apache httpd 從2.2升級到2.4的過程及中間遇到的坑

背景描述：

　　最近集團在作安全掃描，掃出了http的漏洞，一看是監控nagios涉及到的httpd，因而就考慮將httpd升級到最新的版本，在升級的過程當中，真是遇到了不少的坑，弄了2天終於搞定了，如今梳理下相應的錯誤處理過程及解決的方法。

環境信息：

　　apache httpd版本：Apache/2.2.15

　　OS版本：Red Hat Enterprise Linux Server release 6.6 (Santiago)

httpd 2.2 升級到 2.4的過程【採用從新安裝一個最新版本，而後加載原配置的方法】：

1.下載最新的httpd軟件包，此處用的軟件包版本

httpd-2.4.39.tar.gz

下載地址：http://httpd.apache.org/download.cgi

2.將軟件上傳到服務器上(注意使用root用戶上傳)

3.解壓，檢查環境配置

[root@hadoop1 softwares]# tar -zxf httpd-2.4.39.tar.gz 
[root@hadoop1 softwares]# cd httpd-2.4.39
[root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39

有以下報錯信息：

[root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
configure: 
configure: Configuring Apache Portable Runtime library...
configure: 
checking for APR... configure: WARNING: APR version 1.4.0 or later is required, found 1.3.9
configure: WARNING: skipped APR at apr-1-config, version not acceptable
no
configure: error: APR not found.  Please read the documentation.

經過以上的報錯信息知道，缺乏apr的包，下載apr相關的包

4.下載apr對應軟件包，下載如下2個包

5.將apr及apr-util的包解壓到httpd解壓以後的目錄中，放到srclib目錄下

[root@hadoop1 httpd-2.4.39]# pwd
/opt/softwares/httpd-2.4.39
[root@hadoop1 httpd-2.4.39]# ls
ABOUT_APACHE     apache_probes.d  BuildBin.dsp    config.layout  configure.in  httpd.dsp   INSTALL         libhttpd.dsp  Makefile.win   os                ROADMAP  test
acinclude.m4     ap.d             buildconf       config.log     docs          httpd.mak   InstallBin.dsp  libhttpd.mak  modules        README            server   VERSIONING
Apache-apr2.dsw  build            CHANGES         config.nice    emacs-style   httpd.spec  LAYOUT          LICENSE       NOTICE         README.cmake      srclib
Apache.dsw       BuildAll.dsp     CMakeLists.txt  configure      httpd.dep     include     libhttpd.dep    Makefile.in   NWGNUmakefile  README.platforms  support
[root@hadoop1 httpd-2.4.39]# cd srclib/
[root@hadoop1 srclib]# ll
total 4
-rw-r--r-- 1 root dip 121 Feb 11  2005 Makefile.in

 將apr及apr-util解壓到該目錄下

[root@hadoop1 softwares]# tar -zxf apr-1.7.0.tar.gz -C ./httpd-2.4.39/srclib/
[root@hadoop1 softwares]# tar -zxf apr-util-1.6.1.tar.gz -C ./httpd-2.4.39/srclib/
[root@hadoop1 softwares]# cd httpd-2.4.39/srclib/
[root@hadoop1 srclib]# ls
apr-1.7.0  apr-util-1.6.1  Makefile.in
[root@hadoop1 srclib]# mv apr-1.7.0/ apr
[root@hadoop1 srclib]# mv apr-util-1.6.1/ apr-util
[root@hadoop1 srclib]# ls
apr  apr-util  Makefile.in

6.從新檢查httpd的配置

[root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39

 出現如下結果：

... ...省略
configure: summary of build options:

    Server Version: 2.4.39
    Install prefix: /usr/local/httpd-2.4.39
    C compiler:     gcc -std=gnu99
    CFLAGS:          -g -O2 -pthread  
    CPPFLAGS:        -DLINUX -D_REENTRANT -D_GNU_SOURCE  
    LDFLAGS:           
    LIBS:             
    C preprocessor: gcc -E

