CodeIT является разработчиком решений в сфере ПО (в том числе, и на базе веб-технологий). Поэтому нам регулярно необходимо свежее серверное программное обеспечение с поддержкой современных возможностей. Например, NGINX и Apache httpd, собранные для промышленных дистрибутивов с поддержкой HTTP/2 и brotli. А их, увы, не нашлось. Поэтому мы используем сами и приглашаем вас использовать наш репозиторий для RHEL/CentOS/Rocky Linux/Alma Linux/Oracle Linux:
| Версия | Поддерживаемые платформы | Статус |
| 6.x | x86_64 | поддержка прекращена с 12.2020 |
| 7.x | x86_64 | Актуален |
| 8.x | x86_64, aarch64 | Актуален |
| 9.x | x86_64, aarch64 | Актуален |
Чтобы включить автоматическое обновление пакетов для Linux, настройте репозиторий yum для дистрибутивов RHEL/CentOS.
ГОТОВЫЕ ПАКЕТЫ СТАБИЛЬНЫХ/MAINLINE ВЕРСИЙ
Для настройки RPM-репозитория Mainline для RHEL/CentOS необходимо просто установить пакет:
CentOS 7 / RHEL 7:
Stable:
yum install -y https://repo.codeit.guru/codeit-repo-release.el7.rpm epel-release
Mainline:
yum install -y https://repo.codeit.guru/codeit-repo-release.el7.rpm epel-release && yum-config-manager --enable CodeIT-mainline --save
QUIC / HTTP/3:
yum install -y https://repo.codeit.guru/codeit-repo-release.el7.rpm epel-release && yum-config-manager --enable CodeIT-quic --save
CentOS 8-9 / RHEL 8-9 / Rocky Linux 8-9 / Alma Linux 8-9:
EL8: yum install -y https://repo.codeit.guru/codeit-repo-release.el8.rpm epel-release
EL9: yum install -y https://repo.codeit.guru/codeit-repo-release.el9.rpm epel-release
QUIC stream: dnf module enable -y nginx:codeit-quic
Mainline stream (1.21.x, 1.23.x, …): dnf module enable -y nginx:codeit-mainline
Stable stream (1.20.x, 1.22.x): dnf module enable -y nginx:codeit-stable
Apache httpd stable: dnf module enable -y httpd:codeit
Если же вы хотите посмотреть списки имеющихся пакетов, можете просмотреть репозиторий. Обращаю ваше внимание на тот факт, что в зависимостях некоторых пакетов присутствуют библиотеки из репозитория EPEL, такие как apr-util, libnghttp. Таким образом, для использования Apache HTTPd проще всего подключить репозиторий EPEL:
yum install -y epel-release
Зачем для этого отдельный репозиторий?
Здесь будут публиковаться свежие версии nginx (из веток mainline и stable). Чем они лучше официальных? Тем, что наши пакеты:
-
- собраны c OpenSSL 1.1.1+ ради поддержки ALPN (заявление поддержки http2 ещё на этапе согласования TLS-соединения) и TLS 1.3 RFC 8446, которых нет из коробки. Это важно для нас, поскольку с мая 2016 года Google Chrome отменяет поддержку NPN и те, кто не имеет ALPN, останутся без http2.
-
- есть поддержка сжатия контента brotli с помощью собранного плагина ngx_brotli + libbrotli, которая оформлена отдельным пакетом.
Мы следим за версиями openssl, nginx и будем регулярно обновлять наши сборки. В будущем планируем расширить список программных продуктов, следите за сообщениями в блоге. Конечно, все SRPM доступны в репозитории. Первая версия собрана с OpenSSL 1.0.2h. Пакеты в репозитории подписаны нашим GPG-ключом, открытый ключ находится здесь.
On
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 6.10 (Santiago)
Release: 6.10
Codename: Santiago
I get this error when trying to add the repo
# cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el`rpm -q —qf «%{VERSION}» $(rpm -q —whatprovides redhat-release)`.repo
—2019-07-29 16:19:24— https://repo.codeit.guru/codeit.el6Server.repo
Resolving repo.codeit.guru… 144.76.75.30, 2a01:4f8:191:9348::5
Connecting to repo.codeit.guru|144.76.75.30|:443… connected.
HTTP request sent, awaiting response… 404 Not Found
2019-07-29 16:19:24 ERROR 404: Not Found.
Hello,
Please run:
cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el6.repoCould you also provide us with output for the following commands:
rpm -q --whatprovides redhat-release
rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)
Thank you!
Guys,
Love the Builds. Great Work
Love from India
Is there no changes. I followed the above procedure, actually, I’m looking for a change on this.
Please support me.
HTTP/1.1 200 OK
Date: Tue, 03 Sep 2019 11:45:54 GMT
Server: Apache/2.4.41 (codeit) PHP/7.2.22
Last-Modified: Tue, 03 Sep 2019 11:29:11 GMT
ETag: «1d-591a465c41698»
Accept-Ranges: bytes
Content-Length: 29
Content-Type: text/html; charset=UTF-8
How to use this upgrade to httpd 2.4.33?
Hi,
For some reason using your repo is now creating a dependancy to install nginx as a new package because of the following:
nginx x86_64 1:1.16.1-1.el7.codeit CodeIT 3.5 M
replacing libbrotli.x86_64 1:1.0.6-1.codeit.el7
In these cases I have httpd installed from your repo.
I also see that EPEL’s Brotli is now a newer release:
brotli x86_64 1.0.7-5.el7 epel 318 k
We will no more ship libbrotli, please install brotli from EPEL.
# yum shell
> upgrade httpd
> remove libbrotli
> install brotli
> run
> exit
This unfortunately does not work on CentOS 6 as brotli is not available in EPEL 6.
Yes, this is EL7 only.
I am trying to update apache and I am getting a 404 Error for https://repo.codeit.guru/codet.el. Is there a problem with the repository?
