背景描述

  最近集团在做安全扫描,扫出了http的漏洞,一看是监控nagios涉及到的httpd,于是就考虑将httpd升级到最新的版本,在升级的过程中,真是遇到了很多的坑,弄了2天终于搞定了,现在梳理下相应的错误处理过程及解决的方法。

环境信息

  apache httpd版本:Apache/2.2.15

  OS版本:Red Hat Enterprise Linux Server release 6.6 (Santiago)

httpd 2.2 升级到 2.4的过程【采用重新安装一个最新版本,然后加载原配置的方法】

1.下载最新的httpd软件包,此处用的软件包版本

httpd-2.4.39.tar.gz

下载地址:http://httpd.apache.org/download.cgi

2.将软件上传到服务器上(注意使用root用户上传)

3.解压,检查环境配置

[root@hadoop1 softwares]# tar -zxf httpd-2.4..tar.gz

[root@hadoop1 softwares]# cd httpd-2.4.

[root@hadoop1 httpd-2.4.]# ./configure --prefix=/usr/local/httpd-2.4.

有如下报错信息:

[root@hadoop1 httpd-2.4.]# ./configure --prefix=/usr/local/httpd-2.4.

checking for chosen layout... Apache

checking for working mkdir -p... yes

checking for grep that handles long lines and -e... /bin/grep

checking for egrep... /bin/grep -E

checking build system type... x86_64-pc-linux-gnu

checking host system type... x86_64-pc-linux-gnu

checking target system type... x86_64-pc-linux-gnu

configure:

configure: Configuring Apache Portable Runtime library...

configure:

checking for APR... configure: WARNING: APR version 1.4. or later is required, found 1.3.

configure: WARNING: skipped APR at apr--config, version not acceptable

no

configure: error: APR not found.  Please read the documentation.

通过以上的报错信息知道,缺少apr的包,下载apr相关的包

4.下载apr对应软件包,下载以下2个包

5.将apr及apr-util的包解压到httpd解压之后的目录中,放到srclib目录下

[root@hadoop1 httpd-2.4.]# pwd

/opt/softwares/httpd-2.4.

[root@hadoop1 httpd-2.4.]# ls

ABOUT_APACHE     apache_probes.d  BuildBin.dsp    config.layout  configure.in  httpd.dsp   INSTALL         libhttpd.dsp  Makefile.win   os                ROADMAP  test

acinclude.m4     ap.d             buildconf       config.log     docs          httpd.mak   InstallBin.dsp  libhttpd.mak  modules        README            server   VERSIONING

Apache-apr2.dsw  build            CHANGES         config.nice    emacs-style   httpd.spec  LAYOUT          LICENSE       NOTICE         README.cmake      srclib

Apache.dsw       BuildAll.dsp     CMakeLists.txt  configure      httpd.dep     include     libhttpd.dep    Makefile.in   NWGNUmakefile  README.platforms  support

[root@hadoop1 httpd-2.4.]# cd srclib/

[root@hadoop1 srclib]# ll

total

-rw-r--r--  root dip  Feb    Makefile.in

将apr及apr-util解压到该目录下

[root@hadoop1 softwares]# tar -zxf apr-1.7..tar.gz -C ./httpd-2.4./srclib/

[root@hadoop1 softwares]# tar -zxf apr-util-1.6..tar.gz -C ./httpd-2.4./srclib/

[root@hadoop1 softwares]# cd httpd-2.4./srclib/

[root@hadoop1 srclib]# ls

apr-1.7.  apr-util-1.6.  Makefile.in

[root@hadoop1 srclib]# mv apr-1.7./ apr

[root@hadoop1 srclib]# mv apr-util-1.6./ apr-util

[root@hadoop1 srclib]# ls

apr  apr-util  Makefile.in

6.重新检查httpd的配置

[root@hadoop1 httpd-2.4.]# ./configure --prefix=/usr/local/httpd-2.4.

出现以下结果:

... ...省略

configure: summary of build options:

    Server Version: 2.4.

    Install prefix: /usr/local/httpd-2.4.

