Slashdot Mirror
Apache 2.2.0 Released
ikewillis writes "According to an announcement on apache.org, Apache 2.2.0 has been released. From the announcement: 'This version of Apache is a major release and the start of a new stable branch. New features include Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File Support, the Event MPM, and refactored Authentication/Authorization.' View the ChangeLog or check out the new feature list."
Now I'm .9 versions behind.
I'm waiting for Microsoft to rename IIS "Cowboy 1.0" :)
I read the feature list and changelog earlier today but without taking the time to set up a test server and experiment with it I really have no idea how it compares to 1.3. For the most part we have stuck with 1.3.x for it's stability, performance on our older hardware (from 256MB dual 75MHz SPARCstation 20 to 1 GB 440 MHz Netras), and rock solid compatibility with mod_perl and Perl 5.6.
I'll be willing to try upgrading in the near future in hopes of experimenting with and making use of the some of the newer featues, but I would like to hear some first-hand information from those who have recently made the leap to 2.2, if at all possible.
s/with/without/ Meh.
The roots of education are bitter, but the fruit is sweet.
--Aristotle
'apachectl graceful' not good enough for you?
OK, I'll admit, the added feature list seems impressive, and I'm drooling a bit... but for some reason (I'm honestly not really sure why) I don't get the feeling that this is a very significant update! I'll find out tomorrow when I test it myself :)
LINUX ONLINE POKER: Linux Poker
So... it runs on Linux... But what doesn't it do ?
You can also do this: apachectl -k restart
A round of thanks to all the hard work done by the HTTPD team.
you guys ROCK
and special thanks to paul who pushed this through!
Since version 1.x you've been able to make config changes without a restart. Just edit your config files and then run "apachectl -k graceful" or send a USR1 kill signal to the parent Apache process. Apache reloads the config without restarting.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
That's interesting how they jumped from the 2.1.x beta versions to 2.2.0. They didn't do this when they went from the 2.0.x beta to the 2.0.x stable (hence the large .55 attached to 2.0.x right now). It's kinda like what Perl does with having devel and stable versions have odd and even numbers, respectively.
;)), I have this feeling that we might see the same 1.3->2.0 inertia.
Anyway, I guess the big question is, how many people will actually adopt 2.2.0. I still remember when 2.0 came out to mostly a yawn as most people kept using 1.3.x. Even today, most of the servers that I come across or administer are still using 1.3.x because unless you were running Windows, 2.x didn't really offer spectacular improvements over 1.3.x, and looking at the changes for 2.(1|2).x (anyone who's going to transfer a >2GB file over HTTP is crazy
When are they adding the continuation-stored-in-the-server feature? Having to do a CPS transform essentially by hand to all CGI scripts is ridiculous. Oh yeah...Perl/PHP/etc. don't support that. Why not?
This feature set still doesn't make me want to use apache. Lighttpd just rules. Plain and simple.
I've been struggling with setting up a mirrors server for our computing club here. I'd like to mirror all of Debian, for example, but I'm finding that storing (and, worse, updating) 80 gigs only to serve a tiny fraction of the files to our users is a dismal trade-off. I had been experimenting with ProxyPass, but since it didn't cache the results locally, it wasn't really providing a speed benefit.
mod_disk_cache plus mod_proxy's ProxyPass seems like just the ticket - I could give it a few servers to proxy for, give it a few hundred gigs of cache, and it would then automatically intelligently cache for those servers. This would be a great, easy plug-in solution.
Has anyone used mod_proxy and mod_cache in this fashion? It'd be great to hear about others' experiences or configuration examples.
|/usr/games/fortune
What are the newer features that you're planning on using?
Indeed, it sounds like you have what may be the perfect situation. Even if your servers are somewhat older, and not the most powerful, they are still very solid Sun systems. They will basically last forever. You suggest that mod_perl is working very well for you at the moment, too.
Perhaps an upgrade would be the worst thing you could do. Sticking with older, proven systems is many times a very wise idea.
Cyric Zndovzny at your service.
Apache 2.x? No thanks!
Apache 1.3? Still has issues!
