1

We have a need to run Apache 2.2 and Apache 2.4 web servers on the same VM. The need is created by:

  • A requirement to host an Oracle WebGate module, which doesn't support Apache 2.4 (we use the Red Hat provided 2.2 httpd for that)
  • A requirement to use Apache 2.4 native sessions, in association with the WebGate processing
  • A limitation on the number of VMs we can use (requiring that both web servers be in the same VM)

This all has to occur on a RHEL 5.8 VM (note there's no Red Hat RPM for Apache 2.4 for RHEL5 [nor 6, actually]). Our general intent is to have the 2.2 instance acting as a reverse proxy to a localhost-port-listening 2.4 instance (which is itself acting as a reverse proxy to our origin servers). Configuring to avoid port conflicts, to handle the proxying, etc. is not an issue, i'm well versed in such. It's the general approach to having both server versions installed and operational at the same time that I'm unsure of.

Has anyone done this before? And if so, what was your general approach? Did it work cleanly having both versions installed together, or did you have to e.g. chroot one to create separation between libraries? Or did you statically link in everything needed for the 2.4 binary, or what? We run SELinux in enforcing mode - are there any implications to be aware of on that front?

I've come up empty on googling for anyone who has done something similar, hoping someone here has.

Thank you!

Improve this question
1
  • 2
    I can do that for sure, by downloading src.rpm, change build parameters, move/rename libraries, paths, create new init scripts etc, build new rpm. For selinux - I'll create new definitions per path. It's a pretty huge thing that i cannot tell in one post, also, i'm quite sure I'll need to update some dependencies/libraries (at least APR) and it won't be easy to not break it for old versions, so, will need to rename/move new ones too. Commented Aug 30, 2013 at 10:40

1 Answer 1

Reset to default
1

You can build httpd-2.4 from source, first of all you need to upgrade apr/apr-util to at least 1.3.0

checking for APR version 1.3.0 or later... yes checking for APR-util version 1.3.0 or later... yes

Build and install apr-1.4.8

# ./configure --prefix=/opt/apr-1.4.8 # make # make install

Build and install apr-util-1.5.2

# ./configure --prefix=/opt/apr-util-1.5.2 --with-apr=/opt/apr-1.4.8/ --with-crypto --with-openssl=/usr --with-ldap --with-ldap-include=/usr/include/ --with-ldap-lib=/usr/lib64/ # make # make install

Build and install apache-2.4.6

# ./configure --prefix=/opt/httpd-2.4.6 --with-apr=/opt/apr-1.4.8/ --with-apr-util=/opt/apr-util-1.5.2/ # make # make install

I would suggest do not touch system apr/apr-util packages

Some basic checks

# lsof -n -P -i tcp:8080 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 29268 root 4u IPv4 57621 0t0 TCP 127.0.0.1:8080 (LISTEN) httpd 29269 daemon 4u IPv4 57621 0t0 TCP 127.0.0.1:8080 (LISTEN) httpd 29270 daemon 4u IPv4 57621 0t0 TCP 127.0.0.1:8080 (LISTEN) httpd 29273 daemon 4u IPv4 57621 0t0 TCP 127.0.0.1:8080 (LISTEN) # cat /proc/29268/cmdline /opt/httpd-2.4.6/bin/httpd # /opt/httpd-2.4.6/bin/httpd -V Server version: Apache/2.4.6 (Unix) Server built: Aug 30 2013 14:33:24 Server's Module Magic Number: 20120211:23 Server loaded: APR 1.4.8, APR-UTIL 1.5.2 Compiled using: APR 1.4.8, APR-UTIL 1.5.2 Architecture: 64-bit Server MPM: event threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/opt/httpd-2.4.6" -D SUEXEC_BIN="/opt/httpd-2.4.6/bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" # lsof -n -P -i tcp:80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 29392 root 4u IPv4 58386 0t0 TCP *:80 (LISTEN) httpd 29394 apache 4u IPv4 58386 0t0 TCP *:80 (LISTEN) httpd 29395 apache 4u IPv4 58386 0t0 TCP *:80 (LISTEN) httpd 29396 apache 4u IPv4 58386 0t0 TCP *:80 (LISTEN) httpd 29397 apache 4u IPv4 58386 0t0 TCP *:80 (LISTEN) httpd 29398 apache 4u IPv4 58386 0t0 TCP *:80 (LISTEN) httpd 29399 apache 4u IPv4 58386 0t0 TCP *:80 (LISTEN) httpd 29400 apache 4u IPv4 58386 0t0 TCP *:80 (LISTEN) httpd 29401 apache 4u IPv4 58386 0t0 TCP *:80 (LISTEN) # cat /proc/29392/cmdline /usr/sbin/httpd # /usr/sbin/httpd -V Server version: Apache/2.2.3 Server built: Aug 13 2013 13:27:54 Server's Module Magic Number: 20051115:3 Server loaded: APR 1.2.7, APR-Util 1.2.7 Compiled using: APR 1.2.7, APR-Util 1.2.7 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf"

I know that build packages from source it's a bad idea, but sometimes it is the only way out

Improve this answer
4
  • Hm, I think this will need a lot of extra work to make SELinux work with it. Commented Aug 30, 2013 at 14:49
  • For what is worth (although I personally think this whole thing of running both servers in the same box is a bad idea), one could start by copying the original SELinux policy module for the apache web server and customize it. Definitely, not a simple task. You might end up punching a BIG HOLE in the mandatory access control. There is no support for apache-2.4 in RHEL as of now, by the way. Commented Aug 31, 2013 at 15:08
  • I marked this answer as correct - in general form, that turned out to be the most straightforward way to handle the situation. There was a conflict with the system apr and apr-utils, which the 2.2 instance was relying on, so it was most straightforward to download the newest apr and apr-util source, and use the --with-included-apr option. Commented Sep 17, 2013 at 14:19
  • Btw, the SELinux config turned out not to be an issue - the profile for Apache 2.2 that Red Hat ships ported very easily to 2.4. The configure that was needed was: ./configure --with-included-apr --with-crypto --with-openssl=/usr --with-expat=builtin --enable-mods-shared=all I removed numerous modules that were not of use to our situation, but that's the most general form of what we did. On our RHEL 5.8, there were compatibility issues with libexpat, and hence the use of the builtin; and enabling the mod_session_crypto module requires we point the make at openssl for some reason. Commented Sep 17, 2013 at 14:22

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.