Time to upgrade CB 2.0 to support Apache 2.4.9

[Marwen]

CentOS 6.0 64-Bit
DA 1.45.1

Custombuild Setting:
#PHP settings.
#Default version of PHP is always php1_release. Possible values for php1/php2_release: 5.3, 5.4, 5.5, no. php1/php2_mode: mod_php, fastcgi, php-fpm or suphp)
php1_release=5.3
php2_release=no
php1_mode=php-fpm
php2_mode=php-fpm
htscanner=no
php_ini=yes
php_timezone=CET
#Possible values - production or development
php_ini_type=production
ioncube=yes
x-mail-header=yes
zend=yes

#HTTP server. Possible values: apache, nginx
webserver=apache
#Apache settings
#Possible value: 2.4
apache_ver=2.4
mod_ruid2=no
secure_htaccess=yes
harden-symlinks-patch=no
use_hostname_for_alias=yes
redirect_host_https=yes

suhosin=yes
apache_mpm=auto
suhosin_php_uploadscan=yes


works like a charm !! Thanks Martynas
Will try on monday Debian 6 and 7 64 Bit

 

[smtalk]

Once again Happy Birthday

Thank you!!!

The DA version is 1.45.1 and we are not using any custom templates.

I already tried the following:

cd /usr/local/directadmin/custombuild
./build set htscanner no
perl -pi -e 's|extension=htscanner.so|;extension=htscanner.so|' /usr/local/php55/lib/php.conf.d/directadmin.ini
service php-fpm55 restart

But no luck..

That seems to be a bug of apache 2.4.9, but seems to affect CentOS 5.x systems only, and might be PCRE-version releated: https://issues.apache.org/bugzilla/show_bug.cgi?id=56413

 

[Jan_E]

That's the following bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=56413. Please do:

./build set htscanner no

And it would work fine then.

As Davidd1 already said: this does not work. I have the same config: Latest DA, Centos 5.9 64bit, CB 2.0, PHP 5.5 as mod_php & PHP 5.3 as fastcgi, htscanner no.

I went back to Apache 2.4.7, which took some time because I had to find out how to do that. There is a custom apache config:

bash-3.2# diff custom/ap2/configure.apache configure/ap2/configure.apache
3d2
<       "--with-expat=builtin" \
bash-3.2#

IIRC correctly this had something to do with a unrecognized format.

My production server is now running happily again with Apache 2.4.7 & PHP 5.5.12. If you find out how to upgrade on Centos 5 I can experiment on our dev server. That one has the same config. Our hosting provider even has the facility to clone the production server to the dev.

 

[Jan_E]

@smtalk: Did you just update custombuiuld?

--2014-05-02 16:11:54--  http://files1.directadmin.com/services/custombuild/2.0/custombuild.tar.gz

Edit: new comment at https://issues.apache.org/bugzilla/show_bug.cgi?id=56413

 

[Jan_E]

@smtalk: copying the new support/apxs to /usr/sbin (after a chmod 755) solved the problem!
https://issues.apache.org/bugzilla/show_bug.cgi?id=56413#c10

Strange that a 'make install' does not install a new apxs.

 

[Jan_E]

Thank you, John. When I replaced "SSLCipherSuite RC4-SHA:HIGH:!ADH" with "SSLCipherSuite HIGH:!aNULL:!MD5" both places in httpd-ssl.conf, and then run the test at https://www.ssllabs.com/ssltest/index.html again, it fixed both warning about RC4 and Forward Secrecy, and I now get a "A" without "-".

On a Windows 2008R2 machine I even managed to get a A+. Relevant Ciphersuites:

SSLProtocol -ALL +SSLv3 +TLSv1.2 +TLSv1.1 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH

The idea:
http://stackoverflow.com/questions/...-perfect-forward-secrecy-by-default-on-apache
I did not yet test this on my Centos+Directadmin machines.

 

[DirectAdmin Support]

@smtalk: copying the new support/apxs to /usr/sbin (after a chmod 755) solved the problem!
https://issues.apache.org/bugzilla/show_bug.cgi?id=56413#c10

Strange that a 'make install' does not install a new apxs.

Actually, I believe apxs is installed to

/usr/bin/apxs

for apache 2.4.

Older versions of apache, like 2.2, use:

/usr/sbin/apxs

CB should already be creating a symbolic link from sbin/apxs to bin/apxs.. but if sbin/apxs was already there (a binary, not a link), then it would end up using the wrong one.

What I've done is added code to delete the /usr/sbin/apxs right before the "make install" of apache.
This will leave only the newly installed /usr/bin/apxs, and then the link will happen normally, so everything else can still find it at /usr/sbin/apxs.

As for why it changes from sbin to bin from 2.2 to 2.4, I'm not too sure...
The configure.apache files we use are nearly identical, so it may just be a new Apache policy from 2.2 to 2.4... or something along those lines, I'm really not sure.

Either way,the removal should solve it.
It's uploaded to files1, and will be available on all mirrors within 24 hours.

John

 

[Jan_E]

OK, works fine! My production server is now on 2.4.9 as well.

 

[gate2vn]

Still having this error with some old servers. I have downloaded from files1 already. Even Apache can start and work, but wondering why this error is still there?

