Please login or register. February 24, 2018, 11:57:48 PM

Author Topic: Apache http Server 2.4.25 impression Pro/contra  (Read 681 times)

0 Members and 1 Guest are viewing this topic.

alessioballarin

  • Jr. Member
  • **
  • Posts: 5
  • Karma: +0/-0
Apache http Server 2.4.25 impression Pro/contra
« on: January 15, 2018, 11:51:52 AM »
Sorrowfully from a while IBM does not give an updated version of Apache Web server anymore. The last release packaged by IBM is the 2.4.12 and TLS1.1/1.2 is not supported.
I searched for an alternative for long time and finally I found this version packaged by Michael.
I use the Apache web server version 2.4.25 from a while in a productive Environment and I am very happy with it so I decided to share my impression.
I think one of the biggest advantage of this Package in contrast with other Packages (Bull/Perlz) is that it is not an RPM Package, so there is no need to get lost in the dependency Hell.
Apache run really stable and until now I did not have any Problem.
Personally I would prefer that everything would be installed in one Path /opt/httpd and not even in /var/httpd.
I Found out that the installation process add a group "NONE" which I don't understand the need.


Pro:
Really Stable
"bff" package avoid the RPM hell

Contra:
Installation paths a little scattered.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #1 on: January 15, 2018, 10:22:56 PM »
Thanks for the comments.

The reason for the split between /var/httpd and /opt/httpd is to support the concept of "root" and "usr" install locations.

The idea is that only the/var/httpd parts need to be maintained separately for WPARs while the /opt/httpd parts can be shared over all WPARs.

And/or, in a SystemMirror/PowerHA setup, /opt/httpd can be installed on all nodes and /var/httpd can be mounted as part of a resource group.

The group NONE is to configure the httpd user id so that noone can su to it. The way it is meant to work: no accounts are in group NONE. httpd has attribute sugroups=NONE. This is mainly interesting if you also use RBAC.

I wrote an example in 2012. See: http://ibmsystemsmag.com/aix/administrator/security/rbac_applications/

alessioballarin

  • Jr. Member
  • **
  • Posts: 5
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #2 on: January 23, 2018, 08:26:29 AM »
Hi Michael,
Thank you for the answer and example, now the scope is clear.
How proceed the build of the new Apache httpd release? Do you have an idea when you will release it?

Thanks a lot,
Alessio

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #3 on: January 23, 2018, 11:48:08 AM »
I'll be working on httpd and python this week - so I hope real soon - at least a 32-bt version by Thursday or Friday. Will also try to get 64-bit built, but apr being "mono-sized" makes it more difficult to build 32 and 64 bit in parallel.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #4 on: January 25, 2018, 03:48:52 PM »
I have a 32-bit build at http://download.aixtools.net/test/aixtools.apache.httpd.2.2.31.0.I - not gone through my testing yet, so it is put in "test" rather than at the regualr page.

a) No dependencies. What would have been a dependency before is now linked in statically.

b) since APR and APR-UTIL do not work in dual bit-size mode - a 64-bit version will come later.

** - will try and get a 64-bit done sort of fast, but I think the 32-bit of httpd-2.4 will come first.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #5 on: January 25, 2018, 06:51:02 PM »
Some errors to deal with: httpd-2.4.29 will be delayed:

