Upgrading Apache from 2.0.59-r5 to 2.2.6

Today's post will be about my procedure for upgrading Apache-2.0.59-r5 to apache-2.2.6. This is a major jump, and unfortunately, needs to happen. There are bugs-a-plenty at bugs.gentoo.org, and I touched upon these issues here.

The first step before doing any large upgrade is to scour the forums. I always want/need to see what I'm in for. I saw lots of issues with SSL, apache modules and logging issues. Keeping those in my mind, I pulled the trigger on the emerges.

emerge -v apache apache-tools

With 2.2, there apache-tools needs to be emerge'd. This will give you apache2ctl, htpasswd, etc. After the emerge was done, I immediately saw the portage messages (thanks new-portage!).

* Selected MPM: prefork
* The default webroot has not been installed into
* //var/www/localhost because the directory already exists
* and we do not want to overwrite any files you have put there.
* If you would like to install the latest webroot, please run
* emerge --config =apache-2.2.6
* Listen directives have been moved into the default virtual host
* configuation. At least DEFAULT_VHOST has been enabled for you
* (depending on your USE-flags.
* If you disable DEFAULT_VHOST or SSL_DEFAULT_VHOST, there would
* be no listening sockets available.
* Please make sure that you update your /etc directory.
* Between the versions, we had to changes some config files
* and move some stuff out of the main httpd.conf file to a seperate
* modules.d entry.
* Thus please update your /etc directory either via etc-update,
* dispatch-conf or conf-update !
* When upgrading from versions below 2.2.0 to this version, you
* need to rebuild all your modules. Please do so for your modules
* to continue working correctly.
* Also note that some configuration directives have been
* split into their own files under //etc/apache2/modules.d/
* and that some modules, foremost the authentication related ones,
* have been renamed.
* Some examples:
*   - USERDIR is now configureable in /etc/apache2/modules.d/00_mod_userdir.conf.
* For more information on what you may need to change, please
* see the overview of changes at:
* http://httpd.apache.org/docs/2.2/new_features_2_2.html
* and the upgrading guide at:
* http://httpd.apache.org/docs/2.2/upgrading.html

The item to pay attention too:

* When upgrading from versions below 2.2.0 to this version, you
* need to rebuild all your modules. Please do so for your modules
* to continue working correctly.

Okay, this is where folks had trouble after updating apache, then immediately restarting the service. Before doing that, I thought, I'd deal with the new configs. Apache-2.2, the configs were split up. Some of the areas found in httpd.conf are now in 00_default_settings.conf. For whatever reason, ServerName was completely left off, so I added that to httpd.conf. Depending on your set up you may need to do some careful work with your configs. For the first server, I manually merged my configs with dispatch-conf, but the other server, I 'took' the new config, and decided to edit them by hand.

httpd.conf - modules are included in completely different areas. So if you were removing modules for security, it's best to compare configs and start commenting them out by hand.

00_mod_info.conf - This is -D INFO handling now. Make sure you edit this if you have special 'allows' for server-info or server-status.

00_default_settings.conf - I like to keep my ServerSignature set to off, and this will now need to be set here.

/etc/conf.d/apache2 - they want to put in -D INFO -D LANGUAGE and forget your PHP, so make sure your flags are good.

The next issues you'll see are vhosts and ssl vhosts, each server seemed to have different issues with this, so you're going to have to bite the bullet and get the sorted out while things are broke, but this should get your a somewhat stable apache.


Okay, almost forgot about the modules! Depending on what you have, you'll have to rebuild your modules. In my case, I had PHP4 and mod_security to deal with. With this version of Apache, we're needing the newer mod_security (2.1.2). Not much different there, but you may need to adjust some of your mod_security configurations. Dispatch-conf is your friend!

Ok, so we have apache configured and modules re-built, it's time to test the configs. With apache-2.2, we don't use apache2ctl like we use to (apache2ctl -t), but have to use the long method (apache2ctl configtest). This is linked to initscript now, and that's why it doesn't know about the -t. If all is good, then restart.

I ran into a problem where restart led to !! even though configtest showed clean. Looking at the error_logs, I saw mention that it could not open error_log

(2)No such file or directory: apache2: could not open error log file /usr/lib/apache2/logs/error_log.

Notice the /usr/lib/apache vs /var/log? That's because old apache installs use to have a symlink in /usr/lib/apache pointing to /var/log/apache2/. This has been removed, so clean out your broken symlinks. The issue was related to a specific vhost that was referencing log/error_log for ErrorLog, changing that to absolute path fixed it up for me.

The upgrade was not fun.. but not that bad either. Just go slow, and pay attention to the 'trouble' areas before starting. Remember to rebuild modules before restarting Apache. You may have to work on vhost NameVirtualHost stuff with SSL and the normal vhosts, but you should be able work your way through it.