iusrepo / httpd24u Goto Github PK

Currently the IUS mod_ssl (mod24u_ssl) package's default configuration leaves SSLv3 enabled. This matches the current default behavior of the stock EL6 and EL7 mod_ssl packages. Fedora explicitly disables SSLv3. We all know SSLv3 is bad. Should the IUS mod_ssl package match the stock EL6/7 behavior for compatibility, or pursue a more secure default configuration?

I just upgraded a CentOS 7.6 server from::
httpd24u.x86_64 2.4.35-1.ius.centos7 to
httpd24u.x86_64 2.4.38-1.ius.centos7

The file /etc/httpd/conf.d/autoindex.conf had not been present before the upgrade, but was deployed during this upgrade. Because the contents of this file are not wrapped in <IfModule mod_autoindex></IfModule>, this prevented Apache httpd from starting.

Hi, I used apache behind a load-balancer since, Since I update the package, X-Forwarded-For Header disapear in apache logs.

Apache httpd project team release a new version due to these reasons:

CVE's fixed
Bugs fixed
Improvements

See https://downloads.apache.org/httpd/CHANGES_2.4.59

Please, can you check, approve and, if all is ok, merge PR #65?

Roberto

Hello,

hope this is the right place for the report.

We have a problem with the combined usage of php56u and httpd24u in an Centos6 server.
The installation of php56u with yum shell is working without any problems.
But there is a collission when the default httpd 2.2 should be replaced with httpd24u:

[root@ctbuilder ~]# yum shell
Geladene Plugins: fastestmirror
Einrichten der Yum-Shell
> remove httpd httpd-tools
Einrichten des Entfernungsprozess
> install httpd24u httpd24u-tools
Loading mirror speeds from cached hostfile
Einrichten des Installationsprozess
> run
--> Führe Transaktionsprüfung aus
---> Package httpd.x86_64 0:2.2.15-54.el6.centos will be gelöscht
--> Verarbeite Abhängigkeiten: httpd-mmn = 20051115 für Paket: php56u-5.6.27-1.ius.centos6.x86_64
--> Verarbeite Abhängigkeiten: httpd-mmn = 20051115 für Paket: php56u-5.6.27-1.ius.centos6.x86_64
---> Package httpd-tools.x86_64 0:2.2.15-54.el6.centos will be gelöscht
---> Package httpd24u.x86_64 0:2.4.23-2.ius.centos6 will be installiert
--> Verarbeite Abhängigkeiten: httpd24u-filesystem = 2.4.23-2.ius.centos6 für Paket: httpd24u-2.4.23-2.ius.centos6.x86_64
--> Verarbeite Abhängigkeiten: httpd24u-filesystem = 2.4.23-2.ius.centos6 für Paket: httpd24u-2.4.23-2.ius.centos6.x86_64
--> Verarbeite Abhängigkeiten: libnghttp2.so.14()(64bit) für Paket: httpd24u-2.4.23-2.ius.centos6.x86_64
--> Verarbeite Abhängigkeiten: libapr15uutil-1.so.0()(64bit) für Paket: httpd24u-2.4.23-2.ius.centos6.x86_64
--> Verarbeite Abhängigkeiten: libapr15u-1.so.0()(64bit) für Paket: httpd24u-2.4.23-2.ius.centos6.x86_64
---> Package httpd24u-tools.x86_64 0:2.4.23-2.ius.centos6 will be installiert
--> Führe Transaktionsprüfung aus
---> Package apr15u.x86_64 0:1.5.2-1.ius.centos6 will be installiert
---> Package apr15u-util.x86_64 0:1.5.4-3.ius.centos6 will be installiert
---> Package httpd24u-filesystem.noarch 0:2.4.23-2.ius.centos6 will be installiert
---> Package libnghttp2.x86_64 0:1.6.0-1.el6.1 will be installiert
---> Package php56u.x86_64 0:5.6.27-1.ius.centos6 will be gelöscht
--> Abhängigkeitsauflösung beendet
====================================================================================================== Paket Arch Version Repository Grösse ====================================================================================================== Installieren: httpd24u x86_64 2.4.23-2.ius.centos6 centos6-ius 1.2 M httpd24u-tools x86_64 2.4.23-2.ius.centos6 centos6-ius 78 k Entfernen: httpd x86_64 2.2.15-54.el6.centos @updates6 3.0 M httpd-tools x86_64 2.2.15-54.el6.centos @updates6 138 k Installiert für Abhängigkeiten: apr15u x86_64 1.5.2-1.ius.centos6 centos6-ius 105 k apr15u-util x86_64 1.5.4-3.ius.centos6 centos6-ius 88 k httpd24u-filesystem noarch 2.4.23-2.ius.centos6 centos6-ius 22 k libnghttp2 x86_64 1.6.0-1.el6.1 epel6 56 k Entfernt für Abhängigkeiten: php56u x86_64 5.6.27-1.ius.centos6 @centos6-ius 9.0 M
Vorgangsübersicht
======================================================================================================
Install 6 Package(s)
Remove 3 Package(s)
``
Gesamte Downloadgrösse: 1.6 M
`Ist dies in Ordnung? [j/N] :`

