Control Web Panel
WebPanel => Apache => Topic started by: Administrator on October 12, 2014, 01:39:11 AM
-
In your CWP from version 0.9.6 you will have Apache recompiler and you can modify apache modules according to your needs.
Additional Modules:
- mod H264 and FLV streaming - Installing mods H264 and FLV streaming means you can seek to any position during video, and browser (flash player) will buffer only from this position to the end.
Short List of features/modules
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-layout=LAYOUT
--enable-v4-mapped Allow IPv6 sockets to handle IPv4 connections
--enable-exception-hook Enable fatal exception hook
--enable-maintainer-mode
Turn on debugging and compile time warnings
--enable-pie Build httpd as a Position Independent Executable
--enable-modules=MODULE-LIST
Space-separated list of modules to enable | "all" |
"most"
--enable-mods-shared=MODULE-LIST
Space-separated list of shared modules to enable |
"all" | "most"
--disable-authn-file file-based authentication control
--enable-authn-dbm DBM-based authentication control
--enable-authn-anon anonymous user authentication control
--enable-authn-dbd SQL-based authentication control
--disable-authn-default authentication backstopper
--enable-authn-alias auth provider alias
--disable-authz-host host-based authorization control
--disable-authz-groupfile
'require group' authorization control
--disable-authz-user 'require user' authorization control
--enable-authz-dbm DBM-based authorization control
--enable-authz-owner 'require file-owner' authorization control
--enable-authnz-ldap LDAP based authentication
--disable-authz-default authorization control backstopper
--disable-auth-basic basic authentication
--enable-auth-digest RFC2617 Digest authentication
--enable-isapi isapi extension support
--enable-file-cache File cache
--enable-cache dynamic file caching
--enable-disk-cache disk caching module
--enable-mem-cache memory caching module
--enable-dbd Apache DBD Framework
--enable-bucketeer buckets manipulation filter
--enable-dumpio I/O dump filter
--enable-echo ECHO server
--enable-example example and demo module
--enable-case-filter example uppercase conversion filter
--enable-case-filter-in example uppercase conversion input filter
--enable-reqtimeout Limit time waiting for request from client
--enable-ext-filter external filter module
--disable-include Server Side Includes
--disable-filter Smart Filtering
--enable-substitute response content rewrite-like filtering
--disable-charset-lite character set translation
--enable-charset-lite character set translation
--enable-deflate Deflate transfer encoding support
--enable-ldap LDAP caching and connection pooling services
--disable-log-config logging configuration
--enable-log-forensic forensic logging
--enable-logio input and output logging
--disable-env clearing/setting of ENV vars
--enable-mime-magic automagically determining MIME type
--enable-cern-meta CERN-type meta files
--enable-expires Expires header control
--enable-headers HTTP header control
--enable-ident RFC 1413 identity check
--enable-usertrack user-session tracking
--enable-unique-id per-request unique ids
--disable-setenvif basing ENV vars on headers
--disable-version determining httpd version in config files
--enable-proxy Apache proxy module
--enable-proxy-connect Apache proxy CONNECT module
--enable-proxy-ftp Apache proxy FTP module
--enable-proxy-http Apache proxy HTTP module
--enable-proxy-scgi Apache proxy SCGI module
--enable-proxy-ajp Apache proxy AJP module
--enable-proxy-balancer Apache proxy BALANCER module
--enable-ssl SSL/TLS support (mod_ssl)
--enable-distcache Select distcache support in mod_ssl
--enable-optional-hook-export
example optional hook exporter
--enable-optional-hook-import
example optional hook importer
--enable-optional-fn-import
example optional function importer
--enable-optional-fn-export
example optional function exporter
--enable-static-support Build a statically linked version of the support
binaries
--enable-static-htpasswd
Build a statically linked version of htpasswd
--enable-static-htdigest