Please use https://repo.codeit.guru/codeit.el7.repo or https://repo.codeit.guru/codeit.el6.repo depending on CentOS/RHEL version.
Hi
I am trying to run «yum update httpd» but failing in dependency.
The following commands:
rpm -q —whatprovides redhat-release
rpm -q —qf «%{VERSION}» $(rpm -q —whatprovides redhat-release)
Gives results as :redhat-release-server-7.6-4.el7.x86_64 and 7.6
What to do to upgrade Apache beyong 2.4.16. Right now I have 2.4.6
Achintya
Hi. Please simply use https://repo.codeit.guru/codeit.el7.repo
#cat /etc/yum.repos.d/codeit.el7.repo
[CodeIT]
name=CodeIT repo
baseurl=https://repo.codeit.guru/packages/centos/7/$basearch
enabled=1
gpgkey=https://repo.codeit.guru/RPM-GPG-KEY-codeit
gpgcheck=1
#yum update httpd*
…
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
apr x86_64 1.5.2-1.el7.codeit CodeIT 111 k
httpd x86_64 2.4.41-4.codeit.el7 CodeIT 1.4 M
httpd-tools x86_64 2.4.41-4.codeit.el7 CodeIT 1.3 M
Installing for dependencies:
httpd-filesystem noarch 2.4.41-4.codeit.el7 CodeIT 27 k
libnghttp2 x86_64 1.31.1-2.el7 epel 67 k
mod_http2 x86_64 1.15.3-1.codeit CodeIT 208 k
Transaction Summary
=============================================================================
Install ( 3 Dependent packages)
Upgrade 3 Packages
Total download size: 3.0 M
# rpm -qa | grep httpd
httpd-tools-2.4.6-90.el7.centos.x86_64
httpd-2.4.6-90.el7.centos.x86_64
httpd-itk-2.4.7.04-2.el7.x86_64
Соотвественно:
…
AssignUserId p603 p603-www
…
и
LoadModule mpm_itk_module modules/mod_mpm_itk.so
После yum update
Апач не стартует.
В логах:
[Wed Feb 05 13:10:21.337262 2020] [suexec:notice] [pid 1203:tid 140542650091712] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 05 13:10:21.337376 2020] [mpm_itk:crit] [pid 1203:tid 140542650091712] mpm-itk cannot use threaded MPMs; please use prefork.
Помогло откатить пакеты httpd на те которые не из вашего репозитория.
Я так понимаю что httpd-itk-2.4.7.04-2.el7.x86_64 с httpd-2.4.41-4.codeit.el7.x86_64.rpm не работает.
У вас в репозитории httpd-itk нет.
Добрый день, Ярослав.
Да, именно так, для вас новости плохие.
Мы не поддерживаем mpm itk, а только делаем аналог «родного» httpd с патчами Redhat/Fedora для CentOS 6/7.
Но всё же попробуйте поменять mpm на prefork в своём конфиге. Мы не тестировали это никогда.
как временное решение:
# cat codeit.el7.repo
[CodeIT]
name=CodeIT repo
baseurl=https://repo.codeit.guru/packages/centos/7/$basearch
enabled=1
gpgkey=https://repo.codeit.guru/RPM-GPG-KEY-codeit
gpgcheck=1
exclude=httpd*
NGINX 1.17.7 mainline built against OpenSSL 1.1.1d with TLS 1.3 Final (RFC 8446) and brotli for Red Hat Enterprise Linux and CentOS
brotli compression is not working …. (content-encoding: gzip)
TLS 1.3 work fine …
Install on:
Linux l 3.10.0-1062.12.1.el7.x86_64
brotli-1.0.7-5.el7.x86_64 (from epel)
nginx.conf:
brotli_static on;
brotli_comp_level 6;
brotli_types *;
please help …
Hi,
First of all thanks for your builds, during few years I’ve been using your repot to have my webservers updated.
I’m writting this coment to request adding LUA Support for your nginx, that would enable using your builds with a lot of external third-party integrations.
Regards,
Hello,
Just asking is the repos are safe.. I am seeing codeit along with the installed packages
Hello Arun,
You use this repository as is at your own risk.
Hello Alexander,
Thanks for your reply.
I am going to do the source code compilation method.
Hello and thanks for the compilation here.
I would like to build the packages from the src.rpm myself and have a few questions about it:
— are certain options used when building openssl or is it just a simple «./config && make»?
— apr-util needs mariadb-connector-c-devel for building — is it possible to use the package from CentOS 8?
Thanks!
Hello,
— ./config no-shared && make
— I am not sure about this, we have rebuilt source rpms from Fedora without modifications.
Hello Alexander & all,
as you might have noticed, today there has been a release of nginx-1.18.0 stable version.
Since I have nginx repo somehow forgotten in my list, my webserver got upgraded via yum update and since that nginx stopped working. I fixed the configuration reflecting changes in nginx directives for version 1.18 and got it back functional. But only after I have done that, noted my website is no longer running TLS 1.3
Having realized this, found out that official nginx repo contains a build compiled still against an ancient OpenSSL version:
[[email protected] ~]# nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
which is obviously the reason TLS 1.3 not working for me now.
Will you be creating your CodeIT package built with OpenSSL 1.1.1d or later version for the new nginx anytime soon? I would not like to go back older nginx versions at this point since my configuration seems to work well enough, but it would be great to have your package from CodeIT repository instead.
Thank you in advance,
Daniel.
Hello Daniel,
Sure, we plan to build it with OpenSSL 1.1.1g soon. Need some time to investigate patches and test.
Hello Alexander,
great news. Yeah OpenSSL 1.1.1g version was also out yesterday, right..
