Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 15. Dynamic programming languages, web servers, database servers

15.1. Dynamic programming languages

15.1.1. Notable changes in Python Python 3 is the default Python implementation in RHEL 8

Red Hat Enterprise Linux 8 is distributed with several versions of Python 3. Python 3.6 is going to be supported for the whole life cycle of RHEL 8. The respective package might not be installed by default.

Python 2.7 is available in the python2 package. However, Python 2 will have a shorter life cycle and its aim is to facilitate a smoother transition to Python 3 for customers.

For details, see Python versions.

Neither the default python package nor the unversioned /usr/bin/python executable is distributed with RHEL 8. Customers are advised to use python3 or python2 directly. Alternatively, administrators can configure the unversioned python command using the alternatives command. See Configuring the unversioned Python. Migrating from Python 2 to Python 3

As a developer, you may want to migrate your former code that is written in Python 2 to Python 3.

For more information about how to migrate large code bases to Python 3, see The Conservative Python 3 Porting Guide.

Note that after this migration, the original Python 2 code becomes interpretable by the Python 3 interpreter and stays interpretable for the Python 2 interpreter as well. Configuring the unversioned Python

System administrators can configure the unversioned python command, located at /usr/bin/python, using the alternatives command. Note that the required package, python3, python38, python39, python3.11, or python2, must be installed before configuring the unversioned command to the respective version.


The /usr/bin/python executable is controlled by the alternatives system. Any manual changes may be overwritten upon an update.

Additional Python-related commands, such as pip3, do not have configurable unversioned variants. Configuring the unversioned python command directly

You can configure the unversioned python command directly to a selected version of Python.


  • Ensure that the required version of Python is installed.


  • To configure the unversioned python command to Python 3.6, use:

    # alternatives --set python /usr/bin/python3
  • To configure the unversioned python command to Python 3.8, use:

    # alternatives --set python /usr/bin/python3.8
  • To configure the unversioned python command to Python 3.9, use:

    # alternatives --set python /usr/bin/python3.9
  • To configure the unversioned python command to Python 3.11, use:

    # alternatives --set python /usr/bin/python3.11
  • To configure the unversioned python command to Python 2, use:

    # alternatives --set python /usr/bin/python2 Configuring the unversioned python command to the required Python version interactively

You can configure the unversioned python command to the required Python version interactively.


  • Ensure that the required version of Python is installed.


  1. To configure the unversioned python command interactively, use:

    # alternatives --config python
  2. Select the required version from the provided list.
  3. To reset this configuration and remove the unversioned python command, use:

    # alternatives --auto python Additional resources
  • alternatives(8) and unversioned-python(1) man pages Handling interpreter directives in Python scripts

In Red Hat Enterprise Linux 8, executable Python scripts are expected to use interpreter directives (also known as hashbangs or shebangs) that explicitly specify at a minimum the major Python version. For example:


The /usr/lib/rpm/redhat/brp-mangle-shebangs buildroot policy (BRP) script is run automatically when building any RPM package, and attempts to correct interpreter directives in all executable files.

The BRP script generates errors when encountering a Python script with an ambiguous interpreter directive, such as:



#!/usr/bin/env python Modifying interpreter directives in Python scripts

Modify interpreter directives in the Python scripts that cause the build errors at RPM build time.


  • Some of the interpreter directives in your Python scripts cause a build error.


To modify interpreter directives, complete one of the following tasks:

  • Apply the script from the platform-python-devel package:

    # -pn -i %{__python3} PATH …​

    Note that multiple PATHs can be specified. If a PATH is a directory, recursively scans for any Python scripts matching the pattern ^[a-zA-Z0-9_]+\.py$, not only those with an ambiguous interpreter directive. Add this command to the %prep section or at the end of the %install section.

  • Modify the packaged Python scripts so that they conform to the expected format. For this purpose, can be used outside the RPM build process, too. When running outside an RPM build, replace %{__python3} from the example above with a path for the interpreter directive, such as /usr/bin/python3.

If the packaged Python scripts require a version other than Python 3.6, adjust the preceding commands to include the required version. Changing /usr/bin/python3 interpreter directives in your custom packages

By default, interpreter directives in the form of /usr/bin/python3 are replaced with interpreter directives pointing to Python from the platform-python package, which is used for system tools with Red Hat Enterprise Linux. You can change the /usr/bin/python3 interpreter directives in your custom packages to point to a specific version of Python that you have installed from the AppStream repository.