The problem exist also with installation of httpd24u first:

[root@ctbuilder ~]# yum --installroot=/root/ctrootfs.unpriv.ius-test/ install php56u
Geladene Plugins: fastestmirror
Einrichten des Installationsprozess
Loading mirror speeds from cached hostfile
Löse Abhängigkeiten auf
--> Führe Transaktionsprüfung aus
---> Package php56u.x86_64 0:5.6.27-1.ius.centos6 will be installiert
--> Verarbeite Abhängigkeiten: httpd-mmn = 20051115 für Paket: php56u-5.6.27-1.ius.centos6.x86_64
--> Verarbeite Abhängigkeiten: httpd-mmn = 20051115 für Paket: php56u-5.6.27-1.ius.centos6.x86_64
--> Führe Transaktionsprüfung aus
---> Package httpd.x86_64 0:2.2.15-54.el6.centos will be installiert
--> Verarbeite Abhängigkeiten: httpd-tools = 2.2.15-54.el6.centos für Paket: httpd-2.2.15-54.el6.centos.x86_64
--> Führe Transaktionsprüfung aus
---> Package httpd-tools.x86_64 0:2.2.15-54.el6.centos will be installiert
--> Verarbeite Konflikt: httpd24u-2.4.23-2.ius.centos6.x86_64 kollidiert mit httpd < 2.4.23
--> Verarbeite Konflikt: httpd24u-tools-2.4.23-2.ius.centos6.x86_64 kollidiert mit httpd-tools < 2.4.23
--> Abhängigkeitsauflösung beendet
Fehler: httpd24u-tools conflicts with httpd-tools-2.2.15-54.el6.centos.x86_64
Fehler: httpd24u conflicts with httpd-2.2.15-54.el6.centos.x86_64
Sie können versuchen --skip-broken zu benutzen, um das Problem zu umgehen.
You could try running: rpm -Va --nofiles --nodigest

It seams, that there is a missing dependency in the pakage.
Or is this intended to do a incompatibility between the two pakages?

Kindly regards,
Raider700

Apache httpd server project team has released a new version. This release fixes several security issues.

https://dlcdn.apache.org/httpd/CHANGES_2.4.54

Thanks!

What new package do you want?

httpd-2.4.56

Why?

Security Issues in the current 2.4.55

Testing

I agree to test the new package to ensure that it works as expected. Once I am satisfied with the results of my testing I will comment on this issue with the word "STABLE" to get it promoted to the stable repos.

In regards to:
iuscommunity-pkg/apr15u#1
iuscommunity-pkg/apr15u-util#1

This package must be rebuilt to link against the new library names libapr15u-1.so.0 and libapr15uutil-1.so.0.

