Linux Admin Zone

This is again short post for people lazy enough to not compile and always looking for some quick way to upgrade/install software.

The machine is having CentOS 5.2 and httpd 2.2.8. We are looking to upgrade httpd to 2.2.17 to succeed in PCI compliance. While I assured that current Apache is having all security upgrades but still test guys saying we have to upgrade to latest stable. Ok, its not that difficult.

When I checked, almost all common repositories are having upgrades up to 2.2.8 which I did but I need it to latest stable which is 2.2.17 while writing this article. Then I noticed CentAlt repo which is having this upgrade.

In a CentOS 5.2 Server, there PHP 5.2.4 and due to which PCI complaince test failed. We were in requirement to upgrade PHP to latest stable version. While writing this article, we found 5.3.5 as latest stable release of PHP. Describing here the steps taken to download, install PHP 5.3.5.

Step 1. Check existing PHP modules and Install pre-requisites libraries/apps

As the first step, you should get list of installed PHP modules so that you can incude them with newer PHP as well otherwise functionality of your site/application can break.

Get list of all PHP module installed in Server:

You need to disable SSL ver 2 and enable SSL ver 3 in apache for PCI compliance. Its very easy to do. Following settings will set SSL ver 3 and also disable older/unsecure cipher suite in Redhat/centos/fedora Linux server:
1. Open /etc/httpd/conf.d/ssl.conf and add or if these lines already there, edit them as per follows:

## Disbale SSLv2 and enable SSLv3
SSLProtocol -All +SSLv3 +TLSv1
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL

2. Reload httpd service to apply the new settings:

# /etc/init.d/httpd reload

3. Verify the settings by connecting to SSL ver 3 protocol:

# openssl s_client -connect localhost:443 -ssl3

It should connect. you can also try connecting to SSL ver 2 which should result in error. Request the PCI test again and it should not complain about Apache SSL related issues.

There are various wasys to do this, but this is what I implemented. It is working as expected as of now on my RHEL 5.x boxes. I’ll take my usecase here and describe things.

Plesk web hosting control panel is managing several hundred domains on one of RHEL box. Addition and removal of domains is very common. We need to sync all domain’s httpdocs directory to other webservers. Of course, a simple rsync can be setup for this but it’s much efficient that rsync should only run when there’s any change, ie addition/removal of a domain or file updation etc. What I mean to say, instead of letting rsync detect changes, its better that our script should detect changes and then run rsync. The obvious advantage is that network burden is reduced because rsync will only sync contents with our servers when there are changes.

I got an assignment where I’ve to move some apps from a server (due to immense load) to different server without changing URLs. Main software app should remains in first server and all other smaller apps should be moved to another server but because all apps are integrated (for seamless login etc) with each other, URL on the browser should not change when browing the main app or any of its subordinate apps residing on different server.

The quick solution is to update httpd.conf in your main server to redirect traffic for certain apps to different server (or domain). Apache will work like a proxy when accessing other apps. for example, here are sample URLs: