Re: Question regarding Apache 2.0 license

[Jeroen Koekkoek]

Hi Stuart,

On Mon, 2022-11-07 at 23:20 +, Stuart Henderson wrote:
> Hi Jeroen,
> 
> On 2022-11-07, Jeroen Koekkoek  wrote:
> > Hi All,
> > 
> > I'm working on some patches/features for NSD. One of the new
> > features
> > uses some Apache 2.0 licensed code (for now).
> > 
> > Sorry to ask this question, but just to verify:
> > 
> > * OpenBSD-base cannot include any software licensed under Apache
> > 2.0.
> > * Software in the ports collection is allowed to be licensed under
> > Apache 2.0.
> 
> Right.
> 
> > If my assumptions are correct, and since NSD is in base, the
> > dependency
> > on the Apache 2.0 licensed code is therefore better removed or,
> > alternatively, relicensed under a BSD-compatible license, right?
> 
> If this will add Apache-licensed code to NSD itself we can't take it.
> (It may be an issue for other users too - in some cases they will
> then
> have to think more about patent law when they decide whether to use
> the software).
> 
> If it's in an external dependency (say, some NSD feature uses some
> external Apache-licensed library, but that feature is optional,
> and the NSD code which makes use of it follows the standard LICENSE
> from the NSD distribution) then we can just disable the option.
> 

Thanks, exactly what I needed to know.

- Jeroen

Re: Question regarding Apache 2.0 license

[Kevin Williams]

Hi Jeroen,

Thank you for considering the license and venturing to improve OpenBSD base, 
NSD in this case. The preferred license template is modeled after the ISC 
license, and 2-clause BSD close behind.

License policy: ISC or BSD only
https://www.openbsd.org/policy.html

ISC license template:
https://www.openbsd.org/policy.htmlhttps://cvsweb.openbsd.org/src/share/misc/license.template?rev=HEAD

Some of the tools I depend on are licensed Apache/GPL, etc, but not in OpenBSD 
base.

Hope that helps.

https://cvsweb.openbsd.org/src/share/misc/license.template?rev=HEAD

On Mon, Nov 7, 2022 at 3:20 PM, Stuart Henderson  
wrote:

> Hi Jeroen,
>
> On 2022-11-07, Jeroen Koekkoek  wrote:
>> Hi All,
>>
>> I'm working on some patches/features for NSD. One of the new features
>> uses some Apache 2.0 licensed code (for now).
>>
>> Sorry to ask this question, but just to verify:
>>
>> * OpenBSD-base cannot include any software licensed under Apache 2.0.
>> * Software in the ports collection is allowed to be licensed under
>> Apache 2.0.
>
> Right.
>
>> If my assumptions are correct, and since NSD is in base, the dependency
>> on the Apache 2.0 licensed code is therefore better removed or,
>> alternatively, relicensed under a BSD-compatible license, right?
>
> If this will add Apache-licensed code to NSD itself we can't take it.
> (It may be an issue for other users too - in some cases they will then
> have to think more about patent law when they decide whether to use
> the software).
>
> If it's in an external dependency (say, some NSD feature uses some
> external Apache-licensed library, but that feature is optional,
> and the NSD code which makes use of it follows the standard LICENSE
> from the NSD distribution) then we can just disable the option.
>
> --
> Please keep replies on the mailing list.

Re: Question regarding Apache 2.0 license

[Stuart Henderson]

Hi Jeroen,

On 2022-11-07, Jeroen Koekkoek  wrote:
> Hi All,
>
> I'm working on some patches/features for NSD. One of the new features
> uses some Apache 2.0 licensed code (for now).
>
> Sorry to ask this question, but just to verify:
>
> * OpenBSD-base cannot include any software licensed under Apache 2.0.
> * Software in the ports collection is allowed to be licensed under
> Apache 2.0.

Right.

> If my assumptions are correct, and since NSD is in base, the dependency
> on the Apache 2.0 licensed code is therefore better removed or,
> alternatively, relicensed under a BSD-compatible license, right?

If this will add Apache-licensed code to NSD itself we can't take it.
(It may be an issue for other users too - in some cases they will then
have to think more about patent law when they decide whether to use
the software).

If it's in an external dependency (say, some NSD feature uses some
external Apache-licensed library, but that feature is optional,
and the NSD code which makes use of it follows the standard LICENSE
from the NSD distribution) then we can just disable the option.

-- 
Please keep replies on the mailing list.

Question regarding Apache 2.0 license

[Jeroen Koekkoek]

Hi All,

I'm working on some patches/features for NSD. One of the new features
uses some Apache 2.0 licensed code (for now).

Sorry to ask this question, but just to verify:

* OpenBSD-base cannot include any software licensed under Apache 2.0.
* Software in the ports collection is allowed to be licensed under
Apache 2.0.


If my assumptions are correct, and since NSD is in base, the dependency
on the Apache 2.0 licensed code is therefore better removed or,
alternatively, relicensed under a BSD-compatible license, right?

Thanks in advance.

Cheers,
Jeroen

Re: pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway

[Steve Williams]

On 05/03/2020 10:53 a.m., Edgar Pettijohn wrote:

On Mar 5, 2020 10:15 AM, Steve Williams  wrote:

Hi,

Should this be on ports@?  I'm not working on a port...

TL;DR:
Does anyone have any recommendations on how to work around not having
pthread_mutexattr_setpshared in the OpenBSD pthreads library?


Have you tried searching the ports tree patch files for mention of the 
function. You may find a real world example of a workaround.

Edgar


DETAILS:
I wanted to see if Apache Guacamole would compile on OpenBSD to server
as a remote desktop gateway.

It hasn't been too hard to get it to the final linking step.

I am getting an "undefined reference to `pthread_mutexattr_setpshared'":

     ../../src/libguac/.libs/libguac.so.17.0: undefined reference to
     `pthread_mutexattr_setpshared'
     collect2: ld returned 1 exit status
     *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD
     " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...)
     *** Error 1 in . (Makefile:556 'all-recursive')
     *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453
     'all')


When I look at some of the code using pthread_mutexattr_setpshared, it's
not #ifdef'd or anything, so I think it's pretty much mandatory code.

pool.c:

     guac_pool* guac_pool_alloc(int size) {

      pthread_mutexattr_t lock_attributes;
      guac_pool* pool = malloc(sizeof(guac_pool));

      /* If unable to allocate, just return NULL. */
      if (pool == NULL)
      return NULL;

      /* Initialize empty pool */
      pool->min_size = size;
      pool->active = 0;
      pool->__next_value = 0;
      pool->__head = NULL;
      pool->__tail = NULL;

      /* Init lock */
      pthread_mutexattr_init(_attributes);

      pthread_mutexattr_setpshared(_attributes,
     PTHREAD_PROCESS_SHARED);
     //^
      pthread_mutex_init(&(pool->__lock), _attributes);


It looks like this is a posix (of some version) function:
https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html

An "appropos" search in the OpenBSD man pages for "pthread_mutexattr"
returned:
https://man.openbsd.org/man3/pthread_mutexattr.3

This function is definitely missing...

I tried to see if there was a way to use pthread_mutexattr_settype to
accomplish the same thing, but got lost in the maze of documentation.

Does anyone have any recommendations on how to work around not having
pthread_mutexattr_setpshared in the OpenBSD pthreads library?

Thanks,
Steve Williams



Hi,

Great idea to check the ports tree patch files!

I will start to look through these and see how they are handling 
things.   I have deleted all the lines returned for posixtestsuite port.


$ find . -type f -print0 | xargs -0 grep pthread_mutexattr_setpshared | 
tee /tmp/shared.out


./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = 
pthread_mutexattr_setpshared (&_mutex_attr, PTHREAD_PROCESS_PRIVATE);
./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = 
pthread_mutexattr_setpshared (&_mutex_attr, PTHREAD_PROCESS_PRIVATE);
./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = 
pthread_mutexattr_setpshared (&_attr, PTHREAD_PROCESS_PRIVATE);
./devel/lam/patches/patch-config_lam_mutex_pshared_m4:   if 
(pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED)) return(1);
./textproc/sphinx/patches/patch-src_sphinxstd_cpp:- iRes = 
pthread_mutexattr_setpshared ( , PTHREAD_PROCESS_SHARED );
./textproc/sphinx/patches/patch-src_sphinxstd_cpp:- m_sError.SetSprintf 
( "pthread_mutexattr_setpshared, errno = %d", iRes );
./x11/kde4/libs/files/ConfigureChecks.cmake:    if 
(pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED) == -1) {
./x11/kde4/libs/files/ConfigureChecks.cmake: 
printf(\"pthread_mutexattr_setpshared failed: %s\", strerror(errno));
./x11/kde4/libs/patches/patch-kdecore_util_kshareddatacache_p_h: if 
(pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED) == 0 &&


Cheers,
Steve Williams

Re: pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway

[Edgar Pettijohn]

On Mar 5, 2020 10:15 AM, Steve Williams  wrote:
>
> Hi,
>
> Should this be on ports@?  I'm not working on a port...
>
> TL;DR:
> Does anyone have any recommendations on how to work around not having 
> pthread_mutexattr_setpshared in the OpenBSD pthreads library?
>

Have you tried searching the ports tree patch files for mention of the 
function. You may find a real world example of a workaround.

Edgar

> DETAILS:
> I wanted to see if Apache Guacamole would compile on OpenBSD to server 
> as a remote desktop gateway.
>
> It hasn't been too hard to get it to the final linking step.
>
> I am getting an "undefined reference to `pthread_mutexattr_setpshared'":
>
>     ../../src/libguac/.libs/libguac.so.17.0: undefined reference to
>     `pthread_mutexattr_setpshared'
>     collect2: ld returned 1 exit status
>     *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD   
>     " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...)
>     *** Error 1 in . (Makefile:556 'all-recursive')
>     *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453
>     'all')
>
>
> When I look at some of the code using pthread_mutexattr_setpshared, it's 
> not #ifdef'd or anything, so I think it's pretty much mandatory code.
>
> pool.c:
>
>     guac_pool* guac_pool_alloc(int size) {
>
>      pthread_mutexattr_t lock_attributes;
>      guac_pool* pool = malloc(sizeof(guac_pool));
>
>      /* If unable to allocate, just return NULL. */
>      if (pool == NULL)
>      return NULL;
>
>      /* Initialize empty pool */
>      pool->min_size = size;
>      pool->active = 0;
>      pool->__next_value = 0;
>      pool->__head = NULL;
>      pool->__tail = NULL;
>
>      /* Init lock */
>      pthread_mutexattr_init(_attributes);
>
>      pthread_mutexattr_setpshared(_attributes,
>     PTHREAD_PROCESS_SHARED);
>     //^
>      pthread_mutex_init(&(pool->__lock), _attributes);
>
>
> It looks like this is a posix (of some version) function:
> https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html
>
> An "appropos" search in the OpenBSD man pages for "pthread_mutexattr" 
> returned:
> https://man.openbsd.org/man3/pthread_mutexattr.3
>
> This function is definitely missing...
>
> I tried to see if there was a way to use pthread_mutexattr_settype to 
> accomplish the same thing, but got lost in the maze of documentation.
>
> Does anyone have any recommendations on how to work around not having 
> pthread_mutexattr_setpshared in the OpenBSD pthreads library?
>
> Thanks,
> Steve Williams
>

pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway

[Steve Williams]

Hi,

Should this be on ports@?  I'm not working on a port...

TL;DR:
Does anyone have any recommendations on how to work around not having 
pthread_mutexattr_setpshared in the OpenBSD pthreads library?


DETAILS:
I wanted to see if Apache Guacamole would compile on OpenBSD to server 
as a remote desktop gateway.


It hasn't been too hard to get it to the final linking step.

I am getting an "undefined reference to `pthread_mutexattr_setpshared'":

   ../../src/libguac/.libs/libguac.so.17.0: undefined reference to
   `pthread_mutexattr_setpshared'
   collect2: ld returned 1 exit status
   *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD   
   " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...)
   *** Error 1 in . (Makefile:556 'all-recursive')
   *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453
   'all')


When I look at some of the code using pthread_mutexattr_setpshared, it's 
not #ifdef'd or anything, so I think it's pretty much mandatory code.


pool.c:

   guac_pool* guac_pool_alloc(int size) {

    pthread_mutexattr_t lock_attributes;
    guac_pool* pool = malloc(sizeof(guac_pool));

    /* If unable to allocate, just return NULL. */
    if (pool == NULL)
    return NULL;

    /* Initialize empty pool */
    pool->min_size = size;
    pool->active = 0;
    pool->__next_value = 0;
    pool->__head = NULL;
    pool->__tail = NULL;

    /* Init lock */
    pthread_mutexattr_init(_attributes);

    pthread_mutexattr_setpshared(_attributes,
   PTHREAD_PROCESS_SHARED);
   //^
    pthread_mutex_init(&(pool->__lock), _attributes);


It looks like this is a posix (of some version) function:
https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html

An "appropos" search in the OpenBSD man pages for "pthread_mutexattr" 
returned:

https://man.openbsd.org/man3/pthread_mutexattr.3

This function is definitely missing...

I tried to see if there was a way to use pthread_mutexattr_settype to 
accomplish the same thing, but got lost in the maze of documentation.


Does anyone have any recommendations on how to work around not having 
pthread_mutexattr_setpshared in the OpenBSD pthreads library?


Thanks,
Steve Williams

Re: Apache 2.4 not running php OpenBSD 6.4

[Georgs]

Hi,

Seems like Apache is not using the module, i.e. it treats as text, it needs to 
run you php code. I think if you share some relevant parts of your 
configuration and prove that you have the necessary tools installed and working 
you will get better feedback.

Regards,
George


On July 11, 2019 2:40:42 AM EDT, mansoor  wrote:
>Hi,
>I hope you guys are doing great.
>
>I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6.
>I have disabled default httpd of OpenBSD, now apache2 is showing plain
>php
>code in browser it doesn't process php at all.
>
>I couldn't find solution to this problem on stackOverflow (or any other
>site
>on internet).
>Please help me if anyone know about this problem. 
>Thanks.
>
>
>
>
>--
>Sent from:
>http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Apache 2.4 not running php OpenBSD 6.4

[Solene Rapenne]

On Wed, Jul 10, 2019 at 11:40:42PM -0700, mansoor wrote:
> Hi,
> I hope you guys are doing great.
> 
> I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6.
> I have disabled default httpd of OpenBSD, now apache2 is showing plain php
> code in browser it doesn't process php at all.
> 
> I couldn't find solution to this problem on stackOverflow (or any other site
> on internet).
> Please help me if anyone know about this problem. 
> Thanks.
> 

You need to install the php apache module. It should be explained in the
php README file in /usr/local/share/doc/pkg-readmes/

Re: Apache 2.4 not running php OpenBSD 6.4

[Tony Boston]

IT is not about going to sites like stackoverflow or asking for solutions on 
mailing lists especially THIS topic doesn’t have anything to do with openbsd.
You should learn the basics and your “issue” is very basic. 
I bet the logs you’ll get from either application tell you what the problem is 
but you don’t seem to even know that this would be the first start to solving 
problems..


--
Tony

GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F
Threema: DN8PJX4Z





> On 11. Jul 2019, at 08:40, mansoor  wrote:
> 
> Hi,
> I hope you guys are doing great.
> 
> I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6.
> I have disabled default httpd of OpenBSD, now apache2 is showing plain php
> code in browser it doesn't process php at all.
> 
> I couldn't find solution to this problem on stackOverflow (or any other site
> on internet).
> Please help me if anyone know about this problem. 
> Thanks.
> 
> 
> 
> 
> --
> Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
> 

Apache 2.4 not running php OpenBSD 6.4

[mansoor]

Hi,
I hope you guys are doing great.

I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6.
I have disabled default httpd of OpenBSD, now apache2 is showing plain php
code in browser it doesn't process php at all.

I couldn't find solution to this problem on stackOverflow (or any other site
on internet).
Please help me if anyone know about this problem. 
Thanks.




--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html

Re: httpd rewiterules like apache

[Markus Rosjat]

Hi,


Am 01.11.2018 um 11:40 schrieb Tony Boston:

You should definitely try the relayd(8) route here.

 that would be forwarding it to the ip like

 match request quick header "Host" value "*some.tld" forward to 

but that wouldnt solve something like

RewriteRule ^(.*)http://some.tld/someotherdir/$1  [L,P]

so a http://www.my.tld would go to http:/some.tld/something.http but woudnt 
http://some.tld/someotherdir/something.http

or do I get it wrong?