        /opt/build-1/libtool --silent --mode=compile xlc_r  -qHALT=E      -U__STR__ -D_THREAD_SAFE -D_USE_IRS -D_LARGEFILE64_SOURCE     -I. -I/data/prj/apache/httpd/httpd-2.4.29/include -I/data/prj/apache/httpd/src/httpd-2.4.29/os/unix -I/data/prj/apache/httpd/src/httpd-2.4.29/include -I/opt/include/apr-1 -I/opt/include -DPCRE_STATIC -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/aaa -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/cache -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/core -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/database -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/filters -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/ldap -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/loggers -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/lua -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/session -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/ssl -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/test -I/data/prj/apache/httpd/src/httpd-2.4.29/server -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/arch/unix -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/main -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/generators -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/mappers -prefer-pic -c /data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c && touch mod_lbmethod_byrequests.slo
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 88.17: 1506-275 (S) Unexpected text ')' encountered.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 88.17: 1506-045 (S) Undeclared identifier apr_OFN_ap_proxy_retry_worker_t.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 88.64: 1506-277 (S) Syntax error: possible missing ')' or ','?
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 96.18: 1506-276 (S) Syntax error: possible missing ')'?
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 95.64: 1506-280 (W) Function argument assignment between types "const char*" and "int" is not allowed.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 142.69: 1506-260 (S) Octal integer constant 01208 is not valid.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 143.22: 1506-276 (S) Syntax error: possible missing ')'?
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 142.68: 1506-280 (W) Function argument assignment between types "const char*" and "int" is not allowed.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 179.5: 1506-026 (S) Number of initializers cannot be greater than the number of aggregate members.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 180.5: 1506-026 (S) Number of initializers cannot be greater than the number of aggregate members.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 181.5: 1506-026 (S) Number of initializers cannot be greater than the number of aggregate members.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 193.1: 1506-273 (E) Missing type in declaration of AP_DECLARE_MODULE.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 193.1: 1506-282 (S) The type of the parameters must be specified in a prototype.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 193.40: 1506-512 (S) An initializer is not allowed for "AP_DECLARE_MODULE".

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #6 on: January 29, 2018, 06:21:06 PM »
I took the easy road and tried to just not package the failing part with --disable-proxy-balancer.

Got further, but now dying at:

        /opt/build-1/libtool --silent --mode=compile xlc_r  -qHALT=E      -U__STR__ -D_THREAD_SAFE -D_USE_IRS -D_LARGEFILE64_SOURCE     -I. -I/data/prj/apache/httpd/httpd-2.4.29/include -I/data/prj/apache/httpd/src/httpd-2.4.29/os/unix -I/data/prj/apache/httpd/src/httpd-2.4.29/include -I/opt/include/apr-1 -I/opt/include -DPCRE_STATIC -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/aaa -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/cache -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/core -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/database -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/filters -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/ldap -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/loggers -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/lua -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/session -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/ssl -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/test -I/data/prj/apache/httpd/src/httpd-2.4.29/server -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/arch/unix -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/main -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/generators -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/mappers -prefer-pic -c /data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c && touch dbm.slo
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 108.65: 1506-280 (W) Function argument assignment between types "const char*" and "int" is not allowed.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 108.73: 1506-099 (S) Unexpected argument.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 435.34: 1506-099 (S) Unexpected argument.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 457.34: 1506-099 (S) Unexpected argument.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 505.58: 1506-022 (S) "aprerr" is not a member of "struct dav_error".

So, is this related to APR (aprerr)? Searching...

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #7 on: January 29, 2018, 10:37:34 PM »
Solved! Packager error!!

Must not have httpd-2.2.X installed while building httpd-2.4.X - the include files that are part of httpd-2.2.X may be loaded by accident - rather than the include files in the build src tree.

Sigh - but happy!

So, not at test dir I have an installp package: http://download.aixtools.net/test/aixtools.apache.httpd.2.4.29.0.I

Built with the following configure statement:
  $ ../src/httpd-2.4.29/configure --prefix=/opt --sysconfdir=/var/httpd/etc --sharedstatedir=/var/httpd/com --localstatedir=/var/httpd --mandir=/usr/share/man --infodir=/opt/share/info/httpd --enable-layout=AIX --disable-lua --enable-shared=all --enable-proxy --enable-ssl --enable-load-modules=none

Please report any installation issues (my goal is that this install with no additional dependencies)

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #8 on: January 29, 2018, 11:13:02 PM »
I ran into some problems with the authn modules (undefined symbols). My attempts to resolve that have led to: Segmentation fault(coredump).

