Differences

This shows you the differences between two versions of the page.

--- packages:apache [2013-06-11 19:26] – created glen
+++ packages:apache [2015-02-12 17:06] (current) – [Known Issues] links glen
@@ Line 1: / Line 1: @@
-====== Apache ======
+====== Apache httpd ======
+===== Known Issues =====
-Apache 2.4 has landed Th on June 7, 2013, see [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2013-June/023560.html|announcement]].
+[[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-October/024055.html|Problem]]: Apache fails  to do ''restart'', but succeeds if you do ''stop'' followed by ''start''.
+<code>
+# service httpd restart
+Checking Apache 2.4 Web Server configuration.................................[ DONE ]
+Stopping Apache 2.4 Web Server service.......................................[ DONE ]
+Starting Apache 2.4 Web Server service.......................................[ FAIL ]
+(98)Address already in use: AH00072: make_sock: could not bind to address [::]:8080
+(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8080
+no listening sockets available, shutting down
+AH00015: Unable to open logs
+</code>
+It's [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-October/024061.html|php]] [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-October/024062.html|session]] to blame, however, ''/etc/sysconfig/httpd'' has [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-October/024065.html|some]] [[http://git.pld-linux.org/?p=packages/apache.git;a=commitdiff;h=00ab488f59c5aacbcab9708a1c70b142520264d2|variable]] where you can adjust sleep between stop and start
+You should try enabling and increasing it
+===== Apache 2.4 =====
+Apache 2.4 has landed in Th on June 7, 2013. See [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2013-June/023560.html|announcement]].
+<note important>
+**Access control incompatible changes**
+All webapps have been migrated to new [[https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html|mod_authz_host]] access syntax and usage of [[https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html|mod_access_compat]] is strongly discouraged.
+The rationale for it is that //access_compat// and //authz_host// are independent of each other and operate on separate namespaces. Main httpd configs contain only //authz_host// directives and enabling //access_compat// means allowing access to all locations/directories that are not explicitly denied by //authz_host//.
+**Note:**
+In case there exist both //authz_host// **and** //access_compat// directives for a location, the **Deny** clause of **ANY** of them takes precedence (in short: **deny** always wins, regardless where it comes from).
+</note>
+==== Upgrading ====
+Detailed information about upgrading and all changes between apache 2.2 and 2.4 can be found [[https://httpd.apache.org/docs/2.4/upgrading.html|here]]
+as for more complex examples, require ip or password:
+<code apache Apache 2.x>
+Order Deny,Allow
+Deny from all
+Allow from my.lan
+Allow from 2001:1234:5678::/64
+AuthType Basic
+AuthName www.my.lan
+AuthBasicProvider ldap
+AuthLDAPURL "ldap://server:389/ou=People,dc=example,dc=com?uid?sub?(objectClass=*)"
+Require valid-user
+Satisfy Any
+</code>
+The solution is very simple, just list the requirements and 2.4 somehow magically knows what you mean:
+<code apache Apache 2.4>
+Require host my.lan
+Require ip 2001:1234:5678::/64
+AuthType Basic
+AuthName www.my.lan
+AuthBasicProvider ldap
+AuthLDAPURL "ldap://server:389/ou=People,dc=example,dc=com?uid?sub?(objectClass=*)"
+Require valid-user
+</code>
+Source: http://blog.hqcodeshop.fi/archives/63-Migrating-access-control-into-Apache-2.4.html
+If you need to ''AND'' multiple requires, wrap them inside [[http://httpd.apache.org/docs/current/mod/mod_authz_core.html#requireall|<RequireAll></RequireAll>]]
+===== Apache 2.2 and 2.4 compatible configs =====
+If you need to support both Apache 2.2 and 2.4, then, for example, if Apache 2.2 config contained:
+<code apache>
+Allow from all
+</code>
+you need to use:
+<code apache>
+# Apache 2.x
+<IfModule !mod_authz_core.c>
+    Order allow,deny
+    Allow from all
+</IfModule>
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all granted
+</IfModule>
+</code>