Using Apache httpd 2.4 on Red Hat Enterprise Linux 6

For a long time one of the most frequent requests from users of Apache httpd on Red Hat Enterprise Linux 6 has been “Why aren’t you shipping Apache 2.4 yet?”. Well, the good news is: we are! There are actually two ways for Red Hat Enterprise Linux users to get httpd 2.4. The first is to upgrade to RHEL 7, which comes with httpd 2.4.6 natively.

Apache http server 188 × 129

The second is to use Red Hat Software Collections on RHEL 6, and that’s what I’m going to talk about in this blog post. First up, how to get the bits?

Enable the RHSCL Repository

Most RHEL subscriptions will allow you to Red Hat Software Collections repositories. If not, contact Customer Service! I used a fresh RHEL 6 Server virtual machine to demonstrate this:

[root@virt-el6scratch ~]# yum repolist all | grep rhscl
This system is receiving updates from Red Hat Subscription Management.
rhel-server-rhscl-6-beta-debug-rpms                   Red Hat So disabled
...
rhel-server-rhscl-6-rpms                              Red Hat So disabled
rhel-server-rhscl-6-source-rpms                       Red Hat So disabled

Those are the the RHSCL channels… we only need to enable one here:

[root@virt-el6scratch ~]# yum-config-manager --enable rhel-server-rhscl-6-rpms
...

If that command produces a long yum configuration on your terminal, it was successful.

Install the packages

Here, we are going to install the httpd package from the httpd24
software collection – RHSCL packages are named <scl>-<pkg>, so the
command is:

[root@virt-el6scratch ~]# yum install -y -q httpd24-httpd
...
Installed:
  httpd24-httpd.x86_64 0:2.4.6-18.el6

Dependency Installed:
  httpd24-apr.x86_64 0:1.4.8-3.el6         httpd24-apr-util.x86_64 0:1.5.2-7.el6       httpd24-httpd-tools.x86_64 0:2.4.6-18.el6
  httpd24-runtime.x86_64 0:1.1-4.el6

That’s the minimal needed for an httpd 2.4 installation. Here I’ve installed the httpd package, which includes many of the bundled modules. Some larger modules, or those which pull in bigger sets of dependencies are packaged separatetely. The set of httpd module packages we have in the httpd24 SCL is as follows:

[root@virt-el6scratch ~]# yum list -C httpd24-mod_*
This system is receiving updates from Red Hat Subscription Management.
Available Packages
httpd24-mod_auth_kerb.x86_64                                   5.4-29.el6                                       rhel-server-rhscl-6-rpms
httpd24-mod_ldap.x86_64                                        2.4.6-18.el6                                     rhel-server-rhscl-6-rpms
httpd24-mod_proxy_html.x86_64                                  1:2.4.6-18.el6                                   rhel-server-rhscl-6-rpms
httpd24-mod_session.x86_64                                     2.4.6-18.el6                                     rhel-server-rhscl-6-rpms
httpd24-mod_ssl.x86_64                                         1:2.4.6-18.el6                                   rhel-server-rhscl-6-rpms

That includes the third-party Kerberos authentication module, mod_auth_kerb. In Red Hat Software Collections v1.1 we also have mod_wsgi, mod_perl, mod_passenger, and PHP 5.5, which can all be used with the httpd 2.4 collection.

Init scripts in RHSCL packages are named using the same convention as above, so to start the daemon:

[root@virt-el6scratch ~]# service httpd24-httpd start
Starting httpd:                                            [  OK  ]
[root@virt-el6scratch ~]# curl --silent http://localhost/ | grep 'Red Hat' | head -1
Test Page for the Apache HTTP Server on Red Hat Enterprise Linux

It works!

One of the features of 2.4 which users have been asking for is the “event” Multi-Processing Module. In httpd there are various MPMs available which allow different processing models to be used by the server; the default, traditional process-based server is “prefork“. The event MPM is a threaded model with some specific enhancements
for handling idle connections, which was shipped experimentally in httpd 2.2 but is fully supported in 2.4.

For anybody who has tried configuring a different MPM in httpd 2.2
before, a different method is used in 2.4. With httpd 2.2, separate
MPMs were shipped by compiling the “/usr/sbin/httpd” binary multiple times,
so “/usr/sbin/httpd.worker” was a replacement httpd binary which used
the threaded “worker” MPM.