--
Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT

Re: httpd rewiterules like apache

[Tony Boston]

You should definitely try the relayd(8) route here.

> On 1. Nov 2018, at 11:32, Markus Rosjat  wrote:
> 
> Hi all,
> 
> I was wondering if it is possible to do like a proxy rewrite like with Apache 
> rewrite mod?
> 
> RewriteRule ^(.*) http://some.tld/$1 [L,P]
> 
> So here the P Flag should preserver the original domain in the url and just 
> proxy the request to the other location (not on the same machine!)
> 
> Since there is redirection I can do this but then the url gets of course 
> replaced  in a block directive
> 
>  block return 301 "http://dome.tld$REQUEST_URI;
> 
> I read that there is rewrite support but as far as I figured it's just for 
> location on the filesystem ?
> 
> regards
> 
> --
> Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de
> 
> G+H Webservice GbR Gorzolla, Herrmann
> Königsbrücker Str. 70, 01099 Dresden
> 
> http://www.ghweb.de
> fon: +49 351 8107220   fax: +49 351 8107227
> 
> Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
> print it, think about your responsibility and commitment to the ENVIRONMENT
> 

--
Tony

GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F
Threema: DN8PJX4Z






signature.asc
Description: Message signed with OpenPGP

httpd rewiterules like apache

[Markus Rosjat]

Hi all,

I was wondering if it is possible to do like a proxy rewrite like with 
Apache rewrite mod?


RewriteRule ^(.*) http://some.tld/$1 [L,P]

So here the P Flag should preserver the original domain in the url and 
just proxy the request to the other location (not on the same machine!)


Since there is redirection I can do this but then the url gets of course 
replaced  in a block directive


 block return 301 "http://dome.tld$REQUEST_URI;

I read that there is rewrite support but as far as I figured it's just 
for location on the filesystem ?


regards

--
Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT

Re: relayd: incomplete response from a TLS-accelerated apache

[Maxim Bourmistrov]

Compiling relayd with -DDEBUG=3 and watching the output gave me nothing.
No errors what so ever about out of buffers or something else.

However, removing 'socket buffer 65536’ solved my problem.

Br

> 8 maj 2017 kl. 13:27 skrev Maxim Bourmistrov <m...@alumni.chalmers.se>:
> 
> Hey,
> I investigate a problem were TLS-asselerated machine response is incomplete.
> I was able to reproduce this on OpenBSD 5.9, 6.0 and 6.1. Test on 5.8 is 
> about to be.
> 
> Following env I have:
> 
> relay1: relayd machine
> web1: apache 2.2.31 serving the request
> client1: requester
> 
> relay1 is configured following way (relevant lines):
> 
> http protocol http_relay {
>tcp { nodelay, sack, socket buffer 65536, backlog 1024 }
>match header append "X-Forwarded-For" value "$REMOTE_ADDR"
>match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
>match header set "Keep-Alive" value "$TIMEOUT"
>match request header remove "Proxy"
> }
> 
> http protocol tls_accel {
>tcp { nodelay, sack, socket buffer 65536, backlog 1024 }
>match header append "X-Forwarded-For" value "$REMOTE_ADDR"
>match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
>match header set "X-Forwarded-Proto" value "https"
>match header set "X-Forwarded-Port" value "443"
>match header set "Keep-Alive" value "$TIMEOUT"
>match request header remove "Proxy"
> 
>tls { tlsv1, \
>ciphers "AES:!AES256:!aNULL" \
>  }
> }
> 
> table  { 172.16.1.111 }
> 
> relay int_test_tls {
>listen on 172.16.1.99 port 443 tls
>protocol tls_accel
>forward to  port 80 mode roundrobin check http "/" code 200
> }
> 
> relay int_test_http {
>listen on 172.16.1.99 port 80
>protocol http_relay
>forward to  port 80 mode roundrobin check http "/" code 200
> }
> 
> web1 is a std Apache 2.2.31 with enabled deflate for the following
> 
> AddOutputFilterByType DEFLATE application/json
> AddOutputFilterByType DEFLATE text/html
> AddOutputFilterByType DEFLATE text/plain
> AddOutputFilterByType DEFLATE text/xml
> AddOutputFilterByType DEFLATE text/css
> AddOutputFilterByType DEFLATE application/x-javascript
> AddOutputFilterByType DEFLATE application/javascript
> 
> and serving a JS file.
> 
> client1 is running PHP code from CLI to reproduce this problem.
> 
> 
> Following is observed:
> 
> 1. Client1 requests web1 directly on port 80 and gets full response
> 
> shell$ php client3.php
> Expected length: 547204
> Received length: 547204
> 
> [Response Headers]
> HTTP/1.1 200 OK
> Date: Mon, 08 May 2017 11:08:27 GMT
> Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips
> Last-Modified: Mon, 08 May 2017 07:22:43 GMT
> ETag: "60319-85984-54efe1ae42be3"
> Accept-Ranges: bytes
> Content-Length: 547204
> Vary: Accept-Encoding
> Connection: close
> Content-Type: application/javascript 
> 
> 2. Client1 requests web1 directly on port 80 WITH GZIP enabled and gets full 
> response back
> I see gzipped stream on the screen and then it gets decoded to a complete 
> file. File I get is not cut.
> 
> Expected length: Content-Length not recieved
> Received length: 165454
> 
> [Response Headers]
> HTTP/1.1 200 OK
> Date: Mon, 08 May 2017 11:10:18 GMT
> Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips
> Last-Modified: Mon, 08 May 2017 07:22:43 GMT
> ETag: "60319-85984-54efe1ae42be3"
> Accept-Ranges: bytes
> Vary: Accept-Encoding
> Content-Encoding: gzip
> Connection: close
> Content-Type: application/javascript
> 
> 3. and 4. Clien1 requests relay1 on port 80 (with and without GZIP) and gets 
> complete response
> 
> 5. Client1 requests relay1 on port 443 without GZIP - response is incomplete
> 
> Expected length: 547204
> Received length: 396424
> 
> [Response Headers]
> HTTP/1.1 200 OK
> Accept-Ranges: bytes
> Connection: close
> Content-Length: 547204
> Content-Type: application/javascript
> Date: Mon, 08 May 2017 11:14:59 GMT
> ETag: "60319-85984-54efe1ae42be3"
> Last-Modified: Mon, 08 May 2017 07:22:43 GMT
> Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips
> Vary: Accept-Encoding
> 
> 6. Client1 requests relay1 on port 443 with GZIP - response is complete.
> 
> 
> So non-gzipped response from behind the relay1 is incomplete while doing TLS 
> termination.
> Files server.js and client.php can be provided upon request.
> 
> Any ideas?
> 
> Br
> 
> 
> 

relayd: incomplete response from a TLS-accelerated apache

[Maxim Bourmistrov]

Hey,
I investigate a problem were TLS-asselerated machine response is incomplete.
I was able to reproduce this on OpenBSD 5.9, 6.0 and 6.1. Test on 5.8 is about 
to be.

Following env I have:

relay1: relayd machine
web1: apache 2.2.31 serving the request
client1: requester

relay1 is configured following way (relevant lines):

http protocol http_relay {
tcp { nodelay, sack, socket buffer 65536, backlog 1024 }
match header append "X-Forwarded-For" value "$REMOTE_ADDR"
match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
match header set "Keep-Alive" value "$TIMEOUT"
match request header remove "Proxy"
}

http protocol tls_accel {
tcp { nodelay, sack, socket buffer 65536, backlog 1024 }
match header append "X-Forwarded-For" value "$REMOTE_ADDR"
match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
match header set "X-Forwarded-Proto" value "https"
match header set "X-Forwarded-Port" value "443"
match header set "Keep-Alive" value "$TIMEOUT"
match request header remove "Proxy"

tls { tlsv1, \
ciphers "AES:!AES256:!aNULL" \
  }
}

table  { 172.16.1.111 }

relay int_test_tls {
listen on 172.16.1.99 port 443 tls
protocol tls_accel
forward to  port 80 mode roundrobin check http "/" code 200
}

relay int_test_http {
listen on 172.16.1.99 port 80
protocol http_relay
forward to  port 80 mode roundrobin check http "/" code 200
}

web1 is a std Apache 2.2.31 with enabled deflate for the following

AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/javascript

and serving a JS file.

client1 is running PHP code from CLI to reproduce this problem.


Following is observed:

1. Client1 requests web1 directly on port 80 and gets full response

shell$ php client3.php
Expected length: 547204
Received length: 547204

[Response Headers]
HTTP/1.1 200 OK
Date: Mon, 08 May 2017 11:08:27 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips
Last-Modified: Mon, 08 May 2017 07:22:43 GMT
ETag: "60319-85984-54efe1ae42be3"
Accept-Ranges: bytes
Content-Length: 547204
Vary: Accept-Encoding
Connection: close
Content-Type: application/javascript 

2. Client1 requests web1 directly on port 80 WITH GZIP enabled and gets full 
response back
I see gzipped stream on the screen and then it gets decoded to a complete file. 
File I get is not cut.

Expected length: Content-Length not recieved
Received length: 165454

[Response Headers]
HTTP/1.1 200 OK
Date: Mon, 08 May 2017 11:10:18 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips
Last-Modified: Mon, 08 May 2017 07:22:43 GMT
ETag: "60319-85984-54efe1ae42be3"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
Content-Type: application/javascript

3. and 4. Clien1 requests relay1 on port 80 (with and without GZIP) and gets 
complete response

5. Client1 requests relay1 on port 443 without GZIP - response is incomplete

Expected length: 547204
Received length: 396424

[Response Headers]
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: close
Content-Length: 547204
Content-Type: application/javascript
Date: Mon, 08 May 2017 11:14:59 GMT
ETag: "60319-85984-54efe1ae42be3"
Last-Modified: Mon, 08 May 2017 07:22:43 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding

6. Client1 requests relay1 on port 443 with GZIP - response is complete.


So non-gzipped response from behind the relay1 is incomplete while doing TLS 
termination.
Files server.js and client.php can be provided upon request.

Any ideas?

Br

Re: apache-httpd-openbsd?

[Bogdan Andu]

my 2 cents here...

May be not what u want but have u considered Task::Plack ?
or even better, u can easily modify your Perl scrips to use slowcgi + built-in 
httpd demon 
if u can make use of OpenBSD machine, otherwise Task::Plack is a wondefull 
solution.

I would take this chance to get rid of Apache.

hope this helps,
Bogdan
 

On Sunday, May 15, 2016 7:15 PM, Chris Bennett 
<chrisbenn...@bennettconstruction.us> wrote:
 

 I've had to think about it, but since everything I've written is in
mod_perl, I'm going to have to switch over to Apache 2.
Very little perl is written or tested for Apache 1 now, so I'm going to
change over to Apache 2.

Thanks for the heads up a while back. It gave me a chance to think
things over carefully.

Chris Bennett

Re: apache-httpd-openbsd?

[Chris Bennett]

I've had to think about it, but since everything I've written is in
mod_perl, I'm going to have to switch over to Apache 2.
Very little perl is written or tested for Apache 1 now, so I'm going to
change over to Apache 2.

Thanks for the heads up a while back. It gave me a chance to think
things over carefully.

Chris Bennett

Re: apache-httpd-openbsd?

[Jeff Ross]

On 5/9/16 4:26 PM, Daniel Jakots wrote:


On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross <jr...@openvistas.net>
wrote:


Trying to install apache-httpd-openbsd in -current

https://marc.info/?l=openbsd-ports-cvs=146186762111571=2

Hmm--I went through all of the ports@ messages looking for a removal 
announcement but didn't find one.


Thank you, Daniel!

Jeff

Re: apache-httpd-openbsd?

[Jeff Ross]

On 5/9/16 4:25 PM, Fred wrote:


On 05/09/16 22:58, Jeff Ross wrote:

On 5/9/16 3:21 PM, arrowscr...@mail.com wrote:


try pkg_add
http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz 





That's apache 2.4, I want the 1.3.9 version that is, as my subject line
says, apache-httpd-openbsd.

Jeff



It was removed 11 days ago:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/apache-httpd-openbsd/Attic/Makefile 



You'll need a cvs version before 28 Apr 16 if you want to build it 
yourself.


Cheers

Fred


Thanks, Fred!  That explains the missing package!

Jeff

Re: apache-httpd-openbsd?

[Jeff Ross]

On 5/9/16 4:30 PM, Stuart Henderson wrote:


On 2016-05-09, Jeff Ross <jr...@openvistas.net> wrote:

Trying to install apache-httpd-openbsd in -current and it seems the
package is no longer available.

Correct.

Options:

- (preferred) migrate your configuration to a maintained http
server version.


I need mod_rewrite so I guess I'm headed for apache2.

- install 5.9 release.

- checkout an old version of the port (mkdir -p
/usr/ports/mystuff/www; cd /usr/ports/mystuff/www; cvs get -D \
2016/04/01 -d apache-httpd-openbsd ports/www/apache-httpd-openbsd)
and build it yourself; things will break again at some point though.


I cvs uped my src and ports and built
the system from source but when I try to install apache-httpd-openbsd
from ports I'm getting the "reading plist|Error: unknown fragment SHARED
at /usr/libdata/perl5/OpenBSD/Subst.pm line 109, <$fh> line 2." error.

that's not unexpected; the PFRAG.shared complexity has been removed
from ports now that vax is no longer a supported arch.

Okay--I think this must be above my pay grade because I can't see how 
vax is related, nor do I think I need to know ;-)


Thank you, Stuart, as always!

Jeff

Re: apache-httpd-openbsd?

[Stuart Henderson]

On 2016-05-09, Jeff Ross <jr...@openvistas.net> wrote:
> Trying to install apache-httpd-openbsd in -current and it seems the 
> package is no longer available.

Correct.

Options:

- (preferred) migrate your configuration to a maintained http
server version.

- install 5.9 release.

- checkout an old version of the port (mkdir -p
/usr/ports/mystuff/www; cd /usr/ports/mystuff/www; cvs get -D \
2016/04/01 -d apache-httpd-openbsd ports/www/apache-httpd-openbsd)
and build it yourself; things will break again at some point though.

> I cvs uped my src and ports and built 
> the system from source but when I try to install apache-httpd-openbsd 
> from ports I'm getting the "reading plist|Error: unknown fragment SHARED 
> at /usr/libdata/perl5/OpenBSD/Subst.pm line 109, <$fh> line 2." error.

that's not unexpected; the PFRAG.shared complexity has been removed
from ports now that vax is no longer a supported arch.

Re: apache-httpd-openbsd?

[Fred]

On 05/09/16 22:58, Jeff Ross wrote:

On 5/9/16 3:21 PM, arrowscr...@mail.com wrote:


try pkg_add
http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz



That's apache 2.4, I want the 1.3.9 version that is, as my subject line
says, apache-httpd-openbsd.

Jeff



It was removed 11 days ago:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/apache-httpd-openbsd/Attic/Makefile

You'll need a cvs version before 28 Apr 16 if you want to build it yourself.

Cheers

Fred

Re: apache-httpd-openbsd?

[Daniel Jakots]

On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross <jr...@openvistas.net>
wrote:

> Trying to install apache-httpd-openbsd in -current

https://marc.info/?l=openbsd-ports-cvs=146186762111571=2

Re: apache-httpd-openbsd?

[Jeff Ross]

On 5/9/16 3:21 PM, arrowscr...@mail.com wrote:


try pkg_add 
http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz

That's apache 2.4, I want the 1.3.9 version that is, as my subject line 
says, apache-httpd-openbsd.


Jeff

apache-httpd-openbsd?

[arrowscript]

try pkg_add 
http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz

apache-httpd-openbsd?

[Jeff Ross]

Hi all,

Trying to install apache-httpd-openbsd in -current and it seems the 
package is no longer available.  I cvs uped my src and ports and built 
the system from source but when I try to install apache-httpd-openbsd 
from ports I'm getting the "reading plist|Error: unknown fragment SHARED 
at /usr/libdata/perl5/OpenBSD/Subst.pm line 109, <$fh> line 2." error.

