Heartbleed, OpenSSL and upgrading Apache & Ubuntu all at once
Or, how to unintentionally make an afternoon for yourself. Jeez.
The HeartBleed bug in OpenSSL is a pretty big deal. If you manage your own server and use secure connections for anything you should really update it. I like Marco's write-up on this best, and he links to some good resources for testing SSL connections in general.
I have two servers with projects that make use of SSL for processing payments and login info. They're all extremely low-traffic but it seemed negligent not to address the issue when I knew the versions of OpenSSL contained this bug. God knows what possessed me, but I decided to upgrade Ubuntu and Apache while I did this too — basically upgrade everything all at once, something I'd been putting off for a long time.
Pro tip: don't. I spent the past couple hours tracking down every little server configuration that needed to be changed, removed or otherwise renamed in upgrading Apache from 2.2 to 2.4. If I didn't have WordPress projects relying on it I might've abandoned it and gone with nginx or lighttpd or something. Ultimately there were three big changes that needed to be made:
- I needed to add a
Require all grantedline to some of the site configs where previously there'd been an
Allow from allline.
- Some changes need to be made to some very old
.htaccessconfigurations based on HTML5Boilerplate concerning compression.
- For the virtual server configurations, whereas previously it seemed that the SSL version of a site inherited the
DocumentRootand access settings those need to be explicitly set now — essentially duplicating whatever you have in your
VirtualHost:80 > Directoryblock under
VirtualHose:443 > Directory. That's some shitty shorthand but it makes sense if you look at it.
Three little things but tacking them down when all of the error message were previously getting dumped into the same log file was... a chore. Yikes.
I need some yoga.