В репозиторий добавлен Apache httpd 2.4.46-1 с поддержкой сжатия brotli от Google, mod_http2 1.15.14 для Red Hat Enterprise Linux и CentOS. Mod_ssl собран динамически с OpenSSL 1.1.1g. Ссылки:
Заметим, что httpd 2.4.46 поддерживает TLS 1.3 при сборке с OpenSSL 1.1.1. Все новые шифры включены и работают. C версии 2.4.43-4 мы собираем OpenSSL отдельно, он устанавливается в /opt/codeit/openssl111 и никак не затрагивает системные библиотеки.
TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.
Для работы с SELinux в rpm включена соответствующая минимальная политика.
Модуль brotli уже включён в базовый RPM. Всё, что нужно — настроить фильтр
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
Hello.
I have been using httpd from CodeIT and it’s working well on all of my CentOS 7 machines but recently noticed that apachectl fullstatus option it’s not available anymore any suggestions why?
Thanks.
This is probably because of fresh changes in Fedora patches.
I will investigate and probably rollback to previous behavior.
Hi Alexander, some time ago you fixed the problem in this post (https://community.letsencrypt.org/t/the-apache-plugin-is-not-working/102520/24)… it is happening again after the httpd updated the version to httpd-2.4.43-5.codeit.el7.x86_64. Could you help us again?
The error is
[root@server ~]# certbot —apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error in checking parameter list:
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(‘Apache is unable to check whether or not the module is loaded because Apache is misconfigured.’,)
Thank you!
Carlos Daniluski
Hello Carlos,
Sorry for this regression.
Please upgrade to 2.4.43-6.
Hello, CentOS7 user here
Either the apache 2.4.43-6 or mod_ssl recent versions appear a little skewed, here’s the results I get on an attempted update.
The error with latest mod_ssl stating «»nothing provides /usr/bin/hostname needed by mod_ssl-1:2.4.43-6.codeit.el7.x86_64» I believe I have traced to wrong location, certainly on CentOS7 it appears to live at /bin/hostname. I’ve never had any symlinks between the two?
which hostname
/bin/hostname
Thanks for your work in providing later httpd and mod_ssl binaries to the CentOS community!
R
dnf update
Extra Packages for Enterprise Linux 7 — x86_64 0.0 B/s | 0 B 00:00
CentOS-7 — Updates 0.0 B/s | 0 B 00:00
CodeIT repo 0.0 B/s | 0 B 00:00
CentOS-7 — Base 0.0 B/s | 0 B 00:00
CentOS-7 — Plus 0.0 B/s | 0 B 00:00
CentOS-7 — Extras 0.0 B/s | 0 B 00:00
Dependencies resolved.
Problem 1: cannot install the best update candidate for package mod_ssl-1:2.4.43-2.codeit.el7.x86_64
— nothing provides /usr/bin/hostname needed by mod_ssl-1:2.4.43-6.codeit.el7.x86_64
Problem 2: problem with installed package mod_ssl-1:2.4.43-2.codeit.el7.x86_64
— package mod_ssl-1:2.4.43-2.codeit.el7.x86_64 requires httpd = 2.4.43-2.codeit.el7, but none of the providers can be installed
— cannot install both httpd-2.4.43-6.codeit.el7.x86_64 and httpd-2.4.43-2.codeit.el7.x86_64
— cannot install the best update candidate for package httpd-2.4.43-2.codeit.el7.x86_64
— nothing provides /usr/bin/hostname needed by mod_ssl-1:2.4.43-4.codeit.el7.x86_64
— nothing provides /usr/bin/hostname needed by mod_ssl-1:2.4.43-5.codeit.el7.x86_64
— nothing provides /usr/bin/hostname needed by mod_ssl-1:2.4.43-6.codeit.el7.x86_64
=====================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================
Skipping packages with conflicts:
(add ‘—best —allowerasing’ to command line to force their upgrade):
httpd x86_64 2.4.43-6.codeit.el7 CodeIT 1.4 M
Skipping packages with broken dependencies:
mod_ssl x86_64 1:2.4.43-4.codeit.el7 CodeIT 121 k
mod_ssl x86_64 1:2.4.43-5.codeit.el7 CodeIT 121 k
mod_ssl x86_64 1:2.4.43-6.codeit.el7 CodeIT 121 k
Transaction Summary
=====================================================================================================================================================
Skip 4 Packages
Nothing to do.
Complete!
Hello Rob,
Please try to reinstall or update «hostname-3.13-3» or fix your yum/rpm databases.
I see that at least hostname-3.13-3.el7_7.1.x86_64 from the Updates CentOS 7 repo has /usr/bin/hostname.
After installing codeit.el7.repo I updated httpd packages on CentOS 7 to latest version (2.4.46). Apache restarts and works fine, but ionCube will not load anymore. ionCube works from CLI, but not in Apache. No error messages in the logs. Apache displays a message that ionCube PHP Loader is not installed. It most certainly is, I triple-checked, the file’s there, it’s defined in php.ini, paths are fine — and it WORKED before installing this repo and updating httpd.
I’ve googled for the issue and the only suggestion that comes up is that it’s an SElinux issue. Well, on this box SElinux has been disabled from day one (don’t ask, it’s a special requirement for the app running on this machine).
Any idea how to get ionCube to load with the version of httpd installed from the codeit.el7.repo repo?
It seems that there is something wrong with mod_http2:
[root@localhost ~]# rpm -q —requires mod_http2
config(mod_http2) = 1.15.24-1.codeit
httpd-mmn = 20120211×8664
libc.so.6()(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libcrypto.so.10()(64bit)
libcrypto.so.10(libcrypto.so.10)(64bit)
libnghttp2 >= 1.21.1
libnghttp2.so.14()(64bit)
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
rpmlib(PayloadIsXz) <= 5.2-1
Which is wrong, because mod_httpd2 should require libcrypto.so.1.1, which is provided by openssl111-libs.
Hello,
Yes, you are fully right, it imports libcrypto.so.10, however it does not load it if mod_ssl is loaded before mod_http2, as it loads libcrypto.so.1.1 first.
Please test the upgrade with correct imports and reply if is solves the problem: mod_http2-1.15.24-2.codeit.x86_64.rpm
Looks like mod_http2-1.15.24-2 works. I manage httpd with puppet, so choosing the load order of modules would be a challenge. Thank you very much!