Migrating an IHS configuration file from a previous release
Development interfaces for the Apache HTTP Server. The basic directory layout for the Apache HTTP Server. The basic directory layout for the Apache HTTP Server. Compiling Apache 2.4 from source is easy and allows for more customization later on. It also allows for control over where it is installed. Install some required depedencies. The Apache HTTP Server Project. Apache-2.4.46 Introduction to Apache HTTPD The Apache HTTPD package contains an open-source HTTP server. It is useful for creating local intranet web sites or running huge web serving operations.
The preferred method of migration is to apply your customizations over the new default configuration. If this is prohibitively complicated, it is possible to manually migrate a configuration from a prior release.
The following are steps to change an IHS 7.0, 8.0, or 8.5 httpd.conf such that it is useable on an IHS 9.0. This procedure assumes the installation paths of the old and new releases differ.
Httpd 2.4.6 Exploit
- Copy your prior releases configuration file(s) to the new installation path.
- Update paths if the install root has changed. Many absolute paths within the configuration contain the install root. Replacing old paths can be done quickly using the
sed
command, e.g. This command copieshttpd.conf
from the prior releases installation directory to the new installation directory, and replaces all instances of/opt/IBM/IHSv8/
with/opt/IBM/IHSv9/
. - Remove <IfModule worker.c> and the </IfModule> that follows it, leaving the contained directives. On Linux, IHS uses the 'event' MPM and this <IfModule worker.c> would hide the MPM configuration.
- Replace
authz_default_module
withauthz_core_module
; i.e. replace with If the module is not replaced, you will receive an error similar to the following: - Update access control. Take only one of the following actions:
- Replace the old access control directives
Order
,Allow
, andDeny
with the newRequire
directive. Refer to the Access Control section below. This is preferred. - Otherwise, load the
mod_access_compat
module by adding the following line to the configuration: - Remove
AuthSAFAuthoritative
if present (see information at the bottom of this document for more details)
- Replace the old access control directives
- Load the
mod_unixd
security module by adding the following line to the configuration: Otherwise, the following error occurs: - Update the WAS plugin by changing the
LoadModule
line from: to: - Update third-party modules to their Apache 2.4 versions. There are no general instructions for this step; contact the third-party module's vendor for explicit instructions.
If modules are not compatible with Apache 2.4, you can receive one of two types of error messages. The examples below are how the message is reported on z/OS -- the operative parts of the message are problems with symbols similar to 'ap_my_generation' or 'ap_log_error'.
The first form resembles this: To figure out which module is causing the problem, start the server with the-e debug
option, e.g. This should partially output your configuration file, and then output the error. The line of the configuration after the last line which is printed should be aLoadModule
directive containing the name of the failing module. The other type of error message that may be shown when a module is incompatible with Apache 2.4/IHS version 9.0 looks like this: The problematic module's name is contained within the error message - in this case, myapp22_module. - Search your configuration for directives such as Include, AuthUserFile, AuthGroupFile, and KeyFile. These directives may either point to files under the old installation root that need to be copied.
- If using the 'BFlagEscapeAllNonAlnum' parameter to RewriteOptions, remove it. It's the default and only behavior in this and future releases.
- Linux only: Add a line to dynamically load the Event MPM, e.g. 'LoadModule mpm_event_module modules/mod_mpm_event.so'?
- Attempt to start the server with the updated configuration. Review the output of the start command and the error_log to make sure no errors were reported. If a directive has been removed or has moved to a new module, you may see an error resemlbing this message:
Consult the rest of this document for informaton about the specific directive, then check http://publib.boulder.ibm.com/httpserv/manual24/mod/directives.html to find the proper module to load.
This step will likely require a number of rounds of iteration, as only 1 error is detected at a time.
- Optional: Review and apply other changes to the default configuration (httpd.conf.default) in the new release:
- ReportInterval has been reduced to 300 seconds.
- TrackModules On, TrackHooks allhooks, SlowThreshold 60, TrackHooksOptions logslow have been added.
- mod_backtrace is now loaded on some platforms where it was unintentionally omitted in previous releases.
- The default 'LogFormat' now has additional columns appended for serviceability.
- The default config has been updated to deny access to all directories by default and then explicitly allow access to the document root, icons, CGI-BIN, etc.
Httpd 2.4.46
After taking all the above steps, the configuration should be ready to be loaded by IHSv9.0. The remainder of the document serves as a reference for what has changed between Apache 2.2 and 2.4.