From f8e1fe349eb478d232303d134bb6b1ae6fc49742 Mon Sep 17 00:00:00 2001 From: cvsdist Date: Thu, 9 Sep 2004 06:12:16 +0000 Subject: [PATCH] auto-import httpd-2.0.40-21 from httpd-2.0.40-21.src.rpm --- html.xsl | 27 ++ httpd.conf | 13 +- httpd.init | 6 +- httpd.spec | 238 +++++++------ migration.xml | 940 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 1123 insertions(+), 101 deletions(-) create mode 100644 html.xsl create mode 100644 migration.xml diff --git a/html.xsl b/html.xsl new file mode 100644 index 0000000..ad7cecc --- /dev/null +++ b/html.xsl @@ -0,0 +1,27 @@ + + + + + + + + +migration.css + + + + programlisting + + + + + + + + diff --git a/httpd.conf b/httpd.conf index debba41..507e2cc 100644 --- a/httpd.conf +++ b/httpd.conf @@ -194,7 +194,6 @@ LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule asis_module modules/mod_asis.so LoadModule info_module modules/mod_info.so -LoadModule cgi_module modules/mod_cgi.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so @@ -210,6 +209,14 @@ LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_connect_module modules/mod_proxy_connect.so + +LoadModule cgi_module modules/mod_cgi.so + + + +LoadModule cgid_module modules/mod_cgid.so + + # # ExtendedStatus controls whether Apache will generate "full" status # information (ExtendedStatus On) or just basic information (ExtendedStatus @@ -339,7 +346,7 @@ DocumentRoot "/var/www/html" # Disable autoindex for the root directory, and present a # default Welcome page if no other index page is present. # - + Options -Indexes ErrorDocument 403 /error/noindex.html @@ -565,7 +572,7 @@ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" # Additional to mod_cgid.c settings, mod_cgid has Scriptsock # for setting UNIX socket for communicating with cgid. # -#Scriptsock logs/cgisock +Scriptsock run/httpd.cgid # diff --git a/httpd.init b/httpd.init index c8e8259..d6c3f25 100755 --- a/httpd.init +++ b/httpd.init @@ -20,9 +20,13 @@ fi # mod_ssl needs a pass-phrase from the user. INITLOG_ARGS="" +# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server +# with the thread-based "worker" MPM; BE WARNED that some modules may not +# work correctly with a thread-based MPM; notably PHP will refuse to start. + # Path to the apachectl script, server binary, and short-form for messages. apachectl=/usr/sbin/apachectl -httpd=/usr/sbin/httpd +httpd=${HTTPD-/usr/sbin/httpd} prog=httpd RETVAL=0 diff --git a/httpd.spec b/httpd.spec index 3eb1ab3..be47445 100644 --- a/httpd.spec +++ b/httpd.spec @@ -2,64 +2,53 @@ %define suexec_caller apache %define mmn 20020628 +%ifarch ia64 +# disable debuginfo on IA64 +%define debug_package %{nil} +%endif + Summary: Apache HTTP Server Name: httpd Version: 2.0.40 -Release: 11.9 +Release: 21 URL: http://httpd.apache.org/ +Vendor: Red Hat, Inc. Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz Source1: index.html Source3: httpd.logrotate Source4: httpd.init -Source5: README.confd Source6: powered_by.gif Source10: httpd.conf Source11: ssl.conf -Source12: migration.html -Source13: migration.css Source14: mod_ssl-Makefile.crt -Source14: mod_ssl-Makefile.crl +Source15: mod_ssl-Makefile.crl +# Documentation +Source30: migration.xml +Source31: migration.css +Source32: html.xsl +Source33: README.confd # build/scripts patches Patch1: httpd-2.0.40-apctl.patch Patch2: httpd-2.0.36-apxs.patch Patch3: httpd-2.0.36-sslink.patch # Bug fixes Patch20: httpd-2.0.40-davsegv.patch -Patch21: httpd-2.0.40-leaks.patch -Patch22: httpd-2.0.40-nphcgi.patch -Patch23: httpd-2.0.40-proxy.patch -Patch24: httpd-2.0.40-range.patch -Patch26: httpd-2.0.40-pipelog.patch -Patch27: httpd-2.0.40-rwmap.patch -Patch28: httpd-2.0.40-stream.patch -Patch29: httpd-2.0.40-subreq.patch -Patch30: httpd-2.0.40-sslexcl.patch -Patch31: httpd-2.0.40-include.patch -Patch32: httpd-2.0.46-graceful.patch -Patch33: httpd-2.0.40-rand.patch +Patch21: httpd-2.0.40-glibc23.patch # features/functional changes Patch40: httpd-2.0.36-cnfdir.patch Patch41: httpd-2.0.36-redhat.patch Patch42: httpd-2.0.40-xfsz.patch Patch43: httpd-2.0.40-pod.patch -Patch44: httpd-2.0.40-prctl.patch +Patch44: httpd-2.0.40-noshmht.patch +Patch45: httpd-2.0.40-leaks.patch # Security fixes Patch60: httpd-2.0.40-CAN-2002-0840.patch Patch61: httpd-2.0.40-CAN-2002-0843.patch -Patch62: httpd-2.0.40-CAN-2003-0132.patch -Patch63: httpd-2.0.40-CAN-2003-0020.patch -Patch64: httpd-2.0.40-fdleak.patch -Patch65: httpd-2.0.40-CAN-2003-0083.patch -Patch66: httpd-2.0.40-CAN-2003-0245.patch -Patch68: httpd-2.0.40-CAN-2003-0192.patch -Patch69: httpd-2.0.40-CAN-2003-0253.patch -Patch70: httpd-2.0.40-CAN-2003-0254.patch -Patch71: httpd-2.0.40-VU379828.patch -Patch72: httpd-2.0.40-CAN-2003-0542.patch +Patch62: httpd-2.0.40-CAN-2003-0020.patch License: Apache Software License Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-root -BuildPrereq: db4-devel, expat-devel, findutils, perl +BuildPrereq: db4-devel, expat-devel, findutils, perl, pkgconfig, xmlto >= 0.0.11 Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find Prereq: /sbin/chkconfig, /bin/mktemp, /bin/rm, /bin/mv Prereq: sh-utils, textutils, /usr/sbin/useradd @@ -113,79 +102,109 @@ Security (TLS) protocols. %prep %setup -q %patch1 -p0 -b .apctl -%patch2 -p1 -b .apxs +%patch2 -p0 -b .apxs %patch3 -p0 -b .sslink %patch20 -p1 -b .davsegv -%patch21 -p0 -b .leaks -%patch22 -p1 -b .nphcgi -%patch23 -p1 -b .proxy -%patch24 -p1 -b .range -%patch26 -p1 -b .pipelog -%patch27 -p1 -b .rwmap -%patch28 -p1 -b .stream -%patch29 -p1 -b .subreq -%patch30 -p1 -b .sslexcl -%patch31 -p1 -b .include -%patch32 -p1 -b .graceful -%patch33 -p1 -b .rand +%patch21 -p1 -b .glibc23 %patch40 -p0 -b .cnfdir %patch41 -p0 -b .redhat %patch42 -p0 -b .xfsz %patch43 -p0 -b .pod -%patch44 -p1 -b .prctl +%patch44 -p0 -b .noshmht +%patch45 -p0 -b .leaks -%patch60 -p1 -b .can0840 +# no -b to prevent droplets in install root. +%patch60 -p1 %patch61 -p1 -b .can0843 -%patch62 -p1 -b .can0132 -%patch63 -p1 -b .can0020 -%patch64 -p1 -b .fdleak -%patch65 -p1 -b .can0083 -%patch66 -p1 -b .can0245 -%patch68 -p1 -b .can0192 -%patch69 -p1 -b .can0253 -%patch70 -p1 -b .can0254 -%patch71 -p1 -b .vu379828 -%patch72 -p1 -b .can0542 +%patch62 -p1 -b .can0020 -# copy across the migration guide and sed it's location into apachectl -cp $RPM_SOURCE_DIR/migration.{html,css} . +# Safety check: prevent build if defined MMN does not equal upstream MMN. +vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include \`pwd\`/include/ap_mmn.h | grep -v '#'` +if test "x${vmmn}" != "x%{mmn}"; then + : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}. + : Update the mmn macro and rebuild. + exit 1 +fi + +# update location of migration guide in apachectl +%{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ + support/apachectl.in # regenerate configure scripts ./buildconf -%build -# Fix version in apachectl -%{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ - support/apachectl.in +# Before configure; fix location of build dir in generated apxs +%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ + support/apxs.in -CFLAGS="$RPM_OPT_FLAGS" \ -AP_LIBS="-lssl -lcrypto" \ -./configure \ +%build +# build the migration guide +xmlto --skip-validation -x $RPM_SOURCE_DIR/html.xsl html-nochunks $RPM_SOURCE_DIR/migration.xml +cp $RPM_SOURCE_DIR/migration.css . # make %%doc happy + +if pkg-config openssl ; then + # configure -C barfs with trailing spaces in CFLAGS + CFLAGS="$RPM_OPT_FLAGS `pkg-config --cflags openssl | sed 's/ *$//'`" + AP_LIBS="$AP_LIBS `pkg-config --libs openssl`" +else + CFLAGS="$RPM_OPT_FLAGS" + AP_LIBS="-lssl -lcrypto" +fi +export CFLAGS +export AP_LIBS + +function mpmbuild() +{ +mpm=$1; shift +mkdir $mpm; pushd $mpm +cat > config.cache < prefork.mods +./worker/httpd -l | grep -v worker > worker.mods +if ! diff -u prefork.mods worker.mods; then + : Different modules built into httpd binaries, will not proceed + exit 1 +fi %install rm -rf $RPM_BUILD_ROOT @@ -196,10 +215,11 @@ sed -e "1s/logresolve 8/logresolve 1/" \ < docs/man/logresolve.8 > docs/man/logresolve.1 rm docs/man/logresolve.8 +pushd prefork make DESTDIR=$RPM_BUILD_ROOT install - -### remove this -# strip -g $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so +popd +# install worker binary +install -m 755 worker/.libs/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.worker # install conf file/directory mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d @@ -245,11 +265,9 @@ ln -s ../../../..