Upgrading
From 2.2 to 2.4
This
document describes changes in server behavior that might require you to change
your configuration or how you use the server in order to continue using 2.4 as
you are currently using 2.2. To take advantage of new features in 2.4, see the
New Features document.
This
document describes only the changes from 2.2 to 2.4. If you are upgrading from
version 2.0, you should also consult the 2.0 to 2.2 upgrading document.
The compilation process
is very similar to the one used in version 2.2. Your old configure command line (as found
in build/config.nice in the installed server
directory) can be used in most cases. There are some changes in the default
settings. Some details of changes:
·
These modules have been removed:
mod_authn_default, mod_authz_default, mod_mem_cache. If you were using mod_mem_cache
in 2.2, look at mod_cache_disk in 2.4.
·
All load balancing implementations have
been moved to individual, self-contained mod_proxy submodules, e.g. mod_lbmethod_bybusyness. You might need to build
and load any of these that your configuration uses.
·
Platform support has been removed for BeOS,
TPF, and even older platforms such as A/UX, Next, and Tandem. These were
believed to be broken anyway.
·
configure: dynamic modules (DSO) are built
by default
·
configure: By default, only a basic set of
modules is loaded. The other LoadModule directives are commented out.
·
configure: the "most" module set
gets built by default
·
configure: the "reallyall" module
set adds developer modules to the "all" set
There have been
significant changes in authorization configuration, and other minor
configuration changes, that could require changes to your 2.2 configuration
files before using them for 2.4.
Any configuration file
that uses authorization will likely need changes.
You should review the Authentication, Authorization and
Access Control Howto, especially the section Beyond just authorization which explains the new
mechanisms for controlling the order in which the authorization directives are
applied.
Directives that control
how authorization modules respond when they don't match the authenticated user
have been removed: This includes AuthzLDAPAuthoritative, AuthzDBDAuthoritative,
AuthzDBMAuthoritative, AuthzGroupFileAuthoritative, AuthzUserAuthoritative, and
AuthzOwnerAuthoritative. These directives have been replaced by the more
expressive RequireAny, RequireNone, and RequireAll.
In 2.2, access control
based on client hostname, IP address, and other characteristics of client
requests was done using the directives Order, Allow, Deny, and Satisfy.
In 2.4, such access
control is done in the same way as other authorization checks, using the new
module mod_authz_host. The old access control idioms should be
replaced by the new authentication mechanisms, although for compatibility with
old configurations, the new module mod_access_compat is provided.
Here are some examples of
old and new ways to do the same access control.
In this example, all
requests are denied.
2.2 configuration:
Order deny,allow
Deny from all
2.4 configuration:
Require all denied
In this example, all
requests are allowed.
2.2 configuration:
Order allow,deny
Allow from all
2.4 configuration:
Require all granted
In the following example,
all hosts in the example.org domain are allowed access; all other hosts are
denied access.
2.2 configuration:
Order Deny,Allow
Deny from all
Allow from example.org
2.4 configuration:
Require host example.org
Some other small
adjustments may be necessary for particular configurations as discussed below.
·
MaxRequestsPerChild has been renamed to MaxConnectionsPerChild, describes more
accurately what it does. The old name is still supported.
·
MaxClients has been renamed to MaxRequestWorkers, which describes more
accurately what it does. For async MPMs, like event,
the maximum number of clients is not equivalent than the number of worker
threads. The old name is still supported.
·
The DefaultType directive no longer has any effect, other
than to emit a warning if it's used with any value other than none. You need to use other
configuration settings to replace it in 2.4.
·
mod_dav_fs: The format of the DavLockDB file has changed for systems with inodes.
The old DavLockDB file must be deleted on upgrade.
·
KeepAlive only accepts values of On or Off. Previously, any value other than
"Off" or "0" was treated as "On".
·
Directives AcceptMutex, LockFile,
RewriteLock, SSLMutex, SSLStaplingMutex, and WatchdogMutexPath have been
replaced with a single Mutex directive. You will need
to evaluate any use of these removed directives in your 2.2 configuration to
determine if they can just be deleted or will need to be replaced using Mutex.
·
mod_cache: CacheIgnoreURLSessionIdentifiers now does an exact match
against the query string instead of a partial match. If your configuration was
using partial strings, e.g. using sessionid to match /someapplication/image.gif;jsessionid=123456789, then you will need to
change to the full string jsessionid.
·
mod_ldap: LDAPTrustedClientCert is now consistently a
per-directory setting only. If you use this directive, review your
configuration to make sure it is present in all the necessary directory
contexts.
·
mod_filter: FilterProvider syntax has changed and now uses a boolean
expression to determine if a filter is applied.
§ The #if expr element now uses the new
expression parser. The old syntax can be
restored with the new directive SSILegacyExprParser.
§ An SSI* config directive
in directory scope no longer causes all other per-directory SSI* directives to
be reset to their default values.
·
mod_charset_lite: The DebugLevel option has been removed
in favour of per-module LogLevel configuration.
·
mod_ext_filter: The DebugLevel option has been removed
in favour of per-module LogLevel configuration.
·
mod_ssl:
CRL based revocation checking now needs to be explicitly configured through SSLCARevocationCheck.
·
mod_autoindex: will now extract titles and display descriptions for
.xhtml files, which were previously ignored.
·
mod_ssl:
The default format of the *_DN variables has changed. The old format can
still be used with the new LegacyDNStringFormat argument to SSLOptions. The SSLv2 protocol is no longer
supported. SSLProxyCheckPeerCN and SSLProxyCheckPeerExpire now default to On, causing
proxy requests to HTTPS hosts with bad or outdated certificates to fail with a
502 status code (Bad gateway)
·
The NameVirtualHost directive no longer has any effect, other
than to emit a warning. Any address/port combination appearing in multiple
virtual hosts is implicitly treated as a name-based virtual host.
·
mod_deflate will now skip compression if it knows that the size
overhead added by the compression is larger than the data to be compressed.
·
Multi-language error documents from 2.2.x
may not work unless they are adjusted to the new syntax of mod_include's #if expr= element or the directive SSILegacyExprParser is enabled for the directory
containing the error documents.
·
The functionality provided by mod_authn_alias in previous versions
(i.e., the AuthnProviderAlias directive) has been
moved into mod_authn_core.
All modules must be
recompiled for 2.4 before being loaded.
Many third-party modules
designed for version 2.2 will otherwise work unchanged with the Apache HTTP
Server version 2.4. Some will require changes; see the API update overview.
·
Startup errors:
§ Invalid command 'User',
perhaps misspelled or defined by a module not included in the server
configuration
- load module mod_unixd
§ Invalid command
'Require', perhaps misspelled or defined by a module not included in the server
configuration,
orInvalid
command 'Order', perhaps misspelled or defined by a module not included in the
server configuration- load module mod_access_compat, or update configuration
to 2.4 authorization directives.
§ Ignoring deprecated use
of DefaultType in line NN of /path/to/httpd.conf - remove DefaultType and replace with other
configuration settings.
·
Errors serving requests:
No comments:
Post a Comment