With a little side of applesauce...

Sunday, January 28, 2007

Debian - Apache 2.0 -> Apache 2.2 upgrade (sarge -> etch)

Here are a few quick notes about upgrading Apache 2.0 (sarge) to Apache 2.2 (etch). I will expand later, but wanted to get these up here before I forget :P

apache20 -> apache22 migration

Quick notes about problems/need to remember

1. recompile mod_jrun for mod_jrun22.so

You need to download a new wsconfig.jar from this page:
- http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=8001e97

We run Coldfusion in a cluster separate from the web server machines, so
I needed to compile it by hand. Thankfully, they include a build script
in the lib/wsconfig/1/ directory called build_jrun22. For Debian, I
believe I needed to modify the location of apxs2 (/usr/bin/apxs2). Then
run the file:

/path/to/build_jrun22

2. authnz_ldap doesn’t allow valid-user (you need to use authnz_user),
so you need to trick it by using an objectClass associated with the
authenticated user:

for f in $(find ./ -iname “.htaccess*” ); do sed -i ’s?require valid-user?require ldap-attribute objectClass=myPerson?’ $f ; done

3. replace “require group groupname” with “require ldap-group groupname”.

4. Drupal 4.7 needs the following patch to deal with php5.2 sessions:

The fix is found in a patch in this thread, “Session handler executed
after $user object is destructed”:
http://drupal.org/node/93945

The patch is here:
http://drupal.org/files/issues/sess_patch_47

And, the reason is described here:
http://blogs.oscommerce.com/2006/11/06/php-520-compatibility/

5. bug in :

New in apache2.2 is a bug which forces LimitExcept to have arguments.
(Seems to remove _all_ the whitespace).
We use LimitExcept without any arguments for publishing so I replaced
our empty LimitExcept with :

for f in $(find ./ -iname “.htaccess*” ); do sed -i ’s?>??’ $f ; done

6. moved the ldap config out of the vhosts, and replaced them with an
Include:

apacheroot/apache2.conf:
############################################
# mod_auth_ldap —–
############################################
Include /etc/apache2/ldap/commonldap.conf
####End of LDAP Conf

apacheroot/sites-available/vhost now has the following Include in the
container:
Include /etc/apache2/ldap/authldapconfig.conf

apacheroot/ldap/commonldap.conf:
############################################
# mod_auth_ldap —–
############################################

LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 60
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 60
LDAPTrustedGlobalCert CA_BASE64 /etc/apache2/ssl.crt/my.crt
####End of LDAP Conf

apacheroot/ldap/authldapconfig.conf:
##### Beginning mod_auth_ldap ##########################
AuthBasicProvider ldap
AuthType Basic
AuthName “myfarm”
AuthzLDAPAuthoritative on
AuthLDAPURL ldaps://www.ldapserver.com:636/dc=example,dc=com?uid
AuthLDAPBindDN “mydn”
AuthLDAPBindPassword “mypassword”
##### End mod_auth_ldap ##########################

This is the command that worked:

for f in $(ls *); do cat $f | grep -v “mod_auth ” | grep -v AuthAuthoritative | grep -v AuthUserFile | grep -v AuthGroupFile | sed “s?AuthLDAPEnabled on?Include /etc/apache2/ldap/authldapconfig.conf?” | grep -v AuthLDAP > $f.new ; mv $f.new $f ; done


7. Don't forget the addition  of "AuthBasicProvider ldap" in the Directory container.

8. Joomla podcast.php relies on a depricated php.ini setting:

Warning: Call-time pass-by-reference has been deprecated - argument
passed by value; If you would like to pass it by reference, modify the
declaration of [runtime function name](). If you would like to enable
call-time pass-by-reference, you can set allow_call_time_pass_reference
to true in your INI file. However, future versions may not support this
any longer. in
/path/to/mambots/content/podcast.php on
line 24 Warning: Call-time pass-by-reference has been deprecated -
argument passed by value; If you would like to pass it by reference,
modify the declaration of [runtime function name](). If you would like
to enable call-time pass-by-reference, you can set
allow_call_time_pass_reference to true in your INI file. However, future
versions may not support this any longer. in
/path/to/mambots/content/podcast.php on
line 26
To change this temporarily, you can set:
allow_call_time_pass_reference = On

But, be aware that this probably won't be available in future versions
of PHP.

2 comments:

CVD said...

The build_jrun22 script doesn't seem part of the package. Any chance you can add it to your post?

speeves said...

Thanks for the question! I have posted a blog entry which should answer your question. Let me know if there are any issues:
http://speeves.erikin.com/2009/01/coldfusion-8-apache-compiling.html

Take care!