%{_bindir}/libtool $RPM_BUILD_ROOT%{_libdir}/httpd/build/libtoo sed -e "s|%{contentdir}/build|%{_libdir}/httpd/build|g" \ -e "/AP_LIBS/d" -e "/abs_srcdir/d" \ -e "/^LIBTOOL/s|/[^ ]*/libtool|%{_bindir}/libtool|" \ - -e "s|^EXTRA_INCLUDES.*$|EXTRA_INCLUDES = -I\$(includedir) -I%{_includedir}/openssl|g" \ - < build/config_vars.mk \ + -e "/^EXTRA_INCLUDES/s|-I$RPM_BUILD_DIR[^ ]* ||g" \ + < prefork/build/config_vars.mk \ > $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk -install -m 644 build/special.mk \ - $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk # Make the MMN accessible to module packages echo %{mmn} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn @@ -296,6 +314,16 @@ sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \ -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \ > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8 +# Remove unpackaged files +rm -f $RPM_BUILD_ROOT%{_libdir}/libapr{,util}.{a,la} \ + $RPM_BUILD_ROOT%{_libdir}/APRVARS $RPM_BUILD_ROOT%{_libdir}/*.exp \ + $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \ + $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \ + $RPM_BUILD_ROOT%{_bindir}/ap?-config \ + $RPM_BUILD_ROOT%{_sbindir}/{checkgid,dbmmanage,envvars*} \ + $RPM_BUILD_ROOT%{contentdir}/htdocs/* \ + $RPM_BUILD_ROOT%{contentdir}/cgi-bin/* + %pre # Add the "apache" user /usr/sbin/useradd -c "Apache" -u 48 \ @@ -366,6 +394,7 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/ht* %{_bindir}/logresolve %{_sbindir}/httpd +%{_sbindir}/httpd.worker %{_sbindir}/apachectl %{_sbindir}/rotatelogs %attr(4510,root,%{suexec_caller}) %{_sbindir}/suexec @@ -433,33 +462,48 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/httpd/build/libtool %changelog -* Tue Oct 28 2003 Joe Orton 2.0.40-11.8 -- add security fixes for CVE CAN-2003-0542 -- return test page for "/+" in default httpd.conf -- add bug fixes for #103049, #105725, #106454 -- add fixes for CGI regressions in -21.5 (#103744) +* Mon Feb 24 2003 Joe Orton 2.0.40-21 +- add security fix for CAN-2003-0020; replace non-printable characters + with '!' when printing to error log. +- disable debuginfo on IA64. -* Wed Jul 9 2003 Joe Orton 2.0.40-11.7 -- add security fixes for CVE CAN-2003-0192, CAN-2003-0253, - CAN-2003-0254, CERT VU#379828 -- add bug fixes for #78019, #82985, #85022, #97111, #98545, #98653 -- install special.mk, fix apxs -q LIBTOOL (#92313) -- add mod_include fixes from upstream +* Tue Feb 11 2003 Joe Orton 2.0.40-20 +- disable POSIX semaphores to support 2.4.18 kernel (#83324) -* Tue May 27 2003 Joe Orton 2.0.40-11.6 -- add mod_ssl renegotiation fix +* Wed Jan 29 2003 Joe Orton 2.0.40-19 +- require xmlto 0.0.11 or later +- fix apr_strerror on glibc2.3 -* Thu May 22 2003 Joe Orton 2.0.40-11.5 -- rebuild +* Wed Jan 22 2003 Tim Powers 2.0.40-18 +- rebuilt -* Mon May 12 2003 Joe Orton 2.0.40-11.4 -- add security fix for CAN-2003-0245 -- add bug fixes for #89179, #88575, #89086 +* Thu Jan 16 2003 Joe Orton 2.0.40-17 +- add mod_cgid and httpd binary built with worker MPM (#75496) +- allow choice of httpd binary in init script +- pick appropriate CGI module based on loaded MPM in httpd.conf +- source /etc/sysconfig/httpd in apachectl to get httpd choice +- make "apachectl status" fail gracefully when links isn't found (#78159) -* Tue Apr 1 2003 Joe Orton 2.0.40-11.3 -- add security fixes for CAN-2003-0020, CAN-2003-0132, CAN-2003-0083 -- add security fix for file descriptor leaks, #82142 -- add bug fixes for #73428, #82587, #86254 +* Mon Jan 13 2003 Joe Orton 2.0.40-16 +- rebuild for OpenSSL 0.9.7 + +* Fri Jan 3 2003 Joe Orton 2.0.40-15 +- fix possible infinite recursion in config dir processing (#77206) +- fix memory leaks in request body processing (#79282) + +* Thu Dec 12 2002 Joe Orton 2.0.40-14 +- remove unstable shmht session cache from mod_ssl +- get SSL libs from pkg-config if available (Nalin Dahyabhai) +- stop "apxs -a -i" from inserting AddModule into httpd.conf (#78676) + +* Wed Nov 6 2002 Joe Orton 2.0.40-13 +- fix location of installbuilddir in apxs when libdir!