Trying to build src rpm (httpd24u-2.4.37-1.ius.centos6.src.rpm) on CentOS 6.10 x86_64 box using rpmbuild -bb and it fails here:

error: File must begin with "/": %{rpmmacrodir}/macros.httpd
RPM build errors:
File must begin with "/": %{rpmmacrodir}/macros.httpd

I have only edited the spec file to use 2.4.38 source tarball and --with-ssl=/usr/local/openssl in the configure options (so that h2 will actually work since it needs 1.0.2 and there is no rpm for this version of openssl)

it seems that the /etc/sysconfig/httpd file is not used by the package, as it is for other main EL7 packages, such as the one from CentOS 7.
This can be worked around by creating a config through systemctl edit, but it is a difference in how the other httpd packages work.

the stock httpd systemd service file had this line, that httpd24u does not
EnvironmentFile=/etc/sysconfig/httpd

#17 was closed due to the build requiring a different curl version.

However, RHSCL ships httpd24-curl that takes care of this limitation.

Given that mod_md is going to be a default module in the next version of apache, I'd like to see if there's a way to have this decision revisited. Specifically, the next httpd release will move this module out of "Experimental" status, and into the base, so you will have to actively disable mod_md in your builds going forward if you choose not to support it.

Perhaps you can have a look at how softwarecollections.org handles this situation and see if there's a way forward here?

Apache httpd project team has released a new version due to these reasons:

• CVE's fixed
• Bugs fixed
• Improvements

See https://downloads.apache.org/httpd/CHANGES_2.4.52

Thank you.

Roberto

As long as reported in ius faq, is it possible to promote form ius-testing the latest 2.4.52 release into the main ius repository?

Thank you.

Roberto

Apache httpd project team release a new version due to these reasons

• CVE's fixed
• Bugs fixed
• Improvements

See https://dlcdn.apache.org/httpd/CHANGES_2.4.58

Please, can you check, approve and, if all is ok, merge PR #63?

Roberto

It would be great if this had support for the http/2 protocol and was built for el7. Currently the httpd that comes with el7 does not support http/2.

I've begun the work needed to add http/2 and el7 support and should have a pull request tomorrow for it.

Hi!

Latest build httpd24u-2.4.33-1.ius dont include system files like:

/usr/lib/systemd/system/htcacheclean.service
/usr/lib/systemd/system/httpd.service
/usr/lib/systemd/system/httpd.socket
/usr/lib/tmpfiles.d/httpd.conf

missing simbolic link httpd.service -> /usr/lib/systemd/system/httpd.service and

systemctl enable httpd
httpd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig httpd on

Thx

Thanks for your hard work on this repo. Please, update Apache due Security Issues in the current 2.4.41. I can test this real quick if needed.

I am going to be working on the update to 2.50 for the recent vulnerabilities.

mod_brotli has been in stable since 2.4.26, and fedora has been building with it since 2.4.29-2, can we build it here as well?

I suppose this is also a new package request for the brotli library too... or see if the fedora maintainer will maintain it for EPEL too... https://apps.fedoraproject.org/packages/brotli

Let me know your thoughts on this, if you'd like me to reach out to the brotli maintainer.

Hi there,
in Apache version 2.4.52 there seems to be a bug in the event MPM.
After some time Apache is not responding any more.
See here for reference: https://bz.apache.org/bugzilla/show_bug.cgi?id=65769

Can you please update your package when the new version 2.4.53 comes out?

Thank you,
Sebastian

The logrotate file contains the systemctl command, which isn't valid on el6.

