背景描述

  最近集团在做安全扫描,扫出了http的漏洞,一看是监控nagios涉及到的httpd,于是就考虑将httpd升级到最新的版本,在升级的过程中,真是遇到了很多的坑,弄了2天终于搞定了,现在梳理下相应的错误处理过程及解决的方法。

环境信息

  apache httpd版本:Apache/2.2.15

  OS版本:Red Hat Enterprise Linux Server release 6.6 (Santiago)

httpd 2.2 升级到 2.4的过程【采用重新安装一个最新版本,然后加载原配置的方法】

1.下载最新的httpd软件包,此处用的软件包版本

httpd-2.4.39.tar.gz

下载地址:http://httpd.apache.org/download.cgi

2.将软件上传到服务器上(注意使用root用户上传)

3.解压,检查环境配置

[root@hadoop1 softwares]# tar -zxf httpd-2.4..tar.gz

[root@hadoop1 softwares]# cd httpd-2.4.

[root@hadoop1 httpd-2.4.]# ./configure --prefix=/usr/local/httpd-2.4.

有如下报错信息:

[root@hadoop1 httpd-2.4.]# ./configure --prefix=/usr/local/httpd-2.4.

checking for chosen layout... Apache

checking for working mkdir -p... yes

checking for grep that handles long lines and -e... /bin/grep

checking for egrep... /bin/grep -E

checking build system type... x86_64-pc-linux-gnu

checking host system type... x86_64-pc-linux-gnu

checking target system type... x86_64-pc-linux-gnu

configure:

configure: Configuring Apache Portable Runtime library...

configure:

checking for APR... configure: WARNING: APR version 1.4. or later is required, found 1.3.

configure: WARNING: skipped APR at apr--config, version not acceptable

no

configure: error: APR not found.  Please read the documentation.

通过以上的报错信息知道,缺少apr的包,下载apr相关的包

4.下载apr对应软件包,下载以下2个包

5.将apr及apr-util的包解压到httpd解压之后的目录中,放到srclib目录下

[root@hadoop1 httpd-2.4.]# pwd

/opt/softwares/httpd-2.4.

[root@hadoop1 httpd-2.4.]# ls

ABOUT_APACHE     apache_probes.d  BuildBin.dsp    config.layout  configure.in  httpd.dsp   INSTALL         libhttpd.dsp  Makefile.win   os                ROADMAP  test

acinclude.m4     ap.d             buildconf       config.log     docs          httpd.mak   InstallBin.dsp  libhttpd.mak  modules        README            server   VERSIONING

Apache-apr2.dsw  build            CHANGES         config.nice    emacs-style   httpd.spec  LAYOUT          LICENSE       NOTICE         README.cmake      srclib

Apache.dsw       BuildAll.dsp     CMakeLists.txt  configure      httpd.dep     include     libhttpd.dep    Makefile.in   NWGNUmakefile  README.platforms  support

[root@hadoop1 httpd-2.4.]# cd srclib/

[root@hadoop1 srclib]# ll

total

-rw-r--r--  root dip  Feb    Makefile.in

将apr及apr-util解压到该目录下

[root@hadoop1 softwares]# tar -zxf apr-1.7..tar.gz -C ./httpd-2.4./srclib/

[root@hadoop1 softwares]# tar -zxf apr-util-1.6..tar.gz -C ./httpd-2.4./srclib/

[root@hadoop1 softwares]# cd httpd-2.4./srclib/

[root@hadoop1 srclib]# ls

apr-1.7.  apr-util-1.6.  Makefile.in

[root@hadoop1 srclib]# mv apr-1.7./ apr

[root@hadoop1 srclib]# mv apr-util-1.6./ apr-util

[root@hadoop1 srclib]# ls

apr  apr-util  Makefile.in

6.重新检查httpd的配置

[root@hadoop1 httpd-2.4.]# ./configure --prefix=/usr/local/httpd-2.4.

出现以下结果:

... ...省略

configure: summary of build options:

    Server Version: 2.4.

    Install prefix: /usr/local/httpd-2.4.