=/usr/lib + +* Wed Nov 6 2002 Joe Orton 2.0.40-12 +- pass libdir to configure; clean up config_vars.mk +- package instdso.sh, fixing apxs -i (#73428) +- prevent build if upstream MMN differs from mmn macro +- remove installed but unpackaged files * Wed Oct 9 2002 Joe Orton 2.0.40-11 - correct SERVER_NAME encoding in i18n error pages (thanks to Andre Malo) diff --git a/migration.xml b/migration.xml new file mode 100644 index 0000000..3770787 --- /dev/null +++ b/migration.xml @@ -0,0 +1,940 @@ + + +httpd"> +httpd.conf"> +mod_ssl"> +mod_proxy"> +mod_include"> +mod_auth_db"> +mod_auth_dbm"> +mod_perl"> +mod_python"> + +htdbm"> +dbmmanage"> + +]> + +
+ + +Apache Migration HOWTO + + + +This HOWTO covers the migration of Red Hat Linux webservers from +Red Hat's Apache 1.3 packages to Red Hat's Apache 2.0 packages. It +explains the relevant differences between the 1.3 and 2.0 packages, +and describes the process required to migrate your server's +configuration from 1.3 to 2.0. + + + + + +Naming and filesystem changes + + +Packaging changes + +When using RPM to administer your system you should be aware +that some packages have been renamed, some have been incorporated into +others, and some have been deprecated. The major changes are that the +apache, apache-devel and +apache-manual packages have been renamed as +&httpd;, httpd-devel and +httpd-manual, and that the +mod_dav package has been incorporated into the +&httpd; package. + +A complete breakdown of the packaging changes can be found in +. + + + + +Filesystem changes + +The single major change to the filesystem layout is that there +is now a directory, /etc/httpd/conf.d, into which +the configuration files for individually packaged modules (&mod_ssl;, +php, &mod_perl; and so on) are placed. The server +is instructed to load configuration files from this location by the +directive Include conf.d/*.conf within +/etc/httpd/conf/httpd.conf, so it is vital that +this line be inserted when migrating an existing configuration. + +Of the many minor changes, the most important to be aware of are +that the utility programs ab and +logresolve have been moved from +/usr/sbin to /usr/bin, which +will cause scripts with absolute paths to these binaries to fail; the +&dbmmanage; command has been replaced by &htdbm; (see ); the logrotate configuration file has been +renamed from /etc/logrotate.d/apache to +/etc/logrotate.d/httpd. + + + + + + + +Migrating your configuration + +If you have upgraded your server from a previous version of Red +Hat Linux upon which Apache was installed then the stock configuration +file from the Apache 2.0 package will have been created as +/etc/httpd/conf/httpd.conf.rpmnew, leaving your +original &httpdconf; untouched. It is, of course, entirely up to you +whether you use the new configuration file and migrate your old +settings to it, or use your existing file as a base and modify it to +suit, however some parts of the file have changed more than others and +a mixed approach is generally the best. The stock configuration files +for both 1.3 and 2.0 are divided into three sections, and for each of +these this document will suggest what is hopefully the easiest +route. + +If your &httpdconf; is a modified version of the default Red Hat +one and you have saved a copy of the original then you may find the +diff command comes in handy. Invoked as: + + + +diff -u httpd.conf.orig httpd.conf | less + + + +for example, it will highlight the modifications you have made. If +you do not have a copy of the original file all is not lost, since it +is possible to extract it from an RPM package using the +rpm2cpio and cpio commands, for +example: + + + +rpm2cpio apache-1.3.23-11.i386.rpm | cpio -i --make + + + +Finally, it is useful to know that Apache has a testing mode to check +your configuration for errors. This may be invoked as: + + + +apachectl configtest + + + + + +Global Environment + +The global environment section of the configuration file +contains directives which affect the overall operation of Apache, such +as the number of concurrent requests it can handle and the locations of +the various files it uses. This section requires a large number of +changes compared with the others and it is therefore recommended that +you base this section on the Apache 2.0 configuration file and migrate +your old settings into it. + + +Selecting which interfaces and ports to bind to + +The BindAddress and Port +directives no longer exist: their functionality is now provided by a +more flexible Listen directive. + +If you had set Port 80 you should change it +to Listen 80 instead. If you had set +Port to some other value then you should also +append the port number to the contents of your +ServerName directive: + + +Apache 1.3 port configuration + +Port 123 +ServerName www.example.com + + + +Equivalent Apache 2.0 port configuration + +Listen 123 +ServerName www.example.com:123 + + + +See also: + + +Listen + +ServerName + + + + + +Server-pool size regulation + +In Apache 2.0, the responsibility for accepting requests and +dispatching children to handle them has been abstracted into a group +of modules called Multi-Processing Modules (MPMs); the original Apache +1.3 behaviour has now been moved into the prefork MPM. + +The MPM supplied by default on Red Hat Linux is prefork which +accepts the same directives (StartServers, +MinSpareServers, +MaxSpareServers, MaxClients and +MaxRequestsPerChild) as Apache 1.3 and as such the +values of these directives may be migrated across directly. + +In the stock Apache 2.0 configuration file you may notice +directives for two other MPMs: worker and perchild. Currently only +the prefork MPM is available on Red Hat Linux, although other MPMs may +be made available at some later date. + +See also: + + +Apache +Multi-Processing Modules + + + + + +Dynamic Shared Object (DSO) Support + +There are many changes required here and it is highly +recommended that anyone trying to modify an Apache 1.3 configuration +to suit Apache 2.0 (as opposed to migrating your changes into the +Apache 2.0 configuration) simply copy this section from the stock Red +Hat Linux Apache 2.0 configuration. If you do decide to try and +modify your original file, please note that it is of paramount +importance that your &httpdconf; contains the following directive: + + + +# +# Load config files from the config directory "/etc/httpd/conf.d". +# +Include conf.d/*.conf + + + +Omission of this directive will result in the failure of all modules +packaged in their own RPMs (&mod_ssl;, php, +&mod_perl; and the like). + +Those who still don't want to simply copy the section from the +stock Apache 2.0 configuration should note the following: + + + +The AddModule and +ClearModuleList directives no longer exist. These +directives where used to ensure that modules could be enabled in the +correct order. The new Apache 2.0 API allows modules to explicitly +specify their ordering, eliminating the need for these +directives. + +The order of the LoadModule lines +is thus no longer relevant. + +Many modules have been added, removed, renamed, split +up, or incorporated with each other. + +LoadModule lines for modules +packaged in their own RPMs (&mod_ssl;, php, +&mod_perl; and the like) are no longer necessary as they can be found +in the relevant file in the directory +/etc/httpd/conf.d. + +The various HAVE_XXX definitions +are no longer defined. + + + + + + +Other changes + +The ServerType directive has been removed in +Apache 2.0 which can only be run as ServerType +standalone. + +The AccessConfig and +ResourceConfig directives have been removed since +they mirror the functionality of the Include +directive. If you have AccessConfig and +ResourceConfig directives set then you need to +replace these with Include directives. To ensure +that the files are read in the order implied by the older directives +the Include directives should be placed at the end +of &httpdconf;, with the one corresponding to +ResourceConfig preceeding the one corresponding to +AccessConfig. If you were making use of the +default