В репозиторий добавлен Apache httpd 2.4.38 с поддержкой сжатия brotli от Google, http2 для Red Hat Enterprise Linux и CentOS. Mod_ssl собран статически с OpenSSL 1.1.1a. Ссылки:
Заметим, что httpd 2.4.38 уже поддерживает TLS 1.3 при сборке с OpenSSL 1.1.1. Все новые шифры включены и работают.
TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.
Для работы с SELinux установите следующий boolean:
setsebool -P httpd_execmem=1
Модуль brotli уже включён в базовый RPM. Всё, что нужно — настроить фильтр
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
I have downloaded your SRPM for Centos 7 and am trying to build our own version. This is just so that we can validate the patches and the original apache source for PCI DSS reasons.
I have disabled http2 and brotli support. I also downloaded a slightly later version of openssl and compiled that and updated the path in your spec file. A diff of your spec file is shown below so you can see exactly what we changed.
The issue that we are having is that mod_ssl and httpd_tools have a dependency on libssl.so.1.1 and libcrypto.so.1.1 when we then go to install the rpm files so it looks like the srpm is not setup to statically link to openssl?
Any suggestions?
Thanks
Gareth
82c82
BuildRequires: zlib-devel, libselinux-devel, lua-devel
86c86
Obsoletes: httpd-suexec
92c92
#Requires: mod_http2
275,276c275,276
< export CFLAGS="$RPM_OPT_FLAGS -I/root/openssl-1.1.1a"
export CFLAGS=»$RPM_OPT_FLAGS -I/home/rpmbuild/openssl-1.1.1b»
> export LDFLAGS=»-Wl,-z,relro,-z,now -L/home/rpmbuild/openssl-1.1.1b»
305d304
< —with-brotli \
309c308
—enable-ssl —with-ssl=/home/rpmbuild/openssl-1.1.1b —disable-distcache \
Gareth, please try to change dir to /home/rpmbuild/openssl-1.1.1b and configure it with «no-shared» option that disables shared objects (only a static library is created).
Then run make.
After these steps please try to build httpd again.
Thank you very much for that.
The first time it didn’t compile. I did a ‘make clean’ to start again from fresh and then it compiled fine and after rebuilding the rpm it installed without any dependency issues.
You are welcome Gareth, thanks for confirmation.
Hi Alex,
Apache 2.4.39 is released by yesterday. Do you think if it’s possible that we’re able to get this version from your repo soon?
Hi Jeffrey,
Yes, we had minor issues in packaging, so we were polishing it.
Released.
Alex,
Thanks for the hard work.