[gentoo-user] apache-2.4.20 update doesn't like includes directive

[gentoo-user] apache-2.4.20 update doesn't like includes directive

[Mick]

[-- Attachment #1: Type: text/plain, Size: 4172 bytes --]

I've updated apache to 2.4.20 and it now refuses to accept the httpd.conf.  In 
particular it says:
===================
# /etc/init.d/apache2 restart
 * Caching service dependencies ...                                                                                                                                                     
[ ok ]
 * apache2 has detected an error in your setup:
apache2: Syntax error on line 153 of /etc/apache2/httpd.conf: Syntax error on 
line 7 of /etc/apache2/modules.d/70_mod_php.conf: Syntax error on line 2 of 
/var/lib/eselect-php/mod_php.conf: Cannot load modules/mod_php.so into server: 
/usr/lib/apache2/modules/mod_php.so: undefined symbol: unixd_config
 * ERROR: apache2 failed to stop
================================


Taking these one at a time:

Syntax error on line 153 of /etc/apache2/httpd.conf
===================================================
Line 153 of my /etc/apache2/httpd.conf has:

Include /etc/apache2/modules.d/*.conf

Should this be any different?

The /etc/apache2/modules.d/ directory contains:

# ls -la /etc/apache2/modules.d/
total 112
drwxr-xr-x 2 root root 4096 May 21 14:36 .
drwxr-xr-x 5 root root 4096 May 21 14:36 ..
-rw-r--r-- 1 root root    0 May 21 13:30 .keep_www-servers_apache-2
-rw-r--r-- 1 root root 5984 May 21 14:21 00_default_settings.conf
-rw-r--r-- 1 root root 2520 May 21 13:30 00_error_documents.conf
-rw-r--r-- 1 root root 5040 May 21 13:30 00_languages.conf
-rw-r--r-- 1 root root 2883 May 21 13:30 00_mod_autoindex.conf
-rw-r--r-- 1 root root  225 May 21 13:30 00_mod_info.conf
-rw-r--r-- 1 root root 1518 May 21 13:30 00_mod_log_config.conf
-rw-r--r-- 1 root root 1707 May 21 13:30 00_mod_mime.conf
-rw-r--r-- 1 root root  458 May 21 13:30 00_mod_status.conf
-rw-r--r-- 1 root root 1015 May 21 13:30 00_mod_userdir.conf
-rw-r--r-- 1 root root 2959 May 21 13:30 00_mpm.conf
-rw-r--r-- 1 root root 5574 Feb 23 18:11 01_wordpress2_module_settings.conf
-rw-r--r-- 1 root root  206 May 21 13:30 10_mod_mem_cache.conf
-rw-r--r-- 1 root root 2651 May 21 13:30 40_mod_ssl.conf
-rw-r--r-- 1 root root  185 May 21 13:30 41_mod_http2.conf
-rw-r--r-- 1 root root  758 May 21 13:30 45_mod_dav.conf
-rw-r--r-- 1 root root  406 May 21 13:30 46_mod_ldap.conf
-rw-r--r-- 1 root root  809 Mar 25 11:47 70_mod_php.conf


My /etc/conf.d/apache2 contains:

APACHE2_OPTS="-D DEFAULT_VHOST -D DAV -D DAV_FS -D INFO -D SSL -D 
SSL_DEFAULT_VHOST -D LANGUAGE -D PHP"

I am not clear what is causing the above complain.


Syntax error on line 7 of /etc/apache2/modules.d/70_mod_php.conf:
=================================================================
line 7 of /etc/apache2/modules.d/70_mod_php.conf points to:

 Include "/var/lib/eselect-php/mod_php.conf"

which in turn contains:

<IfModule !php5_module>
    LoadModule php5_module modules/mod_php.so
</IfModule>

should the 2nd line above be any different and if so why hasn't the php 
package changed it?


I am using php-5.6

# eselect php show apache2
php5.6


Here are my apache flags:
[ebuild   R    ] www-servers/apache-2.4.20:2::gentoo  USE="ldap ssl -debug -
doc (-libressl) (-selinux) -static -suexec -threads" APACHE2_MODULES="actions 
alias auth_basic authn_alias authn_anon authn_core authn_dbm authn_file 
authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user 
autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires 
ext_filter file_cache filter headers include info log_config logio mime 
mime_magic negotiation rewrite setenvif socache_shmcb speling status unique_id 
unixd userdir usertrack vhost_alias -access_compat -asis -auth_digest -
authn_dbd -authz_dbd -cache_disk -cern_meta -charset_lite -dbd -dumpio -http2 
-ident -imagemap -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic 
-lbmethod_heartbeat -log_forensic -macro -proxy -proxy_ajp -proxy_balancer -
proxy_connect -proxy_fcgi -proxy_ftp -proxy_html -proxy_http -proxy_scgi -
proxy_wstunnel -ratelimit -remoteip -reqtimeout -slotmem_shm -substitute -
version" APACHE2_MPMS="-event -peruser -prefork -worker" 0 KiB

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] apache-2.4.20 update doesn't like includes directive

[Michael Orlitzky]

On 05/21/2016 11:11 AM, Mick wrote:
> Cannot load modules/mod_php.so into server: 
> /usr/lib/apache2/modules/mod_php.so: undefined symbol: unixd_config

You need "unixd" in your APACHE2_MODULES.