As I saw suggested in a recent message to ports@ (1) I rebuilt pkg_add 
from /usr/src/usr.sbin/pkg_add/ but that made no difference.

dmesg below

Thanks,

Jeff Ross

(1) http://marc.info/?l=openbsd-ports=146213655323699=2

OpenBSD 5.9-current (GENERIC.MP) #1: Mon May  9 13:08:53 MDT 2016
r...@fw.openvistas.net:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 
1.84 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR
real mem  = 1040486400 (992MB)
avail mem = 1007853568 (961MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 07/29/05, SMBIOS rev. 2.4 @ 0xe (38 entries)
bios0: vendor Apple Inc. version "MM21.88Z.009A.B00.0706281359" date 
06/28/07
bios0: Apple Inc. Macmini2,1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT
acpi0: wakeup devices PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) USB3(S3) 
USB4(S3) USB7(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 166MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 
1.84 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (PCIB)
acpicpu0 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS
acpicpu1 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS
acpibtn0 at acpi0: PWRB
"APP0001" at acpi0 not configured
acpivideo0 at acpi0: GFX0
bios0: ROM list: 0xc/0xe600!
cpu0: Enhanced SpeedStep 1834 MHz: speeds: 1833, 1667, 1500, 1333, 1000 MHz
memory map conflict 0xe00f8000/0x1000
memory map conflict 0xfed1c000/0x4000
memory map conflict 0xfffb/0x3
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0x4000, size 0x1000
inteldrm0: apic 1 int 16
error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, 
remainder is 30
Raw EDID:

00 ff ff ff ff ff ff 00  4c 2d 15 15 39 31 53 53
11 0f 01 03 6c 26 1e 78  2a 6f 86 a2 5a 4d 94 24
1a 4f 54 bf ef 80 81 81  71 4f 01 01 01 01 01 01
01 01 01 01 01 01 30 30  00 98 51 51 2a 40 30 30
13 00 78 2d 11 00 00 00  00 00 00 00 00 38 4b 4b
51 0e 00 0a 20 20 20 20  20 20 00 00 00 fc 00 53
79 6e 63 4d 61 73 74 74  72 0a 20 20 00 00 00 00
00 48 39 39 59 34 33 33  38 33 39 39 20 20 00 00
error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, 
remainder is 30
Raw EDID:

00 ff ff ff ff ff ff 00  4c 2d 15 15 39 31 53 53
11 0f 01 03 6c 26 1e 78  2a 6f 86 a2 5a 4d 94 24
1a 4f 54 bf ef 80 81 81  71 4f 01 01 01 01 01 01
01 01 01 01 01 01 30 30  00 98 51 51 2a 40 30 30
13 00 78 2d 11 00 00 00  00 00 00 00 00 38 4b 4b
51 0e 00 0a 20 20 20 20  20 20 00 00 00 fc 00 53
79 6e 63 4d 61 73 74 74  72 0a 20 20 00 00 00 00
00 48 39 39 59 34 33 33  38 33 39 39 20 20 00 00
error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, 
remainder is 30
Raw EDID:

00 ff ff ff ff ff ff 00  4c 2d 15 15 39 31 53 53
11 0f 01 03 6c 26 1e 78  2a 6f 86 a2 5a 4d 94 24
1a 4f 54 bf ef 80 81 81  71 4f 01 01 01 01 01 01
01 01 01 01 01 01 30 30  00 98 51 51 2a 40 30 30
13 00 78 2d 11 00 00 00  00 00 00 00 00 38 4b 4b
51 0e 00 0a 20 20 20 20  20 20 00 00 00 fc 00 53
79 6e 63 4d 61 73 74 74  72 0a 20 20 00 00 00 00
00 48 39 39 59 34 33 33  38 33 39 39 20 20 00 00
error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, 
remainder is 30
Raw EDID:

00 ff ff ff ff ff ff 00  4c 2d 15 15 39 31 53 53
11 0f 01 03 6c 26 1e 78  2a 6f 86 a2 5a 4d 94 24
1a 4f 54 bf ef 80 81 81  71 4f 01 01 01 01 01 01
01 01 01 01 01 01 

Re: Lanp equivalent web server working on OpenBSD no Apache

[Edgar Pettijohn]

I did and haven't had any problems.

Sent from my iPhone

> On Feb 1, 2016, at 11:40 PM, Dan Farrell  wrote:
> 
> Except that you state it as something people should include as part of
> their proper configuration.
> 
> Really? They should give Ted Unangst's account access to procmap?
> 
> 
> Dan
> 
>> On Mon, Feb 1, 2016 at 7:19 PM, bruce  wrote:
>> 
>> I didn't, that's direct from the man page for doas.conf
>> 
>>> On February 1, 2016 at 12:16 AM Bernd Schoeller  wrote:
>>> 
>>> 
 On 30/01/16 21:10, bruce wrote:
 I've been working on this for several weeks now.
 Results with instructions can be seen here:
 http://tonyevil.zapto.org/serendipity/
 Any feedback welcome.
 httpd is too new for this to be well documented, so here is my small
 contribution.
>>> 
>>> Beyond the usual problems of posting HowTos (search the list archives),
>>> I find it remarkable that you give tedu access to your procmap command
>> ...
>>> 
>>> Bernd

Re: Lanp equivalent web server working on OpenBSD no Apache

[bruce]

I didn't, that's direct from the man page for doas.conf

> On February 1, 2016 at 12:16 AM Bernd Schoeller  wrote:
>
>
> On 30/01/16 21:10, bruce wrote:
> > I've been working on this for several weeks now.
> > Results with instructions can be seen here:
> > http://tonyevil.zapto.org/serendipity/
> > Any feedback welcome.
> > httpd is too new for this to be well documented, so here is my small
> > contribution.
>
> Beyond the usual problems of posting HowTos (search the list archives),
> I find it remarkable that you give tedu access to your procmap command ...
>
> Bernd

Re: Lanp equivalent web server working on OpenBSD no Apache

[Bernd Schoeller]

On 30/01/16 21:10, bruce wrote:

I've been working on this for several weeks now.
Results with instructions can be seen here:
http://tonyevil.zapto.org/serendipity/
Any feedback welcome.
httpd is too new for this to be well documented, so here is my small
contribution.


Beyond the usual problems of posting HowTos (search the list archives), 
I find it remarkable that you give tedu access to your procmap command ...


Bernd

Re: Lanp equivalent web server working on OpenBSD no Apache

[Dan Farrell]

Except that you state it as something people should include as part of
their proper configuration.

Really? They should give Ted Unangst's account access to procmap?


Dan

On Mon, Feb 1, 2016 at 7:19 PM, bruce  wrote:

> I didn't, that's direct from the man page for doas.conf
>
> > On February 1, 2016 at 12:16 AM Bernd Schoeller  wrote:
> >
> >
> > On 30/01/16 21:10, bruce wrote:
> > > I've been working on this for several weeks now.
> > > Results with instructions can be seen here:
> > > http://tonyevil.zapto.org/serendipity/
> > > Any feedback welcome.
> > > httpd is too new for this to be well documented, so here is my small
> > > contribution.
> >
> > Beyond the usual problems of posting HowTos (search the list archives),
> > I find it remarkable that you give tedu access to your procmap command
> ...
> >
> > Bernd

Lanp equivalent web server working on OpenBSD no Apache

[bruce]

I've been working on this for several weeks now.
Results with instructions can be seen here:
http://tonyevil.zapto.org/serendipity/
Any feedback welcome.
httpd is too new for this to be well documented, so here is my small
contribution.

Re: apache 2.4 - Missing mod_cgid.so?

[Stuart Henderson]

On 2016-01-03, Lawrence Wieser  wrote:
> Claudio Jeker  diehard.n-r-g.com> writes:
>
>> You may try to build your own version with adding --enable-cgi in the
>> Makefile configure flags. It seems that even configure tells that
>> --enable-cgi is the default it seems it is not. Go figure...
>> 
>> Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is
>> the module that should be used with the worker or event MPM.
>> 
>> So maybe try something like this diff.
>
> Claudio,
>
> Is there a corrected package available? Or is the diff to the port the best 
> option? I've always  relied on packages and never actually built from ports.

Snapshot packages have this, but if you're on 5.8, the diff to the port is
the best option.

Re: apache 2.4 - Missing mod_cgid.so?

[Lawrence Wieser]

Stuart Henderson  spacehopper.org> writes:

> 
> On 2016-01-03, Lawrence Wieser  gmail.com> wrote:
> > Claudio Jeker  diehard.n-r-g.com> writes:
> >
> >> You may try to build your own version with adding --enable-cgi in the
> >> Makefile configure flags. It seems that even configure tells that
> >> --enable-cgi is the default it seems it is not. Go figure...
> >> 
> >> Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is
> >> the module that should be used with the worker or event MPM.
> >> 
> >> So maybe try something like this diff.
> >
> > Claudio,
> >
> > Is there a corrected package available? Or is the diff to the port the best 
> > option? I've always  relied on packages and never actually built from ports.
> 
> Snapshot packages have this, but if you're on 5.8, the diff to the port is
> the best option.
> 
> 

Thanks Stuart. I am on the 5.8 release. Just pulled down the ports tree 
from -stable and did a `make update` in `ports/www/apache2-httpd`. 
(The diff seems to have been applied in -stable.) Apache is now running 
fine with mod_cgid. 

I appreciate the quick help.

Re: apache 2.4 - Missing mod_cgid.so?

[Lawrence Wieser]

Claudio Jeker  diehard.n-r-g.com> writes:

> You may try to build your own version with adding --enable-cgi in the
> Makefile configure flags. It seems that even configure tells that
> --enable-cgi is the default it seems it is not. Go figure...
> 
> Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is
> the module that should be used with the worker or event MPM.
> 
> So maybe try something like this diff.

Claudio,

Is there a corrected package available? Or is the diff to the port the best 
option? I've always  relied on packages and never actually built from ports.

Thanks,
   Lawrence

Re: apache 2.4 - Missing mod_cgid.so?

[Alessandro DE LAURENZIS]

Hi Claudio,

On Fri 23/10/2015 22:47, Claudio Jeker wrote:
[...]
> You may try to build your own version with adding --enable-cgi in the
> Makefile configure flags. It seems that even configure tells that
> --enable-cgi is the default it seems it is not. Go figure...
> 
> Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is
> the module that should be used with the worker or event MPM.
[...]

That did the trick!
We should update both current and 5.8-STABLE port, I think.

Thank you very much for your prompt feedback.

Cheers

-- 
Alessandro DE LAURENZIS
[mailto:just22@gmail.com]
LinkedIn: http://it.linkedin.com/in/delaurenzis

Re: apache 2.4 - Missing mod_cgid.so?

[Claudio Jeker]

On Fri, Oct 23, 2015 at 07:20:43PM +0200, Alessandro DE LAURENZIS wrote:
> Dear misc@ reader,
> 
> I've just upgraded my home server to 5.8, so I switched to apache 2.4
> (from 2.2); the problem is that my git server no longer works and the
> root cause seems to be that httpd2 with my current configuration (see [0])
> isn't able to run any cgi scripts.
> 
> I noticed that the module mod_cgid.so (which, in my very limited
> understanding, should supersede the old mod_cgi.so when threaded MPM is
> used) is missing in /usr/local/lib/apache2 - Could it be the culprit?
> 
> Any hints? Am I doing something very stupid?
> 
> I would be glad to give further details, but please point me in the
> right direction, because I'm a bit lost.
> 

You may try to build your own version with adding --enable-cgi in the
Makefile configure flags. It seems that even configure tells that
--enable-cgi is the default it seems it is not. Go figure...

Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is
the module that should be used with the worker or event MPM.

So maybe try something like this diff.
-- 
:wq Claudio

Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.67
diff -u -p -r1.67 Makefile
--- Makefile13 Sep 2015 12:37:49 -  1.67
+++ Makefile23 Oct 2015 20:15:37 -
@@ -65,6 +65,7 @@ CONFIGURE_ARGS=   --enable-layout=OpenBSD
--enable-disk-cache \
--enable-proxy=shared \
--enable-mods-shared=all \
+   --enable-cgi \
--enable-suexec \
--with-suexec-caller=www \
--with-suexec-bin=${TRUEPREFIX}/sbin/suexec2 \
Index: pkg/PLIST-main
===
RCS file: /cvs/ports/www/apache-httpd/pkg/PLIST-main,v
retrieving revision 1.6
diff -u -p -r1.6 PLIST-main
--- pkg/PLIST-main  13 Sep 2015 12:37:49 -  1.6
+++ pkg/PLIST-main  23 Oct 2015 20:33:37 -
@@ -98,7 +98,8 @@ lib/apache2/mod_buffer.so
 lib/apache2/mod_cache.so
 lib/apache2/mod_cache_disk.so
 lib/apache2/mod_cache_socache.so
-@comment lib/apache2/mod_cgid.so
+lib/apache2/mod_cgi.so
+lib/apache2/mod_cgid.so
 lib/apache2/mod_charset_lite.so
 lib/apache2/mod_data.so
 lib/apache2/mod_dav.so

Emulate apache mod_rewrite feature with new httpd

[Romain FABBRI]

I've managed to configure the new httpd server to use as a replacement for 
apache. (With is really great.  Thanks to Reyk !)

I'm strugling to make my drupal site work, because of the clean url module.

I used to have the following apache mod_rewrite configuration :
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]

Basically the rule means that if the file or folder is not found then the 
request is rewrited to /index.php?q=request
For exemple if/user doesn't exist modify url to /index.php?q=user

I've looked into man page for httpd and I've seen that the block return 
statement might be of use to emulate this need. but I haven't found many info 
on the subject.

Has someone found a way to make that with the new httpd server ?

PS : I'm running from snapshot (5.7 GENERIC#716 i386)

Romain

Re: Emulate apache mod_rewrite feature with new httpd

[sven falempin]

On Sun, Feb 22, 2015 at 5:23 AM, Romain FABBRI 
romain.fab...@alienconsulting.net wrote:

 I've managed to configure the new httpd server to use as a replacement for
 apache. (With is really great.  Thanks to Reyk !)

 I'm strugling to make my drupal site work, because of the clean url module.

 I used to have the following apache mod_rewrite configuration :
 RewriteEngine on
 RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]

 Basically the rule means that if the file or folder is not found then the
 request is rewrited to /index.php?q=request
 For exemple if/user doesn't exist modify url to /index.php?q=user

 I've looked into man page for httpd and I've seen that the block
 return statement might be of use to emulate this need. but I haven't found
 many info on the subject.

 Has someone found a way to make that with the new httpd server ?

 PS : I'm running from snapshot (5.7 GENERIC#716 i386)

 Romain



You should go to the nginx pages :
http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files




-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: Emulate apache mod_rewrite feature with new httpd

[sven falempin]

On Sun, Feb 22, 2015 at 3:22 PM, Romain FABBRI 
romain.fab...@alienconsulting.net wrote:

  I don’t see how nginx is related to the new httpd…

 If it is, please explain




Your are not force to solve all the problem in one process.


  Maybe a hack could be done inside the canonicalize_path function in
 https://github.com/reyk/httpd/blob/master/httpd.c ?

 But not really sure when looking at the sources it would be the right way
 to do that…



 *De :* sven falempin [mailto:sven.falem...@gmail.com]
 *Envoyé :* dimanche 22 février 2015 19:08
 *À :* Romain FABBRI
 *Cc :* misc
 *Objet :* Re: Emulate apache mod_rewrite feature with new httpd







 On Sun, Feb 22, 2015 at 5:23 AM, Romain FABBRI 
 romain.fab...@alienconsulting.net wrote:

 I've managed to configure the new httpd server to use as a replacement for
 apache. (With is really great.  Thanks to Reyk !)

 I'm strugling to make my drupal site work, because of the clean url module.

 I used to have the following apache mod_rewrite configuration :
 RewriteEngine on
 RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]

 Basically the rule means that if the file or folder is not found then the
 request is rewrited to /index.php?q=request
 For exemple if/user doesn't exist modify url to /index.php?q=user

 I've looked into man page for httpd and I've seen that the block
 return statement might be of use to emulate this need. but I haven't found
 many info on the subject.

 Has someone found a way to make that with the new httpd server ?

 PS : I'm running from snapshot (5.7 GENERIC#716 i386)

 Romain





 You should go to the nginx pages :

 http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files






 --
 () ascii ribbon campaign - against html e-mail
 /\




--
() ascii ribbon campaign - against html e-mail
/\

Re: Emulate apache mod_rewrite feature with new httpd

[Romain FABBRI]

I don’t see how nginx is related to the new httpd…
If it is, please explain

Maybe a hack could be done inside the canonicalize_path function in 
https://github.com/reyk/httpd/blob/master/httpd.c ?
But not really sure when looking at the sources it would be the right way to do 
that…

De : sven falempin [mailto:sven.falem...@gmail.com]
Envoyé : dimanche 22 février 2015 19:08
À : Romain FABBRI
Cc : misc
Objet : Re: Emulate apache mod_rewrite feature with new httpd



On Sun, Feb 22, 2015 at 5:23 AM, Romain FABBRI 
romain.fab...@alienconsulting.netmailto:romain.fab...@alienconsulting.net 
wrote:
I've managed to configure the new httpd server to use as a replacement for 
apache. (With is really great.  Thanks to Reyk !)