Do I have the right repository for RHEL7 where to expect it then? 🙂
I have currently codeit.el7.repo :
[CodeIT]
name=CodeIT repo
baseurl=https://repo.codeit.guru/packages/centos/7/$basearch
enabled=1
gpgkey=https://repo.codeit.guru/RPM-GPG-KEY-codeit
gpgcheck=1
Thank you,
Daniel.
Hi Alexander, thanks for quick reply and for suggestions which I’ve double-checked.
However, your suggestion prompted me to look deeper and compare operational server with vanilla build. Turns out «which hostname» on a vanilla machine yields the «correct» /usr/bin/hostname.
Traced to inconsistent PATH settings set in csh.login, in turn traced this to setup-2.8-x.rpm
The misbehaving server would appear to have the CentOS «cr» repo enabled. This increments the base setup-2.8.71-10.el7.noarch to setup-2.8.71-11.el7.noarch.
One change is a difference in /etc/csh.login which is defining a completely different PATH variable than system default — csh.login in later version has a setenv PATH statement which is placing /bin before /usr/bin and therefore resulting in the error reported.
This is clearly self-inflicted on our test box, apologies for taking up your time, thanks for reviewing.
For anyone else experiencing same issues, be very wary of the CentOS7 «cr» repo!
Thank you for your investigation and the report, Rob!
Hi Alexander, the plot thickens…
I’m going to backtrack on that. Seems the pathnames were a redherring. I have just built a virgin CentOS7 machine, applied the EPEL repo to it, carried out a full update then added the CodeIT CentOS7 repo.
Here’s my results.
It will quite happily install an earlier version of mod_ssl but not latest from CodeIT repo. To my little brain, it would appear something is actually amiss with mod_ssl package?
Grateful for any ideas
Cheers
Rob
[[email protected] yum.repos.d]# echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[[email protected] yum.repos.d]# which hostname
/bin/hostname
[[email protected] yum.repos.d]# dnf install httpd mod_ssl
Last metadata expiration check: 0:06:57 ago on Mon 27 Apr 2020 14:05:30 UTC.
Dependencies resolved.
Problem: cannot install the best candidate for the job
— nothing provides /usr/bin/hostname needed by mod_ssl-1:2.4.43-6.codeit.el7.x86_64
=====================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================
Installing:
httpd x86_64 2.4.43-2.codeit.el7 CodeIT 1.4 M
mod_ssl x86_64 1:2.4.43-2.codeit.el7 CodeIT 1.3 M
Installing dependencies:
brotli x86_64 1.0.7-5.el7 epel 318 k
libnghttp2 x86_64 1.31.1-2.el7 epel 67 k
sscg x86_64 2.6.1-1.el7 epel 60 k
libtalloc x86_64 2.1.16-1.el7 cr 33 k
libpath_utils x86_64 0.2.1-32.el7 base 28 k
mailcap noarch 2.1.41-2.el7 base 31 k
apr x86_64 1.7.0-2.el7 CodeIT 122 k
apr-util x86_64 1.6.1-6.el7 CodeIT 98 k
httpd-filesystem noarch 2.4.43-2.codeit.el7 CodeIT 27 k
httpd-tools x86_64 2.4.43-2.codeit.el7 CodeIT 1.3 M
mod_http2 x86_64 1.15.7-1.codeit CodeIT 208 k
Skipping packages with broken dependencies:
mod_ssl x86_64 1:2.4.43-6.codeit.el7 CodeIT 121 k
Transaction Summary
=====================================================================================================================================================
Install 13 Packages
Skip 1 Package
Total download size: 5.0 M
Installed size: 14 M
Is this ok [y/N]:
Hi Rob,
Just try to update to the latest hostname package, as I suggested earlier.
yum upgrade hostnamehostname-3.13-3.el7_7.1.x86_64 from the Updates CentOS 7 repo should work fine for you.
Hi Alexander,
Once again this side bad, and for complete disclosure the issue is with YUM vs DNF.
Turns out that on the test box yum had been swapped for dnf in the extras repo.
Interestingly yum behaves where dnf does not. dnf DOES behave if wanting to install previous version of mod_ssl. I have never delved into rpm specifications, so cannot answer why one works and the other doesnt.
yum install httpd mod_ssl
—> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================
Installing:
httpd x86_64 2.4.43-6.codeit.el7 CodeIT 1.4 M
mod_ssl x86_64 1:2.4.43-6.codeit.el7 CodeIT 121 k
Installing for dependencies:
apr x86_64 1.7.0-2.el7 CodeIT 122 k
apr-util x86_64 1.6.1-6.el7 CodeIT 98 k
brotli x86_64 1.0.7-5.el7 epel 318 k
httpd-filesystem noarch 2.4.43-6.codeit.el7 CodeIT 29 k
httpd-tools x86_64 2.4.43-6.codeit.el7 CodeIT 94 k
libnghttp2 x86_64 1.31.1-2.el7 epel 67 k
libpath_utils x86_64 0.2.1-32.el7 base 28 k
libtalloc x86_64 2.1.16-1.el7 base 33 k
mailcap noarch 2.1.41-2.el7 base 31 k
mod_http2 x86_64 1.15.7-1.codeit CodeIT 208 k
openssl111-libs x86_64 1.1.1g-2.codeit.el7 CodeIT 1.4 M
sscg x86_64 2.6.1-1.el7 epel 60 k
Transaction Summary
=====================================================================================================================================================
Install 2 Packages (+12 Dependent packages)
# dnf install httpd mod_ssl
Last metadata expiration check: 0:04:04 ago on Mon 27 Apr 2020 15:30:34 UTC.
Dependencies resolved.