values you will need to include them explicitly as +conf/srm.conf and +conf/access.conf. + + + + + +Main server configuration + +The main server configuration section of the configuration file +sets up the main server, which responds to any requests that aren't +handled by a <VirtualHost> definition. +Values here also provide defaults for any +<VirtualHost> containers you may +define. + +The directives used in this section have changed little between +Apache 1.3 and Apache 2.0, so if your main server configuration is +heavily customised you may find it easier to modify your existing +configuration to suit Apache 2.0. Users with only lightly customised +main server sections are recommended to migrate their changes into the +stock Apache 2.0 configuration. + + +UserDir mapping + +The UserDir directive is used to enable URLs +such as http://example.com/~jim/ to map to a +directory in the home directory of the user jim, +such as /home/jim/public_html. A side-effect of +this feature allows a potential attacker to determine whether a given +username is present on the system, so the default configuration for +Apache 2.0 does not enable UserDir. + +To enable UserDir mapping, change the +directive: + + +UserDir disable + + +to + + +UserDir public_html + + +in /etc/httpd/conf/httpd.conf. + +See also: + + +UserDir + + + + + +Logging + +The AgentLog, RefererLog +and RefererIgnore directives have been removed. +Agent and referer logs are still available using the +CustomLog and LogFormat +directives. + +See also: + + +CustomLog + +LogFormat + + + + + +Directory Indexing + +The deprecated FancyIndexing directive has +now been removed. The same functionality is available through the +FancyIndexing option to the +IndexOptions directive. + +The new VersionSort option to the +IndexOptions directive causes files containing +version numbers to be sorted in the natural way, so that +apache-1.3.9.tar would appear before +apache-1.3.12.tar in a directory index page. + +The defaults for the ReadmeName and +HeaderName directives have changed from +README and HEADER to +README.html and +HEADER.html. + +See also: + + +IndexOptions + +ReadmeName + +HeaderName + + + + + +Content Negotiation + +The CacheNegotiatedDocs directive now takes +the argument: on or off. Existing instances of +CacheNegotiatedDocs should be replaced with +CacheNegotiatedDocs on. + +See also: + + +CacheNegotiatedDocs + + + + + +Error Documents + +To use a hard-coded message with the +ErrorDocument directive, the message should be +enclosed in a pair of double quotes, rather than just preceded by a +double quote as required in Apache 1.3. For instance, change: + + + +ErrorDocument 404 "The document was not found + + +to + + + +ErrorDocument 404 "The document was not found" + + + + + +See also: + + +ErrorDocument + + + + + + +Virtual Hosts + +The contents of all <VirtualHost> +containers should be migrated in the same way as the main server +section as described in . Note that +the SSL virtual host context has been moved into the file +/etc/httpd/conf.d/ssl.conf. + +See also: + + +Apache +Virtual Host Documentation + + + + + +Modules + +In Apache 2.0 the module system has been changed to allow +modules to be chained together to combine them in new and interesting +ways. CGI scripts, for example, can generate server-parsed HTML +documents which can then be processed by &mod_include;. The +possibilities are only limited by the bounds of your +imagination. + +The way this actually works is that each request is served by +exactly one handler module followed by zero or +more filter modules. Under Apache 1.3, for +example, a PHP script would be handled in it's entirity by the PHP +module; under Apache 2.0 the request is initially +handled by the core module (which serves static +files) and subsequently filtered by the PHP +module. + +Exactly how to use this (and all the other new features of +Apache 2.0 for that matter) is beyond the scope of this document, +however the change has ramifications if you have used PATH_INFO +(trailing path information after the true filename) in a document +which is handled by