I'm strugling to make my drupal site work, because of the clean url module.

I used to have the following apache mod_rewrite configuration :
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]

Basically the rule means that if the file or folder is not found then the 
request is rewrited to /index.php?q=request
For exemple if/user doesn't exist modify url to /index.php?q=user

I've looked into man page for httpd and I've seen that the block return 
statement might be of use to emulate this need. but I haven't found many info 
on the subject.

Has someone found a way to make that with the new httpd server ?

PS : I'm running from snapshot (5.7 GENERIC#716 i386)

Romain


You should go to the nginx pages :
http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files




--
-
() ascii ribbon campaign - against html e-mail
/\

Re: Emulate apache mod_rewrite feature with new httpd

[David Gwynne]

 On 22 Feb 2015, at 20:23, Romain FABBRI romain.fab...@alienconsulting.net 
 wrote:
 
 I've managed to configure the new httpd server to use as a replacement for 
 apache. (With is really great.  Thanks to Reyk !)
 
 I'm strugling to make my drupal site work, because of the clean url module.
 
 I used to have the following apache mod_rewrite configuration :
 RewriteEngine on
 RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]
 
 Basically the rule means that if the file or folder is not found then the 
 request is rewrited to /index.php?q=request
 For exemple if/user doesn't exist modify url to /index.php?q=user
 
 I've looked into man page for httpd and I've seen that the block return 
 statement might be of use to emulate this need. but I haven't found many info 
 on the subject.
 
 Has someone found a way to make that with the new httpd server ?
 
 PS : I'm running from snapshot (5.7 GENERIC#716 i386)
 
 Romain

i havent tried drupal behind httpd yet, but if i did i would unconditionally 
route requests into the drupal controller (index.php), and use a cdn module to 
have drupal generate urls to static assets (ie, the css/js/image files on disk) 
against a separate domain or url prefix. or you could write a simple module 
that takes advantage of hook_file_url_alter. that has greatly simplified our 
configs in the frontend web servers in front of our drupal poop.

Re: Best way forward w.r.t. apache/nginx/httpd?

[Reyk Floeter]

On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote:
  b) Migrate to nginx
 This seems to be the least interesting option - not only do I have to
 migrate now, but once more in the future, as nginx is also on the way
 out (so, the same developer attention caveat applies as with
 apache)
 
 This might be a reasonable choice, especially if the CMS you're looking
 at already documents how to use it with nginx.
 

We already got some of the most common CMS / web things working.  But
I'm interested in examples from users who created such configurations
with httpd (and please make sure to mention httpd in the subject to
let me find them in my inbox).

  c) Migrate to httpd
 From what I've gathered so far from this list, this would basically
 require me to switch to -current, as the 5.6 version is too fresh and
 too many changes have happened since - or am I being pessimistic
 here? I've never run -current before, hence, I'm a bit hesitant...
 
 Personally I don't think httpd is quite ready for use with a typical
 PHP-based CMS yet (including -current). Two big issues for this type
 of use: clean urls functionality in most CMS needs rewrite support
 which httpd doesn't have. httpd's fastcgi support passes every url
 matching a location block to the handler meaning there's no mitigation
 for the issue described in
 http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
 (which also affects naive nginx configurations).
 

And I personally disagree with the conclusion that httpd is not ready.
It is not finished but it is ready for many common things.

- People are using it with different CMS, including Wordpress,
CVSWeb, different Wikis, etc.  I even tested it with node-fastcgi (I
know, it's weird, but I had to satisfy my inner web hipster).  I'm
looking forward to hear about more examples (hint: send me your
testimonials).

- Some features are missing, and will be implemented, but there are
ways to deal with them:

1. redirects / return 301 etc.: This can be done without regex by
using a few built-in variables.  Current workaround is to either do it
in the fastcgi backend or with, ahem, html refresh.  btw., nginx'
return 444; is such an ugly workaround...

2. basic auth: We don't have a satisfying implementation for
authentication yet.  But it is needed and will be done.

3. deny: We cannot deny access to specific locations but the current
workaround is to set a non-accessible root:

location */.* {
# mkdir -m 0 /var/www/forbidden
root /forbidden
}

4. Server aliases and a few restrictions of the grammar: Individual
server blocks can currently only have one name and listen statement.
This will be fixed in the parser later.  To avoid too much repeating
configuration, I currently use includes:

server www.example.com {
listen on $ip4_addr port 80
include /etc/httpd/example.com.inc
}
server www.example.com {
listen on $ip6_addr port 80
include /etc/httpd/example.com.inc
}
server www.example.com {
listen on $ip4_addr tls port 443
include /etc/httpd/example.com.ssl
include /etc/httpd/example.com.inc
}
server www.example.com {
listen on $ip6_addr tls port 443
include /etc/httpd/example.com.ssl
include /etc/httpd/example.com.inc
}

5. Some minor things, eg. charsets (for auto index), fixes, ...

6. The web server needs some more FAQ-style documentation in addition
to our excellent man pages and examples.  Examples for each CMS would
go beyond the scope of them, and probably don't fit into the OpenBSD
FAQ.  So I'm thinking about putting something on http://bsd.plumbing/.

- Like nginx describes, there are also various ways to safely handle
#Passing_Uncontrolled_Requests_to_PHP in httpd:

1. It's a non-issue for OpenBSD because php-fpm rejects execution of
non-php files by default.  See php-fpm.conf:

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5

2. You can write locations as a ruleset in first-matching order, eg.

location */.* {
root /forbidden
}
location /cms/*.jpg {
no fastcgi
}
location /cms/uploads/* {
no fastcgi
}
location /cms/* {
fastcgi socket run/php-fpm.sock
}

3. Don't use PATH_INFO and only match PHP files (fnmatch has an implicit $).

location /cms/*.php {
fastcgi socket run/php-fpm.sock
}

- I

Re: Best way forward w.r.t. apache/nginx/httpd?

[Clint Sand]

On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote:
 On 2014-12-29, T. Ribbrock emga...@gmx.net wrote:
  Given the current state of development in OpenBSD, I'm now wondering
  what the best way forward is for me:
 
  a) Install apache-httpd-openbsd from ports and keep my configuration
 basically as is
 Advantage: Less work to get everything running - I've done OpenBSD
 re-installs like that several times over the past years
 Disadvantage: I guess that the new httpd will get a lot more
 developer attention, so this does not seem the ideal option longterm,
 but I could always migrate to httpd later, e.g. when upgrading to 5.7
 or (more likely) 5.8
 
 apache-httpd-openbsd is a dead-end, it's not actively developed, ssl
 support is poor, third-party documentation relating to use of webapps
 with Apache has long since moved to Apache 2. It's mainly there to
 provide a quick migration path for existing OpenBSD users and to
 ease the pain in ports.
 
  b) Migrate to nginx
 This seems to be the least interesting option - not only do I have to
 migrate now, but once more in the future, as nginx is also on the way
 out (so, the same developer attention caveat applies as with
 apache)
 
 This might be a reasonable choice, especially if the CMS you're looking
 at already documents how to use it with nginx.
 
  c) Migrate to httpd
 From what I've gathered so far from this list, this would basically
 require me to switch to -current, as the 5.6 version is too fresh and
 too many changes have happened since - or am I being pessimistic
 here? I've never run -current before, hence, I'm a bit hesitant...
 
 Personally I don't think httpd is quite ready for use with a typical
 PHP-based CMS yet (including -current). Two big issues for this type
 of use: clean urls functionality in most CMS needs rewrite support
 which httpd doesn't have. httpd's fastcgi support passes every url
 matching a location block to the handler meaning there's no mitigation
 for the issue described in
 http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
 (which also affects naive nginx configurations).
 

Yep. Lack of a mod_rewrite functionality in httpd is the only thing at this 
point keeping me from using it in production. MVC frameworks usually rely 
on some sort of rewrite to force URLs to a signle front controller file. 

I went with the OP's option a) and installed the apache 1 port just to get 
through the 5.6 upgrade. I'll likely switch to nginx long term unless httpd 
gets a rewrite functionality. Big thanks for the apache-httpd-openbsd option 
to make these migrations easier to phase in over time on busy sites. 

-Clint

Re: Best way forward w.r.t. apache/nginx/httpd?

[T. Ribbrock]

I'll answer to this one, but I'll start with a big thanks to all who
responded - some interesting points were made!

On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote:
 apache-httpd-openbsd is a dead-end, it's not actively developed, ssl
 support is poor, third-party documentation relating to use of webapps
 with Apache has long since moved to Apache 2. It's mainly there to
 provide a quick migration path for existing OpenBSD users and to
 ease the pain in ports.

In fact, the Apache 1 vs. 2 problem has already hit me in the past and
forced me not to use a photogallery application I wanted to use. You
make a very valid point here: Contrary to nginx, there is indeed nobody
developing Apache 1 anymore (not even the OpenBSD developers who kept it
running for so long).


  b) Migrate to nginx
[...]

 This might be a reasonable choice, especially if the CMS you're looking
 at already documents how to use it with nginx.

I had a quick look - CMS Made Simple (which is what I'm using) has
aparently been used with nginx by some people, so there is some
documentation around. phpGedView (which is another application I use) is
no longer developed anymore and I was thinking about replacing it
anyway, so this might be a good time. Same goes for the gallery I'm
currently using. There will be some work involved, but this has been
coming a long time now... Time for some clean-up work.


  c) Migrate to httpd
[...]

 Personally I don't think httpd is quite ready for use with a typical
 PHP-based CMS yet (including -current). Two big issues for this type
 of use: clean urls functionality in most CMS needs rewrite support
 which httpd doesn't have. httpd's fastcgi support passes every url
 matching a location block to the handler meaning there's no mitigation
 for the issue described in
 http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
 (which also affects naive nginx configurations).

Thanks for those two insights. Based on what I've read so far, I will
give nginx a try - that will at least place me on a server that is a)
well known on OpenBSD and b) still under active development - that
should buy me enough time to wait for the day that httpd can take over
this job - given the track record of OpenBSD, I very much like to stay
within base where possible.

Thanks again!

And now off to read up on how to use nginx with PHP etc.pp ;-)

Cheerio,

Thomas
-- 
-
 Thomas Ribbrockhttp://www.ribbrock.org/ 
   You have to live on the edge of reality - to make your dreams come true!

Best way forward w.r.t. apache/nginx/httpd?

[T. Ribbrock]

Hi all,

I'm finally getting round to updating my home server (gets a fresh 5.6
install).

Of course, there were a lot of changes over the past versions, one of
them being the whole apache - nginx - httpd migration. My webserver
has a CMS running which requires PHP and MySQL, plus a few more
PHP-applications. Also, I have two or three virtual sites running and
I'm currently considering having a look at something like Owncloud
and/or Citadel.

Given the current state of development in OpenBSD, I'm now wondering
what the best way forward is for me:

a) Install apache-httpd-openbsd from ports and keep my configuration
   basically as is
   Advantage: Less work to get everything running - I've done OpenBSD
   re-installs like that several times over the past years
   Disadvantage: I guess that the new httpd will get a lot more
   developer attention, so this does not seem the ideal option longterm,
   but I could always migrate to httpd later, e.g. when upgrading to 5.7
   or (more likely) 5.8

b) Migrate to nginx
   This seems to be the least interesting option - not only do I have to
   migrate now, but once more in the future, as nginx is also on the way
   out (so, the same developer attention caveat applies as with
   apache)

c) Migrate to httpd
   From what I've gathered so far from this list, this would basically
   require me to switch to -current, as the 5.6 version is too fresh and
   too many changes have happened since - or am I being pessimistic
   here? I've never run -current before, hence, I'm a bit hesitant...

I tend to go for a) because I do not want to migrate twice - but maybe
somebody else has some interesting points that I have not considered
yet? I'd appreciate the input!

Regards,

Thomas
-- 
-
 Thomas Ribbrockhttp://www.ribbrock.org/ 
   You have to live on the edge of reality - to make your dreams come true!

Re: Best way forward w.r.t. apache/nginx/httpd?

[Jeff St. George]

In more or less the same boat, without php as our virtual sites are simple
display only.

However for future business developement we have wondered the same.

I am inn agreement with your choice of (1) as that would be ours pending
feedback here from those who know.


On Mon, Dec 29, 2014 at 7:30 AM, T. Ribbrock emga...@gmx.net wrote:

 Hi all,

 I'm finally getting round to updating my home server (gets a fresh 5.6
 install).

 Of course, there were a lot of changes over the past versions, one of
 them being the whole apache - nginx - httpd migration. My webserver
 has a CMS running which requires PHP and MySQL, plus a few more
 PHP-applications. Also, I have two or three virtual sites running and
 I'm currently considering having a look at something like Owncloud
 and/or Citadel.

 Given the current state of development in OpenBSD, I'm now wondering
 what the best way forward is for me:

 a) Install apache-httpd-openbsd from ports and keep my configuration
basically as is
Advantage: Less work to get everything running - I've done OpenBSD
re-installs like that several times over the past years
Disadvantage: I guess that the new httpd will get a lot more
developer attention, so this does not seem the ideal option longterm,
but I could always migrate to httpd later, e.g. when upgrading to 5.7
or (more likely) 5.8

 b) Migrate to nginx
This seems to be the least interesting option - not only do I have to
migrate now, but once more in the future, as nginx is also on the way
out (so, the same developer attention caveat applies as with
apache)

 c) Migrate to httpd
From what I've gathered so far from this list, this would basically
require me to switch to -current, as the 5.6 version is too fresh and
too many changes have happened since - or am I being pessimistic
here? I've never run -current before, hence, I'm a bit hesitant...

 I tend to go for a) because I do not want to migrate twice - but maybe
 somebody else has some interesting points that I have not considered
 yet? I'd appreciate the input!

 Regards,

 Thomas
 --

 -
  Thomas Ribbrockhttp://www.ribbrock.org/
You have to live on the edge of reality - to make your dreams come
 true!

Re: Best way forward w.r.t. apache/nginx/httpd?

[jungle Boogie]

Hi Thomas,
On 29 December 2014 at 05:30, T. Ribbrock emga...@gmx.net wrote:
 Hi all,

 I'm finally getting round to updating my home server (gets a fresh 5.6
 install).

 Of course, there were a lot of changes over the past versions, one of
 them being the whole apache - nginx - httpd migration. My webserver
 has a CMS running which requires PHP and MySQL, plus a few more
 PHP-applications. Also, I have two or three virtual sites running and
 I'm currently considering having a look at something like Owncloud
 and/or Citadel.


 c) Migrate to httpd
From what I've gathered so far from this list, this would basically
require me to switch to -current, as the 5.6 version is too fresh and
too many changes have happened since - or am I being pessimistic
here? I've never run -current before, hence, I'm a bit hesitant...

Well you could try 5.6 with this patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig

Of course, visualize everything and test it out before going live!

But you are right, httpd is very fast moving:
https://secure.freshbsd.org/search?project=openbsdq=httpd



 Regards,

 Thomas
 --

Best,
jungle


 -
  Thomas Ribbrockhttp://www.ribbrock.org/
You have to live on the edge of reality - to make your dreams come true!



---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Best way forward w.r.t. apache/nginx/httpd?

[Ted Unangst]

On Mon, Dec 29, 2014 at 14:30, T. Ribbrock wrote:
 
 b) Migrate to nginx
 This seems to be the least interesting option - not only do I have to
 migrate now, but once more in the future, as nginx is also on the way
 out (so, the same developer attention caveat applies as with
 apache)

nginx hasn't disappeared entirely. It's still in ports. If you're
running PHP, you're obviously not afraid of installing a few packages.

nginx at least receives attention from its own team of developers.
Their priorities are not always in alignment with OpenBSD (hence the
new httpd), but it has a lot more of a future than apache1 does.

Re: Best way forward w.r.t. apache/nginx/httpd?

[Marcus MERIGHI]

emga...@gmx.net (T. Ribbrock), 2015.12.29 (Mon) 14:30 (CET):
 Hi all,
 
 I'm finally getting round to updating my home server (gets a fresh 5.6
 install).
 