So I left the first package attempt - and will continue again another day. I may be forced to use shared libraries rather than static libraries - to get rtld symbol issues resolved. Sigh.

alessioballarin

  • Jr. Member
  • **
  • Posts: 5
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #9 on: January 31, 2018, 09:36:29 AM »
Hi,

installation process ended without problems.
First syntax check show the problem you mentioned:

httpd: Syntax error on line 66 of /var/httpd/etc/httpd.conf: Cannot load httpd/libexec/mod_authn_file.so into server: rtld: 0712-001 Symbol apr_password_validate
was referenced\n      from module /opt/httpd/libexec/mod_authn_file.so(), but a runtime definition\n      of the symbol was not found.

httpd: Syntax error on line 105 of /var/httpd/etc/httpd.conf: Cannot load httpd/libexec/mod_mime.so into server: rtld: 0712-001 Symbol apr_hash_merge was referenced\n      from module /opt/httpd/libexec/mod_mime.so(), but a runtime definition\n      of the symbol was not found.\nrtld: 0712-001 Symbol apr_hash_copy was referenced\n      from module /opt/httpd/libexec/mod_mime.so(), but a runtime definition\n      of the symbol was not found.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #10 on: January 31, 2018, 04:25:56 PM »
That is the same problem I have been having - using apr and apr-util as static libraries. It seems that when modules need other things from apr and/or apr-util they do not load properly - so I am going to try with apr and apr-util as shared libraries.

Strangely enough, httpd-2,2 seems to work with with static apr and apr-util. Although, maybe I have not troed the right modules to break that.

Will know more soon.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #11 on: January 31, 2018, 05:32:19 PM »
OK- repackaged and you will need:
openssl-1.0.2.1000 and later (via IBM)
and these three packages: (apr, apr-util and httpd-2.4.29)
http://download.aixtools.net/test/aixtools.apache.apr.1.6.3.0.I
http://download.aixtools.net/test/aixtools.apache.apr-util.1.6.1.0.I
http://download.aixtools.net/test/aixtools.apache.httpd.2.4.29.0.I

Not tested conclusively, but it is starting!

HTH!

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #12 on: February 01, 2018, 10:22:59 PM »
Well, my testing has been unsuccessful. The files for httpd-2.4.29 et al are removed - until I have something better. This is "boring"!

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #13 on: February 02, 2018, 12:05:23 PM »
New set of files. Sadly more than one.

Went back to the older version of apr and apr-util. They worked before and are working now. So, will research later if it is apr/apr-util related, expat (which was embedded in one of of apr/apr-util) - or just something else all my fault.

This should get you started!

http://download.aixtools.net/test/ (and click-way) - or -

HTH

alessioballarin

  • Jr. Member
  • **
  • Posts: 5
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #14 on: February 04, 2018, 03:24:47 PM »
Hi Michael,

thank you!
Tomorrow I will try it.

alessioballarin

  • Jr. Member
  • **
  • Posts: 5
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #15 on: February 05, 2018, 03:21:37 PM »
First tests are fine. It looks everything to work as expected.
I will install it tomorrow on a host with a little more traffic.

P.S.
do you think to release even a 64 bit version.

Thank you very much,
Alessio.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #16 on: February 05, 2018, 09:14:48 PM »
Yes, I'll get to the 64-bit version. Will reinstall the build system to be sure to start clean.

working on php atm - ancient php as that is still what I use. And I hope the stable php (5.6.X iirc) and then maybe even php7 something. php has always been hard, and I have discovered new ABI changes in the dependencies, so I have to re-think how I work with those.

And  i have a normal job too.

Thx for the feedback. Is much appreciated!

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #17 on: February 09, 2018, 09:09:48 AM »
update: perfecting the PHP packaging. FYI: that has always been so frustrating - the main reason I am still using httpd-2.2.X and php 5.2.17.

Time to really update - everything. So NOT looking forward to redoing the website layout. C'est la vie :)

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1072
  • Karma: +0/-0
Re: Apache http Server 2.4.29 - new build including php
« Reply #18 on: February 13, 2018, 05:02:51 AM »
still working. Not as clean as I want it to be - still in 32-bit. (Will reinstall before I do the 64-bit, to be sure I can replicate the build process).

Learning lots of things about how building aka porting can go sour. Such strange dependancies - something that worked - stops working. Obviously, something I did differently - but what!?