Apache httpd 2.4 on Red Hat Enterprise Linux 6

An update of this article can be found here.

My team here at Red Hat maintains the web server stack in Fedora and RHEL. One of the cool projects we’ve been working on recently is Software Collections. With RHEL we’ve always suffered from the tension between offering a stable OS platform to users, and trying to support the latest-and-greatest open source software. Software Collections is a great technology we’re using to address that tension. Remi Collet has blogged about the PHP 5.4 software collection (now available in the 1.0 release of our product) over at his blog and on this developer blog. Also, another team member, Jan Kaluza, has been working on a collection of httpd 2.4 for RHEL6 – something we keep hearing requests for in bugzilla.

To kick the wheels of Jan’s collection in a RHEL 6.4 VM, here’s what I did:

# curl -s http://repos.fedorapeople.org/repos/jkaluza/httpd24/epel-httpd24.repo > /etc/yum.repos.d/epel-httpd24.repo
# yum install httpd24-httpd
...
Installed:
  httpd24-httpd.x86_64 0:2.4.6-5.el6

Dependency Installed:
  httpd24-apr.x86_64 0:1.4.8-2.el6  httpd24-apr-util.x86_64 0:1.5.2-5.el6  httpd24-httpd-tools.x86_64 0:2.4.6-5.el6
  httpd24-runtime.x86_64 0:1-6.el6

Complete!
#

This has dropped a complete installation of Apache httpd 2.4.6 into /opt/rh/httpd24 which can be used alongside the httpd 2.2.15 package supported in RHEL 6.4.

# rpm -ql httpd24-httpd | grep sbin
/opt/rh/httpd24/root/usr/sbin/apachectl
/opt/rh/httpd24/root/usr/sbin/fcgistarter
/opt/rh/httpd24/root/usr/sbin/htcacheclean
/opt/rh/httpd24/root/usr/sbin/httpd
/opt/rh/httpd24/root/usr/sbin/rotatelogs
/opt/rh/httpd24/root/usr/sbin/suexec

The httpd install is contained inside /opt/rh/httpd24 as far as possible, but we do “leak” into the normal RHEL filesystem in a couple of places – notably to offer an init script. This makes firing up the newly installed 2.4 daemon in my VM as easy as any other service:

# service httpd24-httpd start
Starting httpd:                                            [  OK  ]
# curl -s http://localhost/ | grep 'Test Page for'
		<title>Test Page for the Apache HTTP Server on Red Hat Enterprise Linux</title>
#

That’s the httpd packagers’ equivalent of getting your program to print “Hello, World” – we’re successfully serving the familiar HTML “welcome page” over HTTP on port 80.

I wanted to check whether the SELinux labelling is being applied correctly in the httpd 2.4 collection. Using some /usr/bin/semanage magic, it’s actually very simple for us to automatically apply SELinux policy inside software collections using an RPM %post script. Here’s one way to check whether it’s working:

# ps Zf -C httpd
LABEL                             PID TTY      STAT   TIME COMMAND
unconfined_u:system_r:httpd_t:s0 1772 ?        Ss     0:00 /opt/rh/httpd24/root/usr/sbin/httpd
unconfined_u:system_r:httpd_t:s0 1774 ?        S      0:00  _ /opt/rh/httpd24/root/usr/sbin/httpd
unconfined_u:system_r:httpd_t:s0 1775 ?        S      0:00  _ /opt/rh/httpd24/root/usr/sbin/httpd
unconfined_u:system_r:httpd_t:s0 1776 ?        S      0:00  _ /opt/rh/httpd24/root/usr/sbin/httpd
unconfined_u:system_r:httpd_t:s0 1777 ?        S      0:00  _ /opt/rh/httpd24/root/usr/sbin/httpd
unconfined_u:system_r:httpd_t:s0 1778 ?        S      0:00  _ /opt/rh/httpd24/root/usr/sbin/httpd

Success – those “httpd_t” labels which I’ve highlighted tell me that httpd processes are running in the correct domain.

Finally, here’s a quick demo of one httpd 2.4 feature I really love – an embedded Lua interpreter in the form of mod_lua:

# cat > /opt/rh/httpd24/root/var/www/html/hello.lua <<EOF
function handle(r)
    r.content_type = "text/plain"
    r:puts("Hello Lua World!n")
    return apache2.OK
end
EOF
# echo 'AddHandler lua-script .lua' > /opt/rh/httpd24/root/etc/httpd/conf.d/lua.conf
# service httpd24-httpd reload
Reloading httpd:
# curl -s http://localhost/hello.lua
Hello Lua World!
#

If you try out this collection, let us know in the comments how you get on.

——————————–

EDITORS NOTE:  APACHE HTTPD IS NOW PART OF RED HAT SOFTWARE COLLECTIONS 1.1 BETA.


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Take advantage of your Red Hat Developers membership and download RHEL today at no cost.

