Upgrading to httpd 2.2.4 on RHEL and CentOS

January 17, 2007 by · 20 Comments 

Well, a new version of httpd was just released the other day. I kind of expected this to open a flood of people requesting a how-to on upgrading to the newest release of Apache's httpd 2.2.4 on RHEL & CentOS 4 and I wasn't wrong. I've had a few people searching for "apache 2.2.4" and "httpd 2.2.4" on my site search today so I figured, "Hey? Why not give the masses what they want?"

As it turns out, if you followed my how-to on upgrading to httpd 2.2.3 then this is going to be a pretty easy upgrade for you. If not, don't worry, I'm going to start including pre-modded SRPMS and occasionally complete RPMs (x86 only) at the bottom of these tutorials. That should give some of you that have had problems an easier time with the upgrade.

In any case, let's get down to it! As already mentioned, you'll want to start by reading my how-to on upgrading to 2.2.3 because the files you'll need if you are going to do this yourself are the same as the ones from that article. Keep in mind though that that article was written a month and a half ago, so there may be newer versions of those packages available.

As with the 2.2.3 guide, once you've upgraded 'apr', 'apr-util', and 'pcre' to the required versions you'll need to make the init file and spec file changes. However, don't close that spec file just yet. There are three more changes you'll need to make in order to get the package to build correctly. The changes you'll want to make are as follows:

  • Change line 9 to "Version: 2.2.4" and line 10 to "Release: jason.2"
  • Search for "Patch6" and remove BOTH lines that start with that text (the second one will actually be lower-case and preceded by a "%").
  • Search for "Patch50" and remove BOTH lines that start with that text (the second one will actually be lower-case and preceded by a "%").
  • Search for "openssl >= 0.9.7", remove the version suffix and replace it with "a" (the line should end up reading "Requires(post): openssl >= 0.9.7a, /bin/cat").

Once you've finished that you can save the file, exit your editor, and then build your RPMs with 'rpmbuild -bb httpd.spec'. It's going to take a while to finish but when it's done you should have some new RPMs in the /usr/src/redhat/RPMS/i386 folder. Install them as usual with 'rpm -Uvh filename'.

Once they're installed you're basically done. If you're upgrading from my 2.2.3 tutorial and you also followed one of my PHP upgrade tutorials then you won't need to rebuild PHP. If you are upgrading from httpd 1.3.x or 2.0.x (or possibly if you didn't follow my PHP how-to's) then you should be prepared to spend some more of your time recompiling PHP.

UPDATE (1/24/2007): It was brought to my attention that there was a glitch in the SPEC file that caused you to not be able to install mod_ssl. I have updated the src.rpm as well as the binaries to fix that issue. You do not need to upgrade if you do not use SSL.

UPDATE (2/6/2007): If you use mod_ssl then you should know that a default certificate is NOT included when you install the RPM. In order to generate one you should run the following as 'root':

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out signingkey.key
openssl x509 -in server.csr -out selfsigned_digicert.crt -req -signkey signingkey.key -days 3650
chmod 600 server.key
chmod 600 selfsigned_digicert.crt
mkdir -p /etc/pki/tls/private
mkdir -p /etc/pki/tls/certs
cp server.key /etc/pki/tls/private/localhost.key
cp selfsigned_digicert.crt /etc/pki/tls/certs/localhost.crt

UPDATE (3/13/2007): I've updated the packages again in order to automatically apply the above process. If you've done it on your own or don't use SSL then you don't need to upgrade.

Update (9/24/2009): Packages deleted, use the yum repository instead.

Digg this story

Comments

20 Responses to “Upgrading to httpd 2.2.4 on RHEL and CentOS”
  1. Dave says:

    Cheers for another fantastic guide! I've used both the PHP 5.1.6 (to build 5.2.0) and the HTTPD 2.2.3 one.

    Only problem I've had was with mod_ssl - the RPM you have above needs 0.9.7f to install, but a standard RHEL4 only has 0.9.7a, so it fails. The hack mentioned in the previous article (changing the httpd.spec to require 0.9.7a or above) should work again for 2.2.4.

    Otherwise, you really are a life saver! 🙂
    D

  2. Jason says:

    Grrrr... I'll fix that and update the files. Thanks for the reminder.

  3. Dave says:

    No problem dude!

    It would help us all if Redhat would actually update the packages a tad more! I mean how old is PHP 4.3.9 now?!?!

