Bug 42296 - convert 2.2 apache configs to 2.4
convert 2.2 apache configs to 2.4
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: General
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Felix Botner
Stefan Gohmann
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-06 17:41 CEST by Felix Botner
Modified: 2017-04-04 18:28 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Release Management
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2016-09-06 17:41:36 CEST
See Bug #42196.

We have to check all apache configs for 2.4 compatibility.

 * conf.d no longer supported, move config to conf-available,
   active/deactivate config in postint/prerm
 * Options directives like "Options ExecCGI" are no loner supported (add +)
 * Access control?

see http://httpd.apache.org/docs/current/upgrading.html

check at least:
 * univention-nagios
 * univention-ad-connector
 * univention-novnc
Comment 1 Felix Botner univentionstaff 2016-09-06 18:13:39 CEST
* sites in sites-available must have the suffix .conf
Comment 2 Florian Best univentionstaff 2016-09-29 13:13:10 CEST
base/univention-maintenance/.htaccess:Order allow,deny
base/univention-system-activation/conffiles/etc/apache2/sites-available/univention-system-activation:    Order allow,deny
base/univention-system-activation/conffiles/etc/apache2/sites-available/univention-system-activation:    Order allow,deny
base/univention-system-activation/conffiles/etc/apache2/sites-available/univention-system-activation:    Order allow,deny
saml/univention-saml/conffiles/etc/apache2/sites-available/univention-saml.conf:        Order allow,deny
services/univention-apache/conffiles/etc/apache2/conf-available/ucs.conf:       Order allow,deny
services/univention-apache/conffiles/etc/apache2/mods-available/proxy.conf:     print '                Order allow,deny'
services/univention-net-installer/univention-net-installer:     Order allow,deny
services/univention-printserver/conffiles/etc/cups/cups-access-limit.conf:                      print '\t\tOrder deny,allow'
services/univention-printserver/conffiles/etc/cups/cupsd.conf:#BrowseOrder allow,deny
services/univention-printserver/conffiles/etc/cups/cupsd.conf:#BrowseOrder deny,allow
services/univention-printserver/debian/univention-printserver.postinst: cups/policy/default/limit/1/Order="deny,allow" \
services/univention-printserver/debian/univention-printserver.postinst: cups/policy/default/limit/2/Order="deny,allow" \
services/univention-printserver/debian/univention-printserver.postinst: cups/policy/default/limit/3/Order="deny,allow"
Comment 3 Philipp Hahn univentionstaff 2017-01-06 10:03:12 CET
Broken symbolic links (due to missing suffix '.conf'):

# find /etc/apache2 -xtype l -printf '%p %l\n'
/etc/apache2/sites-enabled/univention-saml ../sites-available/univention-saml
/etc/apache2/sites-enabled/univention-management-console ../sites-available/univention-management-console
Comment 4 Felix Botner univentionstaff 2017-02-08 13:43:21 CET
univention-ad-connector:
 * removed apache config

univention-novnc
 * moved apache config to conf-available
 
univention-nagios
 * removed old update code in postinst
 * enable/disable nagios3 apache2-maintscript-helper
 * old conf /etc/apache2/conf.d/nagios3.conf is removed by nagios3-cgi.postinst

univention-system-activation
 * renamed, fixed /etc/apache2/sites-available/univention-system-activation.conf
Comment 5 Florian Best univentionstaff 2017-02-14 18:07:07 CET
There was one missing:

univention-nagios (10.0.1-1):
r76665 | Bug #42296: fix apache configuration syntax
Comment 6 Florian Best univentionstaff 2017-02-21 15:19:28 CET
base/univention-doc/conffiles/etc/apache2/sites-available/univention-doc is not migrated: missing renaming into .conf.
Comment 7 Florian Best univentionstaff 2017-02-21 15:24:02 CET
The following file is also not migrated:
./base/univention-debmirror/conffiles/etc/apache2/sites-available:
univention-repository

What about this one, is it a apache config? 
./services/univention-radius/conffiles/etc/freeradius/sites-available:
default  inner-tunnel
Comment 8 Felix Botner univentionstaff 2017-02-21 16:19:38 CET
(In reply to Florian Best from comment #6)
> base/univention-doc/conffiles/etc/apache2/sites-available/univention-doc is
> not migrated: missing renaming into .conf.

done 

(In reply to Florian Best from comment #7)
> The following file is also not migrated:
> ./base/univention-debmirror/conffiles/etc/apache2/sites-available:
> univention-repository

done

> 
> What about this one, is it a apache config? 
> ./services/univention-radius/conffiles/etc/freeradius/sites-available:
> default  inner-tunnel

no, these are freeradius configs
Comment 9 Stefan Gohmann univentionstaff 2017-02-23 20:21:25 CET
Tests: OK, looks good.

Changelog: OK
Comment 10 Stefan Gohmann univentionstaff 2017-03-30 11:49:39 CEST
The univention-debmirror apache config has been renamed but I don't have access:

[Wed Mar 29 21:03:35.494994 2017] [authz_core:error] [pid 2606] [client 10.201.45.1:53500] AH01630: client denied by server configuration: /var/lib/univention-repository/mirror

"Require all granted" fixed it.
Comment 11 Felix Botner univentionstaff 2017-03-30 12:59:37 CEST
(In reply to Stefan Gohmann from comment #10)
> The univention-debmirror apache config has been renamed but I don't have
> access:
> 
> [Wed Mar 29 21:03:35.494994 2017] [authz_core:error] [pid 2606] [client
> 10.201.45.1:53500] AH01630: client denied by server configuration:
> /var/lib/univention-repository/mirror
> 
> "Require all granted" fixed it.

univention-debmirror r78495
Comment 12 Stefan Gohmann univentionstaff 2017-03-31 08:08:35 CEST
(In reply to Felix Botner from comment #11)
> (In reply to Stefan Gohmann from comment #10)
> > The univention-debmirror apache config has been renamed but I don't have
> > access:
> > 
> > [Wed Mar 29 21:03:35.494994 2017] [authz_core:error] [pid 2606] [client
> > 10.201.45.1:53500] AH01630: client denied by server configuration:
> > /var/lib/univention-repository/mirror
> > 
> > "Require all granted" fixed it.
> 
> univention-debmirror r78495

OK
Comment 13 Stefan Gohmann univentionstaff 2017-04-04 18:28:53 CEST
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".