  1. Hi, thanks for this useful information. I was attempting to use this collection though and ran into an issue. While the installation process was fine, I seem to be having an issue getting Apache 2.4 and mod_ssl to work as expected. I installed httpd24-httpd and httpd24-mod_ssl and got my server correctly running. I also have openssl 1.0.1e installed on my system. For some reason, when I try to set mod_ssl to use only TLSv1.2 I get an error saying that it is not a valid protocol. All the documentation around the web has said that this problem only occurs when you are using a Apache 2.2.x or using openssl < 1.0.1. I was wondering if this might have something to do with the way that mod_ssl was compiled for this collection.

    The reason I am trying to get httpd 2.4 and openssl 1.0.1 working correctly on my server is that I want to take advantage of the perfect forward secrecy ciphers when negotiating my SSL handshake.

    1. Hi Ruben. mod_ssl is included in the repo I’m talking about in this post. You’d need to install the “httpd24-mod_ssl” package. We don’t currently have mod_geoip or mod_jk packaged in SCL format, but it’s simple enough to install modules either from source or to adapt the Fedora spec files to build into SCL packages.

    1. Looks to me like the IUS PHP55 won’t work as compiled with this httpd24 anyway 🙁 Never mind. I was really hoping to find an httpd24/PHP55 repo to avoid compiling everything by hand. That way yum won’t keep it patched.

  2. Is there a 2.4.9 or above version available for RHEL 6? There is a specific bug fixed in 2.4.7 and above that we are looking to correct in our environment. Ideally, we would like to install 2.4.9.

    1. Hi Brian – sorry, no we don’t have a newer version available at the moment. If you have a specific issue which is affecting you the best route is always to contact support so we can track and prioritise customer requests internally.

      1. Hi Joe,

        Before I ask for a new version containing that fix, let me ask an alternate question. The issue is an ERANGE problem affecting mpm_common.c which was committed to branch r1542338 and reported by Mike Rumph in Nov 2013. Here’s a link to an email about it: http://mail-archives.apache.org/mod_mbox/httpd-cvs/201311.mbox/%3C20131116185539.BE8EF2388B1B@eris.apache.org%3E

        Would you know if this has been back ported into the 2.4.6 that’s compiled here?

        Thanks.

  3. Good afternoon all. I have a question regarding Apache HTTP Server and RHEL 6.5. Please work with me if I get any of this wrong or confused. OK, After a security scan of out corporate web page currently hosted on RHEL 6.5 and running Apache http server 2.2.15, we (security) are recommending an updateupgrade to 2.2.29, not 2.4 (although that would be nice) which is recommended by Apache. Is this a reasonable request and is this version of Apache supported for this release of RHEL? We’re being told by or Host that 2.2.15 is the highest they can go for now on this version of Red Hat.

    So, is that a true statement? Could they be referring to a version of Apache generic to this platform… and not the Apache http Server that is open source?

    Any comments andor links would be extremely helpful.

    Thanks.

    Don

    1. Hi Don –

      With Red Hat Enterprise Linux we backport security fixes to ensure that customers have a stable and secure platform. This page explains more: https://access.redhat.com/security/updates/backporting

      So yes – we have do httpd 2.2.15 in RHEL 6, but we do have all applicable security fixes applied!

      If you ever have any questions around security issues in Red Hat products you can contact the Product Security team as described here:
      https://access.redhat.com/security/team/contact

      I hope that clears it up! Any further questions, let me know.

    1. Hi Ganesh – yes, mod_perl is available as part of the perl516 collection. To install, run:

      # yum install perl516-mod_perl

      Once installed, the mod_perl config for httpd is available at:

      /opt/rh/httpd24/root/etc/httpd/conf.d/perl.conf

  4. Please, can someone provide instructions as to how to get apache, webmin and php packages installed on redhat 6.6 – Each time I run my commands, I get told “No packages available”

      1. Joe, thanks for the feedback. Is the registration mandatory? I been through Centos all the way installing vim, yum updates, apache, webmin and php packages without having to register. Redhat is free right? I currently have no subscription even if I register. Please give me the key info I need to know which is “why registering”

        Thanks

  5. Hi,

    As per your instruction, installed http 2.4 in RHEL 6.5. Now i am having apache 2.2.15 and 2.4 in same server.

    While configuring module(cognos module) in apache 2.4 configuration (httpd.conf) getting below error.

    Starting httpd: httpd: Syntax error on line 56 of /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf: API module structure ‘cognos_module’ in file /opt/cognos/c10_64/cgi-bin/lib64/mod2_2_cognos.so is garbled – expected signature 41503234 but saw 41503232 – perhaps this is not an Apache module DSO, or was compiled for a different Apache version?

    Same module in apache 2.2.15, not getting any error.

    Please give me your suggestion about this error.

    1. Hi Senthamil – the module you are trying to use is compiled for Apache httpd 2.2. Modules for Apache 2.2 are not compatible with Apache 2.4. It is likely that IBM provide an alternative build of this module which is built for Apache 2.4 – I suggest you contact them for more information.

Leave a Reply