• apache httpd 从2.2升级到2.4的过程及中间遇到的坑


    背景描述

      最近集团在做安全扫描,扫出了http的漏洞,一看是监控nagios涉及到的httpd,于是就考虑将httpd升级到最新的版本,在升级的过程中,真是遇到了很多的坑,弄了2天终于搞定了,现在梳理下相应的错误处理过程及解决的方法。

    环境信息

      apache httpd版本:Apache/2.2.15

      OS版本:Red Hat Enterprise Linux Server release 6.6 (Santiago)

    httpd 2.2 升级到 2.4的过程【采用重新安装一个最新版本,然后加载原配置的方法】

    1.下载最新的httpd软件包,此处用的软件包版本

    httpd-2.4.39.tar.gz

    下载地址:http://httpd.apache.org/download.cgi

    2.将软件上传到服务器上(注意使用root用户上传)

    3.解压,检查环境配置

    [root@hadoop1 softwares]# tar -zxf httpd-2.4.39.tar.gz 
    [root@hadoop1 softwares]# cd httpd-2.4.39
    [root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39

    有如下报错信息:

    [root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39
    checking for chosen layout... Apache
    checking for working mkdir -p... yes
    checking for grep that handles long lines and -e... /bin/grep
    checking for egrep... /bin/grep -E
    checking build system type... x86_64-pc-linux-gnu
    checking host system type... x86_64-pc-linux-gnu
    checking target system type... x86_64-pc-linux-gnu
    configure: 
    configure: Configuring Apache Portable Runtime library...
    configure: 
    checking for APR... configure: WARNING: APR version 1.4.0 or later is required, found 1.3.9
    configure: WARNING: skipped APR at apr-1-config, version not acceptable
    no
    configure: error: APR not found.  Please read the documentation.

    通过以上的报错信息知道,缺少apr的包,下载apr相关的包

    4.下载apr对应软件包,下载以下2个包

    5.将apr及apr-util的包解压到httpd解压之后的目录中,放到srclib目录下

    [root@hadoop1 httpd-2.4.39]# pwd
    /opt/softwares/httpd-2.4.39
    [root@hadoop1 httpd-2.4.39]# ls
    ABOUT_APACHE     apache_probes.d  BuildBin.dsp    config.layout  configure.in  httpd.dsp   INSTALL         libhttpd.dsp  Makefile.win   os                ROADMAP  test
    acinclude.m4     ap.d             buildconf       config.log     docs          httpd.mak   InstallBin.dsp  libhttpd.mak  modules        README            server   VERSIONING
    Apache-apr2.dsw  build            CHANGES         config.nice    emacs-style   httpd.spec  LAYOUT          LICENSE       NOTICE         README.cmake      srclib
    Apache.dsw       BuildAll.dsp     CMakeLists.txt  configure      httpd.dep     include     libhttpd.dep    Makefile.in   NWGNUmakefile  README.platforms  support
    [root@hadoop1 httpd-2.4.39]# cd srclib/
    [root@hadoop1 srclib]# ll
    total 4
    -rw-r--r-- 1 root dip 121 Feb 11  2005 Makefile.in

     将apr及apr-util解压到该目录下

    [root@hadoop1 softwares]# tar -zxf apr-1.7.0.tar.gz -C ./httpd-2.4.39/srclib/
    [root@hadoop1 softwares]# tar -zxf apr-util-1.6.1.tar.gz -C ./httpd-2.4.39/srclib/
    [root@hadoop1 softwares]# cd httpd-2.4.39/srclib/
    [root@hadoop1 srclib]# ls
    apr-1.7.0  apr-util-1.6.1  Makefile.in
    [root@hadoop1 srclib]# mv apr-1.7.0/ apr
    [root@hadoop1 srclib]# mv apr-util-1.6.1/ apr-util
    [root@hadoop1 srclib]# ls
    apr  apr-util  Makefile.in

    6.重新检查httpd的配置

    [root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39

     出现以下结果:

    ... ...省略
    configure: summary of build options:
    
        Server Version: 2.4.39
        Install prefix: /usr/local/httpd-2.4.39
        C compiler:     gcc -std=gnu99
        CFLAGS:          -g -O2 -pthread  
        CPPFLAGS:        -DLINUX -D_REENTRANT -D_GNU_SOURCE  
        LDFLAGS:           
        LIBS:             
        C preprocessor: gcc -E

    以上提示,表示检查配置没有问题。

    7.进行编译,安装

    make

    此处出现如下错误:

