Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

December 15, 2005

Apache 2.2

Upgrading from version 2.0.55 to 2.2.0 of the world’s dominant WebServer was a bit more of a hassle than I thought it was going to be. So, herewith, some notes.

  1. The Apple-supplied version of sed doesn’t work with the installation script. You need the GNU version of sed, which you can get from fink.
  2. If, as I did, you have version 1.0 or 1.1 of apr installed, you need to build and install apr and apr-util 1.2 by hand, before building apache.
  3. Five standard modules disappeared, or were renamed, and fifteen new ones were added. You need to edit your httpd.conf file appropriately.
    --- httpd.conf.2.0      2005-12-04 02:11:43.000000000 -0600
    +++ httpd.conf  2005-12-15 02:09:16.000000000 -0600
    @@ -230,11 +230,27 @@
     # Example:
     # LoadModule foo_module modules/mod_foo.so
     #
    -LoadModule access_module modules/mod_access.so
    -LoadModule auth_module modules/mod_auth.so
    -LoadModule auth_anon_module modules/mod_auth_anon.so
    -LoadModule auth_dbm_module modules/mod_auth_dbm.so
     LoadModule auth_digest_module modules/mod_auth_digest.so
    +LoadModule auth_basic_module modules/mod_auth_basic.so
    +LoadModule authn_anon_module modules/mod_authn_anon.so
    +LoadModule authn_dbd_module modules/mod_authn_dbd.so
    +LoadModule authn_dbm_module modules/mod_authn_dbm.so
    +LoadModule authn_default_module modules/mod_authn_default.so
    +LoadModule authn_file_module modules/mod_authn_file.so
    +LoadModule authz_dbm_module modules/mod_authz_dbm.so
    +LoadModule authz_default_module modules/mod_authz_default.so
    +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
    +LoadModule authz_host_module modules/mod_authz_host.so
    +LoadModule authz_owner_module modules/mod_authz_owner.so
    +LoadModule authz_user_module modules/mod_authz_user.so
    +LoadModule dbd_module modules/mod_dbd.so
    +LoadModule filter_module modules/mod_filter.so
    +LoadModule version_module modules/mod_version.so
    +LoadModule log_forensic_module modules/mod_log_forensic.so
    +LoadModule logio_module modules/mod_logio.so
    +LoadModule dumpio_module modules/mod_dumpio.so
    +LoadModule ext_filter_module modules/mod_ext_filter.so
    +LoadModule ident_module modules/mod_ident.so
     LoadModule include_module modules/mod_include.so
     LoadModule log_config_module modules/mod_log_config.so
     LoadModule env_module modules/mod_env.so
    @@ -256,7 +272,7 @@
     LoadModule vhost_alias_module modules/mod_vhost_alias.so
     LoadModule negotiation_module modules/mod_negotiation.so
     LoadModule dir_module modules/mod_dir.so
    -LoadModule imap_module modules/mod_imap.so
    +LoadModule imagemap_module modules/mod_imagemap.so
     LoadModule actions_module modules/mod_actions.so
     LoadModule speling_module modules/mod_speling.so
     LoadModule userdir_module modules/mod_userdir.so
  4. You need to recompile PHP (and, potentially other 3rd party modules).
  5. The authentication modules have been extensively reworked. If you use Digest Authentication, the commands for specifying the User and Group files have changed from
    AuthDigestFile /some/path/davusers
    AuthDigestGroupFile /some/path/davgroups
    to
    AuthDigestProvider file
    AuthUserFile /some/path/davusers
    AuthGroupFile /some/path/davgroups
    Instead of a flat file, the passwords can be stored in a database instead:
    AuthDigestProvider dbm
  6. The command for starting an SSL-enabled server has been simplified from
    apachectl startssl
    to
    apachectl start
    So you need to edit the startup script, appropriately.
  7. The security of server-side includes has been “tightened”. It used to be that
    Options IncludesNOEXEC
    would allow you to include files via
     <!--#include virtual="/file.html" -->
    No longer! If you want to include a file, you need (apparently) to relax the permissions to
    Options Includes

Update (12/16/2005):

#7 isn’t strictly correct. What’s actually happening is that if you set
Options IncludesNOEXEC

then mod_include checks whether the included file has MIME-type text/*. It’s relatively trivial to fix that to allow application/xhtml+* as well.

--- modules/filters/mod_include.c.orig  2005-12-15 23:19:01.000000000 -0600
+++ modules/filters/mod_include.c       2005-12-16 00:23:24.000000000 -0600
@@ -1675,7 +1675,8 @@
         }
 
         if (!error_fmt && (ctx->flags & SSI_FLAG_NO_EXEC) &&
-            rr->content_type && strncmp(rr->content_type, "text/", 5)) {
+            rr->content_type && strncmp(rr->content_type, "text/", 5) 
+               && strncmp(rr->content_type, "application/xhtml+", 18) ) {
 
             error_fmt = "unable to include potential exec \"%s\" in parsed "
                         "file %s";

Unfortunately, Apache 2.2 seems to be behaving very badly. It’ll run fine for a while. But then an individual child server, or two, will see its CPU usage spike (to as much as 100% of one of golem’s two processors). If I don’t find a solution soon, I’ll have to downgrade to 2.0.55.

Update (12/18/2005):

Apache 2.2.0 may be broken, but 2.3.0-dev works just fine.
Posted by distler at December 15, 2005 3:30 AM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/698

6 Comments & 0 Trackbacks

Re: Apache 2.2

GNU Sed is absolutely not required.

I just did a complete fresh install of APR/APR-Util/HTTPD on a completely fresh 10.4.3 machine (hard drive died on it… had to reinstall everything on a new hard drive).

Posted by: Paul Querna on December 18, 2005 12:41 PM | Permalink | Reply to this

Sed

With the installed /usr/bin/sed, I got a slew of errors of the form

sed: 1: "/^dlname=/{s/.*='\([^'] ...": extra characters at the end of p command
Warning! dlname not found in /usr/local/apache2/modules/mod_userdir.la. Assuming installing a .so rather than a libtool archive.

It may be worth mentioning that this is with XCode 2.2. Maybe you are using an earlier version of the Developer Tools.

Posted by: Jacques Distler on December 18, 2005 12:54 PM | Permalink | PGP Sig | Reply to this

Re: Sed

Its harmless AFAIK.

Posted by: Paul Querna on December 18, 2005 12:58 PM | Permalink | Reply to this

Re: Sed

Umh … no it wasn’t. The installed version would not even launch.

Switching to GNU sed produced something that would actually run. (Modulo the CPU usage problems noted above.)

Posted by: Jacques Distler on December 18, 2005 1:07 PM | Permalink | PGP Sig | Reply to this

Re: Sed

The same SED error has been happening on FreeBSD for at least a year now. Its just libtool being stupid, and it shouldn’t prevent anything from running/lanching/etc.

Posted by: Paul Querna on December 18, 2005 1:10 PM | Permalink | Reply to this

Re: Sed

Shouldn’t …

Posted by: Jacques Distler on December 18, 2005 1:21 PM | Permalink | PGP Sig | Reply to this

Post a New Comment