Problem: cannot install the best candidate for the job
— nothing provides /usr/bin/hostname needed by mod_ssl-1:2.4.43-6.codeit.el7.x86_64
=====================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================
Installing:
httpd x86_64 2.4.43-2.codeit.el7 CodeIT 1.4 M
mod_ssl x86_64 1:2.4.43-2.codeit.el7 CodeIT 1.3 M
Installing dependencies:
brotli x86_64 1.0.7-5.el7 epel 318 k
libnghttp2 x86_64 1.31.1-2.el7 epel 67 k
sscg x86_64 2.6.1-1.el7 epel 60 k
libpath_utils x86_64 0.2.1-32.el7 base 28 k
libtalloc x86_64 2.1.16-1.el7 base 33 k
mailcap noarch 2.1.41-2.el7 base 31 k
apr x86_64 1.7.0-2.el7 CodeIT 122 k
apr-util x86_64 1.6.1-6.el7 CodeIT 98 k
httpd-filesystem noarch 2.4.43-2.codeit.el7 CodeIT 27 k
httpd-tools x86_64 2.4.43-2.codeit.el7 CodeIT 1.3 M
mod_http2 x86_64 1.15.7-1.codeit CodeIT 208 k
Skipping packages with broken dependencies:
mod_ssl x86_64 1:2.4.43-6.codeit.el7 CodeIT 121 k
Transaction Summary
=====================================================================================================================================================
Install 13 Packages
Skip 1 Package
Thanks for your attention and apologies for taking your time!
Thank you for the confirmation Dan!
Hi Alexander, revisiting this
Please review https://bugzilla.redhat.com/show_bug.cgi?id=1645638 which kind of shows the same issue — unresolved dependencies with /usr/bin/hostname. The suggestion is that the rpm package is wrong.
A «dnf deplist » gives the dependency and provider.
For mod_ssl-1:2.4.43-6.codeit.el7.x86_64, this gives an unresolved dependency of /usr/bin/hostname
By contrast dnf deplist mod_ssl-1:2.4.43-2.codeit.el7.x86_64 shows no such dependency requirement which suggests why it works.
Apparently the correct approach is to remove the invalid dependency from the package. Either YUM or DNF will then operate correctly. It is not unreasonble to expect either system-provided package manager to work.
Per previous — could I ask you to look again at the package?
Thanks for your work
Kindest regards
Rob
Hello Rob,
Actually I think that problem is somewhere in the dnf database, as /usr/bin/hostname is registered as «provided» in the most recent «hostname» package. If I manually update it to the latest version, I do not see any problems with this dependency anymore.
Anyway, to support dnf and avoid cases with non-updated OS we released a fix for this case, please test with testing repository and reply if it worked for you.
https://repo.codeit.guru/packages/testing/x86_64/ — httpd-2.4.43-7
Hey Alexander, thanks for looking at that
TLDR: it worked cheers!
The OS is up to date cannot understand your notes above.
I looked at the link you gave, although a repodata folder’s in there I didn’t see any reference to a «testing» .repo available so I put my own, in order that either yum or, in this case, dnf could resolve all depedencies. Maybe I’m being thick and missed any published repo file.
[CodeITtest]
name=CodeIT test repo
baseurl=https://repo.codeit.guru/packages/testing/x86_64/
enabled=1
…
dnf update
=====================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================
Upgrading:
httpd x86_64 2.4.43-7.codeit.el7 CodeITtest 1.4 M
httpd-devel x86_64 2.4.43-7.codeit.el7 CodeITtest 213 k
httpd-filesystem noarch 2.4.43-7.codeit.el7 CodeITtest 29 k
httpd-tools x86_64 2.4.43-7.codeit.el7 CodeITtest 94 k
mod_ssl x86_64 1:2.4.43-7.codeit.el7 CodeITtest 122 k
Transaction Summary
=====================================================================================================================================================
Upgrade 5 Packages
Total download size: 1.8 M
Is this ok [y/N]: y
…
No complaints about dependencies, clean upgrade and all sorted
Thanks for your work!
Kindest regards
Rob
Hello Alexander,
The command
rpm -q —whatprovides redhat-release
It gives me the following version:
redhat-release-server-7.8-2.el7.x86_64
Do you not have a repository for this version?
—2020-05-06 17: 24: 17— https://repo.codeit.guru/codeit.el7.8.repo
Resolving repo.codeit.guru (repo.codeit.guru) … 144.76.75.67, 2a01: 4f8: 191: 9348 :: 6
Connecting to repo.codeit.guru (repo.codeit.guru) | 144.76.75.67 |: 443 … connected.
HTTP request sent, awaiting response … 404 Not Found
2020-05-06 17:24:17 ERROR 404: Not Found.
Hello Sancho,
Please use EL7 repo at https://repo.codeit.guru/codeit.el7.repo
Hello Alexander,
I already had it configured, I have reconfigured it but yum info httpd
it shows me the following:
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Installed Packages
Name : httpd
Arch : x86_64
Version : 2.4.6
Release : 93.el7
Size : 3.7 M
Repo : installed
From repo : rhel-7-server-rpms
Summary : Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
I need to update apache to version.
Thanks for your help.
Very good work, thank you very much!
Hello,
please, could you build a separate package which includes support for Virtualmin?
That is, enough to point to /home for suexec docroot, then you could explain to create a local repo and yum replace httpd —replace-with=your package
Please, let me know, ok? thank you very much
Hello Frank,
Sorry, we do not provide support for Virtualmin. If you believe this flavour is easy to support, you can use our source RPMs and add a simple patch for your own builds.
Installed the latest from codeIT and can’t access the Apache main page on port 80:
HTTP/1.1 403 Forbidden
Connection: Keep-Alive
Content-Length: 318
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 26 Aug 2020 22:09:41 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.46 (codeit)
403 Forbidden
Forbidden
You don’t have permission to access this resource.
Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.
This is the default page. Please simply add index.html to your document root.
Hi there,
is there any update for nginx 1.19.2?
Regards.