    C compiler:     gcc -std=gnu99

    CFLAGS:          -g -O2 -pthread

    CPPFLAGS:        -DLINUX -D_REENTRANT -D_GNU_SOURCE

    LDFLAGS:

    LIBS:

    C preprocessor: gcc -E

以上提示,表示检查配置没有问题。

7.进行编译,安装

make

此处出现如下错误:

/apr-util/include -I/opt/softwares/httpd-2.4./srclib/apr-util/include/private  -I/opt/softwares/httpd-2.4./srclib/apr/include    -o xml/apr_xml.lo -c xml/apr_xml.c && touch xml/apr_xml.lo

xml/apr_xml.c::: error: expat.h: No such file or directory

xml/apr_xml.c:: error: expected specifier-qualifier-list before ‘XML_Parser’

xml/apr_xml.c: In function ‘cleanup_parser’:

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c: At top level:

xml/apr_xml.c:: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token

xml/apr_xml.c: In function ‘apr_xml_parser_create’:

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘default_handler’ undeclared (first use in this function)

xml/apr_xml.c:: error: (Each undeclared identifier is reported only once

xml/apr_xml.c:: error: for each function it appears in.)

xml/apr_xml.c: In function ‘do_parse’:

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp_err’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp’

xml/apr_xml.c: In function ‘apr_xml_parser_geterror’:

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp_err’

xml/apr_xml.c:: error: ‘apr_xml_parser’ has no member named ‘xp_err’

make[]: *** [xml/apr_xml.lo] Error

make[]: Leaving directory `/opt/softwares/httpd-2.4./srclib/apr-util'

make[]: *** [all-recursive] Error

make[]: Leaving directory `/opt/softwares/httpd-2.4./srclib/apr-util'

make[]: *** [all-recursive] Error

make[]: Leaving directory `/opt/softwares/httpd-2.4./srclib'

make: *** [all-recursive] Error

解决方法,安装expdat-devel包

[root@hadoop1 httpd-2.4.39]# yum install expat-devel
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package expat-devel.x86_64 0:2.0.1-13.el6_8 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================================================================
 Package                                         Arch                                       Version                                             Repository                                Size
===============================================================================================================================================================================================
Installing:
 expat-devel                                     x86_64                                     2.0.1-13.el6_8                                      base                                     119 k

Transaction Summary
===============================================================================================================================================================================================
Install       1 Package(s)

Total download size: 119 k
Installed size: 476 k
Is this ok [y/N]: y
Downloading Packages:
expat-devel-2.0.1-13.el6_8.x86_64.rpm                                                                                                                                   | 119 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : expat-devel-2.0.1-13.el6_8.x86_64                                                                                                                                           1/1 
  Verifying  : expat-devel-2.0.1-13.el6_8.x86_64                                                                                                                                           1/1 

Installed:
  expat-devel.x86_64 0:2.0.1-13.el6_8                                                                                                                                                          

Complete!

再次进行编译,出现以下信息,表示编译成功

... ... 省略

mod_rewrite.lo

make[]: Leaving directory `/opt/softwares/httpd-2.4./modules/mappers'

make[]: Leaving directory `/opt/softwares/httpd-2.4./modules/mappers'

make[]: Leaving directory `/opt/softwares/httpd-2.4./modules'

make[]: Entering directory `/opt/softwares/httpd-2.4./support'

make[]: Leaving directory `/opt/softwares/httpd-2.4./support'

make[]: Leaving directory `/opt/softwares/httpd-2.4.'

执行安装

[root@hadoop1 httpd-2.4.]# make install

8.创建配置文件目录conf.d,并且将原httpd配置文件拷贝到新版本配置目录下

[root@hadoop1 httpd-2.4.]# cd /usr/local/httpd-2.4./

[root@hadoop1 httpd-2.4.]# mkdir conf.d

[root@hadoop1 httpd-2.4.]# ls -l

total

drwxr-xr-x   root root   Jul   : bin

drwxr-xr-x   root root   Jul   : build

drwxr-xr-x   root root   Jul   : cgi-bin

drwxr-xr-x   root root   Jul   : conf

drwxr-xr-x   root root   Jul   : conf.d

drwxr-xr-x   root root   Jul   : error

drwxr-sr-x   root root   Mar  : htdocs

drwxr-xr-x   root root   Jul   : icons

drwxr-xr-x   root root   Jul   : include

drwxr-xr-x   root root   Jul   : lib

drwxr-xr-x   root root   Jul   : logs

drwxr-xr-x   root root   Jul   : man

drwxr-sr-x  root root  Mar  : manual

drwxr-xr-x   root root   Jul   : modules

[root@hadoop1 httpd-2.4.]# cd conf

[root@hadoop1 conf]# cp httpd.conf httpd.conf.bak

[root@hadoop1 conf]# cd ../conf.d/

[root@hadoop1 conf.d]# cp /etc/httpd/conf.d/nagios.conf .

