Tag: Apache

Categories
Windows

Memorandum #18.

同一記事の日本語版

   Recently I updated some server apps.

    Update information      Edit(Jul.21)
  1. From ActivePerl-5.22.1.2201 to ActivePerl-5.24.0.2400.
    Last time I installed ActivePerl-5.22.1.2201-MSWin32-x86-64int-299574.msi. But now they doesn’t provide an msi file. Then I tried to install ActivePerl-5.24.0.2400-MSWin32-x86-64int-300558.exe, but it gave me an error like the below.

    Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action CheckInstallDir, entry: CheckInstallDirNoBox, library: C:UsersUserIDAppDataLocalTempMSIXXXX.tmp
    Continue reading “Memorandum #18.”
Categories
Vulnerability

Memorandum #17.

同一記事の日本語版

   Steffen released a new version of Apache 2.4.20 which was built with OpenSSL 1.0.2h on May 4, so I updated my web server Apache to it. ChangeLog. If you install Apache2.4.x at the first time, see “To create a Wamp-like Web Server in Windows7-#1”. Now I use a VC14 version of Apache which requires VC14.

Categories
Windows

The Web Server Nightmare Before H2PushPriority.

同一記事の日本語版
Update information      Edit(Jun.18)

   Actually, Cygwin has libev and nghttp2 packages now. So, you can use h2load and nghttp features even if you don’t build nghttp2 by yourself. Nevertheless, if youl build nghttp2 on Cygwin, you need to build the Jansson and the spdylay before building it because Cygwin doesn’t have their packages. But, according to the current trend, I think you don’t need the spdylay package. (2016.6.18)
—————————————————————————————————————————————————
   Yes, the title is just a word play from one of Tim Burton works (´ϖ`).

   On February 29, my server was down from about 0:00 to about 20:30 because of hardware malfunction. Last Sunday, February 28, I was trying hard for H2PushPriority which is one of new directives of Module mod_http2. To enable this feature is very easy, but to tune it up is difficult for me.

Continue reading “The Web Server Nightmare Before H2PushPriority.”
Categories
Vulnerability

Memorandum #16.

同一記事の日本語版

   Steffen released a new version of Apache 2.4.18 which was built with OpenSSL 1.0.2f on February 11, so I updated my web server Apache to it on the day before yesterday. Its ChangeLog says it was built with nghttp2 1.5.0, however, Steffen already gave nghttp2 1.6.0(MSVC release) though nghttp2’s releases are like a waterfall. You should use it at least instead of nghttp2 1.5.0. The ChangeLog of nghttp2 1.6.0. You can download mod_http2 1.1.0 & nghttp2 1.6.0 from here. If you install Apache2.4.x at the first time, see “To create a Wamp-like Web Server in Windows7-#1”. Now I use a VC14 version of Apache which requires VC14.

Continue reading “Memorandum #16.”
Categories
Uncategorized

Memorandum #15.

同一記事の日本語版

   As PHP7.0.3 was released, I updated to it the day before yesterday. Here is ChangeLog. My server OS is Windows7 HE SP1 x86, so I downloaded php-7.0.3-Win32-VC14-x86.zip.
   The new php.ini-production doesn’t have difference from 7.0.2’s except some comments. If you need more information about php.ini configuration, see ‘Migrating from PHP 5.5.16 to PHP 5.6.0 on Windows’.

Continue reading “Memorandum #15.”
Categories
Windows

Building h2load on Cygwin.

同一記事の日本語版
Update information      Edit(2016.Jan.4)   Edit2(Feb.7)   Edit3(Jun.18)

   Actually, Cygwin has libev and nghttp2 packages now. So, you can use h2load feature even if you don’t build nghttp2 by yourself. Nevertheless, if you build nghttp2 on Cygwin, you need to build the Jansson and the spdylay before building it because Cygwin doesn’t have their packages. But, according to the current trend, I think you don’t need the spdylay package. (2016.6.18)
—————————————————————————————————————————————————
   Now, I have two zip files. One is H2LOAD_dll_package_x86.zip, another is H2LOAD_dll_package_x64.zip. If you download one of them, you can do the test by h2load on your Windows PC. Run cmd.exe and do like this.
> h2load -n100000 -c100 -m10 https://localhost
   If you do this test, you should create your own local server. Because the test might be a cyber attack for the server if you set numbers too high as values of -n -c -m. Be careful.
   I wrote like this before:‘I don’t know why, but it looks like telling Apache without HTTP/2 is faster. Gee!’. This time, I had interesting results. See HTTPS with HTTP/2 and HTTPS without HTTP/2. The test tells that the server supports HTTP/2 is good at dealing with concurrent streams than the server doesn’t support HTTP/2. This is one of HTTP/2 features.

