|
apocryph.orgnotes to my future self |
|
|
apocryph.orgnotes to my future self |
Today I went to slightly change my Apache 2.0 config on bonzo, when was greeted with a nasty error when trying to restart the process:
bonzo# apachectl restart
/libexec/ld-elf.so.1: Shared object "libexpat.so.5" not found, required by "httpd"
I suspect this is due to some of the upgrading it with with the ports tree recently. Obviously something needed a new version of libexpat, which broke my older build of Apache. I put a band-aid on the problem with:
ln -s libexpat.so.6 libexpat.so.5
in /usr/local/lib, but I don’t like running older versions of software. I noticed that Apache 2.2 is now out and in the ports tree under www/apache22. The upgrade instructions seem fairly straightforward, so I’m going to go for it.
A quick cd into /usr/ports/www/apache22, and a make show-options yield:
bonzo# make show-options
Available knobs:
By default, modules are compiled as dynamically loadable (DSO) modules.
Modules knobs philosophy:
Modules are split in categories, "make show-categories" shows you
which modules they contain. You can enable/disable/customize a category:
- To enable a category: WITH_<CATEGORY>_MODULES=yes
[WITH_PROXY_MODULES=yes]
- To disable a category: WITHOUT_<CATEGORY>_MODULES=yes
[WITHOUT_DAV_MODULES=yes]
- To customize a category: WITH_CUSTOM_<CATEGORY>
[WITH_CUSTOM_PROXY="proxy proxy_http"]
Apache-related
WITH_MPM: prefork (default)
worker
perchild (deprecated)
threadpool (testing purpose only)
WITH_HTTP_PORT: default: 80
WITH_LDAP: Enable LDAP support (mod_auth_ldap) (implies WITH_LDAP_MODULES)
WITH_(MYSQL|PGSQL|SQLITE): Enable SQL backend *dbd
WITHOUT_V4MAPPED
WITH_IPV6_V6ONLY: Don't allow IPv6 sockets to handle IPv4
connections
WITHOUT_SSL: Disable SSL support
WITH_THREADS: Enable threads support !! USE IT WITH CARE !!
WITH_DBM: Choose your DBM: bdb (Berkeley DB), gdbm or
ndbm (default)
WITH_BERKELEYDB: Choose your BerkeleyDB version: db2, db3,
db4, db41, db42 or FreeBSD (1.85)(default)
WITH_STATIC_SUPPORT: Build statically linked support binaries
WITH_STATIC_APACHE: Build a static version of httpd (implies
WITH_STATIC_MODULES)
WITH_ALL_STATIC_MODULES: All modules will be statically linked.
WITH_STATIC_MODULES: List of modules to build modules statics
(usefull for slave ports)
(They must be already enabled (i.e.
WITH_MODULES or with default configuration
use 'make show-modules', to check if they are
enabled)
WITH_MODULES: List of modules you choose
WITHOUT_MODULES: Disable selected modules
WITH_SUEXEC: Enable suExec support
SUEXEC_DOCROOT: SuExec root directory
SUEXEC_USERDIR: User subdirectory (default public_html)
SUEXEC_SAFEPATH: Set the safepath
SUEXEC_LOGFILE: Set log file for suexec (default: /var/log/httpd-suexec.log)
SUEXEC_UIDMIN: Minimal allowed UID (default 1000)
SUEXEC_GIDMIN: Minimal allowed GID (default 1000)
SUEXEC_CALLER: User allowed to call SuExec (default
${WWWOWN} (www))
SUEXEC_UMASK: Defines umask for suexec'd process(default:
unset)
WITH_DEBUG: Build a debug versoin of apache (set CFLAGS
to "-O0 -g -ggdb3" or ${DEBUG_FLAGS} and
defines WITH_EXCEPTION_HOOK too)
WITH_EXCEPTION_HOOK: Enable fatal exception hook
Optionnal patches:
WITH_EXPERIMENTAL_PATCHES Add performance patches (generally backported
from apr/httpd CVS)
Available make targets:
show-options: prints this message
show-modules: prints list of available modules
show-categories: prints list of modules sorted by category
Examples:
make WITH_STATIC_MODULES="ssl rewrite include" WITH_EXPERIMENTAL_MODULES=yes \
WITH_CUSTOM_AUTH="auth auth_dbm"
make WITHOUT_MODULES="access speling status" WITH_PROXY_MODULES=yes
make WITH_MODULES="include rewrite auth"
Note: If you define your custom options in /etc/make.conf, don't forget
to do not use quotes.