9.关闭原有httpd服务,启动新的服务

[root@hadoop1 httpd-2.4.]# service httpd stop

Stopping httpd:                                            [  OK  ]

[root@hadoop1 httpd-2.4.]# bin/apachectl -f conf/httpd.conf

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

10.通过页面进行访问最新的服务

发现无法访问,出现以下的错误:

就没有这个nagios路径,说明没有加载到配置文件,查看发现没有include,增加以下配置

include conf.d/*.conf

重启服务,再次刷新页面,变成是没有权限访问了,如下:

查看日志,报如下的错误:

以上信息显示没有正常的生产索引,但是该目录下php的文件,应该能显示才对,

检查httpd中是否加载了php模块,发现没有php模块

[root@hadoop1 httpd-2.4.]# bin/apachectl -t -D DUMP_MODULES | grep php

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

然后又找了相应的解决方案,发现是需要单独进行编译,然后在httpd中配置模块信息

--1.上传php包

[root@hadoop1 softwares]# ls -l php-7.3..tar.gz

-rw-r--r--  root root  Jul   : php-7.3..tar.gz

--2.解压,检查配置,编译

[root@hadoop1 softwares]# tar -zxf php-7.3..tar.gz

[root@hadoop1 softwares]# cd php-7.3.

[root@hadoop1 php-7.3.]# ./configure --prefix=/usr/local/php7 --with-apxs2=/usr/local/httpd-2.4./bin/apxs

发现有如下报错:

Configuring extensions

checking for strings.h... (cached) yes

checking io.h usability... no

checking io.h presence... no

checking for io.h... no

checking for strtoll... yes

checking for atoll... yes

checking whether to enable LIBXML support... yes

checking libxml2 install dir... no

checking for xml2-config path...

checking for pkg-config... /usr/bin/pkg-config

configure: error: libxml2 not found. Please check your libxml2 installation.

安装libxml2包

[root@hadoop1 php-7.3.]# yum install -y libxml2 libxml2-devel

再次进行配置检查,检查通过

执行编译

[root@hadoop1 php-7.3.]# make && make install

编译之后,在httpd目录modules中生产php模块文件

[root@hadoop1 modules]# ls -l libphp7.so

-rwxr-xr-x  root root  Jul   : libphp7.so

--3.将php模块加入到http配置中

LoadModule php7_module        modules/libphp7.so

检查配置是否加载

[root@hadoop1 httpd-2.4.]# bin/apachectl -t -D DUMP_MODULES | grep php

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

 php7_module (shared)

显示,已经加载了。在实验中发下,模块信息,在php make install之后会自动将配置加载到httpd.conf文件中,并且动态加载。

再次通过页面进行访问

仍然访问不了,报了相同的错误。

继续修改httpd.conf,支持php

AddType application/x-httpd-php .php

<IfModule dir_module>

    DirectoryIndex index.html index.php index.htm

</IfModule>

重新启动http服务,再次访问页面

主页是可以访问的了,但是点击其他的页面,就是下载cgi文件,无法执行

查看是否有cgi模块

[root@hadoop1 httpd-2.4.]# bin/apachectl -t -D DUMP_MODULES | grep cgi

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

无该模块,继续修改httpd配置文件开启cgi模块支持

LoadModule cgid_module modules/mod_cgid.so

取消注释之后,再次检查,已经加载,无需重启

[root@hadoop1 httpd-2.4.]# bin/apachectl -t -D DUMP_MODULES | grep cgi

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

 cgid_module (shared)

经过验证,需要重启,才能生效,再次访问页面

正常,可以访问。升级完成。

另外,在升级中如果遇到以下报错

[Mon Jul  ::38.516704 ] [core:error] [pid :tid ] ()Permission denied: [client 10.253.7.100:] AH00035: access to /nagios/ denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path

[Mon Jul  ::45.786697 ] [core:error] [pid :tid ] ()Permission denied: [client 10.191.36.37:] AH00035: access to / denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path

解决:

修改cgisocket文件路径,显示给个路径:

ScriptSock /var/run/cgid.sock

原因:主要还是安全的问题考虑,2.4之后对安全有很多的考虑。相关问题可以参考下http的安全提示:

Security Tips - Apache HTTP Server Version 2.4

文档创建时间:2019年7月3日12:40:52

apache httpd 从2.2升级到2.4的过程及中间遇到的坑的更多相关文章

  1. Apache Httpd Server 2.2升级2.4

    Apache Httpd Server 2.2升级2.4 (2 votes, average: 5.00 out of 5) 2,302 views 2012 年 3 月 20 日Web服务器.服务器 ...

  2. Mysql5.5升级到5.7的过程已经踩到的坑

    https://blog.csdn.net/u014534986/article/details/79699750 故事是这样子的,我们公司有几台老的mysql版本是5.5的,最近项目做了一些升级增加 ...