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
    endscript
}

Since update to Version 2.4.54-1 Apache shows the following error during restart in error.log:

• [Thu Jul 07 16:48:00.516980 2022] [mime_magic:error] [pid 17174] AH01521: mod_mime_magic: offset AddIconByType /icons/bomb.gif application/x-coredump invalid
• [Thu Jul 07 16:48:00.517065 2022] [mime_magic:error] [pid 17174] AH01524: mod_mime_magic: type AddIconByType /icons/bomb.gif application/x-coredump invalid

The error is caused by line 386 in /etc/httpd/conf/magic. (AddIconByType /icons/bomb.gif application/x-coredump)

The wrong line was added with httpd-2.4.53-icons.patch in line 38.

Apache httpd project team release a new version due to these reasons

• CVE's fixed (2.4.47/48)
• Bugs fixed
• Improvements

See https://downloads.apache.org/httpd/CHANGES_2.4.48

Thank you in advance!

Roberto

I'm sorry to bother you again but Apache httpd project team release a new version due to these reasons:

• CVE's fixed
• Bugs fixed
• Improvements

See https://downloads.apache.org/httpd/CHANGES_2.4.49

Thank you in advance!

Roberto

Howdy,

I wanted to enable TLSv1.3 for my server. Does this require the ius httpd24u to be rebuilt with a newer version of openssl? Is the openssl not dynamically linked?

Thank you.

OpenSSL 1.1.1c FIPS  28 May 2019
built on: Wed May 13 11:27:10 2020 UTC
platform: linux-x86_64
options:  bn(64,64) md2(char) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\""
OPENSSLDIR: "/etc/pki/tls"
ENGINESDIR: "/usr/lib64/engines-1.1"
Seeding source: os-specific
engines:  dynamic

[root@atom ~]# yum list installed | grep httpd24u
httpd24u.x86_64                     2.4.41-1.el7.ius                 @ius
httpd24u-devel.x86_64               2.4.41-1.el7.ius                 @ius
httpd24u-filesystem.noarch          2.4.41-1.el7.ius                 @ius
httpd24u-mod_ssl.x86_64             1:2.4.41-1.el7.ius               @ius
httpd24u-tools.x86_64               2.4.41-1.el7.ius                 @ius

Hey

Not completely sure if this is a repo or a direct apache issue but I noticed that httpd was failing to start today on some Centos 6 machines after the update to 2.4.33.

Turns out the PidFile setting has changed from /var/run/httpd/httpd.pid to /run/httpd/httpd.pid between 2.4.29 and 2.4.33 somehow although I can't see exactly why after quickly looking both at apache's and this source.

Nonetheless this means httpd will always fail on Centos 6 due to the /run directory not existing. It does exist on Centos 7 so I think it gets a pass there but I also wonder if it's wrong on there also despite.

Cheers,
R.

There are numerous references to sytemctl which make this slightly more painful to run on EL6:
https://github.com/iuscommunity-pkg/httpd24u/search?utf8=%E2%9C%93&q=systemctl&type=Code

What's the usage like for this on EL7 - I'm assuming fairly low as they have default 2.4 ..?

hi @carlwgeorge

Wondering if you might be able to update this and associated package/s to version 2.4.38?

This version has known security vulnerabilities:

https://httpd.apache.org/security/vulnerabilities_24.html

Cheers,
Damo.

Currently RHEL doesn't ship a version of OpenSSL with the ALPN protocol. HTTP2 connections can be negotiated over ALPN or the older NPN protocol. However, the Apache mod_http2 module is only compatible with ALPN. This means that currently, the IUS http24u packages only support HTTP2 over non-TLS connections.

Server configuration:

$ cat /etc/httpd/conf.d/http2.conf 
Protocols h2 h2c http/1.1

Client tests:

$ curl -s -I --http2 http://test7.ius.io | grep HTTP
HTTP/1.1 101 Switching Protocols
HTTP/2.0 200

$ curl -s -I --http2 https://test7.ius.io | grep HTTP
HTTP/1.1 200 OK

We believe that Red Hat intends to rebase RHEL 7 OpenSSL to some version of 1.0.2, which includes the ALPN protocol. Unfortunately that appears to be planned for the 7.4 release.