Buenos días, podrían ayudarme a resolver este error de PERMISO DENEGADO:
[[email protected] ~]$ cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el`rpm -q —qf «%{VERSION}» $(rpm -q —whatprovides redhat-release)`.repo —2020-11-11 11:38:55— https://repo.codeit.guru/codeit.el7.repo
Resolviendo repo.codeit.guru (repo.codeit.guru)… 144.76.75.67, 2a01:4f8:191:9348::6
Conectando con repo.codeit.guru (repo.codeit.guru)[144.76.75.67]:443… conectado.
Petición HTTP enviada, esperando respuesta… 200 OK
Longitud: 159 [application/octet-stream]
codeit.el7.repo: Permiso denegado
No se puede escribir a “codeit.el7.repo” (Conseguido).
Buenos días,
Please provide the IP address of your server.
Buenos días, podrían ayudarme a resolver este error de PERMISO DENEGADO:
[[email protected] ~]$ cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el`rpm -q —qf «%{VERSION}» $(rpm -q —whatprovides redhat-release)`.repo —2020-11-11 11:38:55— https://repo.codeit.guru/codeit.el7.repo
Resolviendo repo.codeit.guru (repo.codeit.guru)… 144.76.75.67, 2a01:4f8:191:9348::6
Conectando con repo.codeit.guru (repo.codeit.guru)[144.76.75.67]:443… conectado.
Petición HTTP enviada, esperando respuesta… 200 OK
Longitud: 159 [application/octet-stream]
codeit.el7.repo: Permiso denegado
No se puede escribir a “codeit.el7.repo” (Conseguido).
Hello,
I still using HTTP/1 on my Centos 7 server with Magento 2.
How can I upgrade to HTTP/2 ?
Thanks a lot for answering
Hello,
We do not provide support for upgrading the installations. Usually, this is easy: just upgrade the httpd package and mod_ssl with our ones, check that ssl.conf contains ciphers list and http2 protocol enabled (default sample already has everything to test it).
However, if you are not familiar with the Apache httpd settings, please try first to play with upgrading in the test environment or hire system administrator/devops who has experience with these httpd settings.
Hello,
I see that there are no nginx 1.19.x packages available in CentOS 7 Mainline repo.
Will you be adding 1.19.x packages to the Mainline repo any time soon?
Thank you for all your efforts!
Please let us know!
Cheers
Hello Nick,
We plan to have fresh builds for 1.19.x, but do not have ETA for it (because of additional efforts required).
I hope we will have a build next week.
Sorry for the delay!
Hello,
I would like to know whether CodeIT mainline CentOS 7 repo will provide nginx-1.19.x builds.
Currently, I don’t see any 1.19.x packages available. Please let me know.
Thank you for all your kind and great work with modern package builds for CentOS!
(Note: I posted a similar question a few days ago, but I don’t see it here!)
Cheers,
Nick
When I run cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el7.repo, I get:
—2021-01-12 15:20:51— https://repo.codeit.guru/codeit.el7.repo
Resolving repo.codeit.guru (repo.codeit.guru)… 144.76.75.67, 2a01:4f8:191:9348::6
Connecting to repo.codeit.guru (repo.codeit.guru)|144.76.75.67|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 159 [application/octet-stream]
codeit.el7.repo: Permission denied
Cannot write to ‘codeit.el7.repo’ (Success).
Is something down at the moment? Thanks!
Hello,
We are running smoothly.
I read the error description and see that you have file write problem to your disk.
Please run this from root user.
Don’t I feel foolish. 🙂
After installing codeit.el7.repo I updated httpd packages on CentOS 7 to latest version (2.4.46). Apache restarts and works fine, but ionCube will not load anymore. ionCube works from CLI, but not in Apache. No error messages in the logs. Apache displays a message that ionCube PHP Loader is not installed. It most certainly is, I triple-checked, the file’s there, it’s defined in php.ini, paths are fine — and it WORKED before installing this repo and updating httpd.
I’ve googled for the issue and the only suggestion that comes up is that it’s an SElinux issue. Well, on this box SElinux has been disabled from day one (don’t ask, it’s a special requirement for the app running on this machine).
Any idea how to get ionCube to load with the version of httpd installed from the codeit.el7.repo repo?
Can you please add mod_fcgid as a RPM to your Apache repo?
https://httpd.apache.org/mod_fcgid/
Added, please test.
Error: Package: mod_http2-1.15.23-1.codeit.x86_64 (CodeIT)
Requires: libnghttp2 >= 1.21.1
Error: Package: 1:mod_ssl-2.4.48-1.codeit.el7.x86_64 (CodeIT)
Requires: sscg >= 2.2.0
Error: Package: mod_http2-1.15.23-1.codeit.x86_64 (CodeIT)
Requires: libnghttp2.so.14()(64bit)
You could try using —skip-broken to work around the problem
You could try running: rpm -Va —nofiles —nodigest
i can see this error msg when i upgrade httpd and connected with
cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el7.repo
Please install EPEL repo, we require it for all the dependencies.
I have the same problem as Sam — CentOS 7. You say «install EPEL repo» but «yum install epel-release» says there is «Nothing to do». I have followed all steps you listed.
Marc,
You can always recheck if you are able to install libnghttp2 1.33.0 from EPEL, if you really think that you have EPEL repo, it is enabled, libnghttp2 is not blacklisted, overrided etc.
We do not provide support unfortunately for the operating system and only provide packages as is.
Indeed, our epel.repo was disabled!
Thanks!
sudo nano /etc/yum.repos.d/epel.rep
Change enabled=0 to enabled=1
Hi,
Can i install this repo to rocky linux?
Regards.
After upgrading everything (yum update -y; reboot) on a CentOS 7 server which uses Apache, I’m getting this:
$ /usr/sbin/apachectl configtest
httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf:
Syntax error on line 63 of /etc/httpd/conf.modules.d/000-web-base.conf:
Cannot load modules/mod_http2.so into server: /etc/httpd/modules/mod_http2.so:
undefined symbol: EVP_MD_CTX_new
I have Apache from CodeIT’s repository.