  • To build your package for a specific version of Python, add the python*-rpm-macros subpackage of the respective python package to the BuildRequires section of the SPEC file. For example, for Python 3.6, include the following line:

    BuildRequires:  python36-rpm-macros

    As a result, the /usr/bin/python3 interpreter directives in your custom package are automatically converted to /usr/bin/python3.6.


To prevent the BRP script from checking and modifying interpreter directives, use the following RPM directive:

%undefine __brp_mangle_shebangs Python binding of the net-snmp package is unavailable

The Net-SNMP suite of tools does not provide binding for Python 3, which is the default Python implementation in RHEL 8. Consequently, python-net-snmp, python2-net-snmp, or python3-net-snmp packages are unavailable in RHEL 8.

15.1.2. Notable changes in PHP

Red Hat Enterprise Linux 8 is distributed with PHP 7.2. This version introduces the following major changes over PHP 5.4, which is available in RHEL 7:

  • PHP uses FastCGI Process Manager (FPM) by default (safe for use with a threaded httpd)
  • The php_value and php-flag variables should no longer be used in the httpd configuration files; they should be set in pool configuration instead: /etc/php-fpm.d/*.conf
  • PHP script errors and warnings are logged to the /var/log/php-fpm/www-error.log file instead of /var/log/httpd/error.log
  • When changing the PHP max_execution_time configuration variable, the httpd ProxyTimeout setting should be increased to match
  • The user running PHP scripts is now configured in the FPM pool configuration (the /etc/php-fpm.d/www.conf file; the apache user is the default)
  • The php-fpm service needs to be restarted after a configuration change or after a new extension is installed
  • The zip extension has been moved from the php-common package to a separate package, php-pecl-zip

The following extensions have been removed:

  • aspell
  • mysql (note that the mysqli and pdo_mysql extensions are still available, provided by php-mysqlnd package)
  • memcache

15.1.3. Notable changes in Perl

Perl 5.26, distributed with RHEL 8, introduces the following changes over the version available in RHEL 7:

  • Unicode 9.0 is now supported.
  • New op-entry, loading-file, and loaded-file SystemTap probes are provided.
  • Copy-on-write mechanism is used when assigning scalars for improved performance.
  • The IO::Socket::IP module for handling IPv4 and IPv6 sockets transparently has been added.
  • The Config::Perl::V module to access perl -V data in a structured way has been added.
  • A new perl-App-cpanminus package has been added, which contains the cpanm utility for getting, extracting, building, and installing modules from the Comprehensive Perl Archive Network (CPAN) repository.
  • The current directory . has been removed from the @INC module search path for security reasons.
  • The do statement now returns a deprecation warning when it fails to load a file because of the behavioral change described above.
  • The do subroutine(LIST) call is no longer supported and results in a syntax error.
  • Hashes are randomized by default now. The order in which keys and values are returned from a hash changes on each perl run. To disable the randomization, set the PERL_PERTURB_KEYS environment variable to 0.
  • Unescaped literal { characters in regular expression patterns are no longer permissible.
  • Lexical scope support for the $_ variable has been removed.
  • Using the defined operator on an array or a hash results in a fatal error.
  • Importing functions from the UNIVERSAL module results in a fatal error.
  • The find2perl, s2p, a2p, c2ph, and pstruct tools have been removed.
  • The ${^ENCODING} facility has been removed. The encoding pragma’s default mode is no longer supported. To write source code in other encoding than UTF-8, use the encoding’s Filter option.
  • The perl packaging is now aligned with upstream. The perl package installs also core modules, while the /usr/bin/perl interpreter is provided by the perl-interpreter package. In previous releases, the perl package included just a minimal interpreter, whereas the perl-core package included both the interpreter and the core modules.
  • The IO::Socket::SSL Perl module no longer loads a certificate authority certificate from the ./certs/my-ca.pem file or the ./ca directory, a server private key from the ./certs/server-key.pem file, a server certificate from the ./certs/server-cert.pem file, a client private key from the ./certs/client-key.pem file, and a client certificate from the ./certs/client-cert.pem file. Specify the paths to the files explicitly instead.