Provisioned 2 boxes today and the same error has occurred:

FAILED! => {"changed": false, "failed": true, "msg": "httpd: Syntax error on line 56 of /etc/httpd/conf/httpd.conf: Syntax error on line 12 of /etc/httpd/conf.modules.d/00-proxy.conf: Cannot load modules/mod_proxy_fdpass.so into server: /etc/httpd/modules/mod_proxy_fdpass.so: cannot open shared object file: No such file or directory\n"}

Within the changelog:

changelog
* Fri Jul 22 2016 Carl George <[email protected]> - 2.4.23-2.ius
- Restore build of mod_proxy_fdpass (Fedora)

Multiple CVE's fixed - see https://downloads.apache.org/httpd/CHANGES_2.4.46

The httpd24u package currently uses the naming scheme mod24u_ for module subpackage. The "24u" is obviously taken from the main package name. We choose this naming scheme during the initial package creation.

httpd24u.x86_64 : Apache HTTP Server
httpd24u-devel.x86_64 : Development interfaces for the Apache HTTP server
httpd24u-filesystem.noarch : The basic directory layout for the Apache HTTP server
httpd24u-manual.noarch : Documentation for the Apache HTTP server
httpd24u-tools.x86_64 : Tools for use with the Apache HTTP Server
mod24u_ldap.x86_64 : LDAP authentication modules for the Apache HTTP Server
mod24u_proxy_html.x86_64 : HTML and XML content filters for the Apache HTTP Server
mod24u_session.x86_64 : Session interface for the Apache HTTP Server
mod24u_ssl.x86_64 : SSL/TLS module for the Apache HTTP Server

We have been asked many times by users how to use mod_ssl with httpd24u. The correct answer is mod24u_ssl, but it illustrates the fact that the naming scheme is less than ideal. Here are a few more Apache HTTP Server module package names for comparison.

As you can see, this isn't an exact science, and IUS hasn't been entirely consistent over time.

Would using "httpd24u-" as a prefix be a better naming scheme, i.e. "httpd24u-mod_ssl"? Then users who run yum search mod_ssl would immediately see what they need.

What if we then offered mod_wsgi built against httpd24u and python35u? We don't currently have plans for this, but don't want to rule it out by way of an ineffective naming scheme. Which name would work best?

python35u-mod24u_wsgi
httpd24u-mod_wsgi35u
httpd24u-python35u-mod_wsgi
httpd24u-mod_wsgi-python35u

It is also worth mentioning that IUS is fundamentally designed around building a package against stock dependencies, so you only have to upgrade the one package you need. This is part of the reason we decided to not build mod_php packages for httpd24u.

OK, long rant over. What does the community think?

2.4.34 was released earlier this month, and I'm curious if there are plans to update httpd24u to that version. I'm interested in the CVE fixes in particular.

Sorry for not contributing a pull request myself- I would be happy to try and come up with one, but I'm inexperienced with packaging and would need a few pointers on how to begin.

Thank you so much for all the work you do here! I really appreciate the ability to use Apache 2.4 features in CentOS 6.

It would be useful to add mod_md to the default build of httpd24u.

This would allow for automatic certificate issuance and renewal from Let's Encrypt with Apache without having to run a version compiled from the latest upstream.

I am happy to test the package with this added support on CentOS7 / SL7.

Hello, there seem to be some security fixes in 2.4.41.
Do you plan to update httpd for el6?

Thx
Rainer

Apache httpd server project team has released a new version. This release fixes several security issues.

https://dlcdn.apache.org/httpd/CHANGES_2.4.55

Thanks!

Hello, version 2.4.39 has come out with some pretty important fixes in it, and we are hoping this version will be out soon.

http://www.apache.org/dist/httpd/CHANGES_2.4.39

We appreciate the effort put into the IUS packages, thank you!