a module that is now implemented as a filter. The +core module, which initially handles the request, does not by default +understand PATH_INFO and will serve 404 Not Found errors for requests +that have it. The AcceptPathInfo directive can be +used to coerce the core module into accepting requests with PATH_INFO: + + + +AcceptPathInfo on + + + + + +See also: + + +AcceptPathInfo + +Apache's +Handler Use + +Filters + + + + +mod_ssl + +The configuration for &mod_ssl; has been moved from &httpdconf; +into the file /etc/httpd/conf.d/ssl.conf. For +this file to be loaded, and hence for &mod_ssl; to work, you must have +the statement Include conf.d/*.conf in your +&httpdconf; as described in . + +ServerName directives in SSL virtual hosts +must explicitly specify the port number: + + +Apache 1.3 SSL virtual host configuration + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + # General setup for the virtual host + ServerName ssl.host.name + ... +</VirtualHost> + + + +Equivalent Apache 2.0 SSL virtual host configuration + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + # General setup for the virtual host + ServerName ssl.host.name:443 + ... +</VirtualHost> + + + +See also: + + +Apache +Module mod_ssl + +Apache +Virtual Host Documentation + + + + + +mod_proxy + +Proxy access control statements are now placed inside a +<Proxy> block rather than a +<Directory proxy:>. + +The caching functionality of the old &mod_proxy; has been split +out into three other modules (mod_cache, +mod_disk_cache, mod_file_cache), +although these generally use the same or similar directives as the old +&mod_proxy;. + +See also: + + +Apache +Module mod_proxy + + + + + +mod_include + +&mod_include; is now implemented as a filter and must therefore be enabled +differently: + + +Apache 1.3 &mod_include; configuration + +AddType text/html .shtml +AddHandler server-parsed .shtml + + + + +Equivalent Apache 2.0 &mod_include; configuration + +AddOutputFilter INCLUDES .shtml + + + +Note that Options +Includes is still +required. + +See also: + + +Apache +Module mod_include + + + + + +mod_auth_dbm and mod_auth_db + +Apache 1.3 supported two authentication modules, &mod_auth_db; +and &mod_auth_dbm;, which used Berkeley Databases and DBM databases +respectively. These modules have been combined into a single module +named &mod_auth_dbm; in Apache 2.0, which can access several different +database formats. To migrate from &mod_auth_db; in Apache 1.3, +configuration files should be adjusted by replacing +AuthDBUserFile and +AuthDBGroupFile with the &mod_auth_dbm; equivalents +AuthDBMUserFile and +AuthDBMGroupFile, and the directive +AuthDBMType DB should be added to indicate the type +of database file in use. + + shows a sample &mod_auth_db; +configuration for Apache 1.3, and shows how +it would be migrated to Apache 2.0. Note that the +AuthDBUserFile directive can also be used in +.htaccess files. + + +Apache 1.3 &mod_auth_db; configuration + +<Location /private/> + AuthType Basic + AuthName "My Private Files" + AuthDBUserFile /var/www/authdb + require valid-user +</Location> + + + + +Equivalent Apache 2.0 &mod_auth_dbm; configuration + +<Location /private/> + AuthType Basic + AuthName "My Private Files" + AuthDBMUserFile /var/www/authdb + AuthDBMType DB + require valid-user +</Location> + + + +The &dbmmanage; Perl script, used to manipulate +username/password databases, has been replaced by the &htdbm; program +in Apache 2.0. &htdbm; offers equivalent functionality, and like +&mod_auth_dbm; can operate a variety of database formats; a +-T argument can be used to specify the format to +use for a particular command. shows how to +migrate from using &dbmmanage; on a DBM-format database with Apache +1.3, to &htdbm; in 2.0. + + + +Migrating from &dbmmanage; to &htdbm; + + + + +Action +dbmmanage command (Apache 1.3) +Equivalent htdbm command (Apache 2.0) + + + + + + +Add user to database (using given password) +dbmmanage authdb add username password +htdbm -b -TDB authdb username password + + +Add user to database (prompts for password) +dbmmanage authdb adduser username +htdbm -TDB authdb username + + +Remove user from database +dbmmanage authdb delete username +htdbm -x -TDB authdb username + + +List users in database +dbmmanage authdb view +htdbm -l -TDB authdb + + +Verify a password +dbmmanage authdb check username +htdbm -v -TDB authdb username + + + +
