Abstract
This HOWTO covers the migration of Red Hat Enterprise Linux web servers from Apache 1.3 packages to Apache 2.0 packages. It explains the relevant differences between the 1.3 and 2.0 packages, and describes the process required to migrate your server's configuration from 1.3 to 2.0.
Table of Contents
When using RPM to administer your system you should be aware that some packages have been renamed, some have been incorporated into others, and some have been deprecated. The major changes are that the apache, apache-devel and apache-manual packages have been renamed as httpd, httpd-devel and httpd-manual, and that the mod_dav package has been incorporated into the httpd package.
A complete breakdown of the packaging changes can be found in Appendix A, Packaging Changes.
The single major change to the filesystem layout is that there is now a directory, /etc/httpd/conf.d, into which the configuration files for individually packaged modules (mod_ssl, php, mod_perl and so on) are placed. The server is instructed to load configuration files from this location by the directive Include conf.d/*.conf within /etc/httpd/conf/httpd.conf, so it is vital that this line be inserted when migrating an existing configuration.
Of the many minor changes, the most important to be aware of are that the utility programs ab and logresolve have been moved from /usr/sbin to /usr/bin, which will cause scripts with absolute paths to these binaries to fail; the dbmmanage command has been replaced by htdbm (see Section 2.4.4, “mod_auth_dbm and mod_auth_db”); the logrotate configuration file has been renamed from /etc/logrotate.d/apache to /etc/logrotate.d/httpd.
If you have upgraded your server from a previous version of Red Hat Enterprise Linux upon which Apache was installed then the stock configuration file from the Apache 2.0 package will have been created as /etc/httpd/conf/httpd.conf.rpmnew, leaving your original httpd.conf untouched. It is, of course, entirely up to you whether you use the new configuration file and migrate your old settings to it, or use your existing file as a base and modify it to suit, however some parts of the file have changed more than others and a mixed approach is generally the best. The stock configuration files for both 1.3 and 2.0 are divided into three sections, and for each of these this document will suggest what is hopefully the easiest route.
If your httpd.conf has been modified from the default configuration and you have saved a copy of the original then you may find the diff command comes in handy. Invoked as:
diff -u httpd.conf.orig httpd.conf | less
for example, it will highlight the modifications you have made. If you do not have a copy of the original file all is not lost, since it is possible to extract it from an RPM package using the rpm2cpio and cpio commands, for example:
rpm2cpio apache-1.3.23-11.i386.rpm | cpio -i --make
Finally, it is useful to know that Apache has a testing mode to check your configuration for errors. This may be invoked as:
apachectl configtest
The global environment section of the configuration file contains directives which affect the overall operation of Apache, such as the number of concurrent requests it can handle and the locations of the various files it uses. This section requires a large number of changes compared with the others and it is therefore recommended that you base this section on the Apache 2.0 configuration file and migrate your old settings into it.
The BindAddress and Port directives no longer exist: their functionality is now provided by a more flexible Listen directive.
If you had set Port 80 you should change it to Listen 80 instead. If you had set Port to some other value then you should also append the port number to the contents of your ServerName directive:
See also:
In Apache 2.0, the responsibility for accepting requests and dispatching children to handle them has been abstracted into a group of modules called Multi-Processing Modules (MPMs); the original Apache 1.3 behaviour has now been moved into the prefork MPM.
The MPM used by default on Red Hat Enterprise Linux is prefork which accepts the same directives (StartServers, MinSpareServers, MaxSpareServers, MaxClients and MaxRequestsPerChild) as Apache 1.3 and as such the values of these directives may be migrated across directly.
An alternative, thread-based MPM called worker is also available; to use this MPM, add the line:
HTTPD=/usr/sbin/httpd.worker
to the file /etc/sysconfig/httpd.
See also:
There are many changes required here and it is highly recommended that anyone trying to modify an Apache 1.3 configuration to suit Apache 2.0 (as opposed to migrating your changes into the Apache 2.0 configuration) simply copy this section from the stock Red Hat Enterprise Linux Apache 2.0 configuration. If you do decide to try and modify your original file, please note that it is of paramount importance that your httpd.conf contains the following directive:
# # Load config files from the config directory "/etc/httpd/conf.d". # Include conf.d/*.conf
Omission of this directive will result in the failure of all modules packaged in their own RPMs (mod_ssl, php, mod_perl and the like).
Those who still don't want to simply copy the section from the stock Apache 2.0 configuration should note the following:
The AddModule and ClearModuleList directives no longer exist. These directives where used to ensure that modules could be enabled in the correct order. The new Apache 2.0 API allows modules to explicitly specify their ordering, eliminating the need for these directives.
The order of the LoadModule lines is thus no longer relevant.
Many modules have been added, removed, renamed, split up, or incorporated with each other.
LoadModule lines for modules packaged in their own RPMs (mod_ssl, php, mod_perl and the like) are no longer necessary as they can be found in the relevant file in the directory /etc/httpd/conf.d.
