

[Fri May 02 11:08:44.898104 2014] [core:crit] [pid 14284] AH00102: [Fri May 02 11:08:44 2014] file mod_setenvif.c, line 637, assertion "is_header_regex_regex != NULL" failed
Latest version of Apache: 2.4.9
Installed version of Apache:

Apache  to 2.4.9 update is available.
bash-3.2#
custombuild does not report the version and wants to update Apache once again. Latest DA, no custom config, htscanner at no.
Code: 
bash-3.2# ls -la /usr/local/directadmin/data/templates/custom
total 8
drwx--x--x 2 diradmin diradmin 4096 Jan 22  2013 .
drwx--x--x 8 diradmin diradmin 4096 May  2 11:01 ..
bash-3.2# ./build update_da
Updating DirectAdmin
bash-3.2# ./build set htscanner no
Changed htscanner option from no to no
bash-3.2#
 
You must log in or register to reply here.
Back
Top