Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
It may appear very noob,but i want to know how apache 2.2 to is upgraded higher version on production server?
since a production server has many specific configurations in files,does'nt upgrading apache would overwrite those files?
we may take backup and restore the files but it could cause conflicts.
whats the ideal way of upgrading apache on production server?
guys i have searched a lot about this question but of no help.please guide me.
you don't write what System OS is your server running (RHEL, Ubuntu ...)
and if you have tried (for example on RHEL/CentOS/Fedora)
Code:
# yum check-update httpd
Loading mirror speeds from cached hostfile
* base: mirror.domain.com
base | 1.1 kB 00:00
httpd.i386 2.2.3-63.el5.centos base
That would obviously upgrade the current version (on my server) to v 2.2.3-63
Code:
httpd -v
Server version: Apache/2.2.3
Server built: Oct 20 2011 17:00:12
# yum info httpd
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: mirror.example.com
Installed Packages
Name : httpd
Arch : i386
Version : 2.2.3
Release : 53.el5.centos.3
Size : 3.1 M
Repo : installed
Summary : Apache HTTP Server
URL : http://httpd.apache.org/
License : Apache Software License
Description: The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Available Packages
Name : httpd
Arch : i386
Version : 2.2.3
Release : 63.el5.centos
Size : 1.2 M
Repo : base
Summary : Apache HTTP Server
URL : http://httpd.apache.org/
License : Apache Software License
Description: The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
whats the ideal way of upgrading apache on production server?
Make an exact copy of your production system on a testbox. Now test any action you take on the testbox first to see what happens and if it works like you intended. Run it some time to watch for potential bugs. Never do upgrades on a production system first, always test them on a testbox before doing anything on the production system.
Hi ,
First of all i want to know the reason for your apache upgration on your production environment.If everything goes fine with your current version of apache, I would recommend not to upgrade.I had faced few php software pommo,osticket,frontaccounting stopped working after upgration of apache . If u have strong troubleshooting knowledge of php and apache then u can go for upgration . Befor trying on first on production first tried it on your test environmental with all the stuff which you had installed on production, on your test environment ,and try on test and go for production
Hi ,
First of all i want to know the reason for your apache upgration on your production environment.If everything goes fine with your current version of apache, I would recommend not to upgrade.
That is bad advice. By that logic, someone would still be running old, unpatched/unupdated (and INSECURE) Apache, with plenty of vulnerabilities for others to exploit. Keeping outward-facing software current is a very basic security step, that you're suggesting not be taken. To extend that a bit; telnet will 'just work' too...so why bother upgrading to SSH? SSHv1 works...why go to SSHv2?
Quote:
I had faced few php software pommo,osticket,frontaccounting stopped working after upgration of apache . If u have strong troubleshooting knowledge of php and apache then u can go for upgration . Befor trying on first on production first tried it on your test environmental with all the stuff which you had installed on production, on your test environment ,and try on test and go for production
Again, spell out your words. The OP does not mention any of those packages, or even if they're using PHP, but asking for help only with Apache upgrade advice. PHP and other packages may not be used in the OP's environment, so introducing them as variables will only confuse the issue.
OP, as lithos and TobiGSD have said, make backups of your existing Apache config files (usually in /etc/apache2), and check what software/modules you're using.
Hi,
I have the same issue.On my production servers,we constantly scan server.The OS are Centos and Ubuntu;according to the scan
conducted by AlienVault: I.T Security Vulnerability Report:
Overview: The host is running Apache and is prone to Command Injection
vulnerability.
Vulnerability Insight:
The flaw is due to error in the mod_proxy_ftp module which can be exploited
via vectors related to the embedding of these commands in the Authorization
HTTP header.
Impact:
Successful exploitation could allow remote attackers to bypass intended access
restrictions in the context of the affected application, and can cause the
arbitrary command injection.
Impact Level: Application
Affected Software/OS:
Apache HTTP Server on Linux.
Fix: Upgrade to Apache HTTP Server version 2.2.15 or later
my point is instead of taking backup of files and then restoring them,isnt there a "standard method" of upgrading apache so that the files remains untouched or not being renamed to *.bak?
any help in this regard will be appreciated.
Thanks & regards
Last edited by phr3ak; 07-03-2012 at 12:42 AM.
Reason: provided more info
@phr3ak: IMO, you should have started a new thread for this. Your questions may be similar, but you've thrown in the additional wrinkle of a specific security report.
In your case, it's simple - if you're not using mod_proxy_ftp, then disable it.
When you "upgrade" Apache via your distro's package manager, what's normally really happening is you're updating a minor version or applying backported security/bug fixes. In most cases, it should not touch your existing configuration files. (But there can be exceptions. So you need to back those up.) In most cases, such an upgrade is replacing binary programs -- including Apache HTTP server itself, and any of its affected modules.
For this reason, and in a sea of cascading dependencies, it can be difficult to roll back to a previous version if things go wrong. There are two things I do:
Apply the updates on a very similar test system first. Then regression test.
Prior to applying updates in prod, do a complete dump(8) of the system's filesystems. Even though you've already tested in test, on the small chance you have to roll back to a previous state, this will save you a major headache / job / etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