I think I'm going to stick with something I can really trust!
Maybe I'll try CERN httpd 2.14, I'm not sure if 3.0 has enough of a track record.
I am really glad they added Foxy Load Balancing. Now asianpornstarlets.com will send me data at a nice, steady pace instead of in spurts and dribbles.
Storing state in the server and retrieving it via cookies, etc., is not CPS, it's just saving and retrieving state. And who still uses CGI anyway?
And who says continuations are a valid way to write web apps? I prefer to use request/response because that's the model of the underlying architecture. I also want my URLs to represent named entry points, not continuations within some arbitrary program.
And how the heck would Apache know how to save a continuation in any arbitrary programming language? Or is Apache supposed to turn into a set of libraries, one for Smalltalk, one for Ruby, one for Lisp.. ?
Explain what you mean, son....
For those of you saying you don't need to transfer >2GB it reminds me of comments like, "640k is enough for anybody", "64-bit isn't needed on the desktop", "no advantage to dual core" etc etc.
This will finally mean I can wget DVD ISO images! Work with large files over WebDAV and it will also mean my logs can grow over 2GB which is cool.
HTTP works where FTP has problems when dealing with complex networks (firewalls/NAT etc etc).
Sweet! Now I can store the 9.1GB DVD ISO's for people to download off my 33.6k Modem connected webserver!!
;-)
But seriously, the timing of this feature being added couldn't be better, 5 years ago there would've been no point, but with the current rate of speed increases in home Internet, it will become somewhat more useful!
----- Concentrate on promoting more than demoting.
But I want /debian/ to be a Debian cache, and /ubuntu/ to be an Ubuntu cache, and it'd be nice to have e.g. a Cygwin cache in /cygwin/ . Many "mirrors" sharing one disk cache space allocation on one easily-administered server.
Can Squid handle that kind of flexibility? That's what drew me to Apache's ProxyPass.
|/usr/games/fortune
Ive never really seen a reason to update apache so regulary. its been so stable for me no matter how i used it. But large file support? Nice. Pitty i still have 56k...... :(
For two small reasons:
CONVINIENCE(sp?) and USABILITY..
MikMik Baby Organics Mikkaworks
I would personally settle for a configuration file format which isn't confusing, poorly organized, and often times not parsed correctly (ie, apache doesn't do what the docs imply). See Why I Hate the Apache Webserver, which was a presentation at ApacheCon Europe.
Apparently everything the author pointed out was promptly forgotten or ignored.
Last time I posted about this, someone accused me of advocating "dumbing down" or stripping functionality out of Apache to make it easier for idiots to configure. That's NOT the point at all, and "easy to configure" does not mean "dumbed down" or "stripped down". Postfix, for example, is just as powerful as sendmail but miles easier to configure.
Please help metamoderate.
FWIW there's a debian-specific solution in the form of apt-proxy, a program that runs on your server, then the clients point their /etc/apt/sources.list at you, etc. etc. I haven't used it, but I know it exists, so your mileage may/will vary. (At my last job I was responsible for setting up a large web cluster; one machine acted as sort of the "mothership" providing all sorts of network services to the web hosts and so on... I was just looking into apt-proxy when I ended up getting a better job elsewhere. ;))
http://apt-proxy.sourceforge.net/
It has a web-based GUI :P
I've used the IIS GUI once because I was curious. *shudder* GUIs are useful only when well-designed.
1/ There are Apache GUIs. Google them up. Some are free, some are not.
2/ Opening the config file in a GUI text editor and navigating around with a mouse should be fairly easy, especially with the copious amount of documenation in the config.
3/ It's very difficult to express the rich level of complexity of Apache configurations in a GUI. Just imagine how on Earth a GUI can be made to handle nested VirtualHosts, Directorys, and Files. Throw in some regexp, and suddenly, you are faced with a situation where it becomes a heck of a lot easier to just edit the config file. To say that a GUI is always easier than text is incorrect; it depends on the situation, and Apache configs are one of those situations where this is the case (kinda like how when dealing with non-photographic web graphics, you need to use PNG or GIF and avoid JPG like the plague and how when dealing with photographic web graphics, you have to use JPG... each rules over their own niche of strength).