 Of course, there were a lot of changes over the past versions, one of
 them being the whole apache - nginx - httpd migration. My webserver
 has a CMS running which requires PHP and MySQL, plus a few more
 PHP-applications. Also, I have two or three virtual sites running and
 I'm currently considering having a look at something like Owncloud
 and/or Citadel.
 
 Given the current state of development in OpenBSD, I'm now wondering
 what the best way forward is for me:
 
 a) Install apache-httpd-openbsd from ports and keep my configuration
basically as is
Advantage: Less work to get everything running - I've done OpenBSD
re-installs like that several times over the past years
Disadvantage: I guess that the new httpd will get a lot more
developer attention, so this does not seem the ideal option longterm,
but I could always migrate to httpd later, e.g. when upgrading to 5.7
or (more likely) 5.8
 
 b) Migrate to nginx
This seems to be the least interesting option - not only do I have to
migrate now, but once more in the future, as nginx is also on the way
out (so, the same developer attention caveat applies as with
apache)
 
 c) Migrate to httpd
From what I've gathered so far from this list, this would basically
require me to switch to -current, as the 5.6 version is too fresh and
too many changes have happened since - or am I being pessimistic
here? I've never run -current before, hence, I'm a bit hesitant...

As I've understood it, there's no need to run -current to get a
(fairly?) recent httpd(8):

http://www.openbsd.org/errata56.html
009: RELIABILITY FIX: November 18, 2014   All architectures
httpd was developed very rapidly in the weeks before 5.6 release, and
it has a few flaws. It would be nice to get these flaws fully
remediated before the next release, and that requires the community to
want to use it. Therefore here is a jumbo patch that brings in the
most important fixes. 
A source code patch exists which remedies this problem.
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig

Do you know of http://stable.mtier.org/ , especially openup:
http://www.mtier.org/index.php/solutions/apps/openup/ ?

 I tend to go for a) because I do not want to migrate twice - but maybe
 somebody else has some interesting points that I have not considered
 yet? I'd appreciate the input!

For just your own business, I'd do a) and deal with httpd(8) later. For
our all benefit, please run httpd(8) now, reyk@ will love your reports
and you'd raise our chances for httpd(8) in 5.7.

Bye, Marcus

 !DSPAM:54a157c8270671055614085!

Re: Best way forward w.r.t. apache/nginx/httpd?

[Edgar Pettijohn]

I'm not experiencing any problems with httpd and php, but I don't have a 
need for any of the extras you can get with the other two. It actually 
seems to be performing better than nginx from what I can tell.


On 12/29/14 10:07, Ted Unangst wrote:

On Mon, Dec 29, 2014 at 14:30, T. Ribbrock wrote:

b) Migrate to nginx
This seems to be the least interesting option - not only do I have to
migrate now, but once more in the future, as nginx is also on the way
out (so, the same developer attention caveat applies as with
apache)

nginx hasn't disappeared entirely. It's still in ports. If you're
running PHP, you're obviously not afraid of installing a few packages.

nginx at least receives attention from its own team of developers.
Their priorities are not always in alignment with OpenBSD (hence the
new httpd), but it has a lot more of a future than apache1 does.

Re: Best way forward w.r.t. apache/nginx/httpd?

[Stuart Henderson]

On 2014-12-29, T. Ribbrock emga...@gmx.net wrote:
 Given the current state of development in OpenBSD, I'm now wondering
 what the best way forward is for me:

 a) Install apache-httpd-openbsd from ports and keep my configuration
basically as is
Advantage: Less work to get everything running - I've done OpenBSD
re-installs like that several times over the past years
Disadvantage: I guess that the new httpd will get a lot more
developer attention, so this does not seem the ideal option longterm,
but I could always migrate to httpd later, e.g. when upgrading to 5.7
or (more likely) 5.8

apache-httpd-openbsd is a dead-end, it's not actively developed, ssl
support is poor, third-party documentation relating to use of webapps
with Apache has long since moved to Apache 2. It's mainly there to
provide a quick migration path for existing OpenBSD users and to
ease the pain in ports.

 b) Migrate to nginx
This seems to be the least interesting option - not only do I have to
migrate now, but once more in the future, as nginx is also on the way
out (so, the same developer attention caveat applies as with
apache)

This might be a reasonable choice, especially if the CMS you're looking
at already documents how to use it with nginx.

 c) Migrate to httpd
From what I've gathered so far from this list, this would basically
require me to switch to -current, as the 5.6 version is too fresh and
too many changes have happened since - or am I being pessimistic
here? I've never run -current before, hence, I'm a bit hesitant...

Personally I don't think httpd is quite ready for use with a typical
PHP-based CMS yet (including -current). Two big issues for this type
of use: clean urls functionality in most CMS needs rewrite support
which httpd doesn't have. httpd's fastcgi support passes every url
matching a location block to the handler meaning there's no mitigation
for the issue described in
http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
(which also affects naive nginx configurations).

 I tend to go for a) because I do not want to migrate twice - but maybe
 somebody else has some interesting points that I have not considered
 yet? I'd appreciate the input!

Another option is to migrate to apache 2, this tends to be quite well
supported by webapp authors, though it's not very widely used in OpenBSD
land. Or other servers like lighttpd are available.

What would I choose? Depends on the particular webapp...

Re: Apache 1.3 vs. nginx vs. base httpd

[Bogdan Andu]

Hi,
Thank you for insights,
I see that scripts written in Perl need a special Perl that supports FastCGI
(see FastCGI Programmer's Guide - Chapter 3, Developing FastCGI Applications
in Perl)
..snip..
The FastCGI-savvy binaries are extensions of standard Perl, and are intended
to replace your existing Perl installation...snip..
This is not something I want. I want to use OS's Perl distribution with tools
that work directly with standard distribution.
May be it is time to consider the possibility to convert Perl/Apache/mod_perl
scripts to Erlang Yaws/Mochiweb/WebMachine/Cowboy or even Nitrogen framework.
Another question because I use Erlang on OpenBSD ...
I applied patches from R15B02 to OTP 17.3 and it seems to work as expected
(stress tests, etc). Do you think it is safe this for production environment
as I want to migrate the R14B04 applications to OTP 17.3 ?

It is scheduled for near future to upgrade OTP from R15B02 to 17.3 ?

Bogdan

|   |
|   |   |   |   |   |
| FastCGI Programmer's Guide - Chapter 3, Developing FastCGI Applications in
Perl[Top] [Prev] [Next] [Bottom] 3 Developing FastCGI Applications in Perl
This chapter explains how to code FastCGI applications in Perl.  |
|  |
| View on www.fastcgi.com | Preview by Yahoo |
|  |
|   |

  

 On Thursday, November 13, 2014 9:36 PM, Stuart Henderson
s...@spacehopper.org wrote:


 On 2014-11-13, Bogdan Andu bo...@yahoo.com wrote:
 Are Perl scripts in FastCGI evaluated in same manner like in mod_perl, or
 everytime a script is invoked by the server the Perl interpreter is invoked
 also ?

If you run them via slowcgi, the interpreter+script will be started from
scratch each time.

To have a persistent Perl process, convert your script to talk FastCGI
directly (see ports/www/fcgi) or via PSGI and a fastcgi adapter, or use
some framework that supports it (in Perl-land you might want to look at
frameworks like Mojolicious, Dancer etc).

 I want to setup a 5.6 machine and test all these cool stuff but for the
moment
 I don't have access to such machine and I would like to see what other
poeple
 experienced with this httpd(8) daemon .

httpd was *very* new in 5.6, you want something newer (-current, or
keep your eye out for patches). If you want to play with fcgi before
updating, nginx and lighttpd support it natively, and apache via a
module - it isn't something new, it has been around for years, it's
pretty much the only standard way to handle cgi-like scripting in a
non-forking webserver. Config methods differ, but scripts should be
portable between all the various http servers.

Re: Apache 1.3 vs. nginx vs. base httpd

[Bogdan Andu]

Hi,
thanks for input.
is the new httpd daemon ready for production?
For example is it safe to migrate Perl scripts from Apache 1.3/mod_perl1.3 to
httpd/FastCGI?
Are Perl scripts in FastCGI evaluated in same manner like in mod_perl, or
everytime a script is invoked by the server the Perl interpreter is invoked
also ?
From manual pages:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man5/httpd.conf.5?query=ht
tpd.confsec=5arch=amd64manpath=OpenBSD-5.6

looks very impressive and I see that httpd(8) uses slowcgi(8) - an
implementation of FastCGI protocol - to execute cgi scripts, Perl or
otherwise.

I want to setup a 5.6 machine and test all these cool stuff but for the moment
I don't have access to such machine and I would like to see what other poeple
experienced with this httpd(8) daemon .

For me these new stuff looks very exciting and I can't wait to try it.
Thanks for any thoughts,
Bogdan


 On Thursday, November 6, 2014 6:48 PM, li...@ggp2.com li...@ggp2.com
wrote:


 On Thu, Nov 06, 2014 at 09:24:24AM +, Bogdan Andu wrote:
 4) will httpd be able to support Perl script processing without the need to
 talk to an external (FasCGI) daemon?

Just my 2c about the new httpd daemon.  It's brand new in 5.6, and is
shaping up to be an awesome and simple server.  I fully intend on
replacing nginx with it in production when 5.7 is released.

That being said, the 5.6 implementation has some issues that you may
want to research further if you'd like to use it.  They've already been
fixed in -current.

Re: Apache 1.3 vs. nginx vs. base httpd

[Stuart Henderson]

On 2014-11-13, Bogdan Andu bo...@yahoo.com wrote:
 Are Perl scripts in FastCGI evaluated in same manner like in mod_perl, or
 everytime a script is invoked by the server the Perl interpreter is invoked
 also ?

If you run them via slowcgi, the interpreter+script will be started from
scratch each time.

To have a persistent Perl process, convert your script to talk FastCGI
directly (see ports/www/fcgi) or via PSGI and a fastcgi adapter, or use
some framework that supports it (in Perl-land you might want to look at
frameworks like Mojolicious, Dancer etc).

 I want to setup a 5.6 machine and test all these cool stuff but for the moment
 I don't have access to such machine and I would like to see what other poeple
 experienced with this httpd(8) daemon .

httpd was *very* new in 5.6, you want something newer (-current, or
keep your eye out for patches). If you want to play with fcgi before
updating, nginx and lighttpd support it natively, and apache via a
module - it isn't something new, it has been around for years, it's
pretty much the only standard way to handle cgi-like scripting in a
non-forking webserver. Config methods differ, but scripts should be
portable between all the various http servers.

Apache 1.3 vs. nginx vs. base httpd

[Bogdan Andu]

Hi,
There are some confusing info about which won the base-webserver in OpenBSD:
In 5.6 it seems to be nginx 1.6.0 (http://www.openbsd.org/plus56.html) :
Unhooked httpd(8) from build: use of nginx(8) is encouraged now.
Removed Apache from base (replaced by nginx(8)). 
and

In current (http://www.openbsd.org/plus.html):Removed nginx from the base
system in favour of OpenBSD's homegrown httpd(8).

and now I am confused.

I was planning to migrate some Perl scripts from mod_perl 1.3/Apache 1.3 to
Nginx styleusing the Perl Module Nginx having direct access to Nginx internals
which is almost
like doing cgi programming in C.
It would made a wonderful combination between speed and security (running on
OpenBSD).

My questions...
1) why Apache 1.3 (OpenBSD patched version) was also considered to be no more
a viable options as base web server?

2) why nginx has been considered a good candidate for base web server in 5.6
   and, in -current,  lost this place?
3) what would be the performance of running Perl scripts through
FastCGI+httpd, compared to Apache1.3/mod_perl1.3 compared to nginx/Nginx perl
module?

4) will httpd be able to support Perl script processing without the need to
talk to an external (FasCGI) daemon?
5) what would be the best option to run Perl scripts in OpenBSD 5.6 + ?

Thank you,
Bogdan

Re: Apache 1.3 vs. nginx vs. base httpd

[Jiri B]

On Thu, Nov 06, 2014 at 09:24:24AM +, Bogdan Andu wrote:
 Hi,
 There are some confusing info about which won the base-webserver in OpenBSD:
 In 5.6 it seems to be nginx 1.6.0 (http://www.openbsd.org/plus56.html) :
 Unhooked httpd(8) from build: use of nginx(8) is encouraged now.
 Removed Apache from base (replaced by nginx(8)).??

There's no confusion. Search archives and/or check undeadly.org.

j.

Re: Apache 1.3 vs. nginx vs. base httpd

[Mike Burns]

On 2014-11-06 09.24.24 +, Bogdan Andu wrote:
 3) what would be the performance of running Perl scripts through
 FastCGI+httpd, compared to Apache1.3/mod_perl1.3 compared to
 nginx/Nginx perl module?

You need to run these benchmarks yourself, on your scripts and data.

-Mike

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Apache 1.3 vs. nginx vs. base httpd

[lists]

On Thu, Nov 06, 2014 at 09:24:24AM +, Bogdan Andu wrote:
 4) will httpd be able to support Perl script processing without the need to
 talk to an external (FasCGI) daemon?

Just my 2c about the new httpd daemon.  It's brand new in 5.6, and is
shaping up to be an awesome and simple server.  I fully intend on
replacing nginx with it in production when 5.7 is released.

That being said, the 5.6 implementation has some issues that you may
want to research further if you'd like to use it.  They've already been
fixed in -current.

Re: Apache

[Stuart Henderson]

On 2014-06-02, consultor consul...@openmailbox.org wrote:
 Hello list

 Could somebody please tell me if i should be worry for:

 185.4.227.194 - - [01/Jun/2014:08:32:14 -0700] GET
 http://24x7-allrequestsallowed.com/?PHPSESSID=1rxsxtj500143SVM%5CRH%40%40BZPU
 HTTP/1.1 200 1723

 The answer was 200. Running 5.5 Release.

 Thanks all.

 francisco.



Looks like someone scanning for open proxies. You'll find all sorts
of probe attempts in web server access logs; the most common targets in
my logs are open proxies and misconfigured or buggy versions of
phpMyAdmin and wordpress, though of course you need to consider the
security of anything you run that's open to the world.

Re: Apache

[consultor]

On 06/02/2014 01:10 AM, Stuart Henderson wrote:
 On 2014-06-02, consultor consul...@openmailbox.org wrote:
 Hello list

 Could somebody please tell me if i should be worry for:

 185.4.227.194 - - [01/Jun/2014:08:32:14 -0700] GET
 http://24x7-allrequestsallowed.com/?PHPSESSID=1rxsxtj500143SVM%5CRH%40%40BZPU
 HTTP/1.1 200 1723

 The answer was 200. Running 5.5 Release.

 Thanks all.

 francisco.


 
 Looks like someone scanning for open proxies. You'll find all sorts
 of probe attempts in web server access logs; the most common targets in
 my logs are open proxies and misconfigured or buggy versions of
 phpMyAdmin and wordpress, though of course you need to consider the
 security of anything you run that's open to the world.
 

Thanks Stuart.

Yes, i have the same things.
The OS responded Thanks for using our service.

francisco.

Apache

[consultor]

Hello list

Could somebody please tell me if i should be worry for:

185.4.227.194 - - [01/Jun/2014:08:32:14 -0700] GET
http://24x7-allrequestsallowed.com/?PHPSESSID=1rxsxtj500143SVM%5CRH%40%40BZPU
HTTP/1.1 200 1723

The answer was 200. Running 5.5 Release.

Thanks all.

francisco.

Re: Apache able to open tty

[Giancarlo Razzolini]

Em 21-01-2014 23:48, David Sticht escreveu:
 Ted,

   Thank you so much for responding.  I understand all of the words you 
 used.  However, this definitely goes beyond what I have done yet.  I will 
 need for the apache server to instigate the request.  I imagine I would want 
 a vast majority of the scripting to be run via CGI as normal calling out to 
 the daemon when the connection is necessary.  The part where I get very fuzzy 
 is having the CGI script call out to a daemon which would be perhaps a 
 “wrapper” for my PERL scripting that manages the process of making 
 connections and retrieving data from my network devices.  Would you be able 
 to provide any links or verbiage I could search to head me in the right 
 direction to figuring out this process?


 On Jan 20, 2014, at 7:38 PM, Ted Unangst t...@tedunangst.com wrote:

 On Wed, Jan 15, 2014 at 14:25, David Sticht wrote:
 Understanding the risks I am wanting to either allow the www user right to
 open tty or change the user running the apache daemon. I am developing a
 suite of intranet tools with perl to perform some network diagnostics.
 Does anybody have a suggestion to move me in the right direction?