Do you know what the error above means? It works if I simply remove the «mod_http2» module, but this obviously isn’t ideal as I won’t benefit from HTTP2.
Server Version: Apache/2.4.48 (codeit) OpenSSL/1.1.1l
Server MPM: event
Server Built: May 26 2021 11:40:06
openssl:
# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
While Apache says:
OpenSSL/1.1.1l
So something doesn’t seem to be right!
I resolved by downgrading to previous version:
# yum downgrade mod_http2-1.15.23
Removed:
mod_http2.x86_64 0:1.15.24-1.codeit
Installed:
mod_http2.x86_64 0:1.15.23-1.codeit
Complete!
# /usr/sbin/apachectl configtest
Syntax OK
# systemctl restart httpd
(full restart is required rather than graceful reload, otherwise we’ll get “exit signal Segmentation fault (11)”)
Apache has just released 2.4.49 if you could update your CentOS 7 repo. Thanks
Keep up the good work!
In testing now https://repo.codeit.guru/packages/testing/x86_64/ without broken multiproxy patch.
Thanks!
Hey! Nice one.
Any idea if my issue with «mod_http2» may be resolved on a newer version of mod_http2?
(the one I reported a few days ago above)
Thanks! Good day.
Hey Nuno,
We do not experience similar issues. Probably you have concurrent openssl 1.1.x library installed somewhere in your system?
The easiest way is to provide steps to reproduce the issue on newly installed CentOS 7.
CentOS itself has «OpenSSL 1.0.2k-fips» installed, but Apache’s mod_http2 (from CodeIT) seems to require «OpenSSL/1.1.1l».
My understanding is that Apache itself has its own «OpenSSL/1.1.1l» bundled?
How can I made «mod_http2» use that one instead?
And any idea why the previous version works, but just the latest version doesn’t?
Thanks much!
Of course 1.0.2 bundled with CentOS is OK, but you can have any other openssl 1.1.x libraries installed (e.g. openssl11-libs from epel). We never tested mod_ssl and mod_http2 with epel openssl11-libs.
Please also try to update our openssl111-libs package to the latest version. It’s not bundled now: it’s a separate package.
I have the idea why latest version is broken for you: apache httpd developers did an extremely massive rework in the latest version to avoid deprecation warnings and switch to using OpenSSL EVP_* API to avoid deprecation warnings with OpenSSL 3.0. Thus, new APIs are in use and probably they are not available in your library version.
Thanks!
Seems «openssl11-libs» finds epel,
«openssl111-libs» finds CodeIT.
Only «openssl111-libs» says «installed».
But «mod_http2» doesn’t seem to find it… and I have no idea how I can make it use «openssl111» 🙂
# yum info openssl11-libs
Loaded plugins: changelog, copr, fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.phx1.us.spryservers.net
* epel: d2lzkl7pfhq30w.cloudfront.net
* extras: mirrors.sonic.net
* remi: mirror.bebout.net
* remi-safe: mirror.bebout.net
* rpmfusion-free-updates: muug.ca
* updates: mirrors.ocf.berkeley.edu
Available Packages
Name : openssl11-libs
Arch : x86_64
Epoch : 1
Version : 1.1.1g
Release : 3.el7
Size : 1.5 M
Repo : epel/x86_64
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL and ASL 2.0
Description : OpenSSL is a toolkit for supporting cryptography. The openssl11-libs
: package contains the libraries that are used by various applications which
: support cryptographic algorithms and protocols.
# yum info openssl111-libs
Loaded plugins: changelog, copr, fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.phx1.us.spryservers.net
* epel: d2lzkl7pfhq30w.cloudfront.net
* extras: mirrors.sonic.net
* remi: mirror.bebout.net
* remi-safe: mirror.bebout.net
* rpmfusion-free-updates: muug.ca
* updates: mirrors.ocf.berkeley.edu
Installed Packages
Name : openssl111-libs
Arch : x86_64
Version : 1.1.1l
Release : 1.codeit.el7
Size : 3.5 M
Repo : installed
From repo : CodeIT
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : OpenSSL is a toolkit for supporting cryptography. The openssl-libs
: package contains the libraries that are used by various applications which
: support cryptographic algorithms and protocols.
This seems to be correct. Are you sure you have openssl111-libs-1.1.1l (please double check last «L») installed?
Seems to say installed, anyway!
But the «Name» field doesn’t include the «L»:
# yum info openssl111-libs-1.1.1l
Loaded plugins: changelog, copr, fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.phx1.us.spryservers.net
* epel: d2lzkl7pfhq30w.cloudfront.net
* extras: mirrors.sonic.net
* remi: mirror.bebout.net
* remi-safe: mirror.bebout.net
* rpmfusion-free-updates: muug.ca
* updates: mirrors.ocf.berkeley.edu
Installed Packages
Name : openssl111-libs
Arch : x86_64
Version : 1.1.1l
Release : 1.codeit.el7
Size : 3.5 M
Repo : installed
From repo : CodeIT
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : OpenSSL is a toolkit for supporting cryptography. The openssl-libs
: package contains the libraries that are used by various
: applications which support cryptographic algorithms and protocols.
Ah, but the Version has it: «Version : 1.1.1l»
The setup seems to be correct. Are you able to install the same distribution with «minimal» setup to the empty VM and install httpd from CodeIT repo to try to reproduce the problem?
Any chance to package pagespeed as a module too? Would pair really well with http/2 and brotli support.
Cheers and thanks for your great work!
dnf update
Última comprobación de caducidad de metadatos hecha hace 0:00:36, el vie 01 oct 2021 15:49:14 CEST.
Dependencias resueltas.