4/ If a GUI is made, it is highly likely that it won't be as powerful as just using a text editor; it's not as expressive (see above). But there's really not much to do with the basic configuration, either. For the most part, the default configuration works just fine, and if someone needs to edit the settings, it's mostly for the complicated stuff that would be a bloody mess to do in a GUI.
5/ Compactness and portability.
There are a couple of GUI frontends for configuration available, but I don't believe this release includes one "out of the box." If you're running Apache on Windows there are a number of commercial products available for GUI configuration. There's a whole bunch of free ones for Linux/Unix, webmin being one of my favorites since it has modules for just about everything under the sun (unix users & groups, samba shares, mysql, etc.) Although I've never had much trouble editing the text conf files by hand. We have a lot of sites and virtual hosts--it was much quicker and easier to set it all up in Apache via typing and cutting and pasting the relevant bits than when we used to run IIS.
But its apachectl graceful. The -k isn't needed. Reloads the configs without dropping active connections, very nice for production systems.
Quack, quack.
When apache first introduced mpm I was looking forward to the ability to have each virtual domain run under a seperate user. Right now it will spawn a seperate process for each user specified. So if you are hosting 1000 domains on one machine and specify unique users for each domain, you have 1000 idle listener processes when you start up the server.
I'm thinking the way it should be is only spawn processes for the specified user when an incomming request needs to be served, keep the process around to serve new requests if there are more to serve, and kill it off if there is no requests in X period of time. This would surely make hosting things like cgi much more secure.
The goal of computer science is to build something that will last at least until we've finished building it.
You know what somebody needs to so? Somebody needs to set up scripts for grepping the apache config files using CRM114. YOu could even use it make sed like for the pseudo xml file format.
evil is as evil does
Run Apache 2.x on the web facing side and use mod_proxy / mod-rewrite to serve your 1.3 pages to prevent any re-writing etc.
You can then migrate bits of uri at a time.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
3/ It's very difficult to express the rich level of complexity of Apache configurations in a GUI. Just imagine how on Earth a GUI can be made to handle nested VirtualHosts, Directorys, and Files
Hmm, it's almost like some kind of tree like structure might be appropriate
I realize that it is possible to create confusing arrangements in Apache which do not form a simple tree, but the same is true of filesystems and nobody has had much difficulty making viewers for them. To be honest, even a list of directories etc -- maybe where each one expands into a list of the filesystem objects it currectly applies to -- hey, there's a lot of scope for a useful GUI there.
Whence? Hence. Whither? Thither.
You know what somebody needs to so? Somebody needs to set up scripts for grepping the apache config files using CRM114. YOu could even use it make sed like for the pseudo xml file format.
I, for one, think somebody needs to explain what on earth they are talking about.
i just want to know when i'll be able to restart each vhost independently, like in IIS. or atleast have it rehash the config with out shutting the server down ( or is that already possible )?
In the mean time (ie, since the 2.0 release) we've changed the versioning model to the "odds are dev, evens are stable" model. So as soon as 2.2 released, development moved to the 2.3 branch, which will release as 2.4. So, yes, like Perl and Linux and many other things.
As for transferring >2GB files, this comes up many times every day on #apache, and fairly frequently on the mailing lists, so people do actually want to do this.
Folks that are still using 1.3 are missing out on enormous strides forward. The "it still works fine, why should I upgrade" crowd are completely welcome to remain where they are, and we're not going to compel to move, but they are going to miss out on all sorts of cool things, in the name of "it's good enough already." Their loss, not ours.
Apache guy, Open Source enthusiast, runner
3/ It's very difficult to express the rich level of complexity of Apache configurations in a GUI. Just imagine how on Earth a GUI can be made to handle nested VirtualHosts, Directorys, and Files. Throw in some regexp, and suddenly, you are faced with a situation where it becomes a heck of a lot easier to just edit the config file.
