Apache Web Server version upgrade

By: Kee Wee Wong Account Admin 25 May 2022 at 5:06 a.m. CDT

10 Responses
Kee Wee Wong gravatar
Hi, Our customer have done the vulnerability scan and flagged the version of apache web server. Are we able to upgrade web server separately from the Gluu container? The version we need to upgrade is Apache version 2.4.53 or later. Please advise. Thank you.
Gluu 4.2.3 Rhel 7.9
closed

Answers

By Aliaksandr Samuseu staff 25 May 2022 at 3:55 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Kee. It should be possible, but you may need to build a recent version from sources. Let me ask around in our security channel. May I also ask which exactly vulnerabilities your scan did show in 4.2.3? It's relatively recent package, I mean.

By Kee Wee Wong Account Admin 26 May 2022 at 5:22 a.m. CDT

Copy
Kee Wee Wong gravatar
Hi @Aliaksandr.Samuseu, The vulnerability detected on the scan is Apache 2.4.x < 2.4.53 Multiple Vulnerabilities . Thanks.

By Michael Schwartz Account Admin 26 May 2022 at 12:46 p.m. CDT

Copy
Michael Schwartz gravatar
I don't see any issue updating the version of Apache. Be careful if mutual TLS is in use.

By Kee Wee Wong Account Admin 26 May 2022 at 9:07 p.m. CDT

Copy
Kee Wee Wong gravatar
Hi @Michael.Schwartz, thanks for the feedback. @Aliaksandr.Samuseu, please advise how to upgrade apache web server in Gluu container? Thanks.

By Kee Wee Wong Account Admin 31 May 2022 at 1:52 a.m. CDT

Copy
Kee Wee Wong gravatar
Hi @Aliaksandr.Samuseu, how can we upgrade the apache web server in Gluu Container? Thanks.

By Kee Wee Wong Account Admin 03 Jun 2022 at 12:33 a.m. CDT

Copy
Kee Wee Wong gravatar
Hi @Aliaksandr.Samuseu , please advise on how to upgrade apache web server in Gluu container. Appreciate your reply. Thanks.

By Aliaksandr Samuseu staff 03 Jun 2022 at 10:13 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Kee. Sorry for the long wait. I asked dev team to confirm, and it seems the procedure is straightforward (make sure you'll backup your container before proceeding and can revert the changes quickly): 1. Stop the service `# service httpd stop` 2. Back up your entire configuration directory, just in case some vital files get overwritten: - `# cp -R /etc/httpd/ ~/httpd_config_backup` - `# cp /etc/certs/httpd.* ~/httpd_config_backup/` 3. Run `# yum install httpd` - it should suggest you to upgrade the package and its dependencies 4. Verify the result; use `diff` to make sure the core files are still the same: - `# diff -c ~/httpd_config_backup/conf/httpd.conf /etc/httpd/conf/httpd.conf` - `# diff -c ~/httpd_config_backup/conf.d/https_gluu.conf /etc/httpd/conf.d/https_gluu.conf` - `# diff ~/httpd_config_backup/httpd.key /etc/certs/httpd.key` (then the cert file as well) 5. Start it again `# service httpd start` You can check version before and after with `# yum info httpd` or `# httpd -V` to make sure it worked.

By Kee Wee Wong Account Admin 06 Jun 2022 at 2:34 a.m. CDT

Copy
Kee Wee Wong gravatar
Hi @Aliaksandr.Samuseu , Thanks for the steps. As the servers do not have Internet access, we will proceed with offline upgrade for the Apache web server. Thank you.

By Mohib Zico staff 20 Jun 2022 at 4:21 a.m. CDT

Copy
Mohib Zico gravatar
Hello Kee Wee, Just touching base... how did it go? Thanks!

By Kee Wee Wong Account Admin 21 Jun 2022 at 10:48 p.m. CDT

Copy
Kee Wee Wong gravatar
Hi Mohib, We have tested in our lab on the upgrade and it looks ok. We are currently raising the request to apply the patches to the customer's environment. Thank you and we can close this ticket.

Post an answer