Build a statically linked version of htdigest
--enable-static-rotatelogs
Build a statically linked version of rotatelogs
--enable-static-logresolve
Build a statically linked version of logresolve
--enable-static-htdbm Build a statically linked version of htdbm
--enable-static-ab Build a statically linked version of ab
--enable-static-checkgid
Build a statically linked version of checkgid
--enable-static-htcacheclean
Build a statically linked version of htcacheclean
--enable-static-httxt2dbm
Build a statically linked version of httxt2dbm
--enable-http HTTP protocol handling
--disable-mime mapping of file-extension to MIME
--enable-dav WebDAV protocol handling
--disable-status process/thread monitoring
--disable-autoindex directory listing
--disable-asis as-is filetypes
--enable-info server information
--enable-suexec set uid and gid for spawned processes
--disable-cgid CGI scripts
--enable-cgi CGI scripts
--disable-cgi CGI scripts
--enable-cgid CGI scripts
--enable-dav-fs DAV provider for the filesystem
--enable-dav-lock DAV provider for generic locking
--enable-vhost-alias mass virtual hosting module
--disable-negotiation content negotiation
--disable-dir directory request handling
--enable-imagemap server-side imagemaps
--disable-actions Action triggering on requests
--enable-speling correct common URL misspellings
--disable-userdir mapping of requests to user-specific directories
--disable-alias mapping of requests to different filesystem parts
--enable-rewrite rule based URL manipulation
--enable-so DSO capability
-
I hope you will release this version this week :)
-
Apache compiler doesn't remember my last compilation flags. I build my Apache with additional flags and every time I have to save them to external file or something like that :) Also after rebuilding Apache try to bind on port 80 - in my case I choose nginx proxy :)
-
Which php72 modules are required for cwp-httpd to perform/function properly? E.g will this suffice or am I missing something?
php72-php
php72-php-opcache
php72-php-pdo
php72-php-xml
php72-php-tidy
php72-php-snuffleupagus
php72-php-process
php72-php-bcmath
php72-php-brotli
php72-php-fpm
php72-php-gd
php72-php-gmp
php72-php-mysqlnd
php72-php-pear
php72-php-mbstring
php72-php-pgsql
php72-php-pecl-zip
php72-php-intl
php72-php-ldap
php72-php-pecl-mcrypt
php72-php-pecl-crypto
php72-php-pecl-imagick
php72-php-pecl-bitset
php72-php-ioncube-loader
-
Which option has to be disabled when recompiling cwp-httpd to untie httpd from php, to be able to load particular php modules instead ???
-
if I want to activate mod_brotli, what would it be like?
-
if I want to activate mod_brotli, what would it be like?
https://httpd.apache.org/docs/2.4/en/mod/mod_brotli.html
-
Thanks, I got it by doing it with nginx https://nixcp.com/brotli-compression-nginx/
-
When can we expect to see 2.4.54 available for compilation? 2.4.54 was released 2 months ago on 2022-06-08
-
When can we expect to see 2.4.54 available for compilation? 2.4.54 was released 2 months ago on 2022-06-08
+1
-
When can we expect to see 2.4.54 available for compilation? 2.4.54 was released 2 months ago on 2022-06-08
+1
+1
-
We need a 2.4.56 option as all release below has critical security issues
and cwp-httpd.x86_64 2.4.56-1 required me to recompile Apache, but only option are still 2.4.52
-
Current on CWP is:
Apache version: Apache/2.4.56
-
Well I would hope so, but not on my setup, and many that use CWP enhanced features, I just rolled the update "cwp-httpd.x86_64 2.4.56-1" with needed Apache recompile as Apache would not start, so I am at back at Apache/2.4.54, but before rollback it was
Application Version
Apache version: Apache/2.4.52
PHP version: 8.1.16
MySQL version: 10.11.2-MariaDB
FTP version: 1.0.47
CWP preach that it has higher performance than other PANEL's, as it compile APP/Runtime/Middelware for the system it are installed on. Well that is the issue when these Compile Tools are not kept updated to support new releases.
In Apache Re-Build, latest release are "Apache 2.4.52 & suPHP 0.7.2", so that as High as CWP gets on compile.