    /apr-util/include -I/opt/softwares/httpd-2.4.39/srclib/apr-util/include/private  -I/opt/softwares/httpd-2.4.39/srclib/apr/include    -o xml/apr_xml.lo -c xml/apr_xml.c && touch xml/apr_xml.lo
    xml/apr_xml.c:35:19: error: expat.h: No such file or directory
    xml/apr_xml.c:66: error: expected specifier-qualifier-list before ‘XML_Parser’
    xml/apr_xml.c: In function ‘cleanup_parser’:
    xml/apr_xml.c:364: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:365: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c: At top level:
    xml/apr_xml.c:384: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token
    xml/apr_xml.c: In function ‘apr_xml_parser_create’:
    xml/apr_xml.c:401: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:402: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:410: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:411: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:412: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:424: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:424: error: ‘default_handler’ undeclared (first use in this function)
    xml/apr_xml.c:424: error: (Each undeclared identifier is reported only once
    xml/apr_xml.c:424: error: for each function it appears in.)
    xml/apr_xml.c: In function ‘do_parse’:
    xml/apr_xml.c:434: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:438: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c:442: error: ‘apr_xml_parser’ has no member named ‘xp_err’
    xml/apr_xml.c:442: error: ‘apr_xml_parser’ has no member named ‘xp’
    xml/apr_xml.c: In function ‘apr_xml_parser_geterror’:
    xml/apr_xml.c:500: error: ‘apr_xml_parser’ has no member named ‘xp_err’
    xml/apr_xml.c:500: error: ‘apr_xml_parser’ has no member named ‘xp_err’
    make[3]: *** [xml/apr_xml.lo] Error 1
    make[3]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib/apr-util'
    make[2]: *** [all-recursive] Error 1
    make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib/apr-util'
    make[1]: *** [all-recursive] Error 1
    make[1]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib'
    make: *** [all-recursive] Error 1

    解决方法,安装expdat-devel包

    [root@hadoop1 httpd-2.4.39]# yum install expat-devel
    Loaded plugins: product-id, subscription-manager
    This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
    Setting up Install Process
    Resolving Dependencies
    --> Running transaction check
    ---> Package expat-devel.x86_64 0:2.0.1-13.el6_8 will be installed
    --> Finished Dependency Resolution

    Dependencies Resolved

    ===============================================================================================================================================================================================
     Package                                         Arch                                       Version                                             Repository                                Size
    ===============================================================================================================================================================================================
    Installing:
     expat-devel                                     x86_64                                     2.0.1-13.el6_8                                      base                                     119 k

    Transaction Summary
    ===============================================================================================================================================================================================
    Install       1 Package(s)

    Total download size: 119 k
    Installed size: 476 k
    Is this ok [y/N]: y
    Downloading Packages:
    expat-devel-2.0.1-13.el6_8.x86_64.rpm                                                                                                                                   | 119 kB     00:00     
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
    Warning: RPMDB altered outside of yum.
      Installing : expat-devel-2.0.1-13.el6_8.x86_64                                                                                                                                           1/1
      Verifying  : expat-devel-2.0.1-13.el6_8.x86_64                                                                                                                                           1/1

    Installed:
      expat-devel.x86_64 0:2.0.1-13.el6_8                                                                                                                                                          

    Complete!


    再次进行编译,出现以下信息,表示编译成功

    ... ... 省略
    mod_rewrite.lo 
    make[4]: Leaving directory `/opt/softwares/httpd-2.4.39/modules/mappers'
    make[3]: Leaving directory `/opt/softwares/httpd-2.4.39/modules/mappers'
    make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/modules'
    make[2]: Entering directory `/opt/softwares/httpd-2.4.39/support'
    make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/support'
    
    make[1]: Leaving directory `/opt/softwares/httpd-2.4.39'

    执行安装

    [root@hadoop1 httpd-2.4.39]# make install

    8.创建配置文件目录conf.d,并且将原httpd配置文件拷贝到新版本配置目录下

    [root@hadoop1 httpd-2.4.39]# cd /usr/local/httpd-2.4.39/
    [root@hadoop1 httpd-2.4.39]# mkdir conf.d
    [root@hadoop1 httpd-2.4.39]# ls -l
    total 64
    drwxr-xr-x  2 root root  4096 Jul  3 10:26 bin
    drwxr-xr-x  2 root root  4096 Jul  3 10:26 build
    drwxr-xr-x  2 root root  4096 Jul  3 10:26 cgi-bin
    drwxr-xr-x  4 root root  4096 Jul  3 10:26 conf
    drwxr-xr-x  2 root root  4096 Jul  3 10:27 conf.d
    drwxr-xr-x  3 root root  4096 Jul  3 10:26 error
    drwxr-sr-x  2 root root  4096 Mar 27 23:05 htdocs
    drwxr-xr-x  3 root root  4096 Jul  3 10:26 icons
    drwxr-xr-x  2 root root  4096 Jul  3 10:26 include
    drwxr-xr-x  3 root root  4096 Jul  3 10:26 lib
    drwxr-xr-x  2 root root  4096 Jul  3 10:26 logs
    drwxr-xr-x  4 root root  4096 Jul  3 10:26 man
    drwxr-sr-x 14 root root 12288 Mar 27 23:05 manual
    drwxr-xr-x  2 root root  4096 Jul  3 10:26 modules
    
    [root@hadoop1 httpd-2.4.39]# cd conf
    [root@hadoop1 conf]# cp httpd.conf httpd.conf.bak
    [root@hadoop1 conf]# cd ../conf.d/
    [root@hadoop1 conf.d]# cp /etc/httpd/conf.d/nagios.conf .