The various HAVE_XXX definitions are no longer defined.
The ServerType directive has been removed in Apache 2.0 which can only be run as ServerType standalone.
The AccessConfig and ResourceConfig directives have been removed since they mirror the functionality of the Include directive. If you have AccessConfig and ResourceConfig directives set then you need to replace these with Include directives. To ensure that the files are read in the order implied by the older directives the Include directives should be placed at the end of httpd.conf, with the one corresponding to ResourceConfig preceding the one corresponding to AccessConfig. If you were making use of the default values you will need to include them explicitly as conf/srm.conf and conf/access.conf.
The main server configuration section of the configuration file sets up the main server, which responds to any requests that aren't handled by a <VirtualHost> definition. Values here also provide defaults for any <VirtualHost> containers you may define.
The directives used in this section have changed little between Apache 1.3 and Apache 2.0, so if your main server configuration is heavily customised you may find it easier to modify your existing configuration to suit Apache 2.0. Users with only lightly customised main server sections are recommended to migrate their changes into the stock Apache 2.0 configuration.
The UserDir directive is used to enable URLs such as http://example.com/~jim/ to map to a directory in the home directory of the user jim, such as /home/jim/public_html. A side-effect of this feature allows a potential attacker to determine whether a given username is present on the system, so the default configuration for Apache 2.0 does not enable UserDir.
To enable UserDir mapping, change the directive:
UserDir disable
to
UserDir public_html
in /etc/httpd/conf/httpd.conf.
See also:
The AgentLog, RefererLog and RefererIgnore directives have been removed. Agent and referrer logs are still available using the CustomLog and LogFormat directives.
See also:
The deprecated FancyIndexing directive has now been removed. The same functionality is available through the FancyIndexing option to the IndexOptions directive.
The new VersionSort option to the IndexOptions directive causes files containing version numbers to be sorted in the natural way, so that apache-1.3.9.tar would appear before apache-1.3.12.tar in a directory index page.
The defaults for the ReadmeName and HeaderName directives have changed from README and HEADER to README.html and HEADER.html.
See also:
The CacheNegotiatedDocs directive now takes the argument: on or off. Existing instances of CacheNegotiatedDocs should be replaced with CacheNegotiatedDocs on.
See also:
To use a hard-coded message with the ErrorDocument directive, the message should be enclosed in a pair of double quotes, rather than just preceded by a double quote as required in Apache 1.3. For instance, change:
ErrorDocument 404 "The document was not found
to
ErrorDocument 404 "The document was not found"
See also:
The default character set which will be sent in a Content-Type header has changed from previous versions. By default, the configuration in Red Hat Enterprise Linux uses a UTF-8 locale, the default character set used in httpd.conf is now utf-8, rather than the previous default of ISO-8859-1.
To configure the server to use a default character set of ISO-8859-1 if migrating non-UTF-8 content, change:
AddDefaultCharset utf-8
to
AddDefaultCharset ISO-8859-1
The contents of all <VirtualHost> containers should be migrated in the same way as the main server section as described in Section 2.2, “Main server configuration”. Note that the SSL virtual host context has been moved into the file /etc/httpd/conf.d/ssl.conf.
See also:
In Apache 2.0 the module system has been changed to allow modules to be chained together to combine them in new and interesting ways. CGI scripts, for example, can generate server-parsed HTML documents which can then be processed by mod_include. The possibilities are only limited by the bounds of your imagination.
The way this actually works is that each request is served by exactly one handler module followed by zero or more filter modules. Under Apache 1.3, for example, a PHP script would be handled entirely by the PHP module; under Apache 2.0 the request is initially handled by the core module (which serves static files) and subsequently filtered by the PHP module.
Exactly how to use this (and all the other new features of Apache 2.0 for that matter) is beyond the scope of this document, however the change has ramifications if you have used PATH_INFO (trailing path information after the true filename) in a document which is handled by a module that is now implemented as a filter. The core module, which initially handles the request, does not by default understand PATH_INFO and will serve 404 Not Found errors for requests that have it. The AcceptPathInfo directive can be used to coerce the core module into accepting requests with PATH_INFO:
AcceptPathInfo on
See also:
The configuration for mod_ssl has been moved from httpd.conf into the file /etc/httpd/conf.d/ssl.conf. For this file to be loaded, and hence for mod_ssl to work, you must have the statement Include conf.d/*.conf in your httpd.conf as described in Section 2.1.3, “Dynamic Shared Object (DSO) Support”.
ServerName directives in SSL virtual hosts must explicitly specify the port number:
Example 3. Apache 1.3 SSL virtual host configuration
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
ServerName ssl.host.name
...
</VirtualHost>
Example 4. Equivalent Apache 2.0 SSL virtual host configuration
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
ServerName ssl.host.name:443
...
</VirtualHost>
See also:
Proxy access control statements are now placed inside a <Proxy> block rather than a <Directory proxy:>.