Problema: package nginx-1:1.16.1-1.el7.codeit.x86_64 requires libbrotlienc.so.1()(64bit), but none of the providers can be installed
— package nginx-1:1.16.1-1.el7.codeit.x86_64 obsoletes libbrotli provided by libbrotli-1.0.9-1.codeit.el7.x86_64
— cannot install both brotli-1.0.7-5.el7.x86_64 and brotli-1.0.9-1.codeit.el7.x86_64
— cannot install the best update candidate for package libbrotli-1.0.9-1.codeit.el7.x86_64
— cannot install the best update candidate for package brotli-1.0.9-1.codeit.el7.x86_64
=============================================================================================================================================================================================
Paquete Arquitectura Versión Repositorio Tamaño
=============================================================================================================================================================================================
Descartando paquetes con conflictos:
(añada ‘—best —allowerasing’ a la linea de comandos para forzar su actualización):
brotli x86_64 1.0.7-5.el7 epel 318 k
Descartando paquetes con conflictos en las dependencias:
nginx x86_64 1:1.16.1-1.el7.codeit CodeIT 3.5 M
Resumen de la transacción
=============================================================================================================================================================================================
Descartar 2 Paquetes
Nada por hacer.
¡Listo!
Nginx 1.16 is outdated and uses libraries that are currently overlapped by epel repo. Please try to install 1.20.
I have not installed nginx, but apache
# yum list installed | grep CodeIT
apr.x86_64 1.7.0-2.el7 @CodeIT
apr-devel.x86_64 1.7.0-2.el7 @CodeIT
apr-util.x86_64 1.6.1-6.el7 @CodeIT
apr-util-devel.x86_64 1.6.1-6.el7 @CodeIT
brotli.x86_64 1.0.9-1.codeit.el7 @CodeIT
httpd.x86_64 2.4.49-1.codeit.el7 @CodeIT
httpd-filesystem.noarch 2.4.49-1.codeit.el7 @CodeIT
httpd-tools.x86_64 2.4.49-1.codeit.el7 @CodeIT
libbrotli.x86_64 1.0.9-1.codeit.el7 @CodeIT
mc.x86_64 1:4.8.27-1.codeit.el7 @CodeIT
mod_http2.x86_64 1.15.24-1.codeit @CodeIT
mod_ssl.x86_64 1:2.4.49-1.codeit.el7 @CodeIT
openssl111-libs.x86_64 1.1.1l-1.codeit.el7 @CodeIT
# yum list installed | grep nginx
none
# yum list installed | grep epel
certbot.noarch 1.11.0-1.el7 @epel
epel-release.noarch 7-14 @epel
htop.x86_64 2.2.0-3.el7 @epel
jq.x86_64 1.6-2.el7 @epel
libdb4.x86_64 4.8.30-13.el7 @epel
libdb4-utils.x86_64 4.8.30-13.el7 @epel
libmspack.x86_64 0.7-0.1.alpha.el7 @epel
libnghttp2.x86_64 1.33.0-1.1.el7 @epel
oniguruma.x86_64 6.8.2-1.el7 @epel
python-ndg_httpsclient.noarch 0.3.2-1.el7 @epel
python-requests-toolbelt.noarch 0.8.0-3.el7 @epel
python-zope-component.noarch 1:4.1.0-5.el7 @epel
python-zope-event.noarch 4.0.3-2.el7 @epel
python2-acme.noarch 1.11.0-1.el7 @epel
python2-certbot.noarch 1.11.0-1.el7 @epel
python2-configargparse.noarch 0.11.0-2.el7 @epel
python2-dialog.noarch 3.3.0-6.el7 @epel
python2-distro.noarch 1.2.0-3.el7 @epel
python2-future.noarch 0.18.2-2.el7 @epel
python2-josepy.noarch 1.3.0-2.el7 @epel
python2-mock.noarch 1.0.1-10.el7 @epel
python2-parsedatetime.noarch 2.4-6.el7 @epel
python2-pip.noarch 8.1.2-14.el7 @epel
python2-psutil.x86_64 5.6.7-1.el7 @epel
python2-pyrfc3339.noarch 1.1-3.el7 @epel
python2-six.noarch 1.9.0-0.el7 @epel
sscg.x86_64 2.6.1-1.el7 @epel
I have problem on dnf update
Problema: package nginx-1:1.16.1-1.el7.codeit.x86_64 requires libbrotlienc.so.1()(64bit), but none of the providers can be installed
— package nginx-1:1.16.1-1.el7.codeit.x86_64 obsoletes libbrotli provided by libbrotli-1.0.9-1.codeit.el7.x86_64
— cannot install both brotli-1.0.7-5.el7.x86_64 and brotli-1.0.9-1.codeit.el7.x86_64
— cannot install the best update candidate for package libbrotli-1.0.9-1.codeit.el7.x86_64
— cannot install the best update candidate for package brotli-1.0.9-1.codeit.el7.x86_64
===========================================================================================================================================================
Paquete Arquitectura Versión Repositorio
===========================================================================================================================================================
Descartando paquetes con conflictos:
(añada ‘—best —allowerasing’ a la linea de comandos para forzar su actualización):
brotli x86_64 1.0.7-5.el7 epel
Descartando paquetes con conflictos en las dependencias:
nginx x86_64 1:1.16.1-1.el7.codeit CodeIT
Resumen de la transacción
===========================================================================================================================================================
It seems that there is something wrong with mod_http2:
[[email protected] ~]# rpm -q —requires mod_http2
config(mod_http2) = 1.15.24-1.codeit
httpd-mmn = 20120211×8664
libc.so.6()(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libcrypto.so.10()(64bit)
libcrypto.so.10(libcrypto.so.10)(64bit)
libnghttp2 >= 1.21.1
libnghttp2.so.14()(64bit)
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
rpmlib(PayloadIsXz) <= 5.2-1
Which is wrong, because mod_httpd2 should require libcrypto.so.1.1, which is provided by openssl111-libs.
