首先,感谢您的宝贵时间。
我有一台旧服务器Ubuntu 8.04
,现在不再受支持。
自6月以来,我正在使用的支付平台已停用TLSv1和SSL。
我的服务器正在运行:
Apache 2.2.8 /
Openssl 0.9.8 /
PHP 5.2.17 /
Ubuntu 8.04
我已经安装了新版本的openssl(使用wget):
openssl version
OpenSSL 1.0.2o 27 Mar 2018
我的apache版本太旧,无法支持TLSv1.2,我需要将其升级到apache 2.2.23最低版本。
如何编译Apache以考虑新的OpenSSL版本?
PS:我只是用一台新服务器来迁移我的网站,但是要花一些时间来修改代码...暂时不可以更改服务器..我需要使其尽快运行,并且那么我将能够专注于PHP 7引入的错误...
预先感谢帮助我的新手。
答案 0 :(得分:0)
由于不再支持该旧的Ubuntu,因此您很可能无法使用存储库来安装Apache。
您可以按照以下说明进行编译:http://httpd.apache.org/docs/2.2/install.html。
运行./configure
时,必须使用--enable-ssl
和--with-ssl=DIR
。 DIR是OpenSSL所在的位置(不是源代码,而是安装目录)。检查./configure
的输出以识别所有缺少的条件。
一旦运行make install
,就必须使用该新的OpenSSL编译PHP,并链接到新编译的Apache。 http://ca3.php.net/manual/en/install.unix.apache2.php
这就是我编译HTTP的方式(以前记下的笔记,某些版本可能有所不同)。适应您的需求,并且按“原样”提供,不提供任何保修:-) 前提条件基于RHEL 6或7,可根据需要进行调整。
Required software:
- apr-1.6.2
- apr-iconv-1.2.1
- apr-util-1.5.4
- httpd-2.4.26
(identical procedure used with previous versions of 2.4)
- openssl-1.0.2l
(identical prodecure used with older versions of 1.0)
- Unzip and untar these under /opt/app/SOURCES
System setup
Ask Unix to create:
- /opt/app/httpd, owner httpd, group httpd, permissions 775
- user httpd, group httpd
Create these directories
- /opt/app/apr
- /opt/app/apr-iconv
- /opt/app/apr-util
- /opt/app/httpd
- /opt/app/openssl
- all owned by httpd, group httpd, permissions 750
Procedure
Get Unix to install prerequisites
for F in libxml2.i686 libxml2.x86_64 libxml2-devel.i686 libxml2-devel.x86_64 apr-devel.i686 apr-devel.x86_64 apr-util.i686 apr-util.x86_64 pcre-devel.i686 pcre-devel.x86_64 autoconf libtool
do
yum install -y $F
done
Switch to the httpd user.
Install APR
cd /opt/app/SOURCES/apr-1.6.2
./buildconf
./configure --prefix=/opt/app/apr
make
make install
Keep the directory as is, APR Util and APR Iconv require the APR sources to refer to.
Install APR Util
cd /opt/app/SOURCES/apr-util-1.5.4
./buildconf --with-apr=/opt/app/SOURCES/apr-1.6.2
./configure --prefix=/opt/app/apr-util --with-apr=/opt/app/apr
make
make install
Install APR Iconv
cd /opt/app/SOURCES/apr-iconv-1.2.1
./configure --prefix=/opt/app/apr-iconv --with-apr=/opt/app/apr
make
make install
Install OpenSSL
cd /opt/app/SOURCES/openssl-1.0.2l
export CFLAGS=-fPIC
./config --prefix=/opt/app/openssl --openssldir=/opt/app/openssl shared
make clean
make
make test
make install
Install Apache
cd /opt/app/SOURCES/httpd-2.4.26
export LD_LIBRARY_PATH=/opt/app/openssl/lib
./configure --prefix=/opt/app/httpd --with-mpm=worker --enable-rewrite --enable-ssl --with-ssl=/opt/app/openssl --enable-proxy --enable-rewrite --enable-log-forensic --enable-log-debug --enable-expires --enable-headers --enable-unique-id --with-apr=/opt/app/apr --with-apr-util=/opt/app/apr-util
make
make install
vi /opt/app/httpd/bin/envvars
Add /opt/app/openssl/lib to the LD_LIBRARY_PATH
Note for the ./configure: this was done to build an Apache used as a proxy. change the --enable* options as required.