    C compiler:     gcc -std=gnu99

    CFLAGS:          -g -O2 -pthread

    CPPFLAGS:        -DLINUX -D_REENTRANT -D_GNU_SOURCE

    LDFLAGS:

    LIBS:

    C preprocessor: gcc -E

以上提示,表示检查配置没有问题。

7.进行编译,安装

make

此处出现如下错误:

/apr-util/include -I/opt/softwares/httpd-2.4./srclib/apr-util/include/private  -I/opt/softwares/httpd-2.4./srclib/apr/include    -o xml/apr_xml.lo -c xml/apr_xml.c && touch xml/apr_xml.lo

xml/apr_xml.c::: error: expat.h: No such file or directory

xml/apr_xml.c:: error: expected specifier-qualifier-list before ‘XML_Parser’

xml/apr_xml.c: In function ‘cleanup_parser’:

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c: At top level:

xml/apr_xml.c:: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token

xml/apr_xml.c: In function ‘apr_xml_parser_create’:

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘default_handler’ undeclared (first use in this function)

xml/apr_xml.c:: error: (Each undeclared identifier is reported only once

xml/apr_xml.c:: error: for each function it appears in.)

xml/apr_xml.c: In function ‘do_parse’:

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp_err’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c: In function ‘apr_xml_parser_geterror’:

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp_err’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp_err’

make[]: *** [xml/apr_xml.lo] Error

make[]: Leaving directory `/opt/softwares/httpd-2.4./srclib/apr-util'

make[]: *** [all-recursive] Error

make[]: Leaving directory `/opt/softwares/httpd-2.4./srclib/apr-util'

make[]: *** [all-recursive] Error

make[]: Leaving directory `/opt/softwares/httpd-2.4./srclib'

make: *** [all-recursive] Error

解决方法,安装expdat-devel包

[root@hadoop1 httpd-2.4.39]# yum install expat-devel
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package expat-devel.x86_64 0:2.0.1-13.el6_8 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================================================================
 Package                                         Arch                                       Version                                             Repository                                Size
===============================================================================================================================================================================================
Installing:
 expat-devel                                     x86_64                                     2.0.1-13.el6_8                                      base                                     119 k

Transaction Summary
===============================================================================================================================================================================================
Install       1 Package(s)

Total download size: 119 k
Installed size: 476 k
Is this ok [y/N]: y
Downloading Packages:
expat-devel-2.0.1-13.el6_8.x86_64.rpm                                                                                                                                   | 119 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : expat-devel-2.0.1-13.el6_8.x86_64                                                                                                                                           1/1 
  Verifying  : expat-devel-2.0.1-13.el6_8.x86_64                                                                                                                                           1/1 

Installed:
  expat-devel.x86_64 0:2.0.1-13.el6_8                                                                                                                                                          

Complete!

再次进行编译,出现以下信息,表示编译成功

... ... 省略

mod_rewrite.lo

make[]: Leaving directory `/opt/softwares/httpd-2.4./modules/mappers'

make[]: Leaving directory `/opt/softwares/httpd-2.4./modules/mappers'

make[]: Leaving directory `/opt/softwares/httpd-2.4./modules'

make[]: Entering directory `/opt/softwares/httpd-2.4./support'

make[]: Leaving directory `/opt/softwares/httpd-2.4./support'

make[]: Leaving directory `/opt/softwares/httpd-2.4.'

执行安装

[root@hadoop1 httpd-2.4.]# make install

8.创建配置文件目录conf.d,并且将原httpd配置文件拷贝到新版本配置目录下

[root@hadoop1 httpd-2.4.]# cd /usr/local/httpd-2.4./

[root@hadoop1 httpd-2.4.]# mkdir conf.d

[root@hadoop1 httpd-2.4.]# ls -l

total

drwxr-xr-x   root root   Jul   : bin

drwxr-xr-x   root root   Jul   : build

drwxr-xr-x   root root   Jul   : cgi-bin

drwxr-xr-x   root root   Jul   : conf

drwxr-xr-x   root root   Jul   : conf.d

drwxr-xr-x   root root   Jul   : error

drwxr-sr-x   root root   Mar  : htdocs

drwxr-xr-x   root root   Jul   : icons

drwxr-xr-x   root root   Jul   : include

drwxr-xr-x   root root   Jul   : lib

drwxr-xr-x   root root   Jul   : logs

drwxr-xr-x   root root   Jul   : man

drwxr-sr-x  root root  Mar  : manual

drwxr-xr-x   root root   Jul   : modules

[root@hadoop1 httpd-2.4.]# cd conf

[root@hadoop1 conf]# cp httpd.conf httpd.conf.bak

[root@hadoop1 conf]# cd ../conf.d/

[root@hadoop1 conf.d]# cp /etc/httpd/conf.d/nagios.conf .