Take a look on the nagios-chroot package. It works exactly like this.
There is a chrooted web interface that communicates with a daemon which
executes commands in it's behalf. I advise against changing the user of
apache or running it as root to be able to open the tty's.

Cheers,

-- 
Giancarlo Razzolini
GPG: 4096R/77B981BC

Re: Apache able to open tty

[David Sticht]

Ted,

Thank you so much for responding.  I understand all of the words you 
used.  However, this definitely goes beyond what I have done yet.  I will need 
for the apache server to instigate the request.  I imagine I would want a vast 
majority of the scripting to be run via CGI as normal calling out to the daemon 
when the connection is necessary.  The part where I get very fuzzy is having 
the CGI script call out to a daemon which would be perhaps a “wrapper” for my 
PERL scripting that manages the process of making connections and retrieving 
data from my network devices.  Would you be able to provide any links or 
verbiage I could search to head me in the right direction to figuring out this 
process?


On Jan 20, 2014, at 7:38 PM, Ted Unangst t...@tedunangst.com wrote:

 On Wed, Jan 15, 2014 at 14:25, David Sticht wrote:
 Understanding the risks I am wanting to either allow the www user right to
 open tty or change the user running the apache daemon. I am developing a
 suite of intranet tools with perl to perform some network diagnostics.
 Does anybody have a suggestion to move me in the right direction?
 
 Build a small daemon that does whatever it is needs doing, run it as a
 user with the correct privileges, then have the www user talk to that
 via a socket.

Re: Apache able to open tty

[David Sticht]

Does anybody have a suggestion?  I'm nearly ready to present an early peek to 
my company that will help them to realize the benefits of OpenBSD and PERL. 

Sent from my iPhone

On Jan 15, 2014, at 14:25, David Sticht vdubjun...@vdubjunkie.net wrote:

 Understanding the risks I am wanting to either allow the www user right to 
 open tty or change the user running the apache daemon. I am developing a 
 suite of intranet tools with perl to perform some network diagnostics. Does 
 anybody have a suggestion to move me in the right direction?
 
 Sent from my iPhone

Re: Apache able to open tty

[Ted Unangst]

On Wed, Jan 15, 2014 at 14:25, David Sticht wrote:
 Understanding the risks I am wanting to either allow the www user right to
 open tty or change the user running the apache daemon. I am developing a
 suite of intranet tools with perl to perform some network diagnostics.
 Does anybody have a suggestion to move me in the right direction?

Build a small daemon that does whatever it is needs doing, run it as a
user with the correct privileges, then have the www user talk to that
via a socket.

Apache able to open tty

[David Sticht]

Understanding the risks I am wanting to either allow the www user right to open 
tty or change the user running the apache daemon. I am developing a suite of 
intranet tools with perl to perform some network diagnostics. Does anybody have 
a suggestion to move me in the right direction?

Sent from my iPhone

Re: apache bug?

[Stuart Henderson]

On 2013-10-15, Nick Holland n...@holland-consulting.net wrote:
 BTW: I have no idea what your picture is, I'm not clicking on it.

It's a screenshot of a directory listing, with some bits blanked out,
of Linux ISOs *wink* *wink*.

 On 10/15/2013 11:43 AM, obsd, cgi wrote:
 In the directory listing the ISO file looks like ~40 MByte, but the reality
 is 4 GBytes. What could the problem be?

storing file sizes in insufficiently sized data types..

httpd in base was patched to allow larger files to be sent, but that
didn't extend to directory listings.

 Or I should use nginx since apache
 will be obsolete? :)

That might be one way to work-around it.

apache bug?

[obsd, cgi]

http://i.imgur.com/9SJOrhq.png

In the directory listing the ISO file looks like ~40 MByte, but the reality
is 4 GBytes. What could the problem be? Or I should use nginx since apache
will be obsolete? :)

Thanks!

Re: apache bug?

[Nick Holland]

On 10/15/2013 11:43 AM, obsd, cgi wrote:

http://i.imgur.com/9SJOrhq.png

In the directory listing the ISO file looks like ~40 MByte, but the reality
is 4 GBytes. What could the problem be? Or I should use nginx since apache
will be obsolete? :)

Thanks!



More a known design limitation than a bug.  Google for Apache large 
files for more details, some of which may be applicable.


I'd use nginx for any new implementation at this point (when applicable).

BTW: I have no idea what your picture is, I'm not clicking on it.

Nick.

Upgrade to 5.0 from 4.x broke Apache+PHP's ability to talk to mysql.sock

[Damon Getsman]

Whoops; sent this earlier, but I hadn't changed the message
subject from the Message Digest default text.  I assume that's
why it wasn't forwarded previously.  Here's what I'd written on
this subject previously:

Awhile back here, I brought up an issue that occurred when I was
upgrading my system from OpenBSD 4.x to 5.0.  I'm not sure if it was
on this mailing list or not, but this seems like the most appropriate
place to bring it up.

I had relied on several services via Apache that utilize PHP  MySQL
in a fairly standard configuration.  Unfortunately, when I upgraded
(all according to the standard upgrade instructions provided), all of
my services broke due to PHP not being able to connect to the sock
located in '/var/run/mysql/mysql.sock'.  I asked for help and googled
like a fiend for awhile, but even when interactively talking to folks
in freenet's #openbsd, I was unable to find what might've been wrong
with this.

Foolishly enough, several times I considered the fact that httpd would
be executing everything in the chroot jail of '/var/www', but I didn't
research it that deeply or try moving the sock, because I figured that
with all of the people I spoke to already, certainly one of the
experts would have mentioned if this had been causing an issue or not.

Last night, however, when I decided to take another stab at things,
googling turned up a result that I hadn't seen previously (I am
google-tarded, so I will accept the possibility that I'd not done as
straightforward an attempt to look for the answer of this issue as I'd
thought).  The link was at
http://philihp.com/blog/2008/connecting-to-mysql-with-php-in-apache-on-openbsd/
(2008?  Certainly I must not have googled as well as I thought!), and
referred to a permanent (although kludgy) solution found at
http://www.openbsdsupport.org/e107_CMS.html .

The solution was, indeed, dealing with creating a hardlink to
somewhere within the chroot'ed jail; in this case under
/var/www/var/run/mysql/mysql.sock after the appropriate path was
created.

Anyway I just thought that I'd post that here, since a lot of people
in the OpenBSD community didn't seem to know how simple the solution
really was or where it might be found at.  It might be a good idea to
toss this in the 4.x to 5.0 upgrade instructions, as well.  It seems
like a relatively simple oversight.

Best wishes.

-Damon

Re: Upgrade to 5.0 from 4.x broke Apache+PHP's ability to talk to mysql.sock

[Liviu Daia]

On 12 August 2013, Damon Getsman damo.g...@gmail.com wrote:
[...]
 Last night, however, when I decided to take another stab at things,
 googling turned up a result that I hadn't seen previously (I am
 google-tarded, so I will accept the possibility that I'd not done as
 straightforward an attempt to look for the answer of this issue as I'd
 thought).  The link was at
 http://philihp.com/blog/2008/connecting-to-mysql-with-php-in-apache-on-openbsd/
 (2008?  Certainly I must not have googled as well as I thought!),
 and referred to a permanent (although kludgy) solution found at
 http://www.openbsdsupport.org/e107_CMS.html .

 The solution was, indeed, dealing with creating a hardlink
 to somewhere within the chroot'ed jail; in this case under
 /var/www/var/run/mysql/mysql.sock after the appropriate path was
 created.
[...]

Please, stop repeating this nonsense.  This solution works until
you restart the server manually, since mysqld removes the socket before
re-creating it.

The real solution is either to use TCP connections, or move the
socket inside the jail and make /etc/my.cnf and /var/www/etc/my.cnf
point to it accordingly.

Regards,

Liviu Daia

Build Apache Cocoon 2.1.12 on OBSD 5.3/i386

[Tito Mari Francis Escaño]

Good day,
On a recent project, I was trying to build Apache Cocoon 2.1.12 from
source. I have already successfully installed JRE and JDK 1.7 and already
ran Tomcat 7.x on it, with the objective of building and running Apache
Cocoon on it, currently without success.
The message I get is as follows:
Compiling 605 source files to /home/cocoon-2.1.12/build/cocoon/classes
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:39:
error: package com.sun.image.codec.jpeg does not exist
import com.sun.image.codec.jpeg.ImageFormatException;
   ^
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:40:
error: package com.sun.image.codec.jpeg does not exist
import com.sun.image.codec.jpeg.JPEGCodec;
   ^
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:41:
error: package com.sun.image.codec.jpeg does not exist
import com.sun.image.codec.jpeg.JPEGEncodeParam;
   ^
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:42:
error: package com.sun.image.codec.jpeg does not exist
import com.sun.image.codec.jpeg.JPEGImageEncoder;
   ^
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:326:
error: cannot find symbol
JPEGImageEncoder encoder =
JPEGCodec.createJPEGEncoder(out);
^
  symbol:   class JPEGImageEncoder
  location: class ImageReader
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:326:
error: cannot find symbol
JPEGImageEncoder encoder =
JPEGCodec.createJPEGEncoder(out);
   ^
  symbol:   variable JPEGCodec
  location: class ImageReader
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:327:
error: cannot find symbol
JPEGEncodeParam p =
encoder.getDefaultJPEGEncodeParam(currentImage);
^
  symbol:   class JPEGEncodeParam
  location: class ImageReader
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:333:
error: cannot find symbol
JPEGImageEncoder encoder =
JPEGCodec.createJPEGEncoder(bstream);
^
  symbol:   class JPEGImageEncoder
  location: class ImageReader
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:333:
error: cannot find symbol
JPEGImageEncoder encoder =
JPEGCodec.createJPEGEncoder(bstream);
   ^
  symbol:   variable JPEGCodec
  location: class ImageReader
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:334:
error: cannot find symbol
JPEGEncodeParam p =
encoder.getDefaultJPEGEncodeParam(currentImage);
^
  symbol:   class JPEGEncodeParam
  location: class ImageReader
/home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:342:
error: cannot find symbol
} catch (ImageFormatException e) {
 ^
  symbol:   class ImageFormatException
  location: class ImageReader
11 errors

BUILD FAILED
/home/cocoon-2.1.12/tools/targets/compile-build.xml:68: The following error
occurred while executing this line:
/home/cocoon-2.1.12/tools/targets/compile-build.xml:51: Compile failed; see
the compiler error output for details.

Total time: 3 seconds

The packages installed are:
apache-ant-1.8.2p3  build tool for java applications
gettext-0.18.2p1GNU gettext
javaPathHelper-0.3p1 helper script for launching java applications
jdk-1.7.0.11p2v0Java2(TM) SE Dev Kit v1.7.0.11
joe-3.7p1   Joe's Own Editor
jre-1.7.0.11p2v0Java2(TM) SE Runtime Environment v1.7.0.11
libiconv-1.14p0 character set conversion library
libidn-1.26 internationalized string handling
maven-3.0.4 software project management and comprehension tool
pcre-8.31   perl-compatible regular expression library
tomcat-7.0.35   Java servlet 2.5 and Java server pages 2.1 server
tomcat-examples-7.0.35 example applications and full documentation
wget-1.14   retrieve files from the web via HTTP, HTTPS and FTP

Am I missing something or do I have to install more packages? Maybe you can
point me to the right direction. Thanks.

Re: Build Apache Cocoon 2.1.12 on OBSD 5.3/i386

[David Coppa]

On Fri, Jun 21, 2013 at 8:04 AM, Tito Mari Francis Escaño
titomarifran...@gmail.com wrote:
 Good day,
 On a recent project, I was trying to build Apache Cocoon 2.1.12 from
 source. I have already successfully installed JRE and JDK 1.7 and already
 ran Tomcat 7.x on it, with the objective of building and running Apache
 Cocoon on it, currently without success.
 The message I get is as follows:
 Compiling 605 source files to /home/cocoon-2.1.12/build/cocoon/classes
 /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:39:
 error: package com.sun.image.codec.jpeg does not exist
 import com.sun.image.codec.jpeg.ImageFormatException;
^

http://stackoverflow.com/questions/1906673/import-com-sun-image-codec-jpeg

http://stackoverflow.com/questions/4065401/using-internal-sun-classes-with-javac/4070685#4070685

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Damon Getsman]

Sorry, had some guests over the weekend, and I was unable to continue
with the thread for a bit.  I hope you guys are willing to catch up
where you left off, I still haven't been able to get apache+php+mysql
working again on my server since the 4.9-5.0 upgrade, and I really need
my wiki and other associated services here.  Managed to get done with my
speech without them, at least.  *grin*  Still really could've used the
wiki for the reference gathering, though.  Thankfully nobody asked me
for references.

So, here is the output from php -m:
Mon May 27 20:01
contract:/home/ftp$ php -m
[PHP Modules]
bcmath
calendar
ctype
date
dom
exif
filter
ftp
gettext
hash
iconv
json
libxml
mbstring
mysql
openssl
pcre
PDO
posix
Reflection
session
SimpleXML
sockets
SPL
standard
suhosin
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
zlib

[Zend Modules]
Suhosin

-=-=-=-=-
So it looks like at least from the command-line invoked php, things are
loading the mysql version just fine.  And I checked, yes, and mysqld is
running via invocation of mysqld_safe.

I'll post the appropriate snippets from all of the php*.ini files
scattered about my installation in just a bit here as soon as I can
gather them all together.  A visitor has stopped by again, so I must
take a brief respite.



On Wed, May 22, 2013 at 7:18 PM, Richard Toohey 
richardtoo...@paradise.net.nz wrote:

 On 05/23/13 12:08, Damon Getsman wrote:

 Okay, now I've got the phpinfo output.  Nothing is jumpin' out at me,
 if y'all care to take a look at it I've got it available at
 bismaninfo.hopto.org/debug.php for a limited time here.


  No mysql in the output.

 What does php -m give you, etc.

 It's like the message you are getting - something is up with the mysql
 extension in your install.

 Check the ini files, etc.

 You are using the base Apache and PHP is working - you need to look at the
 mysql extension and find out why it is not enabled or not loading.

Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Damon Getsman]

 Hello all, and thank you for taking the time to take a look at
this issue that I am currently having.  I've been a strong advocate of
OpenBSD for some time, but have only recently taken steps to start
upgrading some of my machines instead of reinstalling.
My primary server was a 4.9 installation, and it was running
apache, with PHP and MySQL integrated for the purpose of serving a
mediawiki, a gallery2 installation, and a few other utilities that I
have had up for myself and some friends.  Unfortunately, ever since I've
made the leap from 4.9 to 5.0, I've been unable to get anything other
than plain HTML documents to display via apache.  The server tells me
that there are either '500' server errors or with a little more detail
MediaWiki tells me (Can't contact the database server: MySQL functions
missing, have you compiled PHP with the --with-mysql option? ).
Now according to the pkg_info listing that I have, I _believe_
that I have all of the proper packages and libraries installed, but I
guess I am mistaken as I'm still not able to serve pages up with any
sort of MySQL back end handling.  Here is the output of 'pkg_info -a -m'
for anybody who cares to verify this:

BitTorrent-4.4.0p10 cooperative file distribution system implemented in
Python
ImageMagick-6.6.6.10p0 image processing tools
alacarte-0.12.4p7   easy GNOME menu editing tool
apache-httpd-2.2.15p0 apache HTTP server
apcupsd-3.14.8p2daemon for controlling APC UPSes
archie-1.4.1Prospero client for the archie service
bash-4.2.10 GNU Bourne Again Shell
beav-1.40.15binary editor and viewer
bzip2-1.0.6 block-sorting file compressor, unencumbered
calc-2.11.7 C-style arbitrary precision calculator
camlimages-3.0.2p0  image manipulation functions for Objective Caml
check_bioctl-1.9Nagios plugin to check RAID status with bioctl
check_email_delivery-0.7.0 Nagios plugin to check full email delivery loop
(SMTP
/IMAP)
check_hw_sensors-1.42 Nagios plugin to monitor sysctl hw.sensors
check_mssql_health-1.5.3 Nagios plugin to check Microsoft SQL Server
check_openbgpd-1.5  Nagios plugin to monitor OpenBGPd peers
cups-1.4.7p0Common Unix Printing System
cups-pdf-2.5.1  PDF backend for CUPS
curl-7.21.7 get files from FTP, Gopher, HTTP or HTTPS servers
dosbox-0.74p0   x86 with DOS emulator targeted at playing games
emacs-22.3p10   GNU editor: extensible, customizable, self-documenting
fedora_base-4.0p8   Linux compatibility package based on Fedora Core 4
firefox-5.0p3   Mozilla web browser
firefox35-3.5.19p2  Mozilla web browser
ghostview-1.5p3 X11 front-end for ghostscript
git-1.7.6p0 GIT - Tree History Storage Tool
git-svn-1.7.6p0 GIT - subversion interoperability tools
git-x11-1.7.6p0 GIT - graphical tools
gnome-common-2.34.0 common automake macros for GNOME
gnome-desktop-2.32.1p4 components for the GNOME desktop
gnome-mplayer-1.0.4p1 GTK+/GNOME frontend for MPlayer
gnome-panel-2.32.1p5 GNOME panel
gnome-screensaver-2.30.2p2 screen saver and locker for GNOME
gnome-system-monitor-2.28.2p6 sytem monitor for GNOME
gnome-system-tools-2.32.0p6 sytem configuration GUI for desktops
gnuchess-5.08   chess program
gpgme-1.1.5p1   GnuPG Made Easy
gstoraster-1.03p0   filter to convert PostScript or PDF to cups raster
format
ircII-20081115p0Internet Relay Chat client
ispell-3.2.06p6 interactive spelling checker
jove-4.16p1 Jonathan's Own Version of Emacs
kdebase-3.5.10p13   K Desktop Environment, basic applications
kermit-8.0.211  serial and network communications package
latex-mk-1.9.1p0set of Makefile fragments to manage LaTeX documents
libpurple-2.9.0 multi-protocol instant messaging library
libreoffice-3.4.1.3p1v0 multi-platform productivity suite
mediawiki-1.15.5p3  web-based collaborative editing environment
minicom-2.2p0   MS-DOS Telix-like serial communication program
mpg123-1.13.1   fast console MPEG audio player and decoder library
mrtg-2.17.1p1   multi-router traffic grapher
mutt-1.5.21v0-sasl  tty-based e-mail client, development version
mysql-server-5.1.54p9 multithreaded SQL database (server)
ncftp-3.2.3 ftp replacement with advanced user interface
nethack-3.4.3p4-qt  dungeon explorin', hackin', game.  Piece of cake
nmap-5.51p0 scan ports and fingerprint stack of network hosts
ntop-1.1network usage, interface similar to top(1)
ntp-4.2.6pl2p7  Network Time Protocol reference implementation
ocaml-3.12.0p0  ML language based on complete class-based objective
system
oinkmaster-2.0p0update your Snort rules
p7zip-9.20.1file archiver with high compression ratio
partial-wordpress-3.0.2 standard compliant weblog
pgp-2.6.3   Pretty Good Privacy 2.6.3ia
php-5.2.17p5server-side HTML-embedded scripting language
php-curl-5.2.17p3   curl URL library extensions for php5
php-gd-5.2.17p4 image manipulation extensions for php5
php-imap-5.2.17p3   imap, pop3 and nntp

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Richard Toohey]

On 05/23/13 10:15, Damon Getsman wrote:

  Hello all, and thank you for taking the time to take a look at
this issue that I am currently having.  I've been a strong advocate of
OpenBSD for some time, but have only recently taken steps to start
upgrading some of my machines instead of reinstalling.
My primary server was a 4.9 installation, and it was running
apache, with PHP and MySQL integrated for the purpose of serving a
mediawiki, a gallery2 installation, and a few other utilities that I
have had up for myself and some friends.  Unfortunately, ever since I've
made the leap from 4.9 to 5.0, I've been unable to get anything other
than plain HTML documents to display via apache.  The server tells me
that there are either '500' server errors or with a little more detail
MediaWiki tells me (Can't contact the database server: MySQL functions
missing, have you compiled PHP with the --with-mysql option? ).
Now according to the pkg_info listing that I have, I _believe_
that I have all of the proper packages and libraries installed, but I
guess I am mistaken as I'm still not able to serve pages up with any
sort of MySQL back end handling.  Here is the output of 'pkg_info -a -m'
for anybody who cares to verify this:

BitTorrent-4.4.0p10 cooperative file distribution system implemented in
Python
ImageMagick-6.6.6.10p0 image processing tools
alacarte-0.12.4p7   easy GNOME menu editing tool
apache-httpd-2.2.15p0 apache HTTP server
apcupsd-3.14.8p2daemon for controlling APC UPSes
archie-1.4.1Prospero client for the archie service
bash-4.2.10 GNU Bourne Again Shell
beav-1.40.15binary editor and viewer
bzip2-1.0.6 block-sorting file compressor, unencumbered
calc-2.11.7 C-style arbitrary precision calculator
camlimages-3.0.2p0  image manipulation functions for Objective Caml
check_bioctl-1.9Nagios plugin to check RAID status with bioctl
check_email_delivery-0.7.0 Nagios plugin to check full email delivery loop
(SMTP
/IMAP)
check_hw_sensors-1.42 Nagios plugin to monitor sysctl hw.sensors
check_mssql_health-1.5.3 Nagios plugin to check Microsoft SQL Server
check_openbgpd-1.5  Nagios plugin to monitor OpenBGPd peers
cups-1.4.7p0Common Unix Printing System
cups-pdf-2.5.1  PDF backend for CUPS
curl-7.21.7 get files from FTP, Gopher, HTTP or HTTPS servers
dosbox-0.74p0   x86 with DOS emulator targeted at playing games
emacs-22.3p10   GNU editor: extensible, customizable, self-documenting
fedora_base-4.0p8   Linux compatibility package based on Fedora Core 4
firefox-5.0p3   Mozilla web browser
firefox35-3.5.19p2  Mozilla web browser
ghostview-1.5p3 X11 front-end for ghostscript
git-1.7.6p0 GIT - Tree History Storage Tool
git-svn-1.7.6p0 GIT - subversion interoperability tools
git-x11-1.7.6p0 GIT - graphical tools
gnome-common-2.34.0 common automake macros for GNOME
gnome-desktop-2.32.1p4 components for the GNOME desktop
gnome-mplayer-1.0.4p1 GTK+/GNOME frontend for MPlayer
gnome-panel-2.32.1p5 GNOME panel
gnome-screensaver-2.30.2p2 screen saver and locker for GNOME
gnome-system-monitor-2.28.2p6 sytem monitor for GNOME
gnome-system-tools-2.32.0p6 sytem configuration GUI for desktops
gnuchess-5.08   chess program
gpgme-1.1.5p1   GnuPG Made Easy
gstoraster-1.03p0   filter to convert PostScript or PDF to cups raster
format
ircII-20081115p0Internet Relay Chat client
ispell-3.2.06p6 interactive spelling checker
jove-4.16p1 Jonathan's Own Version of Emacs
kdebase-3.5.10p13   K Desktop Environment, basic applications
kermit-8.0.211  serial and network communications package
latex-mk-1.9.1p0set of Makefile fragments to manage LaTeX documents
libpurple-2.9.0 multi-protocol instant messaging library
libreoffice-3.4.1.3p1v0 multi-platform productivity suite
mediawiki-1.15.5p3  web-based collaborative editing environment
minicom-2.2p0   MS-DOS Telix-like serial communication program
mpg123-1.13.1   fast console MPEG audio player and decoder library
mrtg-2.17.1p1   multi-router traffic grapher
mutt-1.5.21v0-sasl  tty-based e-mail client, development version
mysql-server-5.1.54p9 multithreaded SQL database (server)
ncftp-3.2.3 ftp replacement with advanced user interface
nethack-3.4.3p4-qt  dungeon explorin', hackin', game.  Piece of cake
nmap-5.51p0 scan ports and fingerprint stack of network hosts
ntop-1.1network usage, interface similar to top(1)
ntp-4.2.6pl2p7  Network Time Protocol reference implementation
ocaml-3.12.0p0  ML language based on complete class-based objective
system
oinkmaster-2.0p0update your Snort rules
p7zip-9.20.1file archiver with high compression ratio
partial-wordpress-3.0.2 standard compliant weblog
pgp-2.6.3   Pretty Good Privacy 2.6.3ia
php-5.2.17p5server-side HTML-embedded scripting language
php-curl-5.2.17p3   curl URL library extensions for php5
php-gd-5.2.17p4 image manipulation extensions

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Damon Getsman]

Richard:

Not sure if I'm using the base apache or 2.2.  Here's what
httpd -V is showing me:

Wed May 22 17:50
contract:~$ httpd -V
Server version: Apache/1.3.29 (Unix)
Server's Module Magic Number: 19990320:15
Server compiled with
 -D EAPI
 -D HAVE_MMAP
 -D HAVE_SHMGET
 -D USE_MMAP_SCOREBOARD
 -D USE_MMAP_FILES
 -D HAVE_FLOCK_SERIALIZED_ACCEPT
 -D HAVE_SYSVSEM_SERIALIZED_ACCEPT
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D DYNAMIC_MODULE_LIMIT=64
 -D HARD_SERVER_LIMIT=256
 -D HTTPD_ROOT=/var/www
 -D SUEXEC_BIN=/usr/sbin/suexec
 -D DEFAULT_PIDLOG=logs/httpd.pid
 -D DEFAULT_SCOREBOARD=logs/httpd.scoreboard
 -D DEFAULT_LOCKFILE=logs/httpd.lock
 -D DEFAULT_ERRORLOG=logs/error_log
 -D TYPES_CONFIG_FILE=conf/mime.types
 -D SERVER_CONFIG_FILE=conf/httpd.conf
 -D ACCESS_CONFIG_FILE=conf/access.conf
 -D RESOURCE_CONFIG_FILE=conf/srm.conf

I stopped at 5.0 because I figured that if I was having
problems at this point pushing it further might create more until I get
them resolved.  If I'm wrong about that I'll certainly push it up to
5.3.  I've got another machine here that I've installed 5.2 on
recently, I'll take that one up to 5.3 just to get used to it (it's not
a server machine).
I do understand the 'chroot' concept, not sure how exactly it's
applicable in this case; despite the fact that I believe httpd is
chrooted to /var/www, I do know that php exists under this tree in its
/usr/local/bin and the libphp5 file exists there where it should as
well, I believe.
I have also bumped up the php error reporting but I can't seem
to find much about it in the applicable logfiles (/var/log/messages,
/var/www/logs/error_log, etc).
Truncating the previous discussion as I'm assuming that you've
got logs of what's going on here.  Thank you for the help!

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Damon Getsman]

Bryan, after doing that it appears that it's not even getting executed.
I put the script into a web accessible file called debug.php, loaded
it in my browser and saw a blank page.  Viewing the source is
showing the original ? phpinfo(); ?, leading me to believe that it is
not even handing it off to the appropriate script engine...  Not sure if
I'm right but does that help at all?

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Damon Getsman]

And, um, wrapping the snippet in the appropriate
html
 head/head
 body? phpinfo(); ?/body
/html
didn't seem to help matters at all, either.  :(

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Barry Grumbine]

IIRC 4.9-5.0 was a little ugly, maybe you missed the PHP upgrade
instructions here:
http://www.openbsd.org/faq/upgrade50.html#Pkgup



On Wed, May 22, 2013 at 4:44 PM, Damon Getsman damo.g...@gmail.com wrote:

 Bryan, after doing that it appears that it's not even getting executed.
 I put the script into a web accessible file called debug.php, loaded
 it in my browser and saw a blank page.  Viewing the source is
 showing the original ? phpinfo(); ?, leading me to believe that it is
 not even handing it off to the appropriate script engine...  Not sure if
 I'm right but does that help at all?

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Richard Toohey]

On 05/23/13 11:44, Damon Getsman wrote:

Bryan, after doing that it appears that it's not even getting executed.
I put the script into a web accessible file called debug.php, loaded
it in my browser and saw a blank page.  Viewing the source is
showing the original ? phpinfo(); ?, leading me to believe that it is
not even handing it off to the appropriate script engine...  Not sure if
I'm right but does that help at all?



You can't use shorttags* ...

You need to use ...

?php
?

* Well, you can if you tweak settings.

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Damon Getsman]

Nope, I caught the PHP upgrade instructions and I believe they've been
carried out
correctly.  :(

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Damon Getsman]

Okay, now I've got the phpinfo output.  Nothing is jumpin' out at me,
if y'all care to take a look at it I've got it available at
bismaninfo.hopto.org/debug.php for a limited time here.

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Richard Toohey]

On 05/23/13 12:08, Damon Getsman wrote:

Okay, now I've got the phpinfo output.  Nothing is jumpin' out at me,
if y'all care to take a look at it I've got it available at
bismaninfo.hopto.org/debug.php for a limited time here.



No mysql in the output.

What does php -m give you, etc.

It's like the message you are getting - something is up with the mysql 
extension in your install.


Check the ini files, etc.

You are using the base Apache and PHP is working - you need to look at 
the mysql extension and find out why it is not enabled or not loading.

Re: user websites on apache chroot

[Tomas Bodzar]

good place for start http://www.openbsd.org/faq/faq10.html#httpdchroot


On Fri, Apr 19, 2013 at 3:07 AM, fek...@tormail.org wrote:

 I want to avoid using Apache 2.x for my server and want a chroot but where
 users can have their own webpages. It doesn't need to be automated I'm
 happy to edit httpd.conf to add each virtual server. I'd also like php to
 run as that user, can I run php via cgi on Apache 1.3?

user websites on apache chroot

[fekete]

I want to avoid using Apache 2.x for my server and want a chroot but where
users can have their own webpages. It doesn't need to be automated I'm
happy to edit httpd.conf to add each virtual server. I'd also like php to
run as that user, can I run php via cgi on Apache 1.3?

default apache consumes memory

[Bogdan Andu]

Hello,

I have an OpenBSD box running default apache server  that its sole
task is to present data, nothing more, nothing less.

The logic of the
applications is handled by an app. layer that never exceeds 40 Mbytes RAM and
handles concurently all the connections (tcp based) from apache children while
the apache children 
tend to allocate continously memory without de-allocating
it

The apache ver is 1.3, from base install running mod_perl highly
optimized through startup.pl mechanism, and perl scripts that 
communicate
with app. layer. The processing amount is minimized on the apache server.
It
listens on localhost and proxied by relayd for ssl acceleration.

In two weeks
all apache children totalize aprox. 800 MBytes RAM

Is there any tweaking
variable to tell apache to deallocate memory when is no more needed in the
same way the app. layer does ?

Thank you in advanced,

Bogdan

Re: default apache consumes memory

[Stuart Henderson]

Sounds like a memory leak (allocated memory not getting freed), I would
think the most likely place for this is in the perl scripts you're
running.

http://modperlbook.org/html/14-2-6-Memory-Leakage.html has some
suggestions for tracking these down.

There is also maxrequestsperchild which might hide (but not fix)
the problem.


On 2013-04-05, Bogdan Andu bo...@yahoo.com wrote:
 Hello,

 I have an OpenBSD box running default apache server� that its sole
 task is to present data, nothing more, nothing less.

 The logic of the
 applications is handled by an app. layer that never exceeds 40 Mbytes RAM and
 handles concurently all the connections (tcp based) from apache children while
 the apache children 
 tend to allocate continously memory without de-allocating
 it

 The apache ver is 1.3, from base install running mod_perl highly
 optimized through startup.pl mechanism, and perl scripts that 
 communicate
 with app. layer. The processing amount is minimized on the apache server.
 It
 listens on localhost and proxied by relayd for ssl acceleration.

 In two weeks
 all apache children totalize aprox. 800 MBytes RAM

 Is there any tweaking
 variable to tell apache to deallocate memory when is no more needed in the
 same way the app. layer does ?

 Thank you in advanced,

 Bogdan

Re: default apache consumes memory

[Bogdan Andu]

The scripts a dead simple, only opening between 1 and 4 tcp connections to
app. layer, retrieve response and format it out in html - dead simple.

There
are precompiled and loaded in memory the few modules I need, so they are not
loaded at every request, but I will also follow your suggestions.

Thank you
for the link,

Bogdan





 From: Stuart
Henderson s...@spacehopper.org
To: misc@openbsd.org 
Sent: Friday, April 5,
2013 11:19 AM
Subject: Re: default apache consumes memory
 
Sounds like a
memory leak (allocated memory not getting freed), I would
think the most
likely place for this is in the perl scripts you're
running.
http://modperlbook.org/html/14-2-6-Memory-Leakage.html has some
suggestions
for tracking these down.

There is also maxrequestsperchild which might hide
(but not fix)
the problem.


