Gentoo Logo

Upgrading Apache


1.  Upgrading from <2.2.6-r4

The Apache ebuilds have used /etc/apache2/apache2-builtin-mods for a very long time to select the built-in modules during compile time. However, this behavior has several disadvantages:

  • Selecting built-in modules during the initial merge is not possible
  • Portage does not know which modules have been installed. This is especially annoying for binary packages.
  • Portage will try to overwrite apache2-builtin-mods on every upgrade

To rectify this situation /etc/apache2/apache2-builtin-mods has been deprecated and migrated to the new APACHE2_MODULES USE_EXPAND variable. To convert your custom module selection to the new format use the following command:

Code Listing 1.1: Convert apache2-builtin-mods to APACHE2_MODULES

$ echo APACHE2_MODULES=\"$(sed '/^mod_/s/mod_\(.*\)\s\+\(shared\|static\)/\1/;t n;d;:n' /etc/apache2/apache2-builtin-mods)\" >> /etc/make.conf
# rm /etc/apache2/apache2-builtin-mods

(You can now safely upgrade apache:)
# emerge -uva '>=www-servers/apache-2.2.6-r4'

Additionally to the new APACHE2_MODULES the local USE flags have been cleaned up:

  • All MPM USE flags have been moved to the APACHE2_MPMS USE_EXPAND variable
  • no-suexec is now suexec
  • static-modules is now static

For a detailed description of old and corresponding new USE flags see below.

2.  Upgrading from <2.0.52-r3


The state of Apache and its modules in Gentoo was becoming dismal. There were a number of problems that caused support problems and made maintaining everything the Apache herd is responsible for difficult:

  • The configuration that came with Gentoo was dramatically different from the upstream configuration that most users expect
  • Many modules used similar code, but all did things their own way
  • Most modules weren't maintained very well - mostly because of the large number of modules available
  • Modules didn't have a configuration standard
  • Some modules could support both versions of Apache, but the ebuilds didn't handle that
  • Choices available in Apache were not available for Gentoo users (for example MPMs)
  • Bugs for Apache were stacking up

This document details how to upgrade without breaking your system. If you are a developer or would like to know what we changed, or how ebuilds need to be modified to take advantage of our eclass, then check the Apache Developer Reference.


There have been many changes to how Apache works within Gentoo. Every package that is directly related to Apache needs to be updated and some things that worked previously will no longer work.

First you need to figure out what packages you need to upgrade. You can do this using the equery tool, which is part of the app-portage/gentoolkit package.

Code Listing 2.1: Finding packages to update

$ equery depends www-servers/apache
[ Searching for packages depending on www-servers/apache... ]

Important: The packages you have installed may be vastly different; make sure you run this command for yourself.

Warning: There are some modules and packages that depend on Apache that have not yet been updated. Please search bugzilla for any critical packages that you use with Apache.

Many webapps aren't affected in any way as most use the webapp eclass which takes care of installing them correctly. You may want to check to see if there is a new revision.

As we have added some new USE flags, you may want to review them and add appropriate lines to /etc/portage/package.use. See Apache supported USE flags for more details.

Code Listing 2.2: Checking USE flag settings and rebuild

(Check the USE flags and needed updates)
# emerge --pretend --verbose --update --newuse --deep apache subversion \
mod_php mod_bandwidth mod_layout mod_ldap_userdir mod_loopback mod_mp3 \ 
mod_random mod_throttle mod_watch

(Update the packages)
# emerge --verbose --update --newuse --deep apache subversion mod_php \
mod_bandwidth mod_layout mod_ldap_userdir mod_loopback mod_mp3 mod_random \
mod_throttle mod_watch

(It may be easier to just update world instead of the above)
# emerge --ask --verbose --update --newuse --deep world

Now you need to reconfigure Apache and its modules. Start by using etc-update or dispatch-conf to update the /etc/init.d and /etc/conf.d files. You will notice that your apache configuration files won't show up in the updates - this is because all the configuration files have moved.

If you have made changes to the previous default apache.conf and commonapache.conf you will need to migrate your changes to /etc/apache{|2}/httpd.conf. Also configuration locations for modules and virtual hosts have changed -- they are now located in /etc/apache2/modules.d and /etc/apache2/vhosts.d respectively.

When you have finished migrating your changes to the new configuration file, you will need to delete the old configuration files (or move them to a safe place). The new /etc/init.d/apache{|2} checks for these files and doesn't let you start apache unless you have removed them, indicating that you have reconfigured apache using the new paths.

Note: Many modules that used to be enabled by default are now disabled. If they are apache built-in modules, then uncomment the appropriate line in httpd.conf. If they are external modules, check the module's .conf for IfDefine and add the name to /etc/conf.d/apache{|2} to enable it.

Now you may restart apache.

Code Listing 2.3: Restarting apache

# /etc/init.d/apache stop
# /etc/init.d/apache start

If you run into any problems check the Apache Troubleshooting Guide and if that doesn't solve the issue, please report it on Gentoo Bugzilla. Be sure to include the modules you have enabled and (if you are using Apache 2) what MPM USE flag you compiled with (if any). You may also join #gentoo-apache on for support.

3.  Supported USE flags in <2.2.6-r4

There are USE flags that are local to apache and its modules. Apache supports several other more generic USE flags such as ssl, but the effect they have on apache doesn't differ much from the effect is has elsewhere, so it's not included in this list. Run a emerge --verbose --pretend apache to see the full listing of supported USE flags.