   I’ll write about my hard work to get these files (^_^;).
   [Caution]: The steps blow give the files contained by H2LOAD_dll_package_x64.zip. If you want to have the files for x86 PC, you have to do all steps by setup-x86.exe on a Windows x86 PC.

Continue reading “Building h2load on Cygwin.”
Categories
Windows

Moving my WordPress to HTTPS for supporting HTTP/2-#3.

同一記事の日本語版

   Continued from this post. As I finished preparing for supporting HTTP/2, I re-edited my httpd.conf and httpd-ssl.conf.
 
   On the httpd.conf, I un-commented the next line.
     LoadModule http2_module modules/mod_http2.so
   On the httpd-ssl.conf, I added the next line just after <VirtualHost o6asan.com:443>.
     Protocols h2 http/1.1
   h2 is HTTP/2 with TLS and h2c is HTTP/2 without TLS. I don’t use h2c on the server.
 
   Reboot Apache to enable Http/2. That’s it.

Continue reading “Moving my WordPress to HTTPS for supporting HTTP/2-#3.”
Categories
Windows

Moving my WordPress to HTTPS for supporting HTTP/2-#1.

同一記事の日本語版
Update information      Edit(Nov.2)  Edit2(Nov.6)  Edit3(2017.Jun.206)

   They released Apache 2.4.17 on Oct 13 and Steffen released the same version at ApacheLounge on Oct 12. The version has mod_http2 for its core module and Steffen’s version was built with nghttp2 v1.3.4. See ChangeLog. So, I can test HTTP/2 on my server now. Yes! Just test. Because they say “This module is experimental.

Continue reading “Moving my WordPress to HTTPS for supporting HTTP/2-#1.”
Categories
Vulnerability

Updating Apache because of CVE-2015-1793.

同一記事の日本語版

   I updated my Apache 2.4.12(httpd-2.4.12-win32-VC14.zip) to 2015 Jul 9 version because of Alternative chains certificate forgery (CVE-2015-1793).

   It is built with ‘IPv6 Crypto apr-1.5.1 apr-util-1.5.4 apr-iconv-1.2.1 openssl-1.0.2d zlib-1.2.8 pcre-8.37 libxml2-2.9.2 lua-5.1.5 expat-2.1.0′. Its Changelog.
   This version is also built with the latest Windows® Visual Studio C++ 2015 RC aka VC14. I began to use VC14 version on June 2 due to OpenSSL 1.0.2. If you use the version, you need to install vc_redist_x64/86.exe before installing the version.

   I really appreciate Steffen’s hard and quick work. Thanks again, Steffen.

   By the way, I take this occasion to update to phpMyAdmin 4.4.11 and MariaDB 10.0.20.

   About phpMyAdmin I noticed two differences. From the version 4.4.10 the download URL changed from sourceforge.net to phpmyadmin.net. And this version, I mean 4.4.11, they provide not only MD5/SHA1 but PGP. I wonder if something happened between sourceforge and phpmyadmin.

Categories
Uncategorized

Updating to Apache 2.4.12.

同一記事の日本語版

   Apache HTTP Server 2.4.12 was released. It includes four security patches for CVE-2014-3583, CVE-2014-3581, CVE-2014-8109 and CVE-2013-5704. In the httpd-ssl.conf the following lines were added. There was no release of 2.4.11.

  • # OCSP Stapling (requires OpenSSL 0.9.8h or later)
    #
    # This feature is disabled by default and requires at least
    # the two directives SSLUseStapling and SSLStaplingCache.
    # Refer to the documentation on OCSP Stapling in the SSL/TLS
    # How-To for more information.
    #
    # Enable stapling for all SSL-enabled servers:
    #SSLUseStapling On

    # Define a relatively small cache for OCSP Stapling using
    # the same mechanism that is used for the SSL session cache
    # above. If stapling is used with more than a few certificates,
    # the size may need to be increased. (AH01929 will be logged.)
    #SSLStaplingCache “shmcb:c:/Apache24/logs/ssl_stapling(32768)”

    # Seconds before valid OCSP responses are expired from the cache
    #SSLStaplingStandardCacheTimeout 3600

    # Seconds before invalid OCSP responses are expired from the cache
    #SSLStaplingErrorCacheTimeout 600

   The version was built with openssl-1.0.1l, so the issues told by OpenSSL Security Advisory [08 Jan 2015] were fixed.

   I downloaded httpd-2.4.12-win32-VC11.zip from the ApacheLounge for my Windows7 server. If you need the information about Apache 2.4.x configuration on Windows, see my post ‘To create a Wamp-like Web Server in Windows7-#1.’.