Re: [gentoo-user] apache-2.4.20 update doesn't like includes directive

[Mick]

[-- Attachment #1: Type: text/plain, Size: 715 bytes --]

On Saturday 21 May 2016 11:32:12 Michael Orlitzky wrote:
> On 05/21/2016 11:11 AM, Mick wrote:
> > Cannot load modules/mod_php.so into server:
> > /usr/lib/apache2/modules/mod_php.so: undefined symbol: unixd_config
> 
> You need "unixd" in your APACHE2_MODULES.

Hmm ... interestingly on this old box I don't seem to have APACHE2_MODULES 
defined.  I guess it emerges the default modules each time?

# echo $APACHE2_MODULES
#

I added '-D UNIXD_H' to my /etc/conf.d/apache2 and the problem seems to be 
gone.  I had to also replace in the config all vhosts "Order deny,allow" 
directives with the new syntax.

From one Michael to another, thank you kindly for your help!  :-)

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] apache-2.4.20 update doesn't like includes directive

[Michael Orlitzky]

On 05/21/2016 01:11 PM, Mick wrote:
> 
> I added '-D UNIXD_H' to my /etc/conf.d/apache2 and the problem seems to be 
> gone.

That part should be unnecessary. I think there's some magic where we
automatically uncomment the

  LoadModule unixd_module modules/mod_unixd.so

line in your httpd.conf, even without a -D flag.


I had to also replace in the config all vhosts "Order deny,allow"
> directives with the new syntax.

You can keep compatibility with the old syntax (if you need to) with
APACHE2_MODULES="access_compat". If you're installing third-party web
apps, many of them will ship with apache-2.2 htaccess files containing
those "Order allow,deny" lines. Without the compatibility module (and if
you don't fix them yourself), you'll get 500 errors.

Re: [gentoo-user] apache-2.4.20 update doesn't like includes directive

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1880 bytes --]

On Saturday 21 May 2016 14:10:53 Michael Orlitzky wrote:
> On 05/21/2016 01:11 PM, Mick wrote:

> I had to also replace in the config all vhosts "Order deny,allow"
> 
> > directives with the new syntax.
> 
> You can keep compatibility with the old syntax (if you need to) with
> APACHE2_MODULES="access_compat". If you're installing third-party web
> apps, many of them will ship with apache-2.2 htaccess files containing
> those "Order allow,deny" lines. Without the compatibility module (and if
> you don't fix them yourself), you'll get 500 errors.

Yes, I've already experienced this with some old(er) drupal 7 websites.  
Although I've edited their .htaccess files with the new syntax, there are 
umpteen hardcoded php files in there which had the old syntax and/or run 
checks for it.

I tried setting APACHE2_MODULES="access_compat" in make.conf and I got this 
conflict:
===========================================================
WARNING: One or more updates/rebuilds have been skipped due to a dependency 
conflict:

www-servers/apache:2

  (www-servers/apache-2.4.20:2/2::gentoo, ebuild scheduled for merge) 
conflicts with
    >=www-servers/apache-2.4[apache2_modules_unixd,-threads] required by (dev-
lang/php-5.5.35:5.5/5.5::gentoo, installed)
                             ^^^^^^^^^^^^^^^^^^^^^          
    >=www-servers/apache-2.4[apache2_modules_unixd,-threads] required by (dev-
lang/php-5.6.21:5.6/5.6::gentoo, installed)
                             ^^^^^^^^^^^^^^^^^^^^^          
    www-servers/apache[apache2_modules_dir] required by (app-eselect/eselect-
php-0.9.1:0/0::gentoo, installed)
                       ^^^^^^^^^^^^^^^^^^^ 

Nothing to merge; quitting.
===========================

eselect has USE=apache2 set, but I don't really understand the difference or 
why they clash.  :-/

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] apache-2.4.20 update doesn't like includes directive

[Michael Orlitzky]

On 05/22/2016 04:50 AM, Mick wrote:
> 
> I tried setting APACHE2_MODULES="access_compat" in make.conf and I got this 
> conflict:

Oh, sorry, I meant that you have to add "access_compat" to the list of
modules already present in APACHE2_MODULES.

Those conflicts are saying that you need "unixd" for php itself, and
eselect-php wants "dir". This is a pretty minimal list:

  APACHE2_MODULES="alias auth_basic auth_digest authn_anon authn_core\
                   authn_file authz_core authz_host authz_user dir\
	           include log_config mime rewrite socache_shmcb unixd"

(Add access_compat if you want). You can narrow it down by looking
through each module's documentation:

  http://httpd.apache.org/docs/current/mod/

The directives that each one provides are listed over on the right. So
if, for example, you don't use "AuthUserFile" in your config, then it's
safe to turn off mod_authn_file.

The Drupal thing is highly annoying. Their stupid status report ignores
the fact that:

  1. You can achieve the same thing with an htaccess file that isn't
     byte-for-byte identical to the one they ship.

  2. If you run multiple sites, you can implement the restrictions in
     the vhosts and not in htaccess files.

  3. Not every web server uses htaccess files.

I've had to explain to a lot of customers that, yes, their site is
secure, that check was just written by idiots.