We are installing httpd24u version 2.4.37-1 via the IUS repo but it seems to be missing the dependency libnghttp2.so.14
This is via chef14 on centos7:

Resolving Dependencies

   --> Running transaction check
   ---> Package httpd24u.x86_64 0:2.4.37-1.ius.centos7 will be installed
   --> Processing Dependency: httpd24u-tools = 2.4.37-1.ius.centos7 for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   --> Processing Dependency: httpd24u-filesystem = 2.4.37-1.ius.centos7 for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   --> Processing Dependency: httpd24u-filesystem = 2.4.37-1.ius.centos7 for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   --> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   --> Processing Dependency: /etc/mime.types for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   --> Processing Dependency: libapr15u-1.so.0()(64bit) for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   --> Processing Dependency: libapr15uutil-1.so.0()(64bit) for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   --> Processing Dependency: libnghttp2.so.14()(64bit) for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   --> Running transaction check
   ---> Package apr15u.x86_64 0:1.5.2-2.ius.centos7 will be installed
   ---> Package apr15u-util.x86_64 0:1.5.4-3.ius.centos7 will be installed
   ---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed
   ---> Package httpd24u.x86_64 0:2.4.37-1.ius.centos7 will be installed
   --> Processing Dependency: libnghttp2.so.14()(64bit) for package: httpd24u-2.4.37-1.ius.centos7.x86_64
   ---> Package httpd24u-filesystem.noarch 0:2.4.37-1.ius.centos7 will be installed
   ---> Package httpd24u-tools.x86_64 0:2.4.37-1.ius.centos7 will be installed
   ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
   --> Finished Dependency Resolution
    You could try using --skip-broken to work around the problem
    You could try running: rpm -Va --nofiles --nodigest
   STDERR: Error: Package: httpd24u-2.4.37-1.ius.centos7.x86_64 (ius)
       Requires: libnghttp2.so.14()(64bit)
   ---- End output of ["yum", "--enablerepo=ius", "-y", "install", "httpd24u-0:2.4.37-1.ius.centos7.x86_64"] ----
   Ran ["yum", "--enablerepo=ius", "-y", "install", "httpd24u-0:2.4.37-1.ius.centos7.x86_64"] returned 1

I've noticed a similar issue on #19

Can I use this rpm file to update my current version of httpd ?
current version : 2.4.6 (downloaded using centos 7 base/updates yum repo)
Steps I thought of :

1. download the rpm file using the mirror URL
2. yum localinstall <httpd.*.rpm>

Will these correctly update all the httpd files ?

Hello,

we have a problem with the releases 2.4.25-2.ius and 2.4.25-3.ius with the function SSCStamplingCache. Basesystem is a minimal RHEL 7.3 and the apache is working as loadbalancer.

If the cache is enabled with the following line the graceful reload fails with a segmentation fault:

SSLStaplingCache shmcb:/run/httpd/stapling_cache(128000)

The message log contains after the graceful reload:

Mar 21 09:04:00 loadbalancer01 httpd: [Tue Mar 21 09:04:00.590046 2017] [core:warn] [pid 59575:tid 140170181482688] AH00111: Config variable ${woapp} is not defined
Mar 21 09:04:00 loadbalancer01 httpd: [Tue Mar 21 09:04:00.590201 2017] [core:warn] [pid 59575:tid 140170181482688] AH00111: Config variable ${woapp} is not defined
Mar 21 09:04:00 loadbalancer01 systemd[1]: Reloaded The Apache HTTP Server.
Mar 21 09:04:00 loadbalancer01 systemd-logind[738]: Removed session 43260.
Mar 21 09:04:01 loadbalancer01 systemd[1]: httpd.service: main process exited, code=killed, status=11/SEGV
Mar 21 09:04:01 loadbalancer01 shibd: INFO Shibboleth.Listener [8]: detected socket closure, shutting down worker thread
Mar 21 09:04:01 loadbalancer01 systemd[1]: Unit httpd.service entered failed state.
Mar 21 09:04:01 loadbalancer01 systemd[1]: httpd.service failed.

