I work with a virtual server, running Debian Jessie (8) and Apache2 in version 2.4.10. Unfortunately it seems that this version of Apache2 is the latest version that is served by the official repositories. My Question: Is there a comfortable way to get Apache2 2.4.17 or higher WITHOUT upgrading to Debian 9? I need it to get HTTP2-Support.
Asked
Active
Viewed 795 times
0
-
2Upgrading is the path of least resistance, and the least risky of all possible options. Not to mention you're years overdue. – Michael Hampton Sep 04 '19 at 22:36
2 Answers
2
Since there is no Debian Backports repository for Debian 8 (Jessie), you can't get an apache2 package based on a newer upstream version that way.
Since you don't want to upgrade to at least Debian 9 (Stretch), which is currently at 2.4.25-3+deb9u8, the easy option is ruled out.
The one remaining option I can see while staying within the Debian ecosystem is to backport a more recent version of Apache 2 yourself and install it manually. However, that comes with the major caveat that you lose out on Debian's security updates, which in a software as complex as Apache, in a typical configuration exposed directly to untrustworthy network traffic, is a major risk. You would have to manually closely monitor and promptly install any new releases from upstream. (If those new releases come with features or other changes you don't want, well, tough luck. You're going to need to install them anyway to keep your system secure.)
You could also just build and install from source, of course, but then you lose out on all the package management features in Debian. This also requires you to keep close tabs on upstream and promptly install any updates as they become available, same as above.
All that said, Jessie LTS goes EOL on June 30, 2020, which will be about three years after Stretch was initially released. While important fixes do currently get backported by the LTS team, the base system is still from April 2015; almost four and a half years old at this point. You really should make plans to upgrade to at the very least Stretch, and ideally a newer release (Debian 10 (Buster) is current), in the near future. The table at the Debian wiki LTS page lists Stretch LTS as offered until June 2022, which is about the same time as Buster stops getting regular (non-LTS) support and transitions into LTS.
An alternative approach, of course, is to install some other web server software that does support HTTP/2 and proxy traffic through it. I didn't say it was a good way to do it... (and if you set up a new box to do this, as suggested by fuero, you might as well upgrade to a more recent Debian release anyway.)
I would also strongly encourage you to make plans to ease future major upgrades. It might sting in the short term, but it will save you a lot of time in the long term. For example, if you're running a container VM, consider either switching to full virtualization, or to set up automated deployment so that major upgrades become just a redeployment onto a newer distribution version.
user
- 4,335
- 4
- 34
- 71
0
Well what's comfortable varies. Your (managable/future-proof) options include:
- Download the source package for apache, bump the version numbers, compile on an extra box, set up your own repos.
- Download the source package for a newer release, compile on the older one on an extra box, set up your own repos.
- Use an alternative software offering HTTP/2.
- Use a newer box to proxy HTTP/2 to HTTP/1.1. Use a newer Debian release for that box.
- Upgrade. duh
fuero
- 9,591
- 1
- 35
- 40