  3. Nginx为什么比Apache Httpd高效:原理篇

    一.进程.线程? 进程是具有一定独立功能的,在计算机中已经运行的程序的实体.在早期系统中(如linux 2.4以前),进程是基本运作单位,在支持线程的系统中(如windows,linux2.6)中,线 ...

  4. Nginx为什么比Apache Httpd高效

    转载于:http://www.toxingwang.com/linux-unix/linux-basic/1712.html 一.进程.线程? 在回答nginx 为什么比apache更高效之前,必须要 ...

  5. 【转】Linux下apache/httpd服务启动与停止

    apache服务,或者说httpd服务,如何启动,如何开机启动. 转来转去,找不到原文.. 操作系统环境:红帽5,具体如下:# uname -a Linux machine1 2.6.18-164.e ...

  6. mac os 禁止apache httpd自动启动(转)

    mac os 禁止apache httpd自动启动 博客分类: 计算机使用   mac os不像linux有/etc/init.d/rc.local以及service的方式可以设置程序随机启动,而是使 ...

  7. Apache Httpd + Subversion 搭建HTTP访问的SVN服务器

    最近要搭建一个SVN服务器.简单安装之后,本地访问没有问题,但作为服务器肯定是需要HTTP访问.搜索之后,以下是我按照网上的资料搭建的过程,以备后用和参考.(所有软件安装步骤略,没有特殊的,如果没有特 ...

  8. Fedora8上Apache Httpd与Tomcat6初集成

    系统信息: 环境: Linux version :2.6.23.1-42.fc8,gcc version 4.1.2 20070925 Apache Httpd version: 2.2.6.3-3 ...

  9. 在Fedora8上配置Apache Httpd

    原以为Fedora8我安装的是最简版本,于是去Apache Httpd官网下一个httpd,但是速度很成问题,现在还没有下完. 打开Fedora8的光盘,里面有httpd-2.2.6.3-3.i386 ...

随机推荐

  1. box-cox解读

    可以额外参考资料:https://blog.csdn.net/sinat_26917383/article/details/77864582,http://www.dataguru.cn/articl ...

  2. The 2019 Asia Yinchuan First Round Online Programming F. Moving On

    t题目链接:https://nanti.jisuanke.com/t/41290 思路:题目意思很容易想到floyd,但是由于危险度的限制,我们该怎么跑floyd呢. 一开始理解错题目了,以为u-&g ...

  3. js清除浏览器的缓存的方法

    许多的项目当中,一旦改动了js的代码,必须在浏览器当中重新加载数据,清理缓存,比较麻烦.网上找了很多的清除浏览器的方法,首先是在 html的头部加上meta的属性,但是发现并没有什么用处,后来看到说在 ...

  4. Chrome出现“浏览器由所属组织管理”如何解决

    之前碰到了这个问题,删除注册表解决了.当时没记下来,今天又碰到了.那就写下来以备之后再碰到吧 删除了注册表\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Ch ...

  5. jenkins邮件配置以及邮件添加附件详解

    1.在系统管理-系统设置  中找到邮件配置模块 填写情况如下图 第一步,填写系统管理员邮箱 第二步,填写邮箱配置 第三步,然后在项目中添加邮箱配置 项目中邮件设置中关于附件添加 因为我的项目目录中分3 ...

  6. Linux下能访问Nginx,本地无法访问

    在虚拟机的Linux上安装好Nginx后,启动Nginx服务,在Linux环境下,输入ip直接可以访问到Nginx的欢迎界面,而在电脑本地访问不到界面,出现错误. 显示:你的网络出现问题或代理服务器问 ...

  7. discuz x3.3标题的最少字数限制设置方法

    Discuz帖子标题默认字数最多是80个字节,却没有最少的字节限制.最近看到很多站长想限制一下帖子标题最少字数,不管是利于seo,还是禁止灌水,都有必要.为此把设置方法发上来分享. 1.找到并打开st ...

  8. docker, docker-compose安装和使用

    官方文档: 安装docker: https://docs.docker.com/install/linux/docker-ce/centos/ 安装docker-compose: https://do ...

  9. CRAP-API——如何在Linux服务器部署CRAP-API教程

    前言 之前一直用的eolinker的免费版,但是人数有限,所以想找个免费开源的API管理平台,然后就选择了CRAP-API. 步骤 部署环境 LNMT部署 我的环境是之前部署的是LNMP,后面又增加的 ...

  10. MANIFEST.MF文件对Import-Package/Export-Package重排列

    众所周知,MANIFEST.MF文件中的空格开头的行是相当于拼接在上一行末尾的.很多又长又乱的Import-Package或者Export-Package,有时候想要搜索某个package却可能被换行 ...