9.关闭原有httpd服务,启动新的服务

[root@hadoop1 httpd-2.4.]# service httpd stop

Stopping httpd:                                            [  OK  ]

[root@hadoop1 httpd-2.4.]# bin/apachectl -f conf/httpd.conf

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

10.通过页面进行访问最新的服务

发现无法访问,出现以下的错误:

就没有这个nagios路径,说明没有加载到配置文件,查看发现没有include,增加以下配置

include conf.d/*.conf

重启服务,再次刷新页面,变成是没有权限访问了,如下:

查看日志,报如下的错误:

以上信息显示没有正常的生产索引,但是该目录下php的文件,应该能显示才对,

检查httpd中是否加载了php模块,发现没有php模块

[root@hadoop1 httpd-2.4.]# bin/apachectl -t -D DUMP_MODULES | grep php

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

然后又找了相应的解决方案,发现是需要单独进行编译,然后在httpd中配置模块信息

--1.上传php包

[root@hadoop1 softwares]# ls -l php-7.3..tar.gz

-rw-r--r--  root root  Jul   : php-7.3..tar.gz

--2.解压,检查配置,编译

[root@hadoop1 softwares]# tar -zxf php-7.3..tar.gz

[root@hadoop1 softwares]# cd php-7.3.

[root@hadoop1 php-7.3.]# ./configure --prefix=/usr/local/php7 --with-apxs2=/usr/local/httpd-2.4./bin/apxs

发现有如下报错:

Configuring extensions

checking for strings.h... (cached) yes

checking io.h usability... no

checking io.h presence... no

checking for io.h... no

checking for strtoll... yes

checking for atoll... yes

checking whether to enable LIBXML support... yes

checking libxml2 install dir... no

checking for xml2-config path...

checking for pkg-config... /usr/bin/pkg-config

configure: error: libxml2 not found. Please check your libxml2 installation.

安装libxml2包

[root@hadoop1 php-7.3.]# yum install -y libxml2 libxml2-devel

再次进行配置检查,检查通过

执行编译

[root@hadoop1 php-7.3.]# make && make install

编译之后,在httpd目录modules中生产php模块文件

[root@hadoop1 modules]# ls -l libphp7.so

-rwxr-xr-x  root root  Jul   : libphp7.so

--3.将php模块加入到http配置中

LoadModule php7_module        modules/libphp7.so

检查配置是否加载

[root@hadoop1 httpd-2.4.]# bin/apachectl -t -D DUMP_MODULES | grep php

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

 php7_module (shared)

显示,已经加载了。在实验中发下,模块信息,在php make install之后会自动将配置加载到httpd.conf文件中,并且动态加载。

再次通过页面进行访问

仍然访问不了,报了相同的错误。

继续修改httpd.conf,支持php

AddType application/x-httpd-php .php

<IfModule dir_module>

    DirectoryIndex index.html index.php index.htm

</IfModule>

重新启动http服务,再次访问页面

主页是可以访问的了,但是点击其他的页面,就是下载cgi文件,无法执行

查看是否有cgi模块

[root@hadoop1 httpd-2.4.]# bin/apachectl -t -D DUMP_MODULES | grep cgi

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

无该模块,继续修改httpd配置文件开启cgi模块支持

LoadModule cgid_module modules/mod_cgid.so

取消注释之后,再次检查,已经加载,无需重启

[root@hadoop1 httpd-2.4.]# bin/apachectl -t -D DUMP_MODULES | grep cgi

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

 cgid_module (shared)

经过验证,需要重启,才能生效,再次访问页面

正常,可以访问。升级完成。

另外,在升级中如果遇到以下报错

[Mon Jul  ::38.516704 ] [core:error] [pid :tid ] ()Permission denied: [client 10.253.7.100:] AH00035: access to /nagios/ denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path

[Mon Jul  ::45.786697 ] [core:error] [pid :tid ] ()Permission denied: [client 10.191.36.37:] AH00035: access to / denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path

解决:

修改cgisocket文件路径,显示给个路径:

ScriptSock /var/run/cgid.sock

原因:主要还是安全的问题考虑,2.4之后对安全有很多的考虑。相关问题可以参考下http的安全提示:

Security Tips - Apache HTTP Server Version 2.4

文档创建时间:2019年7月3日12:40:52

apache httpd 从2.2升级到2.4的过程及中间遇到的坑的更多相关文章

  1. Apache Httpd Server 2.2升级2.4

    Apache Httpd Server 2.2升级2.4 (2 votes, average: 5.00 out of 5) 2,302 views 2012 年 3 月 20 日Web服务器.服务器 ...