15.1.4. Notable changes in Ruby

RHEL 8 provides Ruby 2.5, which introduces numerous new features and enhancements over Ruby 2.0.0 available in RHEL 7. Notable changes include:

  • Incremental garbage collector has been added.
  • The Refinements syntax has been added.
  • Symbols are now garbage collected.
  • The $SAFE=2 and $SAFE=3 safe levels are now obsolete.
  • The Fixnum and Bignum classes have been unified into the Integer class.
  • Performance has been improved by optimizing the Hash class, improved access to instance variables, and the Mutex class being smaller and faster.
  • Certain old APIs have been deprecated.
  • Bundled libraries, such as RubyGems, Rake, RDoc, Psych, Minitest, and test-unit, have been updated.
  • Other libraries, such as mathn, DL, ext/tk, and XMLRPC, which were previously distributed with Ruby, are deprecated or no longer included.
  • The SemVer versioning scheme is now used for Ruby versioning.

15.1.5. Notable changes in SWIG

RHEL 8 includes the Simplified Wrapper and Interface Generator (SWIG) version 3.0, which provides numerous new features, enhancements, and bug fixes over the version 2.0 distributed in RHEL 7. Most notably, support for the C++11 standard has been implemented. SWIG now supports also Go 1.6, PHP 7, Octave 4.2, and Python 3.5.

15.1.6. Node.js new in RHEL

Node.js, a software development platform for building fast and scalable network applications in the JavaScript programming language, is provided for the first time in RHEL. It was previously available only as a Software Collection. RHEL 8 provides Node.js 10.

15.2. Tcl

Tool command language (Tcl) is a dynamic programming language. The interpreter for this language, together with the C library, is provided by the tcl package.

Using Tcl paired with Tk (Tcl/Tk) enables creating cross-platform GUI applications. Tk is provided by the tk package.

Note that Tk can refer to any of the following:

  • A programming toolkit for multiple languages
  • A Tk C library bindings available for multiple languages, such as C, Ruby, Perl and Python
  • A wish interpreter that instantiates a Tk console
  • A Tk extension that adds a number of new commands to a particular Tcl interpreter

15.2.1. Notable changes in Tcl/Tk 8.6

RHEL 8 is distributed with Tcl/Tk version 8.6, which provides multiple notable changes over Tcl/Tk version 8.5:

  • Object-oriented programming support
  • Stackless evaluation implementation
  • Enhanced exceptions handling
  • Collection of third-party packages built and installed with Tcl
  • Multi-thread operations enabled
  • SQL database-powered scripts support
  • IPv6 networking support
  • Built-in Zlib compression
  • List processing

    Two new commands, lmap and dict map are available, which allow the expression of transformations over Tcl containers.

  • Stacked channels by script

    Two new commands, chan push and chan pop are available, which allow to add or remove transformations to or from I/O channels.

For more detailed information about Tcl/Tk version 8.6 changes and new feaures, see the following resources:

If you need to migrate to Tcl/Tk 8.6, see Migration path for users scripting their tasks with Tcl/Tk.

15.3. Web servers

15.3.1. Notable changes in the Apache HTTP Server

The Apache HTTP Server has been updated from version 2.4.6 in RHEL 7 to version 2.4.37 in RHEL 8. This updated version includes several new features, but maintains backwards compatibility with the RHEL 7 version at the level of configuration and Application Binary Interface (ABI) of external modules.

New features include:

  • HTTP/2 support is now provided by the mod_http2 package, which is a part of the httpd module.
  • systemd socket activation is supported. See httpd.socket(8) man page for more details.
  • Multiple new modules have been added:

    • mod_proxy_hcheck - a proxy health-check module
    • mod_proxy_uwsgi - a Web Server Gateway Interface (WSGI) proxy
    • mod_proxy_fdpass - provides support for the passing the socket of the client to another process
    • mod_cache_socache - an HTTP cache using, for example, memcache backend
    • mod_md - an ACME protocol SSL/TLS certificate service
  • The following modules now load by default:

