---
title: Heartbleed, OpenSSL and upgrading Apache & Ubuntu all at once
author: George Mandis <george@mand.is>
date: 2014-04-08
tags: post, post, apache, ubuntu, heartbeat, openssl, upgrades
---

<p>Or, how to unintentionally make an afternoon for yourself. Jeez.</p>
<p><a href="http://heartbleed.com/">The HeartBleed bug </a>in OpenSSL is a pretty big deal. If you manage your own server and use secure connections for anything you should really update it. I like <a href="http://www.marco.org/2014/04/08/heartbleed-bug">Marco's write-up</a> on this best, and he links to some good resources for testing SSL connections in general.</p>
<p>I have two servers with projects that make use of SSL for processing payments and login info. They're all extremely low-traffic but it seemed negligent not to address the issue when I knew the versions of OpenSSL contained this bug. God knows what possessed me, but I decided to upgrade Ubuntu and Apache while I did this too — basically upgrade everything all at once, something I'd been putting off for a long time.</p>
<p>Pro tip: don't. I spent the past couple hours tracking down every little server configuration that needed to be changed, removed or otherwise renamed in upgrading Apache from 2.2 to 2.4. If I didn't have WordPress projects relying on it I might've abandoned it and gone with <a href="http://nginx.org/en/">nginx</a> or <a href="http://www.lighttpd.net/">lighttpd</a> or something. Ultimately there were three big changes that needed to be made:</p>
<ul>
<li>I needed to add a <code>Require all granted</code> line to some of the site configs where previously there'd been an <code>Allow from all</code> line.</li>
<li>Some changes need to be made to some very old <code>.htaccess</code> configurations based on <a href="http://html5boilerplate.com/">HTML5Boilerplate</a> <a href="https://github.com/h5bp/html5-boilerplate/issues/1012">concerning compression</a>.</li>
<li>For the virtual server configurations, whereas previously it seemed that the SSL version of a site inherited the <code>DocumentRoot</code> and access settings those need to be explicitly set now — essentially duplicating whatever you have in your <code>VirtualHost:80 &gt; Directory</code> block under <code>VirtualHose:443 &gt; Directory</code>. That's some shitty shorthand but it makes sense if you look at it.</li>
</ul>
<p>Three little things but tacking them down when all of the error message were previously getting dumped into the same log file was... a chore. Yikes.</p>
<p>I need some <a href="http://yogaunioncwc.com">yoga</a>.</p>