以上提示，表示檢查配置沒有問題。

7.進行編譯，安裝

make

此處出現以下錯誤：

/apr-util/include -I/opt/softwares/httpd-2.4.39/srclib/apr-util/include/private  -I/opt/softwares/httpd-2.4.39/srclib/apr/include    -o xml/apr_xml.lo -c xml/apr_xml.c && touch xml/apr_xml.lo
xml/apr_xml.c:35:19: error: expat.h: No such file or directory
xml/apr_xml.c:66: error: expected specifier-qualifier-list before ‘XML_Parser’
xml/apr_xml.c: In function ‘cleanup_parser’:
xml/apr_xml.c:364: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:365: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c: At top level:
xml/apr_xml.c:384: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token
xml/apr_xml.c: In function ‘apr_xml_parser_create’:
xml/apr_xml.c:401: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:402: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:410: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:411: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:412: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:424: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:424: error: ‘default_handler’ undeclared (first use in this function)
xml/apr_xml.c:424: error: (Each undeclared identifier is reported only once
xml/apr_xml.c:424: error: for each function it appears in.)
xml/apr_xml.c: In function ‘do_parse’:
xml/apr_xml.c:434: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:438: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:442: error: ‘apr_xml_parser’ has no member named ‘xp_err’
xml/apr_xml.c:442: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c: In function ‘apr_xml_parser_geterror’:
xml/apr_xml.c:500: error: ‘apr_xml_parser’ has no member named ‘xp_err’
xml/apr_xml.c:500: error: ‘apr_xml_parser’ has no member named ‘xp_err’
make[3]: *** [xml/apr_xml.lo] Error 1
make[3]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib/apr-util'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib/apr-util'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib'
make: *** [all-recursive] Error 1

解決方法，安裝expdat-devel包

[root@hadoop1 httpd-2.4.39]# yum install expat-devel
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package expat-devel.x86_64 0:2.0.1-13.el6_8 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================================================================
 Package                                         Arch                                       Version                                             Repository                                Size
===============================================================================================================================================================================================
Installing:
 expat-devel                                     x86_64                                     2.0.1-13.el6_8                                      base                                     119 k

Transaction Summary
===============================================================================================================================================================================================
Install       1 Package(s)

Total download size: 119 k
Installed size: 476 k
Is this ok [y/N]: y
Downloading Packages:
expat-devel-2.0.1-13.el6_8.x86_64.rpm                                                                                                                                   | 119 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : expat-devel-2.0.1-13.el6_8.x86_64                                                                                                                                           1/1 
  Verifying  : expat-devel-2.0.1-13.el6_8.x86_64                                                                                                                                           1/1 

Installed:
  expat-devel.x86_64 0:2.0.1-13.el6_8                                                                                                                                                          

Complete!

再次進行編譯，出現如下信息，表示編譯成功

... ... 省略
mod_rewrite.lo 
make[4]: Leaving directory `/opt/softwares/httpd-2.4.39/modules/mappers'
make[3]: Leaving directory `/opt/softwares/httpd-2.4.39/modules/mappers'
make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/modules'
make[2]: Entering directory `/opt/softwares/httpd-2.4.39/support'
make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/support'

make[1]: Leaving directory `/opt/softwares/httpd-2.4.39'

執行安裝

[root@hadoop1 httpd-2.4.39]# make install

8.建立配置文件目錄conf.d，而且將原httpd配置文件拷貝到新版本配置目錄下

[root@hadoop1 httpd-2.4.39]# cd /usr/local/httpd-2.4.39/
[root@hadoop1 httpd-2.4.39]# mkdir conf.d
[root@hadoop1 httpd-2.4.39]# ls -l
total 64
drwxr-xr-x  2 root root  4096 Jul  3 10:26 bin
drwxr-xr-x  2 root root  4096 Jul  3 10:26 build
drwxr-xr-x  2 root root  4096 Jul  3 10:26 cgi-bin
drwxr-xr-x  4 root root  4096 Jul  3 10:26 conf
drwxr-xr-x  2 root root  4096 Jul  3 10:27 conf.d
drwxr-xr-x  3 root root  4096 Jul  3 10:26 error
drwxr-sr-x  2 root root  4096 Mar 27 23:05 htdocs
drwxr-xr-x  3 root root  4096 Jul  3 10:26 icons
drwxr-xr-x  2 root root  4096 Jul  3 10:26 include
drwxr-xr-x  3 root root  4096 Jul  3 10:26 lib
drwxr-xr-x  2 root root  4096 Jul  3 10:26 logs
drwxr-xr-x  4 root root  4096 Jul  3 10:26 man
drwxr-sr-x 14 root root 12288 Mar 27 23:05 manual
drwxr-xr-x  2 root root  4096 Jul  3 10:26 modules

[root@hadoop1 httpd-2.4.39]# cd conf
[root@hadoop1 conf]# cp httpd.conf httpd.conf.bak
[root@hadoop1 conf]# cd ../conf.d/
[root@hadoop1 conf.d]# cp /etc/httpd/conf.d/nagios.conf .

9.關閉原有httpd服務，啓動新的服務

[root@hadoop1 httpd-2.4.39]# service httpd stop
Stopping httpd:                                            [  OK  ]
[root@hadoop1 httpd-2.4.39]# bin/apachectl -f conf/httpd.conf
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

10.經過頁面進行訪問最新的服務

發現沒法訪問，出現如下的錯誤：

就沒有這個nagios路徑，說明沒有加載到配置文件，查看發現沒有include，增長如下配置

include conf.d/*.conf

重啓服務，再次刷新頁面，變成是沒有權限訪問了，以下：

查看日誌，報以下的錯誤：

以上信息顯示沒有正常的生產索引，可是該目錄下php的文件，應該能顯示纔對，

檢查httpd中是否加載了php模塊，發現沒有php模塊

[root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep php
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

而後又找了相應的解決方案，發現是須要單獨進行編譯，而後在httpd中配置模塊信息

--1.上傳php包

[root@hadoop1 softwares]# ls -l php-7.3.6.tar.gz 
-rw-r--r-- 1 root root 19449322 Jul  1 14:09 php-7.3.6.tar.gz

--2.解壓，檢查配置，編譯

[root@hadoop1 softwares]# tar -zxf php-7.3.6.tar.gz 
[root@hadoop1 softwares]# cd php-7.3.6
[root@hadoop1 php-7.3.6]# ./configure --prefix=/usr/local/php7 --with-apxs2=/usr/local/httpd-2.4.39/bin/apxs

發現有以下報錯：

Configuring extensions
checking for strings.h... (cached) yes
checking io.h usability... no
checking io.h presence... no
checking for io.h... no
checking for strtoll... yes
checking for atoll... yes
checking whether to enable LIBXML support... yes
checking libxml2 install dir... no
checking for xml2-config path... 
checking for pkg-config... /usr/bin/pkg-config
configure: error: libxml2 not found. Please check your libxml2 installation.

 安裝libxml2包

[root@hadoop1 php-7.3.6]# yum install -y libxml2 libxml2-devel

再次進行配置檢查,檢查經過

執行編譯

[root@hadoop1 php-7.3.6]# make && make install

編譯以後，在httpd目錄modules中生產php模塊文件

[root@hadoop1 modules]# ls -l libphp7.so 
-rwxr-xr-x 1 root root 35060633 Jul  3 11:42 libphp7.so

--3.將php模塊加入到http配置中

LoadModule php7_module        modules/libphp7.so

檢查配置是否加載

[root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep php
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message
 php7_module (shared)

 顯示，已經加載了。在實驗中發下，模塊信息，在php make install以後會自動將配置加載到httpd.conf文件中，而且動態加載。

再次經過頁面進行訪問

仍然訪問不了，報了相同的錯誤。

繼續修改httpd.conf，支持php

AddType application/x-httpd-php .php

<IfModule dir_module>
    DirectoryIndex index.html index.php index.htm
</IfModule>

 從新啓動http服務，再次訪問頁面

主頁是能夠訪問的了，可是點擊其餘的頁面，就是下載cgi文件，沒法執行

查看是否有cgi模塊

[root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep cgi
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message

 無該模塊，繼續修改httpd配置文件開啓cgi模塊支持

LoadModule cgid_module modules/mod_cgid.so

取消註釋以後，再次檢查，已經加載，無需重啓

[root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep cgi
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message
 cgid_module (shared)

通過驗證，須要重啓，才能生效，再次訪問頁面

正常，能夠訪問。升級完成。

 

另外，在升級中若是遇到如下報錯：

[Mon Jul 01 12:27:38.516704 2019] [core:error] [pid 7454:tid 139726203901696] (13)Permission denied: [client 10.253.7.100:59831] AH00035: access to /nagios/ denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path
[Mon Jul 01 12:27:45.786697 2019] [core:error] [pid 7454:tid 139726172432128] (13)Permission denied: [client 10.191.36.37:33553] AH00035: access to / denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path

 解決：

修改cgisocket文件路徑，顯示給個路徑：

ScriptSock /var/run/cgid.sock

緣由：主要仍是安全的問題考慮，2.4以後對安全有不少的考慮。相關問題能夠參考下http的安全提示：

          Security Tips - Apache HTTP Server Version 2.4

 

文檔建立時間：2019年7月3日12:40:52