    • mod_request
    • mod_macro
    • mod_watchdog
  • A new subpackage, httpd-filesystem, has been added, which contains the basic directory layout for the Apache HTTP Server including the correct permissions for the directories.
  • Instantiated service support, httpd@.service has been introduced. See the httpd.service man page for more information.
  • A new httpd-init.service replaces the %post script to create a self-signed mod_ssl key pair.
  • Automated TLS certificate provisioning and renewal using the Automatic Certificate Management Environment (ACME) protocol is now supported with the mod_md package (for use with certificate providers such as Let’s Encrypt).
  • The Apache HTTP Server now supports loading TLS certificates and private keys from hardware security tokens directly from PKCS#11 modules. As a result, a mod_ssl configuration can now use PKCS#11 URLs to identify the TLS private key, and, optionally, the TLS certificate in the SSLCertificateKeyFile and SSLCertificateFile directives.
  • A new ListenFree directive in the /etc/httpd/conf/httpd.conf file is now supported.

    Similarly to the Listen directive, ListenFree provides information about IP addresses, ports, or IP address-and-port combinations that the server listens to. However, with ListenFree, the IP_FREEBIND socket option is enabled by default. Hence, httpd is allowed to bind to a nonlocal IP address or to an IP address that does not exist yet. This allows httpd to listen on a socket without requiring the underlying network interface or the specified dynamic IP address to be up at the time when httpd is trying to bind to it.

    Note that the ListenFree directive is currently available only in RHEL 8.

    For more details on ListenFree, see the following table:

    Table 15.1. ListenFree directive’s syntax, status, and modules


    ListenFree [IP-address:]portnumber [protocol]


    event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2

Other notable changes include:

  • The following modules have been removed:

  • The default type of the DBM authentication database used by the Apache HTTP Server in RHEL 8 has been changed from SDBM to db5.
  • The mod_wsgi module for the Apache HTTP Server has been updated to Python 3. WSGI applications are now supported only with Python 3, and must be migrated from Python 2.
  • The multi-processing module (MPM) configured by default with the Apache HTTP Server has changed from a multi-process, forked model (known as prefork) to a high-performance multi-threaded model, event.

    Any third-party modules that are not thread-safe need to be replaced or removed. To change the configured MPM, edit the /etc/httpd/conf.modules.d/00-mpm.conf file. See the httpd.service(8) man page for more information.

  • The minimum UID and GID allowed for users by suEXEC are now 1000 and 500, respectively (previously 100 and 100).
  • The /etc/sysconfig/httpd file is no longer a supported interface for setting environment variables for the httpd service. The httpd.service(8) man page has been added for the systemd service.
  • Stopping the httpd service now uses a “graceful stop” by default.
  • The mod_auth_kerb module has been replaced by the mod_auth_gssapi module.

For instructions on deploying, see Setting up the Apache HTTP web server.

15.3.2. The nginx web server new in RHEL

RHEL 8 introduces nginx 1.14, a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. nginx was previously available only as a Software Collection.

The nginx web server now supports loading TLS private keys from hardware security tokens directly from PKCS#11 modules. As a result, an nginx configuration can use PKCS#11 URLs to identify the TLS private key in the ssl_certificate_key directive.

15.3.3. Apache Tomcat removed in RHEL 8.0, reintroduced in RHEL 8.8

The Apache Tomcat server was removed from Red Hat Enterprise Linux 8.0 and reintroduced in RHEL 8.8. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0.

Users of earlier minor versions than RHEL 8.8 who require a servlet container can use the JBoss Web Server.

15.4. Proxy caching servers

15.4.1. Varnish Cache new in RHEL

Varnish Cache, a high-performance HTTP reverse proxy, is provided for the first time in RHEL. It was previously available only as a Software Collection. Varnish Cache stores files or fragments of files in memory that are used to reduce the response time and network bandwidth consumption on future equivalent requests. RHEL 8.0 is distributed with Varnish Cache 6.0.

15.4.2. Notable changes in Squid

RHEL 8.0 is distributed with Squid 4.4, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. This release provides numerous new features, enhancements, and bug fixes over the version 3.5 available in RHEL 7.

Notable changes include:

  • Configurable helper queue size
  • Changes to helper concurrency channels
  • Changes to the helper binary
  • Secure Internet Content Adaptation Protocol (ICAP)
  • Improved support for Symmetric Multi Processing (SMP)
  • Improved process management
  • Removed support for SSL
  • Removed Edge Side Includes (ESI) custom parser
  • Multiple configuration changes

15.5. Database servers

RHEL 8 provides the following database servers:

  • MySQL 8.0, a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
  • MariaDB 10.3, a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
  • PostgreSQL 10 and PostgreSQL 9.6, an advanced object-relational database management system (DBMS).
  • Redis 5, an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, and sorted sets. Redis is provided for the first time in RHEL.