Installing header files
Installing build system files
Installing man pages and online manual
make[1]: Leaving directory `/usr/local/directadmin/custombuild/httpd-2.4.9'
Restoring certificate and key, and turning on httpd for DirectAdmins's check.
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
[Sun May 04 13:28:39.208534 2014] [core:crit] [pid 342740] AH00102: [Sun May 04 13:28:39 2014] file mod_setenvif.c, line 637, assertion "is_header_regex_regex != NULL" failed
/usr/sbin/apachectl: line 79: 342740 Aborted $HTTPD "$@"
CMake Error at cmake/FindApacheForCPanel.cmake:21 (STRING):
string begin index: 23 is out of range 0 - 0
Call Stack (most recent call first):
CMakeLists.txt:154 (FIND_PACKAGE)


-- Version ...
-- apache 1.3 detected...
-- Not Found Apache Bin Directory: /usr/sbin, HTTPD_MODULES-NOTFOUND
-- Found Apache1.3: /usr/include/apache
-- Configuring incomplete, errors occurred!
[Sun May 04 13:28:39.251937 2014] [core:crit] [pid 342747] AH00102: [Sun May 04 13:28:39 2014] file mod_setenvif.c, line 637, assertion "is_header_regex_regex != NULL" failed
/usr/sbin/apachectl: line 79: 342747 Aborted $HTTPD "$@"
CMake Error at cmake/FindApacheForCPanel.cmake:21 (STRING):
string begin index: 23 is out of range 0 - 0
Call Stack (most recent call first):
CMakeLists.txt:154 (FIND_PACKAGE)


-- Version ...
-- apache 1.3 detected...
-- Not Found Apache Bin Directory: /usr/sbin, HTTPD_MODULES-NOTFOUND
-- Found Apache1.3: /usr/include/apache
-- Configuring incomplete, errors occurred!
make: *** [cmake_check_build_system] Error 1
Restarting apache.
Stopping httpd: [ OK ]
Starting httpd:

 

[smtalk]

Is it CustomBuild 1.1?

 

[gate2vn]

Is it CustomBuild 1.1?

No, it's 2.0.0-RC7 (rev: 694)

 

[DirectAdmin Support]

Check:

ls -la /usr/bin/apxs
ls -la /usr/sbin/axps

We're looking at the date stamp on each file, where 2.4 should be saving to /usr/bin/apxs... and CB should be creating a link:

/usr/sbin/apxs -> /usr/bin/apxs

John

 

[gate2vn]

I guess you want to check /usr/sbin/apxs, so it's there.

# ls -la /usr/bin/apxs
-rwxr-xr-x 1 root root 23505 May 5 12:58 /usr/bin/apxs
# ls -la /usr/sbin/apxs
lrwxrwxrwx 1 root root 13 May 5 12:59 /usr/sbin/apxs -> /usr/bin/apxs

 

[Jan_E]

I did not get the errormessage anymore while updating PHP, but now I see it again at a './build versions':

bash-3.2# ./build versions
Latest version of DirectAdmin: 1.45.2
Installed version of DirectAdmin: 1.45.2

[Tue May 06 16:40:38.356317 2014] [core:crit] [pid 18124] AH00102: [Tue May 06 16:40:38 2014] file mod_setenvif.c, line 637, assertion "is_header_regex_regex != NULL" failed
Latest version of Apache: 2.4.9
Installed version of Apache:

Apache  to 2.4.9 update is available.
bash-3.2#

Apache 2.4.9 is already installed...

 

[gate2vn]

I am running cron daily, and even with 2.4.9-ready servers, the crons keep informing that

Apache to 2.4.9 update is available

 

[DirectAdmin Support]

Apache to 2.4.9 update is available

I just got that same message on our CentOS 5 64-bit box (even though apache 2.4.9 was running file).
A change to the build script to change the LD_LIBRARY_PATH to look like this:

LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib:/usr/lib64:/usr/lib:/lib64:/lib

followed by an apache recompile, seems to have fixed it for that box.
The change is now in all custombuilds on files1.
Let us know if that works for you (just confirm you see that exact LD_LIBRARY_PATH in the build script, and not the older version which is close, but different)

John

 

[vancanneyt]

With the new version of apache and the newer configs i noticed this error message from apache on one of the sites on my server:

Wed May 07 10:07:23.909578 2014] [proxy_fcgi:error] [pid 2428:tid 140198383888128] [client 213.238.175.57:36359] AH01068: Got bogus version 230
[Wed May 07 10:07:23.909643 2014] [proxy_fcgi:error] [pid 2428:tid 140198383888128] (22)Invalid argument: [client 213.238.175.57:36359] AH01075: Error dispatching request to :

Did not found much on it on google, thought i'd ask here ;-)

 

[smtalk]

With the new version of apache and the newer configs i noticed this error message from apache on one of the sites on my server:

Wed May 07 10:07:23.909578 2014] [proxy_fcgi:error] [pid 2428:tid 140198383888128] [client 213.238.175.57:36359] AH01068: Got bogus version 230
[Wed May 07 10:07:23.909643 2014] [proxy_fcgi:error] [pid 2428:tid 140198383888128] (22)Invalid argument: [client 213.238.175.57:36359] AH01075: Error dispatching request to :

Did not found much on it on google, thought i'd ask here ;-)

Are you using PHP-FPM? Please try the latest version of it in CB 2.0:

cd /usr/local/directadmin/custombuild
./build update
./build php n

 

[interfasys]

Just migrated to 2.4.10 and have noticed that this patch has still not been integrated
Persistent backend connections for ProxyPassMatch

The good news is that it should be in the next version of Apache.

 

[smtalk]

We don't use ProxyPassMatch anymore