Please login or register. August 20, 2018, 03:05:59 PM

Author Topic: Apache http Server 2.4.25 impression Pro/contra  (Read 2611 times)

0 Members and 1 Guest are viewing this topic.

alessioballarin

  • Jr. Member
  • **
  • Posts: 7
  • Karma: +0/-0
Apache http Server 2.4.25 impression Pro/contra
« on: January 15, 2018, 11:51:52 AM »
Sorrowfully from a while IBM does not give an updated version of Apache Web server anymore. The last release packaged by IBM is the 2.4.12 and TLS1.1/1.2 is not supported.
I searched for an alternative for long time and finally I found this version packaged by Michael.
I use the Apache web server version 2.4.25 from a while in a productive Environment and I am very happy with it so I decided to share my impression.
I think one of the biggest advantage of this Package in contrast with other Packages (Bull/Perlz) is that it is not an RPM Package, so there is no need to get lost in the dependency Hell.
Apache run really stable and until now I did not have any Problem.
Personally I would prefer that everything would be installed in one Path /opt/httpd and not even in /var/httpd.
I Found out that the installation process add a group "NONE" which I don't understand the need.


Pro:
Really Stable
"bff" package avoid the RPM hell

Contra:
Installation paths a little scattered.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1080
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #1 on: January 15, 2018, 10:22:56 PM »
Thanks for the comments.

The reason for the split between /var/httpd and /opt/httpd is to support the concept of "root" and "usr" install locations.

The idea is that only the/var/httpd parts need to be maintained separately for WPARs while the /opt/httpd parts can be shared over all WPARs.

And/or, in a SystemMirror/PowerHA setup, /opt/httpd can be installed on all nodes and /var/httpd can be mounted as part of a resource group.

The group NONE is to configure the httpd user id so that noone can su to it. The way it is meant to work: no accounts are in group NONE. httpd has attribute sugroups=NONE. This is mainly interesting if you also use RBAC.

I wrote an example in 2012. See: http://ibmsystemsmag.com/aix/administrator/security/rbac_applications/

alessioballarin

  • Jr. Member
  • **
  • Posts: 7
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #2 on: January 23, 2018, 08:26:29 AM »
Hi Michael,
Thank you for the answer and example, now the scope is clear.
How proceed the build of the new Apache httpd release? Do you have an idea when you will release it?

Thanks a lot,
Alessio

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1080
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #3 on: January 23, 2018, 11:48:08 AM »
I'll be working on httpd and python this week - so I hope real soon - at least a 32-bt version by Thursday or Friday. Will also try to get 64-bit built, but apr being "mono-sized" makes it more difficult to build 32 and 64 bit in parallel.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1080
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #4 on: January 25, 2018, 03:48:52 PM »
I have a 32-bit build at http://download.aixtools.net/test/aixtools.apache.httpd.2.2.31.0.I - not gone through my testing yet, so it is put in "test" rather than at the regualr page.

a) No dependencies. What would have been a dependency before is now linked in statically.

b) since APR and APR-UTIL do not work in dual bit-size mode - a 64-bit version will come later.

** - will try and get a 64-bit done sort of fast, but I think the 32-bit of httpd-2.4 will come first.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1080
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #5 on: January 25, 2018, 06:51:02 PM »
Some errors to deal with: httpd-2.4.29 will be delayed:

        /opt/build-1/libtool --silent --mode=compile xlc_r  -qHALT=E      -U__STR__ -D_THREAD_SAFE -D_USE_IRS -D_LARGEFILE64_SOURCE     -I. -I/data/prj/apache/httpd/httpd-2.4.29/include -I/data/prj/apache/httpd/src/httpd-2.4.29/os/unix -I/data/prj/apache/httpd/src/httpd-2.4.29/include -I/opt/include/apr-1 -I/opt/include -DPCRE_STATIC -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/aaa -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/cache -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/core -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/database -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/filters -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/ldap -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/loggers -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/lua -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/session -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/ssl -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/test -I/data/prj/apache/httpd/src/httpd-2.4.29/server -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/arch/unix -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/main -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/generators -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/mappers -prefer-pic -c /data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c && touch mod_lbmethod_byrequests.slo
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 88.17: 1506-275 (S) Unexpected text ')' encountered.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 88.17: 1506-045 (S) Undeclared identifier apr_OFN_ap_proxy_retry_worker_t.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 88.64: 1506-277 (S) Syntax error: possible missing ')' or ','?
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 96.18: 1506-276 (S) Syntax error: possible missing ')'?
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 95.64: 1506-280 (W) Function argument assignment between types "const char*" and "int" is not allowed.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 142.69: 1506-260 (S) Octal integer constant 01208 is not valid.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 143.22: 1506-276 (S) Syntax error: possible missing ')'?
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 142.68: 1506-280 (W) Function argument assignment between types "const char*" and "int" is not allowed.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 179.5: 1506-026 (S) Number of initializers cannot be greater than the number of aggregate members.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 180.5: 1506-026 (S) Number of initializers cannot be greater than the number of aggregate members.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 181.5: 1506-026 (S) Number of initializers cannot be greater than the number of aggregate members.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 193.1: 1506-273 (E) Missing type in declaration of AP_DECLARE_MODULE.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 193.1: 1506-282 (S) The type of the parameters must be specified in a prototype.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy/balancers/mod_lbmethod_byrequests.c", line 193.40: 1506-512 (S) An initializer is not allowed for "AP_DECLARE_MODULE".