USE flag Description
apache2 Should always be set if using the Apache-2.0 line, should not be set if using the Apache-1.3 line. The eclass uses this to determine what version of apache to depend on.
debug Enables a hook that allows external modules to plug in and do something after a child crashed. There are already two modules, mod_whatkilledus and mod_backtrace that make use of this hook.
doc Install the Apache manual and configuration.
ldap Install mod_ldap and mod_auth_ldap/mod_authnz_ldap.
ssl Installs mod_ssl.
mpm-itk Builds the itk MPM
mpm-leader Builds the leader MPM
mpm-peruser Builds the peruser MPM
mpm-prefork Builds the prefork MPM
mpm-threadpool Builds the threadpool MPM
mpm-worker Builds the worker MPM
static-modules Statically links the modules into the apache binary, so that a LoadModule isn't required for loading the base modules into Apache.

Note: While there are many mpm-* USE flags, they are mutually exclusive. You should enable one and only one of the mpm-* USE flags. (If you do not enable one, mpm-prefork or mpm-worker will be used, depending on if the threads USE flag is set.)

4.  Supported USE flags in 2.2.6-r4 and above

With the advent of APACHE2_MODULES a general cleanup of USE flags was necessary. The following table lists supported USE flags for apache-2.2.6-r4 and above as well as their equivalent in previous versions.

USE flag Old USE flag Description
debug debug Enables a hook that allows external modules to plug in and do something after a child crashed. There are already two modules, mod_whatkilledus and mod_backtrace, that make use of this hook.
doc doc Install the Apache manual and configuration.
ldap ldap Install mod_ldap and mod_authnz_ldap
ssl ssl Installs mod_ssl
static static-modules Statically links the modules into the apache binary, so that a LoadModule isn't required for loading the base modules into Apache
suexec no-suexec Install mod_suexec and the suexec helper binary
threads threads Selects the default MPM if none is set in APACHE2_MPMS

The following table lists supported APACHE2_MPMS as of apache-2.2.6-r4 and their corresponding previous local USE flag.

Flag Old USE flag Description
event mpm-event An experimental variant of the standard worker MPM
itk mpm-itk Allows to run each virtual host under a separate uid and gid
peruser mpm-peruser Peruser is a working implementation of the perchild MPM allowing to run each apache child process as its own user and group, each handling its own set of virtual hosts
prefork mpm-prefork Implements a non-threaded, pre-forking web server
worker mpm-worker Multi-Processing Module implementing a hybrid multi-threaded multi-process web server

The following table lists supported APACHE2_MODULES as of apache-2.2.6-r4.

Flag Description
actions Provides for executing CGI scripts based on media type or request method
alias Provides for mapping different parts of the host filesystem in the document tree and for URL redirection
asis Sends files that contain their own HTTP headers
auth_basic Basic authentication
auth_digest User authentication using MD5 Digest Authentication
authn_alias Provides the ability to create extended authentication providers based on actual providers
authn_anon Allows "anonymous" user access to authenticated areas
authn_dbd User authentication using an SQL database
authn_dbm User authentication using DBM files
authn_default Authentication fallback module
authn_file User authentication using text files
authz_dbm Group authorization using DBM files
authz_default Authorization fallback module
authz_groupfile Group authorization using plaintext files
authz_host Group authorizations based on host (name or IP address)
authz_owner Authorization based on file ownership
authz_user User Authorization
autoindex Generates directory indexes automatically, similar to the Unix ls command
cache Content cache keyed to URIs
cern_meta CERN httpd metafile semantics
charset_lite Specify character set translation or recoding
dav Distributed Authoring and Versioning (WebDAV) functionality
dav_fs filesystem provider for mod_dav
dav_lock generic locking module for mod_dav
dbd Manages SQL database connections
deflate Compress content before it is delivered to the client
dir Provides for "trailing slash" redirects and serving directory index files
disk_cache Content cache storage manager keyed to URIs
dumpio Dumps all I/O to error log as desired
env Modifies the environment which is passed to CGI scripts and SSI pages
expires Generation of Expires and Cache-Control HTTP headers according to user-specified criteria
ext_filter Pass the response body through an external program before delivery to the client
file_cache Caches a static list of files in memory
filter Context-sensitive smart filter configuration module
headers Customization of HTTP request and response headers
ident RFC 1413 ident lookups
imagemap Server-side imagemap processing
include Server-parsed html documents (Server Side Includes)
info Provides a comprehensive overview of the server configuration
log_config Logging of the requests made to the server
log_forensic Forensic Logging of the requests made to the server
logio Logging of input and output bytes per request
mem_cache Content cache keyed to URIs
mime Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding)
mime_magic Determines the MIME type of a file by looking at a few bytes of its contents
negotiation Provides for content negotiation
proxy HTTP/1.1 proxy/gateway server
proxy_ajp AJP support module for mod_proxy
proxy_balancer mod_proxy extension for load balancing
proxy_connect mod_proxy extension for CONNECT request handling
proxy_ftp FTP support module for mod_proxy
proxy_http HTTP support module for mod_proxy
rewrite Provides a rule-based rewriting engine to rewrite requested URLs on the fly
setenvif Allows the setting of environment variables based on characteristics of the request
speling Attempts to correct mistaken URLs that users might have entered by ignoring capitalization and by allowing up to one misspelling
status Provides information on server activity and performance
unique_id Provides an environment variable with a unique identifier for each request
userdir User-specific directories
usertrack Clickstream logging of user activity on a site
version Version dependent configuration
vhost_alias Provides for dynamically configured mass virtual hosting


Page updated December 11, 2007

Summary: This document describes the procedure end-users should follow to safely upgrade their apache installation.

Michael Stewart

Benedikt Boehm

Joshua Saddler

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.