  4. Jason says:

    Well, actually, RH's policy of backporting is a good thing if you are looking for a stable platform. The only time glitches pop up are when you want to upgrade to take advantage of a new feature. You can read more about this policy at the link below.

    http://www.redhat.com/advice/speaks_backport.html

  5. Kenneth says:

    I was wondering what has been changed in your httpd.spec file in order for mod_ssl-0.9.7a to install? I am trying to use the source rpms from Fedora and am getting the following error when trying to install the mod_ssl rpm:

    error: %post(mod_ssl-2.2.3-8.i386) scriptlet failed, exit status 1

    Thanks!

  6. Jason says:

    There was nothing keeping you from building the mod_ssl RPM, but a dependency on on openssl 0.9.7f or higher was keeping you from installing on EL4 which only comes with 0.9.7a (although there was nothing stopping you from installing without deps, at which point it would work just fine). In order to get around that dep you need to edit the requirements in the spec file to look for 0.9.7a or higher.

    Just out of curiosity, why don't you just download the src.rpm I provided for 2.2.4?

  7. Huy says:

    I tried to use all provided binary rpms. However, with mod_ssl installed, I always got the following message trying to start httpd:
    "Syntax error on line 112 of /etc/httpd/conf.d/ssl.conf:
    SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty"

    Please help

  8. Huy says:

    Got it. I just need to run genkey to create the pki.

  9. Jason says:

    Yeah, I should probably edit the main post about that. A default certificate is NOT included with this package.

  10. Matej says:

    I have a huge problem i think....
    I have upgraded apache by this manual... everything worked well
    but when i want to start httpd it says:

    Starting httpd: httpd: Syntax error on line 199 of /etc/httpd/conf/httpd.conf: API module structure `php5_module' in file /usr/lib/httpd/modules/libphp5.so is garbled - perhaps this is not an Apache module DSO?

    Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/auth_mysql.conf: API module structure `mysql_auth_module' in file /etc/httpd/modules/mod_auth_mysql.so is garbled - perhaps this is not an Apache module DSO?

    Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/auth_pgsql.conf: API module structure `auth_pgsql_module' in file /etc/httpd/modules/mod_auth_pgsql.so is garbled - perhaps this is not an Apache module DSO?

    any thoughts?

  11. Jason says:

    If you rebuild httpd then you also need to rebuild php.

  12. AYourk says:

    I use RHEL 4u4 on x86-smp.
    I found and fixed the SSL cert problem located in the spec files.

    Change the following 2 lines:
    Þfine sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
    Þfine sslkey %{_sysconfdir}/pki/tls/private/localhost.key

    to:
    Þfine sslcert %{_sysconfdir}/httpd/conf/ssl.crt/server.crt
    Þfine sslkey %{_sysconfdir}/httpd/conf/ssl.key/server.key

    And then the problem is solved. I got these lines from the httpd-2.0.55-2.el4s1.8.src.rpm spec file.

  13. AYourk says:

    -SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
    #SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt

    -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
    #SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key

    -#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
    #SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

    -#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
    #SSLCACertificatePath /etc/httpd/conf/ssl.crt
    #SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

    I guess it is also needed to edit ../SOURCES/ssl.conf too. Lines with a minus in front are removed, lines with a plus are added. Search/replace as needed.

  14. Jason says:

    I've updated the packages in my repository. If anyone would like the newest version, check out this link for more information.

    http://www.jasonlitka.com/yum-repository/

  15. darcy says:

    Hi, I added your repo and updated my Apache on Centos4 via yum to Apache 2.2 - got a nice speed increase on my website as a result - many thanks!

    However I had to remove the version of Subversion that was already installed (from Dag repo) in order to get Apache 2.2 installed from your repo. So I removed it expecting to be able to install subversion from your repo afterwards - however, when I type "$yum list subversion" I only see the one in the Dag repo. Any ideas why I can't see the subversion from your repo ?

  16. darcy says:

    to answer my own silly question - after temporarily removing the dag repo from my yum config I was able to install the version from your repo

  17. Jason says:

    @darcy,

    Yes, the version of subversion available from dag is slightly newer than mine because I've been swamped lately. I'll update that within the next few days.

  18. Iris Goff says:

    3r5r3ujc0huchkhr

  19. supowski says:

    thanks, helped a lot as I needed to upgrade httpd on RHEL5+.

    Used the version from repository, very simple, everything works fine...

Trackbacks

Check out what others are saying about this post...
  1. [...] are dependent on the version of httpd that you’re running.  If you didn’t follow my Upgrading to httpd 2.2.4 how-to, my compiled binaries won’t do you a bit of good.  In any case, if you’ve [...]



This site is no longer updated. If you have a need for RHEL/CentOS LAMP Stack updates outside the normal channels, I recommend ART. https://updates.atomicorp.com/channels/