Apache 2.4 Backports for Debian wheezy and (squeeze)

By | 2015-09-22

Running Apache 2.4 (SID) under Debian wheezy and (squeeze)

Apache 2.4 is the current major release. This version is available in the debian SID and Testing tree (experimental before), so I’ve backported these packages to wheezy and in the past squeeze. The last available squeeze-version for i386 in this repro is 2.4.4-6, because I’ve no squezze-i386 servers anymore and I can’t test this packages. The last squeeze-version for amd64 is 2.4.10-3. That is the last version for squeeze in this repro.

The current amd64 wheezy-version is 2.4.10-6. it’s hard to backport newer versions at the moment, because these depending on a higher dpkg version. Is there a security problem, then I’ll go this way and provide a new version.

After jessie is released I’ll continue backporting the latest version of apache to go with releases cicle.

My first intention to backport was to set up custom error pages in a reverse proxy with Tomcat and AJP. Now I use the packages in different configurations.

Caution: Apache 2.4 is stable, but the packages are from the SID branch. Use at your own risk !

The repository contains the apache 2.4 package and the modul libapache2-mod-fcgid. If you use php as modul (libapache2-mod-php5), switch to php5-cgi with mod_fcgid. A good howto could be found on typo3.org. Modules like libapache2-mod-perl2 and libapache2-mod-php5 are not usable, because the apache api has changed (see the debian apache wiki). After the packages had switched from EXPERTIMENTAL to SID I’ll backport more module like mod-php5 against the new api.

Here are also my configured ciphers:

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS'

Include this repository by adding these lines to your /etc/apt/sources.list:

deb http://www.d7031.de/debian squeeze-experimental main

or

deb http://www.d7031.de/debian wheezy-experimental main

Here is list of all packages include in my repro:

  • apache2
  • apache2.2-bin
  • apache2-bin
  • apache2-data
  • apache2-dbg
  • apache2-dev
  • apache2-doc
  • apache2-mpm-event
  • apache2-mpm-itk
  • apache2-mpm-prefork
  • apache2-mpm-worker
  • apache2-suexec
  • apache2-suexec-custom
  • apache2-suexec-pristine
  • apache2-utils
  • libapache2-mod-fcgid
  • libapache2-mod-fcgid-dbg
  • libapache2-mod-proxy-html
  • libaprutil1
  • libaprutil1-dbd-freetds
  • libaprutil1-dbd-mysql
  • libaprutil1-dbd-odbc
  • libaprutil1-dbd-pgsql
  • libaprutil1-dbd-sqlite3
  • libaprutil1-dbg
  • libaprutil1-dev
  • libaprutil1-ldap

12 thoughts on “Apache 2.4 Backports for Debian wheezy and (squeeze)

  1. Marc

    Hi, I’m currently trying to install this on squeeze and get this error:

    The following packages have unmet dependencies:
    apache2 : Depends: d7031-archive-keyring but it is not installable
    E: Broken packages

    Where can I find the d7031-archive-keyring package?

    Reply
  2. papi

    any ETA on when apache 2.4 when be upgrade to any other version beside 2.4.10?

    Reply
    1. Tom Post author

      It’s not so easy to update this package, so I’ll do this only for high security reasons.

      Tom

      Reply
  3. Mike

    Hi,

    I’ve been using your repo for a while but recently libapache2-mod-fastcgi has stopped working:

    The following packages have unmet dependencies:
    libapache2-mod-fastcgi : Depends: apache2.2-common (>= 2.2.4) but it is not going to be installed

    Any change of a fix?

    Mike

    Reply
    1. Tom Post author

      Hi Mike,

      it is possible for you to use the included libapache2-mod-fcgid instead ?

      Tom

      Reply
  4. krizz

    maybe you should post some accepted ciphers as well. Took me a bit to find out, that my ciphers were to paranoid for h2 😉
    Looks like you need ciphers which contain the DH or DHE algorithm.

    But besides that, your backports are working great, thanks!

    Reply
    1. Tom Post author

      Hi krizz,

      I’ve updated my post, many thanks.

      Tom

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 3 =