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1080
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #6 on: January 29, 2018, 06:21:06 PM »
I took the easy road and tried to just not package the failing part with --disable-proxy-balancer.

Got further, but now dying at:

        /opt/build-1/libtool --silent --mode=compile xlc_r  -qHALT=E      -U__STR__ -D_THREAD_SAFE -D_USE_IRS -D_LARGEFILE64_SOURCE     -I. -I/data/prj/apache/httpd/httpd-2.4.29/include -I/data/prj/apache/httpd/src/httpd-2.4.29/os/unix -I/data/prj/apache/httpd/src/httpd-2.4.29/include -I/opt/include/apr-1 -I/opt/include -DPCRE_STATIC -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/aaa -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/cache -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/core -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/database -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/filters -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/ldap -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/loggers -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/lua -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/proxy -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/session -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/ssl -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/test -I/data/prj/apache/httpd/src/httpd-2.4.29/server -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/arch/unix -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/main -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/generators -I/data/prj/apache/httpd/src/httpd-2.4.29/modules/mappers -prefer-pic -c /data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c && touch dbm.slo
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 108.65: 1506-280 (W) Function argument assignment between types "const char*" and "int" is not allowed.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 108.73: 1506-099 (S) Unexpected argument.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 435.34: 1506-099 (S) Unexpected argument.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 457.34: 1506-099 (S) Unexpected argument.
"/data/prj/apache/httpd/src/httpd-2.4.29/modules/dav/fs/dbm.c", line 505.58: 1506-022 (S) "aprerr" is not a member of "struct dav_error".

So, is this related to APR (aprerr)? Searching...

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1080
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #7 on: January 29, 2018, 10:37:34 PM »
Solved! Packager error!!

Must not have httpd-2.2.X installed while building httpd-2.4.X - the include files that are part of httpd-2.2.X may be loaded by accident - rather than the include files in the build src tree.

Sigh - but happy!

So, not at test dir I have an installp package: http://download.aixtools.net/test/aixtools.apache.httpd.2.4.29.0.I

Built with the following configure statement:
  $ ../src/httpd-2.4.29/configure --prefix=/opt --sysconfdir=/var/httpd/etc --sharedstatedir=/var/httpd/com --localstatedir=/var/httpd --mandir=/usr/share/man --infodir=/opt/share/info/httpd --enable-layout=AIX --disable-lua --enable-shared=all --enable-proxy --enable-ssl --enable-load-modules=none

Please report any installation issues (my goal is that this install with no additional dependencies)

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1080
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #8 on: January 29, 2018, 11:13:02 PM »
I ran into some problems with the authn modules (undefined symbols). My attempts to resolve that have led to: Segmentation fault(coredump).

So I left the first package attempt - and will continue again another day. I may be forced to use shared libraries rather than static libraries - to get rtld symbol issues resolved. Sigh.

alessioballarin

  • Jr. Member
  • **
  • Posts: 7
  • Karma: +0/-0
Re: Apache http Server 2.4.25 impression Pro/contra
« Reply #9 on: January 31, 2018, 09:36:29 AM »
Hi,

installation process ended without problems.
First syntax check show the problem you mentioned:

httpd: Syntax error on line 66 of /var/httpd/etc/httpd.conf: Cannot load httpd/libexec/mod_authn_file.so into server: rtld: 0712-001 Symbol apr_password_validate
was referenced\n      from module /opt/httpd/libexec/mod_authn_file.so(), but a runtime definition\n      of the symbol was not found.

httpd: Syntax error on line 105 of /var/httpd/etc/httpd.conf: Cannot load httpd/libexec/mod_mime.so into server: rtld: 0712-001 Symbol apr_hash_merge was referenced\n      from module /opt/httpd/libexec/mod_mime.so(), but a runtime definition\n      of the symbol was not found.\nrtld: 0712-001 Symbol apr_hash_copy was referenced\n      from module /opt/httpd/libexec/mod_mime.so(), but a runtime definition\n      of the symbol was not found.