On 2013-04-05, Bogdan Andu bo...@yahoo.com
wrote:
 Hello,

 I have an OpenBSD box running default apache server  that
its sole
 task is to present data, nothing more, nothing less.

 The logic
of the
 applications is handled by an app. layer that never exceeds 40 Mbytes
RAM and
 handles concurently all the connections (tcp based) from apache
children while
 the apache children 
 tend to allocate continously memory
without de-allocating
 it

 The apache ver is 1.3, from base install
running mod_perl highly
 optimized through startup.pl mechanism, and perl
scripts that 
 communicate
 with app. layer. The processing amount is
minimized on the apache server.
 It
 listens on localhost and proxied by
relayd for ssl acceleration.

 In two weeks
 all apache children totalize
aprox. 800 MBytes RAM

 Is there any tweaking
 variable to tell apache to
deallocate memory when is no more needed in the
 same way the app. layer does
?

 Thank you in advanced,

 Bogdan

Re: default apache consumes memory

[Otto Moerbeek]

On Fri, Apr 05, 2013 at 01:57:18AM -0700, Bogdan Andu wrote:

 The scripts a dead simple, only opening between 1 and 4 tcp connections to
 app. layer, retrieve response and format it out in html - dead simple.
 
 There
 are precompiled and loaded in memory the few modules I need, so they are not
 loaded at every request, but I will also follow your suggestions.
 
 Thank you
 for the link,

Not that some memory as reported by top is *shared* mem. You can't
just add it all up.

-Otto

 
 Bogdan
 
 
 
 
 
  From: Stuart
 Henderson s...@spacehopper.org
 To: misc@openbsd.org 
 Sent: Friday, April 5,
 2013 11:19 AM
 Subject: Re: default apache consumes memory
  
 Sounds like a
 memory leak (allocated memory not getting freed), I would
 think the most
 likely place for this is in the perl scripts you're
 running.
 http://modperlbook.org/html/14-2-6-Memory-Leakage.html has some
 suggestions
 for tracking these down.
 
 There is also maxrequestsperchild which might hide
 (but not fix)
 the problem.
 
 
 On 2013-04-05, Bogdan Andu bo...@yahoo.com
 wrote:
  Hello,
 
  I have an OpenBSD box running default apache server? that
 its sole
  task is to present data, nothing more, nothing less.
 
  The logic
 of the
  applications is handled by an app. layer that never exceeds 40 Mbytes
 RAM and
  handles concurently all the connections (tcp based) from apache
 children while
  the apache children 
  tend to allocate continously memory
 without de-allocating
  it
 
  The apache ver is 1.3, from base install
 running mod_perl highly
  optimized through startup.pl mechanism, and perl
 scripts that 
  communicate
  with app. layer. The processing amount is
 minimized on the apache server.
  It
  listens on localhost and proxied by
 relayd for ssl acceleration.
 
  In two weeks
  all apache children totalize
 aprox. 800 MBytes RAM
 
  Is there any tweaking
  variable to tell apache to
 deallocate memory when is no more needed in the
  same way the app. layer does
 ?
 
  Thank you in advanced,
 
  Bogdan

Re: pf and apache

[Matt Morrow]

I'm doing the rdr-to on both interfaces. But, I have other ports that rdr
just fine internally, so that's why I think something else is going on. For
example, I have ssh on 6699 and I can access that both internally and
externally.

On Thu, Feb 28, 2013 at 11:46 PM, Andy Bradford
amb-open...@bradfords.orgwrote:

 Thus said Matt Morrow on Thu, 28 Feb 2013 23:07:30 -0600:

  Apache is  running on a slackware  box. I can access  apache just fine
  internally by using the ip  address of that server (192.168.1.70), but
  if I  access the ip  of the openbsd box  (192.168.1.60) I just  get an
  error that the  server is not available. It should  be forwarding port
  80 to the slackware box.

 I'm going to  guess from your description that you  are trying to rdr-to
 on the same interface. The documentation says:

  Redirections cannot reflect packets  back through the interface
  they arrive on, they can  only be redirected to hosts connected
  to different interfaces or to the firewall itself.

 The next section discusses using NAT... might be what you're after.

 Andy
 --
 TAI64 timestamp: 4000513040c3

Re: pf and apache

[Beto]

Andy, We can see the result of running

tcpdump -n -e -ttt -i pflog0 host 192.168.1.70

Thanks


2013/3/1 Matt Morrow cmorrow...@gmail.com

 I'm doing the rdr-to on both interfaces. But, I have other ports that rdr
 just fine internally, so that's why I think something else is going on. For
 example, I have ssh on 6699 and I can access that both internally and
 externally.

 On Thu, Feb 28, 2013 at 11:46 PM, Andy Bradford
 amb-open...@bradfords.orgwrote:

  Thus said Matt Morrow on Thu, 28 Feb 2013 23:07:30 -0600:
 
   Apache is  running on a slackware  box. I can access  apache just fine
   internally by using the ip  address of that server (192.168.1.70), but
   if I  access the ip  of the openbsd box  (192.168.1.60) I just  get an
   error that the  server is not available. It should  be forwarding port
   80 to the slackware box.
 
  I'm going to  guess from your description that you  are trying to rdr-to
  on the same interface. The documentation says:
 
   Redirections cannot reflect packets  back through the interface
   they arrive on, they can  only be redirected to hosts connected
   to different interfaces or to the firewall itself.
 
  The next section discusses using NAT... might be what you're after.
 
  Andy
  --
  TAI64 timestamp: 4000513040c3

Re: pf and apache

[Pawel Jurusz]

Hello,

If You are using only redirections, source host will receive SYN-ACK
from 192.168.1.70, but there was not previously SYN to this address, so
source host will send TCP Reset. Solution may be:

pass in on $int_if proto tcp from $int_if:network to any port 80 rdr-to
192.168.1.70
pass out on $int_if proto tcp from $int_if:network to any port 80
received-on $int_if nat-to $int_if


W dniu 01.03.2013 06:07, Matt Morrow pisze:
 I have pf running on an openbsd box handling port forwarding. All ports
 seem to forward ok except for port 80.
 
 Apache is running on a slackware box. I can access apache just fine
 internally by using the ip address of that server (192.168.1.70), but if I
 access the ip of the openbsd box (192.168.1.60) I just get an error that
 the server is not available. It should be forwarding port 80 to the
 slackware box.
 
 Here is my pf.conf
 -
 ext_if = rl0
 int_if = em0
 
 icmp_types=echoreq
 set block-policy return
 set loginterface egress
 
 set skip on lo
 match out on egress inet from !(egress:network) to any nat-to (egress:0)
 block in log
 pass out log quick
 antispoof quick for { lo $int_if }
 
 #
 #   port forwarding
 #
 pass in on $ext_if proto tcp from any to any port 80 rdr-to 192.168.1.70
 port 80
 pass in on $int_if proto tcp from any to any port 80 rdr-to 192.168.1.70
 port 80
 pass in on $ext_if proto tcp from any to any port 6699 rdr-to 192.168.1.60
 port 22
 pass in on $ext_if proto tcp from any to any port 51413 rdr-to
 192.168.1.105 port 51413
 pass in on $ext_if proto udp from any to any port 51413 rdr-to
 192.168.1.105 port 51413
 pass in on $int_if proto udp from any to any port 58846 rdr-to
 192.168.1.101 port 6881
 pass in on $ext_if proto tcp from any to any port 9000 rdr-to 192.168.1.105
 port 81
 
 
 #pass in log (all) inet proto icmp all icmp-type $icmp_types
 pass in log (all) on $int_if

Re: pf and apache

[Matt Morrow]

Thanks everyone. Seems to be working from outside, so for now I'll just go
with the direct ip of the server when I need to access it internally.

On Fri, Mar 1, 2013 at 11:22 AM, Pawel Jurusz mailing.s...@gmail.comwrote:

 Hello,

 If You are using only redirections, source host will receive SYN-ACK
 from 192.168.1.70, but there was not previously SYN to this address, so
 source host will send TCP Reset. Solution may be:

 pass in on $int_if proto tcp from $int_if:network to any port 80 rdr-to
 192.168.1.70
 pass out on $int_if proto tcp from $int_if:network to any port 80
 received-on $int_if nat-to $int_if


 W dniu 01.03.2013 06:07, Matt Morrow pisze:
  I have pf running on an openbsd box handling port forwarding. All ports
  seem to forward ok except for port 80.
 
  Apache is running on a slackware box. I can access apache just fine
  internally by using the ip address of that server (192.168.1.70), but if
 I
  access the ip of the openbsd box (192.168.1.60) I just get an error that
  the server is not available. It should be forwarding port 80 to the
  slackware box.
 
  Here is my pf.conf
  -
  ext_if = rl0
  int_if = em0
 
  icmp_types=echoreq
  set block-policy return
  set loginterface egress
 
  set skip on lo
  match out on egress inet from !(egress:network) to any nat-to (egress:0)
  block in log
  pass out log quick
  antispoof quick for { lo $int_if }
 
  #
  #   port forwarding
  #
  pass in on $ext_if proto tcp from any to any port 80 rdr-to 192.168.1.70
  port 80
  pass in on $int_if proto tcp from any to any port 80 rdr-to 192.168.1.70
  port 80
  pass in on $ext_if proto tcp from any to any port 6699 rdr-to
 192.168.1.60
  port 22
  pass in on $ext_if proto tcp from any to any port 51413 rdr-to
  192.168.1.105 port 51413
  pass in on $ext_if proto udp from any to any port 51413 rdr-to
  192.168.1.105 port 51413
  pass in on $int_if proto udp from any to any port 58846 rdr-to
  192.168.1.101 port 6881
  pass in on $ext_if proto tcp from any to any port 9000 rdr-to
 192.168.1.105
  port 81
 
  
  #pass in log (all) inet proto icmp all icmp-type $icmp_types
  pass in log (all) on $int_if

Re: pf and apache

[Andy Bradford]

Thus said Matt Morrow on Thu, 28 Feb 2013 23:07:30 -0600:

 Apache is  running on a slackware  box. I can access  apache just fine
 internally by using the ip  address of that server (192.168.1.70), but
 if I  access the ip  of the openbsd box  (192.168.1.60) I just  get an
 error that the  server is not available. It should  be forwarding port
 80 to the slackware box.

I'm going to  guess from your description that you  are trying to rdr-to
on the same interface. The documentation says:

 Redirections cannot reflect packets  back through the interface
 they arrive on, they can  only be redirected to hosts connected
 to different interfaces or to the firewall itself.

The next section discusses using NAT... might be what you're after.

Andy
-- 
TAI64 timestamp: 4000513040c3

Re: 5.2 amd64 php and apache problem

[ole]

Hi Matthias

I dont know if this is any help to you,
but I managed to get my php/mysql running by following 
the guide at: 
http://www.h-i-r.net/2009/10/oamp-openbsd-46-chroot-apache-mysql-php.html
it worked for 5.2 as well.

From that information I also made a small startup script:

sudo rm /var/www/var/run/mysql/mysql.sock
sudo ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock 
sudo apachectl start

Hope this helps /Ole


On Mon, 04 Feb 2013 18:40:48 +0100
Matthias Appel appel.matth...@gmail.com wrote:

 Hi List,
 
 I have a problem with apache and php and hope you guys (and gals!) can 
 help me.
 
 This is what I did/tried up to now.
 
 Activated apache, enabled ssl and changed config, so apache is reachable 
 via IPv4 and v6...no further changes to httpd.conf
 
 Installed php-5.3.14p1.tgz and create the syslink as I were told (as far 
 as I can see, there should be no necessity to do further 
 configuration...or am I wrong?)
 
 created a php script consisting of:
 
 # cd /var/www/cgi-bin/
 # cat phpinfo.php
 ? phpinfo(); ?
 #
 
 
 When I navigate to the phpinfo.php script, I get an error 500 and the 
 log tells me this:
 
 [Mon Feb  4 18:27:01 2013] [error] (8)Exec format error: exec of 
 /var/www/cgi-bin/phpinfo.php failed
 [Mon Feb  4 18:27:01 2013] [error] [client ] Premature end of script 
 headers: /var/www/cgi-bin/phpinfo.php
 [Mon Feb  4 18:27:01 2013] [error] [client ] File does not exist: 
 /var/www/htdocs/favicon.ico
 
 
 As far as I can see, the webserver tries to run the script like a binary 
 cause of the missing shebang.
 Why doesn't he run it like a php script, as supposed?
 
 I dont know, how to tell apache to run the php script...IMHO this should 
 be sufficient to tell him so:
 
 # cat /var/www/conf/modules/php.conf
 LoadModule php5_module /usr/local/lib/php-5.3/libphp5.so
 
 IfModule mod_php5.c
  AddType application/x-httpd-php .php .phtml .php3
  AddType application/x-httpd-php-source .phps
 # Most php configs require this
  DirectoryIndex index.php
 /IfModule
 #
 
 
 I even disabled chroot (I expected no difference but I was desperate 
 enough to try) and changed the permissions to the relaxed settings 
 possible (test-cgi runs fine)
 # ls -lh /var/www/cgi-bin/
 total 288
 --  1 root  bin   137K Aug  1  2012 bgplg
 -rwxrwx---  1 www   www17B Feb  3 22:27 phpinfo.php
 --  1 root  bin   268B Aug  1  2012 printenv
 -rwxrwx---  1 www   www   757B Aug  1  2012 test-cgi
 #
 
 Can anybody help me to get this php thing working, I dont want to write 
 my web-scripts in C ;-)
 
 
 Regards,
 
 Matthias
 


-- 
ole ole.hellqv...@gmail.com

Re: 5.2 amd64 php and apache problem

[Stuart Henderson]

On 2013-02-09, ole ole.hellqv...@gmail.com wrote:
 Hi Matthias

 I dont know if this is any help to you,
 but I managed to get my php/mysql running by following 
 the guide at: 
 http://www.h-i-r.net/2009/10/oamp-openbsd-46-chroot-apache-mysql-php.html
 it worked for 5.2 as well.

 From that information I also made a small startup script:
 
 sudo rm /var/www/var/run/mysql/mysql.sock
 sudo ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock 

this only works if /var/www/var/run/mysql and /var/run/mysql are on the
same filesystem; it would often be preferable to use a separate filesystem
for /var/www to avoid risk of running out of space for other important
files in /var (particularly /var/log and /var/db).

a cleaner method is given in the pkg-readme for drupal:

--snip--
In order to run with standard OpenBSD chroot'ed httpd:

- make sure you can connect to your database.

Create a directory for the mysql socket.

mkdir -p /var/www/var/run/mysql

Adjust ${SYSCONFDIR}/my.cnf to put the mysql socket into the chroot.

[client]
socket = /var/www/var/run/mysql/mysql.sock

[mysqld]
socket = /var/www/var/run/mysql/mysql.sock
--snip--

 sudo apachectl start

using /etc/rc.d/httpd start is preferred as it ensures that httpd is run
with the correct login class. but with the above method you don't need any
particular script, the standard rc.conf.local changes (i.e. adding mysqld
to pkg_scripts line and setting httpd_flags=) will work.

Re: 5.2 amd64 php and apache problem

[Stuart Henderson]

On 2013-02-04, Matthias Appel appel.matth...@gmail.com wrote:
 Activated apache, enabled ssl and changed config, so apache is reachable 
 via IPv4 and v6...no further changes to httpd.conf

 Installed php-5.3.14p1.tgz and create the syslink as I were told (as far 
 as I can see, there should be no necessity to do further 
 configuration...or am I wrong?)

 created a php script consisting of:

 # cd /var/www/cgi-bin/
 # cat phpinfo.php
? phpinfo(); ?
 #

Put this in the htdocs dir, not cgi-bin.

Re: 5.2 amd64 php and apache problem

[Tomasz Marszal]

by defeult the /var/www is a directory for chrooted apache and in this
directory is dir htdocs try to place Your script in this directory or
change this directory on other by changing apache behaviour in
conf/httpd.conf
On Mon, 04 Feb 2013 19:54:51 +0100, Matthias Appel
appel.matth...@gmail.com wrote:
 Am 04.02.2013 19:10, schrieb James Shupe:
 Why is that in the cgi-bin directory to begin with? Do you have
 shorttags enabled in php.ini?
 
 As mentioned, it's pretty much vanilla configuration...so i can be sure 
 cgi-bin/ is allowed for script executionbut httpd.conf will be 
 changed, as soon as php is running.
 
 Shorttags are enabled, but I also had a phpinfo.php with full tags, 
 which produced the same error.