Hello,
Yes, you are fully right, it imports libcrypto.so.10, however it does not load it if mod_ssl is loaded before mod_http2, as it loads libcrypto.so.1.1 first.
Please test the upgrade with correct imports and reply if is solves the problem: mod_http2-1.15.24-2.codeit.x86_64.rpm
Looks like mod_http2-1.15.24-2 works. I manage httpd with puppet, so choosing the load order of modules would be a challenge. Thank you very much!
Hello, we are running into the following error. Is the gpg key expired?:
cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el`rpm -q –qf “%{VERSION}” $(rpm -q –whatprovides redhat-release)`.repo
—2021-11-18 13:07:32— https://repo.codeit.guru/codeit.elpackage
Resolving repo.codeit.guru (repo.codeit.guru)… 144.76.75.67, 2a01:4f8:191:9348::6
Connecting to repo.codeit.guru (repo.codeit.guru)|144.76.75.67|:443… connected.
ERROR: cannot verify repo.codeit.guru’s certificate, issued by ‘/C=US/O=Let’s Encrypt/CN=R3’:
Issued certificate has expired.
To connect to repo.codeit.guru insecurely, use `—no-check-certificate’.
We very much would not like to disable gpg key check for any repo
Turns out root cert expired, and this is known and solved: https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190
yum update -y ca-certificates
Hello can i know what step should I take to resolve this issue?
works fine on CentOS 7 for montsh, but can’t update now, getting dependency error (yum update):
Error: Package: nghttp2-1.33.0-1.1.el7.x86_64 (@epel)
Requires: libnghttp2(x86-64) = 1.33.0-1.1.el7
Removing: libnghttp2-1.33.0-1.1.el7.x86_64 (@epel)
libnghttp2(x86-64) = 1.33.0-1.1.el7
Updated By: libnghttp2-1.46.0-1.codeit.el7.x86_64 (CodeIT)
libnghttp2(x86-64) = 1.46.0-1.codeit.el7
What to do?
We do not currently build nghttp2 for EL7 (only libs), please remove nghttp2 if you do not need it.
Hi Alexander, thank you for hint.
I don’t know nghttp2 is for, was installed at setup. Removed it now with «yum erase nghtzp2» with no dependency issue and all seems to work normal.
Do you have an idea, what impact missing nghttp2 could have?
This is a command line tool, I don’t think you will have any impact if there are no dependencies for it.
Thank you Alexander for your great work and support.
Hello, I’m trying to install latest apache version on a Centos 8 machine, I configured codeit repository but when i type «yum info httpd» the package in codeit repo is not seen. The repo seems correctly enabled, if I search other packages it finds them
What else can I check?
Thank you
Hello Francesco,
Please try to disable EL8 bundled repo first:
dnf module -y disable httpdSolved! I suggest to write it in installation instructions.
Thank you very much!
It seems that the last part of the following command:
dnf install -y https://repo.codeit.guru/codeit-repo-release.el8.rpm epel-release && dnf disable module httpd nginx
is not properly structured; it should be:
dnf module disable httpd nginx
If so, please correct the above commands in the article where applicable.
Thank you for all your efforts!
Cheers,
Nick
Thank you for your input! Will be fixed asap.
yum baseurl is set wrong path:
https://repo.codeit.guru/packages/quic/centos/7/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Erro
r 404 — Not Found
„/centos“ must be deleted
Thank you for reporting, Jens!
Fixed.
Hi just did the repos install and enable module httpd but get these errors whenever I do a dnf update this is on Almalinux 8.5
Modular dependency problem:
Problem: module php:7.2:8030020210119114311:2c7ca891.x86_64 requires module(httpd:2.4), but none of the providers can be installed
— module httpd:2.4:8060020220510105858:9edba152.x86_64 conflicts with module(httpd:codeit) provided by httpd:codeit:1:el8.noarch
— module httpd:codeit:1:el8.noarch conflicts with module(httpd:2.4) provided by httpd:2.4:8060020220510105858:9edba152.x86_64
— module httpd:2.4:8060020220622110449:9edba152.x86_64 conflicts with module(httpd:codeit) provided by httpd:codeit:1:el8.noarch
— module httpd:codeit:1:el8.noarch conflicts with module(httpd:2.4) provided by httpd:2.4:8060020220622110449:9edba152.x86_64
— conflicting requests
Dependency issues.
Transaction check error:
file /usr/lib64/libbrotlicommon.so.1 from install of libbrotli-1.0.9-1.codeit.el7.x86_64 conflicts with file from package brotli-1.0.7-5.el7.x86_64
file /usr/lib64/libbrotlidec.so.1 from install of libbrotli-1.0.9-1.codeit.el7.x86_64 conflicts with file from package brotli-1.0.7-5.el7.x86_64
file /usr/lib64/libbrotlienc.so.1 from install of libbrotli-1.0.9-1.codeit.el7.x86_64 conflicts with file from package brotli-1.0.7-5.el7.x86_64
Error Summary
Re: Dependency issue above.
I have both apache and nginx installed. I resolved the issue by upgrading apache first.
Looking for ETA for openssl3.0 support with apache.
Openssl1.1.1 will reach EOL by the end of Sep 2023.
Thanks for pointing out!
We definitely plan to stay with 100% supported software and will move to OpenSSL 3 before the 1.1.1 EOL.
FYI EL7 builds are already in the testing repo.
No issues found, CI/CD and tests pass normally, so please expect OpenSSL 3 transfer in May/June.
This will require some time where users will have broken dependencies, as soon as we do not want to change OpenSSL package name (we will keep it as openssl-quic-libs; now it is openssl-quic-libs-1.1.1t, will be openssl-quic-libs-3.0.8).
Thus, it requires preliminary builds put to testing repos.