From make show-categories I get:
bonzo# make show-categories
AUTH contains these modules:
auth_basic auth_digest
AUTHN contains these modules:
authn_file authn_dbd authn_dbm authn_anon authn_default
AUTHZ contains these modules:
authz_host authz_groupfile authz_user authz_dbm authz_owner authz_default
CACHE contains these modules:
cache disk_cache file_cache mem_cache
DAV contains these modules:
dav dav_fs
EXPERIMENTAL contains these modules:
bucketeer case_filter case_filter_in ext_filter charset_lite log_forensic optional_hook_export optional_hook_import optional_fn_import optional_fn_export
LDAP contains these modules:
ldap authnz_ldap
MISC contains these modules:
actions alias asis autoindex cern_meta cgi charset_lite dbd deflate dir env expires headers imagemap include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias filter version
PROXY contains these modules:
proxy proxy_connect proxy_ftp proxy_http proxy_ajp proxy_balancer
SSL contains these modules:
ssl
SUEXEC contains these modules:
suexec
THREADS contains these modules:
cgid
From make I see the defaults are:
Per default categories are:
AUTH AUTHN AUTHZ DAV CACHE MISC
Categories available:
AUTH AUTHN AUTHZ CACHE DAV EXPERIMENTAL LDAP MISC PROXY SSL SUEXEC THREADS
I also want SSL; the rest are fine. So, that’s make WITH_SSL_MODULES=yes
That seemed to work. Now the really risky move: make uninstall apache20, and make install apache22. If this goes badly, I’ll be left without a working web server.
It seemed to go okay; the make deinstall complained about a littany of stuff dependent upon apache2, and I had to change /etc/rc.conf to add apache22_enable="YES".
The configuration file httpd.conf is in /usr/local/etc/apache22, while my old was in /usr/local/etc/apache2. The Apache docs say the new config file is much simpler, so I’ll just migrate my old settings over.
I had to copy:
DirectoryIndex entry index.phpAlias entries for gallery2, bytehoard, and mailAddType directives for PHP filesLoadModule directives for dav_svn, authz_svn, and php5The first problem with these changes is:
httpd: Syntax error on line 103 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache2/mod_dav_svn.so into server: Shared object "libaprutil-0.so.9" not found, required by "libsvn_repos-1.so.0"
This is a pretty old version of the dav_svn module; I’ll disable it for now until I can build the updated version
Another problem:
httpd: Syntax error on line 105 of /usr/local/etc/apache22/httpd.conf: API module structure `php5_module' in file /usr/local/libexec/apache2/libphp5.so is garbled - perhaps this is not an Apache module DSO?
So, I’ll have to rebuild the PHP5 module as well. Awesome.
Argh, I keep running into shit along the dependency chain that I have to upgrade to build the php5-extensions. So far, pecl-magick and mysql50-client. Also have to (re)build www/mod_php5. Oddly, when I make search name=php5 I see the mod_php5 port listed as /usr/ports/www/mod_php5, but there’s no such folder in my ports tree. I’m cvsuping my ports tree just in case, but I’m not holding out hope.
Hmm, turns out the mod_php port has been removed and integrated into the PHP build process. Lame. I did a make config, checked the Apache box (and the multibyte box while I was at it), then did a make clean and a make reinstall. I’ll have to do the same thing on php5-extensions.
Ok, it looks good. Drupal is working, but Gallery is broken (requests for /gallery2 return Forbidden).
It seems the reason is that uninstalling Apache 2.0 removed the /usr/local/www/data symlink to /usr/local/www/data-dist. How lame. All my paths will change now.
Ok, all seems well. There’s only one little thing bugging me now:
bonzo# apachectl stop
bonzo# apachectl start
[Mon Jun 19 07:48:24 2006] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter
I’ve done a bit of reading on the subject. Apparently, the accept filters are an optimization within Apache that takes advantage of an optimization in various OS kernels in which the accept() socket function doesn’t return until a particular filter condition is met; in the case of HTTP, that complete HTTP headers have been received from the client. I don’t really understand why this is a major performance enhancement, but I trust Apache and the FreeBSD kernel team to do the right thing.
At any rate, from this Google Groups conversation, it seems I can enable the relevant accept filters in the kernel by adding a apache22_http_accept_enable="YES" line in /etc/rc.conf. I’ll try that.
Yup, that takes care of it. Sweet.
