Shared Servers upgraded to Apache 2.4


#1

I’ve been told that some shared servers have been recently upgraded to Apache 2.4.

Is HTTP/2 support automatic with this upgrade or will that need to be added, and by whom?


#2

Indeed, my shared server was upgraded yesterday to Apache 2.4 (part of DreamHost’s Ubuntu 18 Bionic upgrade).

HTTP/2 is still not activated, but Apache is loading the http2_module, so in theory it could serve HTTP/2 (this is hinted at by the spurious "Upgrade: h2" HTTP header Apache produces). I couldn’t find a way to activate HTTP/2 with Apache config directives via .htaccess file.

So, we’ll probably still have to wait for DH to activate HTTP/2, or add a control-panel option for it.


#3

Interesting, thanks for the input.


#4

Is there a webpage that displays server version? How would I know if my server has been upgraded?


#5

Dreamhost sends out several emails before the upgrade (weeks, days, hours before hand). You can check the version from a shell with the apache2 command (patch level hidden to protect the innocent):

$ /usr/sbin/apache2 -v
Server version: Apache/2.4.* (Ubuntu)
Server built:   2019-*

Or look up the installed packages:

$ dpkg -list | grep apache
apache2   2.4.*   amd64        Apache HTTP Server
...

#6

Thank you … it was really helpful to me


#7

Chuck, with Apache 2.4 if you use the WebDAV panel to manage usernames & passwords for a protected directory, is it necessary to add: require valid-user


#8

The DH Web Panel automatically sets up the necessary htaccess directives (example below) for password protection. The "require valid-user" is there for both Apache 2.2 and 2.4, so it’s forward/backward compatible. The Bionic upgrade guide mentions adding "required user", but I think that is only for manually setup password-protection.

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/user/example.com/.htpasswd
AuthName "Example Domain"
require valid-user
################################################

#9

Well the Htaccess/WebDAV panel utility does not display…

Which is why I asked. If it’s there at the admin level, then all is good.


#10

To clarify, when you setup password protection in the DH Web Panel, DH creates/modifies the .htaccess and .htpasswd files in the site’s web directory. Those files belong to your user (not administrator), so care must be taken not to delete or overwrite them when modifying the site.

Example file /home/user/example.com/.htaccess setup via DH Web Panel:

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/user/example.com/.htpasswd
AuthName "Example Domain"
require valid-user
################################################

#12

Another interesting tidbit about Apache 2.4: 404 (Not Found) errors are no longer logged to error.log as “File does not exist”. Of course, the 404’s are still logged in access.log, but the error log message is now only output when Apache’s LogLevel is set at/below info (I believe DH is set to LogLevel warn).

I’m of two minds about this change. It is definitely great that error.log is much quieter – 99% of the “File does not exist” errors were due to robots looking for common files (robots.txt, etc), and thus were ignorable noise. On the other hand, it was useful at times to catch problems when developing/deploying a new site.


#13

Good catch, thanks for posting.

Was notified my server is scheduled for these upgrades in about a week, so all comments are useful.