Configure HTTP
- The original configuration files after installation are saved in /opt/app/httpd/conf/original
- While it is impossible to cover all configuration options, at least these should be changed from the install configuration:
--- Listen 80: change as required.
--- User httpd
--- Group httpd
--- ServerAdmin EMAILADDRESS
--- ServerName <HOSTNAME>:80
--- Comment or uncomment the modules, as required
--- Uncomment slotmem_shm_module
--- Comment: CustomLog "logs/access_log" common
--- Uncomment: CustomLog "logs/access_log" combined
--- Comment the following sections (the entire section!):
----- <IfModule alias_module>
----- <IfModule cgid_module>
----- <Directory "/opt/app/httpd/cgi-bin">
--- Uncomment:
----- Include conf/extra/httpd-mpm.conf
----- Include conf/extra/httpd-default.conf
----- Edit conf/extra/httpd-mpm.conf
----- Change performance options as required. The defaults are ok until you have a large amount of traffic.
----- Edit conf/extra/httpd-default.conf
----- Comment AccessFileName .htaccess
----- ServerTokens Prod
--- Test the configuration: /opt/app/httpd/bin/apachectl -t
--- Start it and access it with a browser. It should return a simple "It works!" message (unless you have installed some HTML content).
这是我进行PHP编译的过程,同样,也没有任何保证,“原样”。如果不连接到DB2,Oracle和PostgreSQL,则可以忽略这些部分。
Prerequisites
- A compiled version of Apache HTTP and it's requisites. See HTTP installation.
- It "could" work with RedHat's compiled Apache, but it is not recommended. If RH's Apache is used, might as well use RH's PHP build.
- PHP source code: download from http://php.net
- This procedure has been tested with success on versions: 5.3.13, 5.5.7, 5.6.3, 5.6.30. No modifications were required.
Install Red Hat pre-requisites:
- libxml, libxml-devel
- libpng, libpng-devel
- libjpg, libjpg-devel
If using DB2
- Install DB2 client under /opt/app
- PHP searches for the lib directory, so:
cd /opt/app/ibm/db2/V10.5
ln -s lib64 lib
If using Oracle
- Install the Oracle Instant Client in /opt/app/oracle
Overview
PHP must be compiled and "linked" to Apache. Apache must therefore be compiled before PHP.
Depending on which database PHP will connect to, the configure options must be changed.
http://php.net has more documentation and details for the build process, this is just what was used.
Build
Pre-compile configure
The configure command will detect what other software is installed on the system and link libraries.
Note for the database clients: they can all be linked at the same time, but it is recommended to link only the ones required.
The command is:
./configure --with-apxs2=/opt/app/httpd/bin/apxs \
--prefix=/opt/app/php \
--with-config-file-path=/opt/app/php \
--enable-zip \
--with-zlib \
--enable-mbstring \
--with-gd \
--with-pear \
--with-pdo-odbc=ibm-db2,/opt/app/ibm/db2/V10.5 \ # if using DB2 only!
--with-oci8=instantclient,/opt/app/oracle/instantclient_11_2 # if using Oracle only!
--with-pgsql \ # if using PostgreSQL only!
--with-pdo-pgsql # if using PostgreSQL with PDO only!
Compile
make clean
make
make test
make install
$(make test) will report errors for the Oracle driver. MANY errors! The driver will still work (it was used for the nettracker replacement scripts to load Pharmaclik IBM HTTP Server logs into Oracle). But it will be impossible to use bind variables on Integers. That explains why that script does not use oci_bind* functions.
Post-compile configure
libtool --finish /opt/app/php/lib
cp php.ini-development /opt/app/php/php.ini
OR
cp php.ini-production /opt/app/php/php.ini
In php.ini, add these:
include_path = ".:/php/includes:/opt/app/php/lib/php"
date.timezone = 'America/Montreal'
Configure Apache
These lines are possibly already there since the PHP $(make install) takes care of it, if the httpd.conf file is "clean" (i.e. has not been modified from the originally installed file).
Add these to httpd.conf:
LoadModule php5_module modules/libphp5.so
AddType application/x-httpd-php .php .phtml