The apache error log contains:

Mar 21 09:04:00 loadbalancer01 httpd[31637]: [mpm_worker:notice] [vhost loadbalancer01.company.public] [pid 31637] [tid 31637] [err -] [ref -] AH00297: SIGUSR1 received.  Doing graceful restart
Mar 21 09:04:00 loadbalancer01 httpd[31637]: [Tue Mar 21 09:04:00.817482 2017] [core:warn] [pid 31637:tid 140398980937920] AH00111: Config variable ${woapp} is not defined
Mar 21 09:04:00 loadbalancer01 httpd[31637]: [Tue Mar 21 09:04:00.817504 2017] [core:warn] [pid 31637:tid 140398980937920] AH00111: Config variable ${woapp} is not defined
Mar 21 09:05:47 loadbalancer01 httpd[59802]: [Tue Mar 21 09:05:47.094735 2017] [core:notice] [pid 59802:tid 140495838210240] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
Mar 21 09:05:47 loadbalancer01 httpd[59802]: [-:notice] [vhost loadbalancer01.company.public] [pid 59802] [tid 59802] [err -] [ref -] init: mod_aod revision 40096 compiled: Aug 24 2016 at 01:07:17; support threads = 1
Mar 21 09:05:47 loadbalancer01 httpd[59802]: [Tue Mar 21 09:05:47.495139 2017] [core:warn] [pid 59802:tid 140495838210240] AH00111: Config variable ${woapp} is not defined
Mar 21 09:05:47 loadbalancer01 httpd[59802]: [Tue Mar 21 09:05:47.495152 2017] [core:warn] [pid 59802:tid 140495838210240] AH00111: Config variable ${woapp} is not defined
Mar 21 09:05:47 loadbalancer01 httpd[59802]: [-:notice] [vhost loadbalancer01.company.public] [pid 59802] [tid 59802] [err -] [ref -] init: mod_aod revision 40096 compiled: Aug 24 2016 at 01:07:17; support threads = 1
Mar 21 09:05:47 loadbalancer01 httpd[59802]: [Tue Mar 21 09:05:47.673897 2017] [core:warn] [pid 59802:tid 140495838210240] AH00098: pid file /run/httpd/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
Mar 21 09:05:47 loadbalancer01 httpd[59802]: [mpm_worker:notice] [vhost loadbalancer01.company.public] [pid 59802] [tid 59802] [err -] [ref -] AH00292: Apache/2.4.25 (Red Hat) OpenSSL/1.0.1e-fips configured -- resuming normal operations
Mar 21 09:05:47 loadbalancer01 httpd[59802]: [core:notice] [vhost loadbalancer01.company.public] [pid 59802] [tid 59802] [err -] [ref -] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

Are some additional informations needet?

Kindly regards,
Raider700

Hello

Whenever I execute
$systemctl reload httpd
the command gets stuck and I can observe this output in /var/log/messages

Sep 4 00:17:37 front01 systemd: httpd.service reload operation timed out. Stopping.
Sep 4 00:19:07 front01 systemd: httpd.service reload operation timed out. Stopping.
Sep 4 00:20:37 front01 systemd: httpd.service reload operation timed out. Stopping.
Sep 4 00:22:07 front01 systemd: httpd.service reload operation timed out. Stopping.
Sep 4 00:23:37 front01 systemd: httpd.service reload operation timed out. Stopping.

Of course logs aren't begin rotated as reload command isn't working. I've tried to reload apache directly from command line with the same outcome. The service keeps working but the only way to apply configuration or rotating logs has to be done via restart.

Tested for versions 2.4.33 and 2.4.34 on Centos 7

Update package to the latest upstream version.

Now that openssl-1.0.2 has appeared in the CentOS 7.4 repos (CR), httpd24u should be compiled to use it so ALPN support can be added for http/2 sites.