You know, even in the very worst case you can have a text edit box in the GUI. Yes, I admit that's somewhat self-defeating, but a GUI could have other variables more suited for drop-downs, radio buttons, check boxes, input validated fields and other user-friendly inputs. You can also have a lot more context-sensitive help and such. So I can see a poorly designed GUI be more difficult than editing the config file, but a well designed GUI should always be equal or better.
Live today, because you never know what tomorrow brings
Knowing which DSOs will load will be incredibly helpful, especially in distros that include packages for modules.
I've been waiting for LFS support in Apache for so long! OSX exports all of it's NFS shares as 64 bit, which has the adverse issue of any readdir() call returning empty. mod_autoindex always returned a completely empty directory listing.
...which no one will use.
Just like the last stable branch.
Thankyew, thankyew, I'll be here all week. Try the veal!
With spending like this, exactly what are "conservatives" conserving?
Folks that are still using 1.3 are missing out on enormous strides forward. The "it still works fine, why should I upgrade" crowd are completely welcome to remain where they are, and we're not going to compel to move, but they are going to miss out on all sorts of cool things, in the name of "it's good enough already." Their loss, not ours.
I haven't upgraded because most new security problems reported in Apache are for the 2.0.x branch, not the 1.3.x branch.
You say I'm missing out on enormous strides forward, but aren't I also missing out on numerous security problems? I'm not being argumentative, I really am interested in hearing the Apache developer's side of things. (E.g., perhaps the issues have been overstated, perhaps they exist in 1.3 also but aren't being discovered, etc.)
The earth-shattering feature of Apache 2.2 is RFC 2817 SSL Upgrade. Basically, any HTTP connection can upgrade itself to HTTPS without reestablishing.
This means you can do SSL on virtual hosts without a dedicated IP address. This will greatly increase the penetration of SSL (plus free certs like CaCert) and encryption in general. The $5/mo webhosters will be able to offer SSL to clients. Ubiquitous encryption considered good.
This is, of course, a Catch-22 - there are no browsers with the capability yet (let's get Mozilla going...) but this is the necessary first step. Come back in a couple years and see how things are going.
Oh, and I'm happy about the Cookie proxying patches which I reported against 2.0 but were applied to 2.1. This is the only Apache feature I've ever had a hand in designing so I'm happy to see it available. Basically, anything you do with cookies (paths, domains) should be properly proxied now. I've been waiting for this for a long time. Yay!
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Apache configuration is based on blocks of data between tags. CRM114 is a great tool for dumping text between start and end tags and also for replacing those blocks.
evil is as evil does
Surely I'm not the first to notice it's not out for Windows yet?
I believe the best overall solution for facilitating a GUI is to make the server capable of serializing its own configuration data to disk, and provide API calls for accessing this function. Then native GUIs can all handle configuration of the service in a way that is thorough and consistent across platforms.
This doesn't mean I'd advocate binary config files (I never would). However the prospect of using XML is intriguing.
... bit of a cheek calling it a "release" when there are no binaries. How is it different from what we could pull from the repository any other day of the week?
After the 2.0 release the ASF decided to change the way they do versioning of their products to a "odd" unstable development tree and "even" stable release tree. This was done to not cause all the confusion over the 2.0.x numbering (where the stable and unstable were both called 2.0.x)
And the authorization/authentication system rewrite is a nice BIG improvment over the old authentication stack. The new one allows you to explicitly specify which "backends" to use to authenticate and in which order.. Plus all backends can be used to plain and digest.
And for module developers (which I am) the 2.0/2.2 model is so much better than the old 1.3 module system and allows a lot more flexability and control.
The "it still works fine, why should I upgrade" crowd ..
but they are going to miss out on all sorts of cool things, in the name of "it's good enough already." Their loss, not ours.
Why not say: it 1.3 does everything you want it to do then you do not need to upgrade. If you see something you do need (therefore 'it works fine' may not be true for a given value of fine) then upgrade.
Except that is all implicit in the minds of every other reader.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Anyone know if there will be future security patches for the now older 2.0.x version? I.e. should I figure on upgrading sooner rather than later to minimize the disruption the next critical bug fix comes out?