Solved

Upgrade from Apache2.0 to Apache 2.2 windows Open SSL issue

Posted on 2014-07-22
2
457 Views
Last Modified: 2014-08-13
I originally built a VM for our Client Portal access - its running a WAMP environment Windows 2008 server R2 with Apache 2.0 openSSL 0.9 and PHP 5.3.5. Its running with installed certificates etc - all is as expected and I am happy! Unfortunately, due to performance issues with loading some "large" webpages, I need to upgrade this VM to Apache v2.2.25 (due to requiring FastCGI  compatible with Apache 2.2+).

I took a clone of the existing Apache 2.0 VM and changed the IP address, uninstalled Apache2.0 and installed Apache v2.2.25 with openSSL whilst leaving the current PHP version installed (all compatible). I changed the necessary settings in the httpd.conf and ssl.conf files and restarted apache2.2. All seemed ok at this point.

To test the new VM Apache2.2 server (I powered down the existing apache2.0 VM) and used a test PHP page with the following:

<?php phpinfo();?>

Its shows all PHP configurations. I compared the PHP settings listed on the new Apache2.2 server to the original Apache2.0 VM and not all configurations are listed under the "Apache Environment" section, settings like HTTPS, SSL_VERSION_INTERFACE, SSL_VERSION_LIBRARY, SSL_PROTOCOL (basically any SSL configurations are missing).

I've rechecked the config files and have SSLEngine ON and all settings are like for like, so I cannot fathom what is missing or needed to be done to get the new Apache2.2 server to pickup the SSL settings.

I have found little documentation on upgrading WAMP servers from Apache 2.0 to Apache 2.2.

Can anyone please help!?

PS. Please let me know if further info is required, I am not really ofay with Apache / PHP environments (I'm love my .net too much!)
0
Comment
Question by:Seven0fNine
2 Comments
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
Comment Utility
First, I'd suggest that in the future, don't spin up a new VM clone just for an Apache upgrade. You can easily have multiple instances of Apache all running on the same machine without any conflict. You simply run them on different ports.

So if you're testing out a new version of Apache, just install it onto the same machine, edit the httpd.conf (or copy over the existing one, if all of your config is compatible between versions) and then simply change all the ports that it listens on. Usually this is the "Listen" directive, so if the existing config has "Listen 80" and "Listen 443", then change those to "Listen 8080" and "Listen 8443", for example. It can be any unused port #, but those are common alternative port numbers for this purpose.

You can also run Apache alongside IIS in this manner, by the way (since you said you love .NET).

Once the configuration is changed, start up the second instance and you should be able to hit it just fine as long as you include the port numbers in the URL (e.g. http://<Server's IP or Domain>:8080/somepage.php or https://<Server's IP or Domain>:8443/somepage.php).

Now, as far as the environment settings go, you'll only see those if you accessed the page via the HTTPS protocol. So if you hit the PHP info page via a normal HTTP address, then you won't see "HTTPS" or any of the "SSL_..." environment variables.

Finally, FastCGI is nice, but it's not usually the "answer" to performance problems. It might shave some milliseconds off of the startup time of each request (if you measure the response time between FastCGI and standard PHP, you'll see a small difference), but if you are waiting for a long time for a request (multiple, full seconds), then chances are that the bottleneck is in the application itself.

Often times, application bottlenecks are either poorly-written code, heavy disk I/O, or poor-performing database queries. There are solutions to all of these, so if you ARE seeing several seconds of load time in your application, I'd recommend you create a second question in the PHP zone and describe your script / application, and the performance you're seeing.

I would probably start some self-analysis by doing some code profiling of the longest-running parts of your script. I wrote an article on how to profile PHP code using a 3rd party tool:

http://www.experts-exchange.com/Programming/Languages/Scripting/PHP/A_12179-PHP-Code-Profiling-and-Analyzing-Performance.html

Anyway, it's still good to upgrade Apache to make sure you're staying up to date with patches, and it's good to squeeze every ounce of performance you have out of each component. If you don't use .htaccess files in your PHP application, you can also disable Overrides (set "Overrides None" in your Apache config in your application's <Directory> section) to get another small performance boost.

Finally, if you ARE accessing the PHP info page via an HTTPS URL and you still don't see the environment variables, then something's seriously wrong. My first response would be to check the certificate information in the browser after the page loads to make sure it's using the correct certificate and the connection is actually encrypted. Also, on your newest Apache 2.2 install, make sure you're not accidentally running a version of OpenSSL that is still vulnerable to Heartbleed. If you got your Apache install from the Apache Lounge recently, you should be okay.
0
 

Author Closing Comment

by:Seven0fNine
Comment Utility
Thanks for your detailed reply. I finally sussed the problem. All working great - but now having trouble with configuring the Mod_fcgid. I've downloaded mod_fcgid-2.3.9 from Apachelounge. But there are no clear instructions, there is no single file of Mod_fcgid.so (as I expected to need to reference in httpd.conf LoadModule fcgid_module modules/mod_fcgid), but there are a whole host of files within a Build folder, Docs folder and modules folder. I cant see any .so file, so I'm not sure as to how and where I reference the mod_cfgid.so file... any advice! (or I'll add a new post)

Thank you

from Desperately seeking Apache help!
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now