Note that the NoSQL MongoDB database server is not included in RHEL 8.0 because it uses the Server Side Public License (SSPL).

Database servers are not installable in parallel

The mariadb and mysql modules cannot be installed in parallel in RHEL 8.0 due to conflicting RPM packages.

By design, it is impossible to install more than one version (stream) of the same module in parallel. For example, you need to choose only one of the available streams from the postgresql module, either 10 (default) or 9.6. Parallel installation of components is possible in Red Hat Software Collections for RHEL 6 and RHEL 7. In RHEL 8, different versions of database servers can be used in containers.

15.5.1. Notable changes in MariaDB 10.3

MariaDB 10.3 provides numerous new features over the version 5.5 distributed in RHEL 7, such as:

  • Common table expressions
  • System-versioned tables
  • FOR loops
  • Invisible columns
  • Sequences
  • Instant ADD COLUMN for InnoDB
  • Storage-engine independent column compression
  • Parallel replication
  • Multi-source replication

In addition, the new mariadb-connector-c packages provide a common client library for MySQL and MariaDB. This library is usable with any version of the MySQL and MariaDB database servers. As a result, the user is able to connect one build of an application to any of the MySQL and MariaDB servers distributed with RHEL 8.

Other notable changes include:

  • MariaDB Galera Cluster, a synchronous multi-source cluster, is now a standard part of MariaDB.
  • InnoDB is used as the default storage engine instead of XtraDB.
  • The mariadb-bench subpackage has been removed.
  • The default allowed level of the plug-in maturity has been changed to one level less than the server maturity. As a result, plug-ins with a lower maturity level that were previously working, will no longer load.

See also Using MariaDB on Red Hat Enterprise Linux 8.

15.5.2. Notable changes in MySQL 8.0

RHEL 8 is distributed with MySQL 8.0, which provides, for example, the following enhancements:

  • MySQL now incorporates a transactional data dictionary, which stores information about database objects.
  • MySQL now supports roles, which are collections of privileges.
  • The default character set has been changed from latin1 to utf8mb4.
  • Support for common table expressions, both nonrecursive and recursive, has been added.
  • MySQL now supports window functions, which perform a calculation for each row from a query, using related rows.
  • InnoDB now supports the NOWAIT and SKIP LOCKED options with locking read statements.
  • GIS-related functions have been improved.
  • JSON functionality has been enhanced.
  • The new mariadb-connector-c packages provide a common client library for MySQL and MariaDB. This library is usable with any version of the MySQL and MariaDB database servers. As a result, the user is able to connect one build of an application to any of the MySQL and MariaDB servers distributed with RHEL 8.

In addition, the MySQL 8.0 server distributed with RHEL 8 is configured to use mysql_native_password as the default authentication plug-in because client tools and libraries in RHEL 8 are incompatible with the caching_sha2_password method, which is used by default in the upstream MySQL 8.0 version.

To change the default authentication plug-in to caching_sha2_password, edit the /etc/my.cnf.d/mysql-default-authentication-plugin.cnf file as follows:


15.5.3. Notable changes in PostgreSQL

RHEL 8.0 provides two versions of the PostgreSQL database server, distributed in two streams of the postgresql module: PostgreSQL 10 (the default stream) and PostgreSQL 9.6. RHEL 7 includes PostgreSQL version 9.2.

Notable changes in PostgreSQL 9.6 are, for example:

  • Parallel execution of the sequential operations: scan, join, and aggregate
  • Enhancements to synchronous replication
  • Improved full-text search enabling users to search for phrases
  • The postgres_fdw data federation driver now supports remote join, sort, UPDATE, and DELETE operations
  • Substantial performance improvements, especially regarding scalability on multi-CPU-socket servers

Major enhancements in PostgreSQL 10 include:

  • Logical replication using the publish and subscribe keywords
  • Stronger password authentication based on the SCRAM-SHA-256 mechanism
  • Declarative table partitioning
  • Improved query parallelism
  • Significant general performance improvements
  • Improved monitoring and control

See also Using PostgreSQL on Red Hat Enterprise Linux 8.