Same issue we have with CWP and MYSQL or MariaDB, but at least there are guides how to FIX CWP implementation, and manually get it to a developer supported secure release.
-
Apparently "Apache Builder (compiler)" are EOL, as when used you are back in 2021 branch, and you will have an very unsecure server.
After fixing CWP standard mod_security when upgrading from 2.4.54 to 2.4.56, I can now via YUM Manager reinstall Installed Packages "cwp-httpd.x86_64 2.4.56-1" & "cwp-suphp.x86_64 0.7.2-3", and now have Apache version: Apache/2.4.56 running.
-
Hmmm. I never applied any "secret sauce" to get to Apache 2.4.56. I run php-fpm and run
yum -y update regularly.
-
Both "Apache Compiler" and "PHP-FPM Selector (php_selector3)" are CWP enhanced features or "secret sauce" as you call it, and your responding to a thread about "Apache Compiler" that you apparently have not Used, Tested or have any Knowledge about.
Please let's try to help each other in the forum, not misguide
-
Huh? That's quite the perspective...
-
Sorry overseer, I know to the forum I have status "Newbie", but within IT Operation I am a Senior Architect, and was an Application Architect for many years.
That is why I can say CWP are primary build/managed by IT Developers/Technicians, not Architects.
Many CWP enhanced features break (disable) other CWP enhanced features, but does not inform or indicate this, so it is important to know what CWP features have been utilized, to be able to know why CWP behave as it does.
Like the "Apache Builder (compiler)", when used then YUM updates of CWP Apache are ignored, you have to manually choose newer compile selection (if possible).
Like the "PHP Version Switcher (php_switch_v2)", when used then YUM updates of CWP PHP are ignored, you have to manually choose newer PHP version selection (if possible).
"Setup default Web Servers (WebServers_manage)" are a clear exception, from what I can see it does not break anything (just let Admins choose) and both makes light test and have clear info how it interact with some of the other Enhancements/Options.
Ex. just above "Save and Rebuild Configuration" a possible check-mark to
"Force Apache to use PHP-FPM Selector, this will disable PHP Selector 2 and PHP Version Switcher. (NOT installed, click here to install) [** CWPpro required **]"
The way I got away from the "Apache Compiler" and now able to get/follow newer updates, was via "Yum Manager" and under "Installed Packages" reinstall all the CWP-* packages, AFTER I had manually found and removed all the somehow added extra mod_security configurations in some of the conf.d/*.conf & conf.d/vhosts/*.conf files.
Then Apache again was able to restart after 2.4.56-1 update.
The "Apache Compiler" page now show
Apache Builder (compiler)
You are running Apache version:
Server version: Apache/2.4.56 (Unix)
Server built: Mar 14 2023 13:11:28
Loaded Modules:
.... (static)
... (static)
and as latest version in "Select NEW Apache version" are "Apache 2.4.52 & suPHP 0.7.2" I commend never to press "Next >" on the in the future.
So I say Apache Builder (compiler) are EOL (End of Life)
-
Okay, great. Glad you got it sorted. My usual troubleshooting method on this forum is to "compare notes" with the person in need -- see how their configuration and use case matches up with mine. We had some overlap, so I mentioned which apache version I had running on my CWP servers, in conjunction with php-fpm (not suPHP and not using the PHP Version Switcher). I have only used the PHP Version Switcher on one server that was 1:1, dedicated to a single client -- so I have used it and do have some experience with it. All my other servers host multiple clients so php-fpm is a better use case, as each client often needs a specific version of PHP for different web apps/content management systems.
-
Yes and that is my I recommend all to keep away from the "Apache Compiler" unless you really NEED an OLD Apache version, and I then hope that is for an internal only setup.
but also found out even I had manually updated OpenSSL, then the CWP-HTTPD are build with custom openssl-1.0.2k-fips mod_ssl and very outdated.
So I have to break CWP control, and build in myself
https://www.uxlinux.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/
PS. apache-rebuild-new7.sh used older 2.4.55, but I changed that, and also fixed issue with missing lib64
Now running Apache 2.4.57 with OpenSSL 3.0.8