+ +The -m and -s options work +with both &dbmmanage; and &htdbm; (enabling the use of the MD5 or SHA1 +algorithms for hashing passwords, respectively). When creating a new +database with &htdbm;, the -c option must be +used. + + +See also: + + +Apache +Module mod_auth_dbm + + +
+ + +PHP + +The configuration for PHP has been moved from &httpdconf; into +the file /etc/httpd/conf.d/php.conf. For this +file to be loaded, and hence for PHP to work, you must have the +statement Include conf.d/*.conf in your &httpdconf; +as described in . + +PHP is now implemented as a filter and must therefore be enabled +differently: + + +Apache 1.3 PHP configuration + +AddType application/x-httpd-php .php +AddType application/x-httpd-php-source .phps + + + + +Equivalent Apache 2.0 PHP configuration + +<Files *.php> + SetOutputFilter PHP + SetInputFilter PHP +</Files> + + + +In PHP 4.2.0 and later the default set of predefined variables +which are available in the global scope has changed. Individual input +and server variables are by default no longer placed directly into the +global scope; rather, they are placed into a number superglobal +arrays. This change may cause scripts to break, and you may revert to +the old behaviour globally by setting +register_globals to On in the +file /etc/php.ini or more selectivly by using +php_value register_globals 1 in your &httpdconf; or +in .htaccess files. + +Another change is that short open tags are now disabled to make +it easier to develop PHP applications that serve XML or XHTML, so +scripts must use <?php or <script +language="php"> rather than <? to +denote PHP code. This change may cause scripts to break, and you may +revert to the old behaviour globally by setting +short_open_tag to On in the file +/etc/php.ini. Due to a bug in PHP it is not +possible to set this more selectivly with php_value +directives. + +See also: + + +PHP 4.1.0 Release +Announcement for details of the global scope changes + + + + + +mod_perl + +The configuration for &mod_perl; has been moved from &httpdconf; +into the file /etc/httpd/conf.d/perl.conf. For +this file to be loaded, and hence for &mod_perl; to work, you must +have the statement Include conf.d/*.conf in your +&httpdconf; as described in . + +Occurances of Apache:: in your &httpdconf; +must be replaced with ModPerl::. Additionally, the +manner in which handlers are registered has been changed, for +example: + + +Apache 1.3 &mod_perl; configuration + +<Directory /var/www/perl> + SetHandler perl-script + PerlHandler Apache::Registry + Options +ExecCGI +</Directory> + + + + +Equivalent Apache 2.0 &mod_perl; configuration + +<Directory /var/www/perl> + SetHandler perl-script + PerlHandler ModPerl::Registry::handler + Options +ExecCGI +</Directory> + + + +Most modules for &mod_perl; 1.x should work without modification +with &mod_perl; 2.x. XS modules will require recompilation and may +possibly require minor Makefile modifications. + + + + + + +mod_python + +The configuration for &mod_python; has been moved from &httpdconf; +into the file /etc/httpd/conf.d/python.conf. For +this file to be loaded, and hence for &mod_python; to work, you must +have the statement Include conf.d/*.conf in your +&httpdconf; as described in . + + +
+
+ + + + +Packaging Changes + + + +The apache, +apache-devel and apache-manual +packages have been renamed as &httpd;, httpd-devel +and httpd-manual. + +The mod_dav package has been +incorporated into the &httpd; package. + +The mod_put and +mod_roaming packages have been removed, since their +functionality is a subset of that provided by +mod_dav. + +The mod_auth_any and +mod_bandwidth packages have been +removed. + +&mod_ssl;'s version is now synchronised with &httpd;, +which means that the &mod_ssl; package for Apache 2.0 has a lower +version than &mod_ssl; package for 1.3. + + + + + + + +