Link to home
Start Free TrialLog in
Avatar of Williams225
Williams225

asked on

Windows 2012 r2 : Best Practice to upgrade Apache

Hello Experts,

I use Windows Servers 2012r2, and my Nessus scanner show that I have a vulnerability in my apache version. I need to upgrade it from version 2.4.41.0 to 2.4.46.
I have never done this type of upgrade, can you please tell me how to do it?
Does it requires a server reboot?


Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image

This is available via a quick google dude...

here is a decent guide...  it very much depends how complex your apache install is

https://www.apachelounge.com/viewtopic.php?t=5768
Avatar of Williams225
Williams225

ASKER

@Hayes Jupe  I tried that solution, it didn't work.
I am trying to upgrade the version of Apache for Symantec Endpoint Protection Manager ( SEPM) and Citrix Licensing Server.
I have followed these steps:
  • Backup the apache folder
  • stop the Web server service
  • Replace the old server with the new one
  • Replace the new conf files with the new one
  • tried to restart the  Web server service but it failed.
Wow... I know people will disagree + I'll catch flack for this...

You asked, "Best Practice to upgrade Apache".

Simple, run Apache under Linux, preferably Ubuntu Focal (LTS).

Next comment for how I use to manage this process on Windows.
Back when I use young + naive + had more time than sense.

I use to build open source code on Windows.

Now I'm old/grizzled, know better, have massive time for my interests... which doesn't include building from source.

Here's how I use to do this.

1) First, you can't just build Apache. You must build an entire WAMP Stack - Apache + MariaDB/MySQL + PHP + OpenSSL.

2) You must only be running low/no traffic Apache sites, as Windows only supports mpm_winnt which provides no HTTP/2 support + never will, as HTTP/2 support requires running mpm_event or some other Linux/UNIX based threaded MPM.

3) So if you can give up HTTP/2 forever, proceed.

If not, switch to Linux now + stop reading.

4) You'll have to subscribe to all AMP dev feeds, where AMP means Apache/MariaDB/PHP/OpenSSL.

Avoid MySQL as this code is... well... there's a reason why many Distros have changed to installing MariaDB by default for all MySQL packaging targets.

Compared to MySQL... MariaDB is faster, has more dev, fixes bugs faster (although still slow), provides reference system for most storage engines.

5) Every morning you'll get up and begin your new career, which will be studying all dev channel bug releases.

Note: This means, whatever you're doing now, you'll no longer be doing... You'll have to delegate all your other daily tasks to others...

You'll read over these dev tickets, then determine which of the patch sets are important + which to ignore.

Patch Set: A diff file which can be applied to a source tree to implement a bug fix, security fix, logic fix, performance enhancement.

6) Now for the serious time drain.

For each patch set you determine is important, you'll have to apply this patch set against your source tree (of whatever AMP tree is involved).

This is complex, because some patch sets conflict... Other patch sets required dependency patch sets to be installed first... Other patch sets depend on external code, like this complex case...

a) OpenSSL releases a patch + you rebuild, then Apache fails.

b) You apply the related Apache patch sets, then Apache compile fails.

c) You must find + apply all dependency patch sets to get your Apache compile to work.

d) Then when you run your Apache code tests, Apache fails in some way.

e) Now you must debug the Apache source, pushing fixes you code back the Apache project for review + rolling into source base for next release.

7) Rinse + Repeat... Meaning you must now repeat this process every day for the rest of your life.

You'll do this for Apache/MariaDB/PHP/OpenSSL + many other dependencies required... likely things like gcc/automake/m4/libtool... as you'll have to build up an entire fake Linux tool stack to get this process to actually work.

Note: This is why I no jump through these hoops... My goal is to have latest stable code I can install with a single command, that works 100% of the time.
ASKER CERTIFIED SOLUTION
Avatar of David Favor
David Favor
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial