기존 운영중인 서버 환경
$ cat /etc/redhat-release CentOS release 5.11 (Final)
$ /usr/local/apache-2.0.65/bin/apachectl -v
Server version: Apache/2.0.65 Server built: Nov 19 2019 22:31:55
$ /usr/local/php-4.4.9/bin/php -v
PHP 4.4.9 (cli) (built: Nov 19 2019 22:43:13) Copyright (c) 1997-2008
The PHP Group Zend Engine v1.3.0, Copyright (c)
1998-2004 Zend Technologies
with Zend Optimizer v2.6.2, Copyright (c) 1998-2006, by Zend Technologies
이제 대부분 브라우저들이 tls1.2이상이어야 하기때문에 해당 아파치 버전(2.0)에서는 더이상 쓸수가 없게되어
아파치 버전 업그레이드 진행!
2.2 최신버전인 2.2.34로 진행해서 실행할 경우 아래와 같이 에러발생;; 왠 문법오류
httpd: Syntax error on line 102 of /usr/local/apache-2.2.34/conf/httpd.conf: API module structure 'php4_module' in file /usr/local/apache-2.2.34/modules/libphp4.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version?
전제 openssl업그레이드 설치
https://darksharavim.tistory.com/463
centos5 openssl 버전 업그레이드
# openssl version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared make &..
darksharavim.tistory.com
그래서 2.2.32로 내려서 설치진행함.
$ wget http://archive.apache.org/dist/httpd/httpd-2.2.32.tar.gz # tar -xvzf httpd-2.2.32.tar.gz # cd httpd-2.2.32 # export CPPFLAGS="-I /usr/local/ssl/include/openssl" # ./configure -prefix=/usr/local/apache-2.2.32 \ --enable-modules=so \ --enable-so \ --enable-rewrite \ --enable-mods-shared=most \ --with-included-apr \ --enable-module=ssl \ --enable-ssl=shared \ --with-ssl=/usr/local/ssl \ --enable-ssl # make && make install
단, 위와 같이 진행할 경우 maxclients가 디폴트가 256이라 그 이상해야할 경우 아래 파일을 수정하고 재컴파일해야함.
$ vi /usr/local/src/httpd-2.2.32/server/mpm/prefork/prefork.c
# 기존
#define DEFAULT_SERVER_LIMIT 256
# 변경
#define DEFAULT_SERVER_LIMIT 2048
설치 후 mod_ssl 모듈이 별도 설치한 openssl을 바라보는지 아래와 같이 확인
$ ldd mod_ssl.so
linux-gate.so.1 => (0x00d40000) libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x0057f000) libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00b2d000) libpthread.so.0 => /lib/libpthread.so.0 (0x00303000) libc.so.6 => /lib/libc.so.6 (0x0031d000) libdl.so.2 => /lib/libdl.so.2 (0x00ad2000) /lib/ld-linux.so.2 (0x0069c000)
나머지 php는 기존과 동일하게 재설치함.
$ ./configure \
--prefix=/usr/local/php-4x \
--with-apxs2=/usr/local/apache-2.2.32/bin/apxs \
--with-config-file-path=/usr/local/php-4x/etc \
--with-mysql=/usr/local/mysql-4.0.27 \
--with-ttf \
--with-tiff \
--with-t1lib=/usr/lib \
--with-iconv \
--with-gd \
--with-zlib \
--with-freetype-dir=/usr/include/freetype2 \
--with-freetype \
--with-jpeg-dir=/usr/lib \
--with-png \
--with-xml \
--with-language=korean \
--with-charset=euc_kr \
--with-openssl \
--enable-track-vars \
--enable-ftp \
--enable-gd-native-ttf \
--enable-mbstring \
--disable-debug
$ make && make install
일부 모듈이 변경된게 있어서 버전에 맞게 다시 설정해야하는게 있으니 아래 링크로 비교함.
2.0에서 2.2로 업그레이드 달라지는 모듈
https://httpd.apache.org/docs/current/upgrading.html
Upgrading to 2.4 from 2.2 - Apache HTTP Server Version 2.4
Upgrading to 2.4 from 2.2 In order to assist folks upgrading, we maintain a document describing information critical to existing Apache HTTP Server users. These are intended to be brief notes, and you should be able to find more information in either the N
httpd.apache.org
2.0모듈 리스트
http://httpd.apache.org/docs/2.0/mod/
모듈 목록 - Apache HTTP Server
coreCore Apache HTTP Server features that are always available mpm_commonA collection of directives that are implemented by more than one multi-processing module (MPM) beosBeOS에 최적화된 다중처리 모듈. leader표준 worker MPM의 실험적인
httpd.apache.org
2.2 모듈 리스트
http://httpd.apache.org/docs/2.2/mod/
모듈 목록 - Apache HTTP Server Version 2.2
Please note This document refers to the 2.2 version of Apache httpd, which is no longer maintained. The active release is documented here. If you have not already upgraded, please follow this link for more information. You may follow this link to go to the
httpd.apache.org
mod_url 모듈 설치
$ /usr/local/apache-2.2.32/bin/apxs -iac mod_url.c
cband 모듈 설치
$ ./configure --with-apxs=/usr/local/apache-2.2.32/bin/apxs
$ make && make install
#httpd.conf 추가
LoadModule cband_module /usr/lib/httpd/modules/mod_cband.so
<IfModule mod_cband.c>
<Location /cband-status-me>
SetHandler cband-status-me
</Location>
<Location /cband-status>
SetHandler cband-status
</Location>
<Location /cband-status>
Order deny,allow
Deny from all Allow
from [접근제한IP]
</Location>
</IfModule>ssl을 사용한다면 ssl.conf에도 동일하게 설정
아파치 geoip 모듈 설치
$ cd /usr/local/src/mod_geoip2_1.2.5
$ /usr/local/apache-2.2.32/bin/apxs -i -a -L /usr/local/GeoIP/lib \
-I /usr/local/GeoIP/include \
-l GeoIP \
-c ./mod_geoip.c
modsecurity 버전이 2.5.11이였는데 아파치 2.2.32에서는 버전오류과 발생
httpd: Syntax error on line 57 of /usr/local/apache-2.2.32/conf/httpd.conf: API module structure 'security2_module' in file /usr/local/apache-2.2.32/modules/mod_security2.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version?
modsecurity-2.9.3 설치
설치 진행할려고할시 또 에러 발생
checking if libxml2 is at least v2.6.29... no, 2.6.26
libxml버전이 낮아서 2.6.29으로 설치
$ wget http://xmlsoft.org/sources/old/libxml2-2.6.29.tar.gz
$ tar -xvzf libxml2-2.6.29.tar.gz
$ cd libxml2-2.6.29
$ ./configure --prefix=/usr
$ make && make install
설치진행
$ ./configure \
--with-apxs=/usr/local/apache-2.2.32/bin/apxs \
--with-apr=/usr/local/apr/bin/apr-1-config \
--with-pcre=/usr/local/pcre/bin/pcre-config
$ make && make install
아파치 구동후 openssl확인
$ curl --head localhost
HTTP/1.1 403 Forbidden Date: Thu, 02 Dec 2021 06:42:31 GMT Server: Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.2u DAV/2 PHP/4.4.9'# Web&WAS > Apache' 카테고리의 다른 글
| 아파치 일반사용자 권한 실행 (0) | 2022.09.20 |
|---|---|
| 아파치 TLSv1.3 적용(feat. openssl) (0) | 2022.05.04 |
| 아파치 메소드(method) 제한 및 확인 (0) | 2021.11.04 |
| 아파치 SSL인증서 암호(password) 자동입력 스크립트(script) (0) | 2021.06.22 |
| 아파치 로그포맷 JSON 변경 (0) | 2021.04.01 |
안녕하세요. 이곳은 IT위주의 잡다한 정보를 올려두는 개인 블로그입니다.
포스팅이 좋았다면 "좋아요❤️" 또는 "구독👍🏻" 해주세요!