    9.关闭原有httpd服务,启动新的服务

    [root@hadoop1 httpd-2.4.39]# service httpd stop
    Stopping httpd:                                            [  OK  ]
    [root@hadoop1 httpd-2.4.39]# bin/apachectl -f conf/httpd.conf
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

    10.通过页面进行访问最新的服务

    发现无法访问,出现以下的错误:

    就没有这个nagios路径,说明没有加载到配置文件,查看发现没有include,增加以下配置

    include conf.d/*.conf

    重启服务,再次刷新页面,变成是没有权限访问了,如下:

    查看日志,报如下的错误:

    以上信息显示没有正常的生产索引,但是该目录下php的文件,应该能显示才对,

    检查httpd中是否加载了php模块,发现没有php模块

    [root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep php
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

    然后又找了相应的解决方案,发现是需要单独进行编译,然后在httpd中配置模块信息

    --1.上传php包

    [root@hadoop1 softwares]# ls -l php-7.3.6.tar.gz 
    -rw-r--r-- 1 root root 19449322 Jul  1 14:09 php-7.3.6.tar.gz

    --2.解压,检查配置,编译

    [root@hadoop1 softwares]# tar -zxf php-7.3.6.tar.gz 
    [root@hadoop1 softwares]# cd php-7.3.6
    [root@hadoop1 php-7.3.6]# ./configure --prefix=/usr/local/php7 --with-apxs2=/usr/local/httpd-2.4.39/bin/apxs

    发现有如下报错:

    Configuring extensions
    checking for strings.h... (cached) yes
    checking io.h usability... no
    checking io.h presence... no
    checking for io.h... no
    checking for strtoll... yes
    checking for atoll... yes
    checking whether to enable LIBXML support... yes
    checking libxml2 install dir... no
    checking for xml2-config path... 
    checking for pkg-config... /usr/bin/pkg-config
    configure: error: libxml2 not found. Please check your libxml2 installation.

     安装libxml2包

    [root@hadoop1 php-7.3.6]# yum install -y libxml2 libxml2-devel

    再次进行配置检查,检查通过

    执行编译

    [root@hadoop1 php-7.3.6]# make && make install

    编译之后,在httpd目录modules中生产php模块文件

    [root@hadoop1 modules]# ls -l libphp7.so 
    -rwxr-xr-x 1 root root 35060633 Jul  3 11:42 libphp7.so

    --3.将php模块加入到http配置中

    LoadModule php7_module        modules/libphp7.so

    检查配置是否加载

    [root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep php
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message
     php7_module (shared)

     显示,已经加载了。在实验中发下,模块信息,在php make install之后会自动将配置加载到httpd.conf文件中,并且动态加载。

    再次通过页面进行访问

    仍然访问不了,报了相同的错误。

    继续修改httpd.conf,支持php

    AddType application/x-httpd-php .php
    
    <IfModule dir_module>
        DirectoryIndex index.html index.php index.htm
    </IfModule>

     重新启动http服务,再次访问页面

    主页是可以访问的了,但是点击其他的页面,就是下载cgi文件,无法执行

    查看是否有cgi模块

    [root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep cgi
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

     无该模块,继续修改httpd配置文件开启cgi模块支持

    LoadModule cgid_module modules/mod_cgid.so

    取消注释之后,再次检查,已经加载,无需重启

    [root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep cgi
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message
     cgid_module (shared)

    经过验证,需要重启,才能生效,再次访问页面

    正常,可以访问。升级完成。

    另外,在升级中如果遇到以下报错

    [Mon Jul 01 12:27:38.516704 2019] [core:error] [pid 7454:tid 139726203901696] (13)Permission denied: [client 10.253.7.100:59831] AH00035: access to /nagios/ denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path
    [Mon Jul 01 12:27:45.786697 2019] [core:error] [pid 7454:tid 139726172432128] (13)Permission denied: [client 10.191.36.37:33553] AH00035: access to / denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path

     解决:

    修改cgisocket文件路径,显示给个路径:

    ScriptSock /var/run/cgid.sock

    原因:主要还是安全的问题考虑,2.4之后对安全有很多的考虑。相关问题可以参考下http的安全提示:

              Security Tips - Apache HTTP Server Version 2.4

    文档创建时间:2019年7月3日12:40:52

  • 相关阅读:
    php微信支付v3版签名生成,代金券、微信支付分、支付即服务等
    docker基本命令及搭建php环境
    Nginx 负载均衡搭建
    laravel4.2 union联合,join关联分组查询最新记录时,查询条件不对,解决方案
    抓取腾讯视频弹幕
    laravel4.2 Redis 使用
    201771010106-东文财 实验一 软件工程准备-<构建之法与博客首秀>
    东文财201771010106《面向对象程序设计(java)》.18
    东文财201771010106《面向对象程序设计(java)》17
    201771010106东文财《面向对象程序设计(java)》实验16
  • 原文地址:https://www.cnblogs.com/chuanzhang053/p/11125748.html
Copyright © 2020-2023  润新知