Solved

Upgrade from Apache2.0 to Apache 2.2 windows Open SSL issue

Posted on 2014-07-22
2
462 Views
Last Modified: 2014-08-13
I originally built a VM for our Client Portal access - its running a WAMP environment Windows 2008 server R2 with Apache 2.0 openSSL 0.9 and PHP 5.3.5. Its running with installed certificates etc - all is as expected and I am happy! Unfortunately, due to performance issues with loading some "large" webpages, I need to upgrade this VM to Apache v2.2.25 (due to requiring FastCGI  compatible with Apache 2.2+).

I took a clone of the existing Apache 2.0 VM and changed the IP address, uninstalled Apache2.0 and installed Apache v2.2.25 with openSSL whilst leaving the current PHP version installed (all compatible). I changed the necessary settings in the httpd.conf and ssl.conf files and restarted apache2.2. All seemed ok at this point.

To test the new VM Apache2.2 server (I powered down the existing apache2.0 VM) and used a test PHP page with the following:

<?php phpinfo();?>

Its shows all PHP configurations. I compared the PHP settings listed on the new Apache2.2 server to the original Apache2.0 VM and not all configurations are listed under the "Apache Environment" section, settings like HTTPS, SSL_VERSION_INTERFACE, SSL_VERSION_LIBRARY, SSL_PROTOCOL (basically any SSL configurations are missing).

I've rechecked the config files and have SSLEngine ON and all settings are like for like, so I cannot fathom what is missing or needed to be done to get the new Apache2.2 server to pickup the SSL settings.

I have found little documentation on upgrading WAMP servers from Apache 2.0 to Apache 2.2.

Can anyone please help!?

PS. Please let me know if further info is required, I am not really ofay with Apache / PHP environments (I'm love my .net too much!)
0
Comment
Question by:Seven0fNine
2 Comments
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 40211652
First, I'd suggest that in the future, don't spin up a new VM clone just for an Apache upgrade. You can easily have multiple instances of Apache all running on the same machine without any conflict. You simply run them on different ports.

So if you're testing out a new version of Apache, just install it onto the same machine, edit the httpd.conf (or copy over the existing one, if all of your config is compatible between versions) and then simply change all the ports that it listens on. Usually this is the "Listen" directive, so if the existing config has "Listen 80" and "Listen 443", then change those to "Listen 8080" and "Listen 8443", for example. It can be any unused port #, but those are common alternative port numbers for this purpose.

You can also run Apache alongside IIS in this manner, by the way (since you said you love .NET).

Once the configuration is changed, start up the second instance and you should be able to hit it just fine as long as you include the port numbers in the URL (e.g. http://<Server's IP or Domain>:8080/somepage.php or https://<Server's IP or Domain>:8443/somepage.php).

Now, as far as the environment settings go, you'll only see those if you accessed the page via the HTTPS protocol. So if you hit the PHP info page via a normal HTTP address, then you won't see "HTTPS" or any of the "SSL_..." environment variables.

Finally, FastCGI is nice, but it's not usually the "answer" to performance problems. It might shave some milliseconds off of the startup time of each request (if you measure the response time between FastCGI and standard PHP, you'll see a small difference), but if you are waiting for a long time for a request (multiple, full seconds), then chances are that the bottleneck is in the application itself.

Often times, application bottlenecks are either poorly-written code, heavy disk I/O, or poor-performing database queries. There are solutions to all of these, so if you ARE seeing several seconds of load time in your application, I'd recommend you create a second question in the PHP zone and describe your script / application, and the performance you're seeing.

I would probably start some self-analysis by doing some code profiling of the longest-running parts of your script. I wrote an article on how to profile PHP code using a 3rd party tool:

http://www.experts-exchange.com/Programming/Languages/Scripting/PHP/A_12179-PHP-Code-Profiling-and-Analyzing-Performance.html

Anyway, it's still good to upgrade Apache to make sure you're staying up to date with patches, and it's good to squeeze every ounce of performance you have out of each component. If you don't use .htaccess files in your PHP application, you can also disable Overrides (set "Overrides None" in your Apache config in your application's <Directory> section) to get another small performance boost.

Finally, if you ARE accessing the PHP info page via an HTTPS URL and you still don't see the environment variables, then something's seriously wrong. My first response would be to check the certificate information in the browser after the page loads to make sure it's using the correct certificate and the connection is actually encrypted. Also, on your newest Apache 2.2 install, make sure you're not accidentally running a version of OpenSSL that is still vulnerable to Heartbleed. If you got your Apache install from the Apache Lounge recently, you should be okay.
0
 

Author Closing Comment

by:Seven0fNine
ID: 40258652
Thanks for your detailed reply. I finally sussed the problem. All working great - but now having trouble with configuring the Mod_fcgid. I've downloaded mod_fcgid-2.3.9 from Apachelounge. But there are no clear instructions, there is no single file of Mod_fcgid.so (as I expected to need to reference in httpd.conf LoadModule fcgid_module modules/mod_fcgid), but there are a whole host of files within a Build folder, Docs folder and modules folder. I cant see any .so file, so I'm not sure as to how and where I reference the mod_cfgid.so file... any advice! (or I'll add a new post)

Thank you

from Desperately seeking Apache help!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question