The caching functionality of the old mod_proxy has been split out into three other modules (mod_cache, mod_disk_cache, mod_file_cache), although these generally use the same or similar directives as the old mod_proxy.
See also:
mod_include is now implemented as a filter and must therefore be enabled differently:
Example 5. Apache 1.3 mod_include configuration
AddType text/html .shtml AddHandler server-parsed .shtml
Note that Options +Includes is still required.
See also:
Apache 1.3 supported two authentication modules, mod_auth_db and mod_auth_dbm, which used Berkeley Databases and DBM databases respectively. These modules have been combined into a single module named mod_auth_dbm in Apache 2.0, which can access several different database formats. To migrate from mod_auth_db in Apache 1.3, configuration files should be adjusted by replacing AuthDBUserFile and AuthDBGroupFile with the mod_auth_dbm equivalents AuthDBMUserFile and AuthDBMGroupFile, and the directive AuthDBMType DB should be added to indicate the type of database file in use.
Example 7, “Apache 1.3 mod_auth_db configuration” shows a sample mod_auth_db configuration for Apache 1.3, and Example 8, “Equivalent Apache 2.0 mod_auth_dbm configuration” shows how it would be migrated to Apache 2.0. Note that the AuthDBUserFile directive can also be used in .htaccess files.
Example 7. Apache 1.3 mod_auth_db configuration
<Location /private/> AuthType Basic AuthName "My Private Files" AuthDBUserFile /var/www/authdb require valid-user </Location>
Example 8. Equivalent Apache 2.0 mod_auth_dbm configuration
<Location /private/>
AuthType Basic
AuthName "My Private Files"
AuthDBMUserFile /var/www/authdb
AuthDBMType DB
require valid-user
</Location>
The dbmmanage Perl script, used to manipulate username/password databases, has been replaced by the htdbm program in Apache 2.0. htdbm offers equivalent functionality, and like mod_auth_dbm can operate a variety of database formats; a -T argument can be used to specify the format to use for a particular command. Table 1, “Migrating from dbmmanage to htdbm” shows how to migrate from using dbmmanage on a DBM-format database with Apache 1.3, to htdbm in 2.0.
Table 1. Migrating from dbmmanage to htdbm
| Action | dbmmanage command (Apache 1.3) | Equivalent htdbm command (Apache 2.0) |
|---|---|---|
| Add user to database (using given password) | dbmmanage authdb add username password | htdbm -b -TDB authdb username password |
| Add user to database (prompts for password) | dbmmanage authdb adduser username | htdbm -TDB authdb username |
| Remove user from database | dbmmanage authdb delete username | htdbm -x -TDB authdb username |
| List users in database | dbmmanage authdb view | htdbm -l -TDB authdb |
| Verify a password | dbmmanage authdb check username | htdbm -v -TDB authdb username |
The -m and -s options work with both dbmmanage and htdbm (enabling the use of the MD5 or SHA1 algorithms for hashing passwords, respectively). When creating a new database with htdbm, the -c option must be used.
See also:
The configuration for PHP has been moved from httpd.conf into the file /etc/httpd/conf.d/php.conf. For this file to be loaded, and hence for PHP to work, you must have the statement Include conf.d/*.conf in your httpd.conf as described in Section 2.1.3, “Dynamic Shared Object (DSO) Support”.
In PHP 4.2.0 and later the default set of predefined variables which are available in the global scope has changed. Individual input and server variables are by default no longer placed directly into the global scope; rather, they are placed into a number superglobal arrays. This change may cause scripts to break, and you may revert to the old behaviour globally by setting register_globals to On in the file /etc/php.ini or more selectivly by using php_value register_globals 1 in your httpd.conf or in .htaccess files.
As of the php-4.3.6-5 package, the default /etc/php.ini has also changed: it is now based on the php.ini-recommended defaults included in PHP releases, rather than the php.ini-dist defaults as used previously. Notable differences are that:
See also:
The configuration for mod_perl has been moved from httpd.conf into the file /etc/httpd/conf.d/perl.conf. For this file to be loaded, and hence for mod_perl to work, you must have the statement Include conf.d/*.conf in your httpd.conf as described in Section 2.1.3, “Dynamic Shared Object (DSO) Support”.
Occurances of Apache:: in your httpd.conf must be replaced with ModPerl::. Additionally, the manner in which handlers are registered has been changed, for example:
Example 9. Apache 1.3 mod_perl configuration
<Directory /var/www/perl>
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
</Directory>
Example 10. Equivalent Apache 2.0 mod_perl configuration
<Directory /var/www/perl>
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
Options +ExecCGI
</Directory>
Most modules for mod_perl 1.x should work without modification with mod_perl 2.x. XS modules will require recompilation and may possibly require minor Makefile modifications.
The configuration for mod_python has been moved from httpd.conf into the file /etc/httpd/conf.d/python.conf. For this file to be loaded, and hence for mod_python to work, you must have the statement Include conf.d/*.conf in your httpd.conf as described in Section 2.1.3, “Dynamic Shared Object (DSO) Support”.