Migrate to IBM HTTP Server 9.0

Migrate an IBM HTTP Server, Version 7 or 8 server, to IBM HTTP Server 9.0. Because IHS 9.0 is based on Apache 2.4, you must modify your existing configuration.


Before you begin

We can either manually migrate your existing configuration file from a prior release or customize the new default configuration. For more information about the CHANGES file, review New Features. Application and module developers can view API changes in the API updates overview. To migrate from IBM HTTP Server 6.0, see Upgrading to 2.2 from 2.0 in the Apache documentation.


About this task

Manually migrate your existing configuration file from a prior release. The installation paths of the previous and new releases differ.


Procedure

  1. Copy the httpd.conf configuration files to the new installation path. Update the paths by using the sed command. Many absolute paths within the configuration contain the installation root. See the following example:
    cp /opt/IBM/IHSv9/httpd.conf /opt/IBM/IHSv9/httpd.conf.premigration 
sed "s@/opt/IBM/IHSv8/@/opt/IBM/IHSv9/@" /opt/IBM/IHSv8/httpd.conf > /opt/IBM/IHSv9/httpd.conf

  2. Replace all instances of authz_default_module module with authz_core_module. For example, your code might contain the following line:
    LoadModule authz_default_module modules/mod_authz_default.so

    After updating, the line has the following changes:

    LoadModule authz_core_module modules/mod_authz_core.so

    If you do not replace the module, you receive a message similar to the following example: 

    httpd: Syntax error on line 141 of /IHS/install/path/conf/httpd22.conf: Can
    not load modules/mod_authz_default.so into server: EDC5205S DLL module not
    found. (errno2=0xC40B0025)

  3. Complete one of the following steps to update access control:

    • Best practice: Replace the old access control directives, Order, Allow, and Deny with the Require directive.

    • Add the following line to load the mod_access_compat module:
      LoadModule access_compat_module modules/mod_access_compat.so

  4. Add the following line to load the mod_unixd security module: 
    LoadModule unixd_module modules/mod_unixd.so

    If you do not complete this step, you receive the following error:

     AH00136: Server MUST relinquish startup privileges before accepting connections.  
    Please ensure mod_unixd or other system security module is loaded.

  5. Change the LoadModule line to update the Web Server Plug-ins from Apache 2.2 to Apache 2.4: See the following example:
    LoadModule was_ap24_module /PLUGIN/install/path/mod_was_ap24_http.so

  6. Update third-party modules to the Apache 2.4 versions. Contact the third-party module vendor for specific instructions.

    If modules are not compatible with Apache 2.4, the server cannot start. You receive an error that references ap_my_generation, or ap_log_error, along with the apr_dso_load function.

  7. Search your configuration for directives, such as Include, AuthUserFile, AuthGroupFile, and KeyFile, that might point to files from the old installation root that need to be copied.

  8. If you previously use the BFlagEscapeAllNonAlnum parameter, remove it from RewriteOptions. The parameter is not needed for Version 9.

  9. Add the following line to load the Event MPM:

    LoadModule mpm_event_module modules/mod_mpm_event.so

  10. Start the server with the updated configuration. Review the output of the start command and the error_log to view any errors. Because only one error is detected at a time, you might have to start the server several times as you fix errors.

    If a directive was removed, or was moved to a new module, you might receive an error similar to the following example:

    AH00526: Syntax error on line 924 of /web1/httpd.conf:
Invalid command 'Foo', perhaps misspelled or defined by a module not included in the server configuration

  11. Optional: Review and apply the following changes to the default configuration file, httpd.conf.default in the new release:

    • ReportInterval is reduced to 300 seconds.

    • TrackModules On, TrackHooks allhooks, SlowThreshold 60, TrackHooksOptions logslow are added.

    • mod_backtrace is loaded on some platforms, but it was omitted from previous releases.

    • More columns are appended for serviceability in the default LogFormat.

    • The default configuration is updated to deny access to all directories by default and allow access to the document root, icons, and CGI-BIN directories. See the following example:
      DocumentRoot /var/www/ihs1/htdocs

      <Directory />
    Options FollowSymLinks
    AllowOverride None
    FileETag All -INode
    Require all denied
</Directory>
<Directory "/var/www/ihs1/htdocs">
    Options FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>