  2. Mysql5.5升级到5.7的过程已经踩到的坑

    https://blog.csdn.net/u014534986/article/details/79699750 故事是这样子的,我们公司有几台老的mysql版本是5.5的,最近项目做了一些升级增加 ...

  3. Nginx为什么比Apache Httpd高效:原理篇

    一.进程.线程? 进程是具有一定独立功能的,在计算机中已经运行的程序的实体.在早期系统中(如linux 2.4以前),进程是基本运作单位,在支持线程的系统中(如windows,linux2.6)中,线 ...

  4. Nginx为什么比Apache Httpd高效

    转载于:http://www.toxingwang.com/linux-unix/linux-basic/1712.html 一.进程.线程? 在回答nginx 为什么比apache更高效之前,必须要 ...

  5. 【转】Linux下apache/httpd服务启动与停止

    apache服务,或者说httpd服务,如何启动,如何开机启动. 转来转去,找不到原文.. 操作系统环境:红帽5,具体如下:# uname -a Linux machine1 2.6.18-164.e ...

  6. mac os 禁止apache httpd自动启动(转)

    mac os 禁止apache httpd自动启动 博客分类: 计算机使用   mac os不像linux有/etc/init.d/rc.local以及service的方式可以设置程序随机启动,而是使 ...

  7. Apache Httpd + Subversion 搭建HTTP访问的SVN服务器

    最近要搭建一个SVN服务器.简单安装之后,本地访问没有问题,但作为服务器肯定是需要HTTP访问.搜索之后,以下是我按照网上的资料搭建的过程,以备后用和参考.(所有软件安装步骤略,没有特殊的,如果没有特 ...

  8. Fedora8上Apache Httpd与Tomcat6初集成

    系统信息: 环境: Linux version :2.6.23.1-42.fc8,gcc version 4.1.2 20070925 Apache Httpd version: 2.2.6.3-3 ...

  9. 在Fedora8上配置Apache Httpd

    原以为Fedora8我安装的是最简版本,于是去Apache Httpd官网下一个httpd,但是速度很成问题,现在还没有下完. 打开Fedora8的光盘,里面有httpd-2.2.6.3-3.i386 ...

随机推荐

  1. Spring Boot属性配置文件:application.properties 详解

    学习资料 网址 官方说明文档 https://docs.spring.io/spring-boot/docs/current/reference/html/common-application-pro ...

  2. 关于Python文件读写

    Python中文件操作可以通过open函数,这的确很像C语言中的fopen.通过open函数获取一个file object,然后调用read(),write()等方法对文件进行读写操作. 1.open ...

  3. Keil的RTX特性

    Keil RTX是为ARM和Cortex-M设备设计的免版税,确定性的实时操作系统.它允许您创建同时执行多个功能的程序,并帮助创建更好的结构和更容易维护的应用程序. 特征 具有源代码的免版权,确定性R ...

  4. firstResponder

    https://developer.apple.com/library/content/documentation/EventHandling/Conceptual/EventHandlingiPho ...

  5. react navite 学习资料

    react 学习资料 https://github.com/crazycodeboy/GitHubPopular crazycodeboy/GitHubPopular https://github.c ...

  6. hdu4027-Can you answer these queries? -(线段树+剪枝)

    题意:给n个数,m个操作,分两种操作,一种是将一段区间的每个数都开根号,另一种是查询区间和. 解题:显然对每个数开根号不能用lazy的区间更新.一个一个更新必然爆时间,对1开根号还是1,如果一段区间都 ...

  7. bootstrap中data-*的一些归纳

    最近发现date里面的东西跟常用,但是没有过一个系统化的归纳,今天下午正好有小会空,整合一下如下: 1. data-toggle data-toggle指以什么事件类型触发,常用的如下. data-t ...

  8. Python高级函数--filter

    def is_palindrome(n): return str(n) == str(n)[::-1] #前两个‘:’表示整个范围,‘-’表示从后面,‘1’表示数据间隔 output = filter ...

  9. (尚029)Vue_案例_交互footer组件功能

    需要实现界面截图: 难点分析:sAllCheck必须定义为计算属性 1.想到问题: 一旦写一个组件,需要接收哪些属性?? 因为只有属性确定了,标签才好写 todos属性可以确定三个方面的显示 2.做交 ...

  10. netflix conductor 学习(一)docker-compose 运行

    为了方便学习以及使用netflix conductor 基于官方的dockerfile,构建了server 以及ui 的容器镜像并push dockerhub 环境准备 官方docker-compos ...