Migrating IBM HTTP Server configuration files from a previous release

Migrate an IBM® HTTP Server, Version 7 or 8 server, to IBM HTTP Server 9.0. Because IHS 9.0 is based on Apache 2.4, you must modify your existing configuration.

Before you begin

This topic describes the changes necessary to use an existing configuration file from a prior release, which is an alternative to applying your customizations on top of the current releases default configuration file. For more information about the CHANGES file, review New Features.

Application and module developers can view API changes in the API updates overview. To migrate from IBM HTTP Server 6.0, see Upgrading to 2.2 from 2.0 in the Apache documentation.

About this task

Manually migrate your existing configuration file from a prior release.

Procedure

  1. Copy the httpd.conf configuration files from the prior release to the new installation path. Update the paths, for example by using the sed command. Many absolute paths within the configuration contain the installation root.
    See the following example:
    cp /opt/IBM/IHSv9/httpd.conf /opt/IBM/IHSv9/httpd.conf.premigration 
sed "s@/opt/IBM/IHSv8/@/opt/IBM/IHSv9/@" /opt/IBM/IHSv8/httpd.conf > /opt/IBM/IHSv9/httpd.conf
  2. Replace all instances of authz_default_module module with authz_core_module.
    For example, your code might contain the following line:
    LoadModule authz_default_module modules/mod_authz_default.so
    After updating, the line has the following changes:
    LoadModule authz_core_module modules/mod_authz_core.so
    If you do not replace the module, you receive a message similar to the following example: 
    httpd: Syntax error on line 141 of /IHS/install/path/conf/httpd22.conf: Can
    not load modules/mod_authz_default.so into server: EDC5205S DLL module not
    found. (errno2=0xC40B0025)
  3. Complete one of the following steps to update access control:
    • Best practice: Replace the old access control directives, Order, Allow, and Deny with the Require directive.
    • Add the following line to load the mod_access_compat module:
      LoadModule access_compat_module modules/mod_access_compat.so
  4. Add the following line to load the mod_unixd security module: 
    LoadModule unixd_module modules/mod_unixd.so
    If you do not complete this step, you receive the following error:
     AH00136: Server MUST relinquish startup privileges before accepting connections.  
    Please ensure mod_unixd or other system security module is loaded.
  5. Change the LoadModule line to update the Web Server Plug-ins from Apache 2.2 to Apache 2.4:
    See the following example:
    LoadModule was_ap24_module /PLUGIN/install/path/mod_was_ap24_http.so
  6. Update third-party modules to the Apache 2.4 versions. Contact the third-party module vendor for specific instructions.

    If modules are not compatible with Apache 2.4, the server cannot start. You receive an error that references ap_my_generation, or ap_log_error, along with the apr_dso_load function.

  7. Search your configuration for directives, such as Include, AuthUserFile, AuthGroupFile, and KeyFile, that might point to files from the old installation root that need to be copied.
  8. If you previously use the BFlagEscapeAllNonAlnum parameter, remove it from RewriteOptions. The parameter is not needed for Version 9.
  9. [Linux]Add the following line to load the Event MPM:

    LoadModule mpm_event_module modules/mod_mpm_event.so

  10. [Linux]Remove <IfModule worker.c> and update defaults
    • If the configuration uses <IfModule worker.c> configuration sections, remove the opening and closing tags or update them from "worker.c" to "event.c".
    • Update the ServerLimit to be at least 1.5 times as large as MaxClients divided by ThreadsPerChild.
  11. Start the server with the updated configuration. Review the output of the start command and the error_log to view any errors. Because only one error is detected at a time, you might have to start the server several times as you fix errors.

    If a directive was removed, or was moved to a new module, you might receive an error similar to the following example:

    AH00526: Syntax error on line 924 of /web1/httpd.conf:
Invalid command 'Foo', perhaps misspelled or defined by a module not included in the server configuration
  12. Optional: If you are modifying a configuration file from a previous release instead of modifying the the 9.0 default configuration, review and apply the following changes to the your configuration file. These changes can be viewed in context in the file httpd.conf.default in the new release:
    • ReportInterval is reduced to 300 seconds.
    • TrackModules On, TrackHooks allhooks, SlowThreshold 60, TrackHooksOptions logslow are added.
    • mod_backtrace is loaded by default on some platforms, but it was omitted from previous releases.
    • More columns are appended for serviceability in the default LogFormat.
    • The default configuration is updated to deny access to all directories by default and allow access to the document root, icons, and CGI-BIN directories. See the following example:
      DocumentRoot /var/www/ihs1/htdocs
      <Directory />
    Options FollowSymLinks
    AllowOverride None
    FileETag All -INode
    Require all denied
</Directory>

# Document Root:
<Directory "/var/www/ihs1/htdocs">
    Options FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Require all denied
Forbid
</Files>