So yeah, dealing with Apache 2.4 vs 2.2 was… fun.  The security Order stuff is obsolete so that was fun editing all the virtual hosts.

The key parts being:

In this example, all requests are denied.

Order deny,allow
Deny from all

Require all denied

In this example, all requests are allowed.

Order allow,deny
Allow from all

Require all granted

In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

Boy was that fun!

Another bit of fallout was the hosts file.  I have spamd running and suddenly I was being bombarded with this message:

Jul 25 10:15:39 cheapvps spamc[683]: connect to spamd on ::1 failed, retrying (#1 of 3): Connection refused

Well it turns out after much digging around that Debian 8 is more IPv6 ready.  The hosts file from Debian 7 was something like this:

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback

And in 8, it changed to this:

fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.0.1 localhost.localdomain localhost
# Auto-generated hostname. Please do not remove this comment.
::1 localhost ip6-localhost ip6-loopback

Needless to say, having localhost point to ::1 made it dependant on all local daemons supporting IPv6, and spamd sadly is IPv4 only.  Luckily it’s a quick fix to remove localhost from ::1, which then let’s it work again with 127.0.0.1, and now it can connect over IPv4.

Well today (August 4th, 2015) there was a critical update to Apache.  And after updating I got this fine error:

# /etc/init.d/apache2 restart

[….] Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service failed. See ‘systemctl status apache2.service’ and ‘journalctl -xn’ for details.

failed!

Great.  So what does the error actually say?

# systemctl status apache2.service
* apache2.service – LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Active: failed (Result: exit-code) since Tue 2015-08-04 13:52:13 HKT; 7s ago
Process: 6063 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 6427 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

systemd[1]: Starting LSB: Apache2 web server…
apache2[6427]: Starting web server: apache2 failed!
apache2[6427]: The apache2 configtest failed. …….
apache2[6427]: Output of config test was:
apache2[6427]: apache2: Syntax error on line 250 …y
apache2[6427]: Action ‘configtest’ failed.
apache2[6427]: The Apache error log may have more….
systemd[1]: apache2.service: control process exi…=1
systemd[1]: Failed to start LSB: Apache2 web server.
systemd[1]: Unit apache2.service entered failed …e.
Hint: Some lines were ellipsized, use -l to show in full.

Fantastic.

# apachectl configtest
apache2: Syntax error on line 250 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/mods-enabled/alias.load: No such file or directory
Action ‘configtest’ failed.
The Apache error log may have more information.

So, normally you’d check under modules-enabled, and link in the missing bits, right? Yeah except there is no MPM modules. Not anymore.  And yes I removed and re-installed the apache2-mpm-prefork module, to no avail.  So after much digging around it looks like the transition to 2.4 finally broke everything irrecoverably.  So I backed up the /etc/apache2 directory than ran the follwing:

apt-get purge apache2

Which then removes all the apache2 stuff from the system.  Then to finish it off, run a quick

rm -rf /etc/apache2

You did back it up, right?

now put it back in..

apt-get install apache2 libapache2-mod-php5

Now to re-enable the virtual sites.  For some reason they need to be enabled with a2ensite.  Except they don’t tell you that your sites now need to end in .conf in the /etc/apache2/sites-available (you did back it up right?)

Also if you run perl (src2html) be sure to run:

a2enmod cgi
service apache2 restart

Not to mention the joys of updating perl, and the cvsweb breaking, and I’m sure far more to break.  Oh well, at least it’ll be up to date.  That’s what I get for mixing ‘stable’ with ‘old stable’, when the local mirror out in the UK I was using moved up to 8.