Joe Orton

Joe has been working on the Apache HTTP Server since 1999. He is currently manager of the Stacks Team within Red Hat Platform Engineering, responsible for web servers, Perl, PHP, Maven and other technology stacks in Red Hat's product range. Find Joe on Twitter at @notroj.

Recent Posts

Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7

Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7

Getting an SSL certificate for your web server has traditionally been a something of an effort.  You need to correctly generate a weird thing called a certificate signing request (CSR), submit it to the web page of your chosen Certificate Authority (CA), wait for them to sign and generate a certificate, work out where to put the certificate to configure it for your web server—making sure you also configure any required intermediate CA certificates—and then restart the web server.  If you got all that right, you then need to enter a calendar entry so you’ll remember to go through the process again in (say) a year’s time. Even some of the biggest names in IT can mess up this process.

With new CAs like Let’s Encrypt, along with some supporting software, the rigmarole around SSL certificates becomes a thing of the past.  The technology behind this revolution is Automatic Certificate Management Environment (ACME), a new IETF standard (RFC 8555) client/server protocol which allows TLS certificates to be automatically obtained, deployed, and renewed. In this protocol, an “agent” running on the server that needs an SSL certificate will talk to to the CA’s ACME server over HTTP.

A popular method for using ACME on your Red Hat Enterprise Linux 7 server is certbot. Certbot is a standalone ACME agent that is configured out-of-the-box to work with Let’s Encrypt and can work with Apache httpd, Nginx, and a wide variety of other web (and non-web!) servers.  The certbot authors have an excellent guide describing how to set up certbot with httpd on RHEL7.

In this tutorial, I’ll show an alternative method—the mod_md module—which is an ACME agent implemented as a module for Apache httpd, tightly integrated with mod_ssl, and is supported today in Red Hat Enterprise Linux 7.  The mod_md module was implemented by Stefan Eissing—a prolific developer who also added HTTP/2 support to httpd—and contributed to the Apache Software Foundation, becoming a standard part of any new installation since httpd version 2.4.30.

Continue reading “Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7”

Share
Red Hat Software Collections 2.0 Docker images, Beta release

Red Hat Software Collections 2.0 Docker images, Beta release

I’m very happy to announce that Docker images based on collections from Red Hat Software Collections (RHSCL) 2.0 are in beta testing.  The images are available from the Red Hat Container Registry, and we’ve got the set of collections for language, databases and web servers covered – a complete list is below.

If you’ve not tried out the Docker package from RHEL7 Extras, you need to enable the Extras channel, install the docker page, and start the docker service; an extended guide for RHEL Docker is available here.  Once you are set up, pulling the RHSCL Docker images is very simple… for example, you can fetch the Python 3.4 image as follows:

Continue reading “Red Hat Software Collections 2.0 Docker images, Beta release”

Share
Dockerfiles now available for Red Hat Software Collections

Dockerfiles now available for Red Hat Software Collections

Shipping_containers_at_ClydeWe recently announced that we’ve made available a set of Dockerfiles for Red Hat Software Collections.  We are making these available since we think they may be useful to customers looking to build more complex application containers on top of RHEL and RHSCL. We don’t intend the Dockerfiles to produce useful standalone images which you’ll immediately put in production – the Docker images which these create are very simple containers which give you RHEL plus the basic set of packages from a particular RHSCL collection.

There are two different ways to get your hands on the Dockerfiles:

  1. From the upstream source at github 
  2. From a new package, rhscl-dockerfiles, which we’ve shipped in the RHSCL channels – both for RHEL6 and RHEL7

Continue reading “Dockerfiles now available for Red Hat Software Collections”

Share
Using Apache httpd 2.4 on Red Hat Enterprise Linux 6

Using Apache httpd 2.4 on Red Hat Enterprise Linux 6

For a long time one of the most frequent requests from users of Apache httpd on Red Hat Enterprise Linux 6 has been “Why aren’t you shipping Apache 2.4 yet?”. Well, the good news is: we are! There are actually two ways for Red Hat Enterprise Linux users to get httpd 2.4. The first is to upgrade to RHEL 7, which comes with httpd 2.4.6 natively.

Apache http server 188 × 129

The second is to use Red Hat Software Collections on RHEL 6, and that’s what I’m going to talk about in this blog post. First up, how to get the bits?

Continue reading “Using Apache httpd 2.4 on Red Hat Enterprise Linux 6”

Share

Apache httpd 2.4 on Red Hat Enterprise Linux 6

An update of this article can be found here.

My team here at Red Hat maintains the web server stack in Fedora and RHEL. One of the cool projects we’ve been working on recently is Software Collections. With RHEL we’ve always suffered from the tension between offering a stable OS platform to users, and trying to support the latest-and-greatest open source software. Software Collections is a great technology we’re using to address that tension. Remi Collet has blogged about the PHP 5.4 software collection (now available in the 1.0 release of our product) over at his blog and on this developer blog. Also, another team member, Jan Kaluza, has been working on a collection of httpd 2.4 for RHEL6 – something we keep hearing requests for in bugzilla.

Continue reading “Apache httpd 2.4 on Red Hat Enterprise Linux 6”

Share