Apache httpd 2.4.49-1, собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1l, ALPN и поддержкой http2 для Red Hat Enterprise Linux и CentOS

В репозиторий добавлен Apache httpd 2.4.49-1 с поддержкой сжатия brotli от Google, mod_http2 1.15.24 для Red Hat Enterprise Linux и CentOS. Mod_ssl собран динамически с OpenSSL 1.1.1l.

В этой сборке отсутствует multiproxy patch от RedHat из-за переработки mod_ssl.

Заметим, что httpd 2.4.49 поддерживает TLS 1.3 при сборке с OpenSSL 1.1.1. Все новые шифры включены и работают.
C версии 2.4.43-4 мы собираем OpenSSL отдельно, он устанавливается в /opt/codeit/openssl111 и никак не затрагивает системные библиотеки.

TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.

Для работы с SELinux в rpm включена соответствующая минимальная политика.

Модуль brotli уже включён в базовый RPM. Всё, что нужно — настроить фильтр

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.49-1, собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1l, ALPN и поддержкой http2 для Red Hat Enterprise Linux и CentOS: 17 комментариев

  1. Hi

    We have had problems on all of our servers updatering to httpd 2.4.49.

    Unfortunately Apache could no longer connect to PHP-FPM .sock

    We reverted the update and are now up again.

    What have happend?

    Thank you.

    1. We found the problem:
      mod_proxy has been optimized in the new version, and apparently we have always been using
      SetHandler proxy:unix:///var/www/…
      but must new be the correct
      SetHandler proxy:unix:/var/www/…

      From HTTPD error.log after update to 2.4.49:
      [Sat Sep 18 08:21:41.258908 2021] [proxy:error] [pid ***:tid ***] [client ***:***] AH10292: Invalid proxy UDS filename (proxy:unix:///var/www/***domain***/php-fpm.sock|fcgi://***/www/…/index.php)

      So just forget this — not your falt.

      We appreciate your work!

  2. Hello

    We also had a problem with apache after the update. Specifically this error:

    Sep 18 09:31:13 systemd[1]: Starting The Apache HTTP Server…
    Sep 18 09:31:13 httpd[22349]: httpd: Syntax error on line 56 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.modules.d/10-h2.conf: Cannot load modules/mod_http2.so into server: /etc…l: EVP_MD_CTX_new
    Sep 18 09:31:14 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Sep 18 09:31:14 systemd[1]: Failed to start The Apache HTTP Server.
    Sep 18 09:31:14 systemd[1]: Unit httpd.service entered failed state.

    We have had to revert back to 2.4.48 which works fine

    I also noticed that mod_http2.so last modified date was September 10 but all the other modules were September 17. Our openssl version is 1.0.2k and upgrading to 1.1.1l did not make a difference.

    Hope this helps identify the problem.

        1. Just a heads up — I’m having dependency issues with mod_http2 the 2.4.50 build on centos 7.9 but 2.4.49 works fine:

          Cannot load modules/mod_http2.so into server: /etc/httpd/modules/mod_http2.so: undefined symbol: EVP_MD_CTX_new

  3. Dear Friends

    Thank you for your great work, everything works like a charm.

    I have updated from Remi 7.4.24 to Remi PHP 8.0.11, but I have problem to use it with CodeIT 2.4.49. I have in my configuration /etc/httpd/conf.d/test-domain.conf below line:

    Should I change it to: …

    Thank you in advance for your help and support.


Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *