В репозиторий добавлен Apache httpd 2.4.34-2 с поддержкой сжатия brotli от Google, http2 для Red Hat Enterprise Linux и CentOS. Mod_ssl собран статически с OpenSSL 1.1.0i. Ссылки:
Заметим, что модуль Http2 Apache httpd с версии 2.4.27 не поддерживает prefork mpm. Если вам нужен модуль mod_http2, отключите prefork mpm, включите event mpm в /etc/httpd/conf.modules.d/00-mpm.conf
Это действите уже сделано в файле, который мы поставляем в пакете. Если вы обновляете вашу инсталляцию, обновите файл.
Для работы с SELinux установите следующий boolean:
setsebool -P httpd_execmem=1
Модуль brotli уже включён в базовый RPM. Всё, что нужно — настроить фильтр
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
For infomation:
mod_ssl-2.4.34-2.codeit.el7.x86_64.rpm
httpd-2.4.34-2.codeit.el7.x86_64.rpm
so the «names» of Updates this one latest have 2.4.34-2 ( where important the 2 is pointing to this latest)
I was looking for it because only read this post here , and missed this above
https://codeit.guru/en_US/2018/07/apache-httpd-2-4-34-brotli-alpn-http2-openssl-1-1-0-red-hat-centos-rhel/
Exactly, 2.4.34-1 is built against OpenSSL 1.1.0h, and 2.4.34-2 is built against OpenSSL 1.1.0i.
thanks
TLS 1.3 APACHE ?
https://www.theregister.co.uk/2018/08/13/tls_13_approved/
Thinking about it.
Please note that TLS 1.3 release you mentioned is still not supported by browsers by default.
Current Chrome 68 and Firefox 61 support TLS 1.3 draft 23 that is supported in 1.1.1-pre2 OpenSSL version.
As soon as builds are very popular we are still waiting for OpenSSL 1.1.1 release and browsers support for TLS 1.3 final version (=draft 28).
Thanks.
https://www.theregister.co.uk/2018/08/13/tls_13_approved/
TLS 1.3 Apache in this repo?
No. We are thinking if it worth to build Apache with old betas.
Seems that OpenSSL 1.1.1 will be released soon, so we will start providing builds with TLS 1.3 release.
OpenSSL 1.1.1 final just has been released couple hours ago. I think you may interested in it. 🙂
Thank you for good news!
I’ve been watching for their bugs list 🙂
Mozilla Firefox currently supports TLS 1.3 release, but Chrome does not (only draft 23 is supported).
I think we will build new versions against 1.1.1 release anyway.
We are using this package on around 15 CentOS 7.5.1804 servers, and we are getting a random error. (because we all know how we all love random errors in this business)
PHP Warning: hash_hmac(): Unknown hashing algorithm: sha1
Our CMS rely heavily on hash (TYPO3) so the web is just dead.
It can run flawlessly for days, then all of a sudden this error, and phpinfo shows the «Hashing Engines» as empty (usually shows all the available engines), then after a few minutes they all reappear and it all runs perfectly again.
We really want to run this release (for the http2)
Does anyone have any suggestions to what to try here? Apparently no one in the world (google) has knowingly had this issue.
Any suggestions we can try is very much appreciated.
Hi Palle,
What is your PHP version?
We observed similar behavior with PHP 7.0 with MySQL constant of PDO extension.
Please also note that php-fpm (running php as separate server) is recommended way to be used with new Apache versions.
I am running php 7.2.10 from the remi repo
Just wanted to let everyone know (that ends up here due to their google search on this issue). That setting up PHP-FPM seems to have fixed the issue for us (with the hash missing). Running on 2 weeks now without issues.
Thank you for confirmation Palle!
Hi Alex,
Is it safe to install apache 2.4.37 form test repo? Is that build from final tarball?
Hi Jeffrey,
It was not officially released yet and it had some errors with TLS 1.3 enabled.
I think all of them are fixed now, as soon as 2.4.37 was officially released some minutes ago 🙂
I will update production repo within next hour.
Alex,
Thanks for ur prompt reply & works. 🙂
You are welcome, Jeffrey.
And yes, it was built from final tarball. Previously it was rebuilt several times, so please do not always expect final tarball quality from test repos.
Noted with thanks.