In 2.4, MPMs are now loadable modules. To enable the event MPM with the httpd24 software collection, edit the configuration file /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf, comment-out the line for the prefork module, and uncomment the line which loads the right module:

LoadModule mpm_event_module modules/mod_mpm_event.so

Here it is in action:

[root@virt-el6scratch ~]# service httpd24-httpd start
Starting httpd:                                            [  OK  ]
[root@virt-el6scratch ~]# grep resuming /var/log/httpd24/error_log | tail -1
[Tue Sep 23 12:12:41.319368 2014] [mpm_event:notice] [pid 31774:tid 140410273740768] AH00489: Apache/2.4.6 (Red Hat) configured -- resuming normal operations

Looking carefully at that log message, the “mpm_event” prefix used shows that the event MPM has indeed being activated.  Another way to verify is to run “httpd” from the SCL:

[root@virt-el6scratch ~]# scl enable httpd24 'httpd -V'
Server version: Apache/2.4.6 (Red Hat)
Server built:   Jul 18 2014 06:22:09
Server's Module Magic Number: 20120211:23
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     event
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)

Again, this shows the threaded “event” MPM is active.

For more information about Red Hat Software Collections or Red Hat Developer Toolset, visit developer.redhat.com/RHEL.


Join the Red Hat Developer Program (it’s free) and get access to related cheat sheets, books, and product downloads.

Take advantage of your Red Hat Developers membership and download RHEL today at no cost.

Share
  • Pingback: Apache httpd 2.4 on Red Hat Enterprise Linux 6 | Red Hat Developer Blog()

  • Pingback: Using Apache httpd 2.4 on Red Hat Enterprise Linux 6 | thoughts…()

  • Leandro

    Great post, congratulations! Do you know if this also works on RHEL 5.9 ?

    • Mike Guerette

      RHEL 6 and 7 only.

      • Kyle

        Are there any “official” options for 5.9 or is the only option to build from source/srpm only ?

        • Mike Guerette

          There are no official software collections versions for RHEL 5, so you’ll need to build your own.

  • Wallace Epperson

    What’s the situation on security errata?

  • Robert Charles

    I recently installed this via Collections, but it appears that the version in Collections is compiled with an old version of OpenSSL. The only way to have an up to date version is to compile from source?

    Server Version: Apache/2.4.6 (Red Hat) OpenSSL/1.0.0-fips
    Server MPM: worker
    Server Built: Nov 25 2014 05:32:27

    • Hi Robert – in RHEL 6 we have OpenSSL 1.0.1e and that is kept up to date with the latest security fixes as per standard Red Hat policy: https://access.redhat.com/security/updates/backporting

      Are there specific OpenSSL features or fixes you are looking for here?

      • Robert Charles

        Hi Joe — my system openssl version reports:

        $ openssl version
        OpenSSL 1.0.1e-fips 11 Feb 2013

        However, the Apache 2.4 installed from Collections shows that it was compiled with 1.0. The server status page shows the information from my previous post and there are certain SSL suites that cannot be enabled on the version provided from RH Software Collections.

        Server Version: Apache/2.4.6 (Red Hat) OpenSSL/1.0.0-fips
        Server MPM: worker
        Server Built: Nov 25 2014 05:32:27
        Current Time: Wednesday, 15-Apr-2015 13:25:07 UTC

    • httpd in RHSCL is dynamically linked against the system OpenSSL so you do get most of the features/fixes despite the compile-time version being older.

      There are some rare cases where this isn’t true – specifically ECC (ECDH) support in mod_ssl – if that’s what you’re after, look for a forthcoming update to RHSCL httpd!

      • Robert Charles

        I look forward to those updates since ECDH is specifically what I noticed was missing. Do you know if the httpd version will be updated as well? PCI compliance fails Apache 2.4.6 and wants me to move to at least 2.4.10, other than source compile I haven’t found a way to do this yet.

        Thank you for your time and responses.

  • Is there a way to make httpd24 default in the system so any other application that would have expect to find it’s configs in /etc/httpd and restart the service through systemd or apachectl based on the default httpd package would work as should?

    (This is for various web control panels like Ispconfig, Virtualmin, Plesk etc.)

    • I missed this question, sorry! With systemd you can create a dummy /etc/systemd/system/httpd.service which propagates reloads to httpd24-httpd.service, as follows:

      [Unit]
      Description=Dummy Service
      PropagatesReloadTo=httpd24-httpd.service

      [Service]
      ExecStart=/bin/true
      ExecReload=/bin/true
      RemainAfterExit=yes