Silmor . de
Site Links:
Impressum / Publisher


Migrating to Apache 2.0 on Debian

Audience: knowledgeable Apache 1.x admins on Debian.

The Task

It began with a simple task: install Subversion on the Debian server. Unfortunately this meant migrating to a new Apache version, since Subversion needs Apache 2.x. This might sound easy on a clean installation, but becomes harder once it means to migrate a server with an active Apache 1.3 installation including several virtual hosts.

The running installation used two servers: one for all the virtual hosts on port 80 (running on the same IP address) and the other one for secure web services on port 443. The new Apache 2.0 installation uses only one server for both. This is by far the highest hoop to jump through, afterwards it all becomes very easy.

Porting VHosts

Apache 2.0 on Debian uses a different concept for the configuration of the server. The configuration is now split into multiple files. The server process configuration is in the file apache2.conf, which you usually will not need to touch. The file ports.conf contains the Listen directives and is also a good place to put your NameVirtualHost directives in. The last top level file is httpd.conf, which should be filled with all your global Directory directives and other global configurations.

The remainder of the server is configured through the mods-* and sites-* directories.

The mods-available directory contains load directives for all installed modules and for some a configuration file, which contains only the basic activation directives. All modules that should be activated on that server must be linked into mods-enabled. You need to make sure that you activated ALL your needed modules, since only a very basic set is preconfigured (eg. CGI is not activated by default).

Likewise does sites-available contain all your configured sites. There is no strict definition of a site - it can be a single virtual host, the whole configuration or whatever combination of virtual hosts suits you best. Apache comes with only one site definition preinstalled, which defines a virtual host that captures all hostnames and ports. Once you got all sites set up you link them into sites-enabled. If you want your sites to load in a specific order you can prefix your links eg. with digits - Apache loads these files in ASCII order.

If you use multiple ports (eg. because you want to server HTTP on port 80 and HTTPS on port 443), you need to take care that all VirtualHost directives have a port number assigned (eg. <VirtualHost>). Otherwise Apache will assume that this host is served on all ports equally. The error message indicating this complains about "*-Hosts and non-*-Hosts should not be mixed".

Setting up SSL

The easy part is: activate the ssl-module by linking it into mods-enabled.

Now copy your complete SSL configuration into it's own site file. If this is your first SSL configuration, you can find a good example in /usr/share/doc/apache2/examples.

A new certificate can be produced thus:

cat >apache.cfg <<EOF
[ req ]
default_bits            = 1024
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = DE
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Germany

localityName                    = Locality Name (eg, city)
localityName_default            = Dresden

organizationName                = Organization Name (eg, company; recommended)
organizationName_max            = 64
organizationName_default        = My Org

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_max      = 64

commonName                      = server name (eg. ssl.domain.tld; required!!!)
commonName_max                  = 64
commonName_default              =

emailAddress                    = Email Address
emailAddress_max                = 40
emailAddress_default            =

openssl req -config apache.cfg \
  -new -x509 -nodes -out crt.pem \
  -keyout key.pem -days 400

of course you need to replace the defaults (or enter them during key generation).

Setting up Subversion

Subversion can be activated likewise, by simply installing Subversion and then linking its modules (mod_dav_svn*) into mods-enabled.

More about Subversion.

Webmaster: webmaster AT silmor DOT de