Como atualizar o Apache para o 2.4.29 usando o SCL?

1

Estou testando uma atualização do PHP usando SCLs. O teste está acontecendo em uma VM local, então não há problema em quebrar as coisas enquanto desenvolvemos um procedimento. Seguindo os repositórios do SCL , consegui atualizar o Python para o 2.7.13 e ativá-lo através do profiles.d/ . Agora estou tentando atualizar o Apache e o PHP.

De acordo com Apache Downloads , o mais recente é o Apache 2.4.29. Quando tento atualizar o Apache com yum install httpd , me disseram que o Pacote httpd-2.4.6-67.el7.centos.6.x86_64 já está instalado e o mais recente . E se eu usar yum install httpd24 , o SCL tentará instalar o Apache 1.18.

yum search httpd não é útil. Ele lista os pacotes (e às vezes nota o SCL), mas não possui números de versão.

Como se instala o Apache mais recente ao usar programas SCL?

    
por jww 20.12.2017 / 22:28

1 resposta

2

Aqui estão as minhas notas de campo para a atualização do Apache, Python e PHP. Inclui também mod_ssl , mas falta mod_security . Não consigo encontrar mod_security no SCL.

##################################################
# https://access.redhat.com/solutions/527703
# https://www.hogarthuk.com/?q=node/15
# https://developers.redhat.com/blog/2014/03/19/permanently-enable-a-software-collection/

##################################################
# Enable SCL
##################################################
yum -y install centos-release-scl
yum-config-manager --enable rhel-server-rhscl-7-rpms

##################################################
# Python 2.7
##################################################
yum -y install python27

# Add enable-scl-python27.sh
cat /etc/profile.d/enable-scl-python27.sh
#!/usr/bin/env bash
source scl_source enable python27

##################################################
# PHP 7.1
##################################################
yum -y install rh-php71 rh-php71-php rh-php71-ssl rh-php71-php-mysqlnd

# Config at /etc/opt/rh/rh-php71/php.ini

# Add enable-scl-php71.sh
cat /etc/profile.d/enable-scl-php71.sh
#!/usr/bin/env bash
source scl_source enable rh-php71

##################################################
# Apache 2.4
##################################################
yum -y install httpd24
yum -y install httpd24-httpd-tools httpd24-mod_php httpd24-mod_ssl

# Add enable-scl-php71.sh
cat /etc/profile.d/enable-scl-httpd24.sh
#!/usr/bin/env bash
source scl_source enable httpd24

# Disable old, enable new
systemctl disable httpd.service
systemctl enable httpd24-httpd.service

# Config at /opt/rh/httpd24/root/etc/httpd/httpd.conf
#        or /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf

# Config at /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf

##################################################
# httpd-ssl-pass-dialog

# The original ssl.conf probably includes this:
# SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

# Change it to this:
# /opt/rh/httpd24/root/usr/libexec/httpd-ssl-pass-dialog

##################################################
# !!! TEST APACHE !!!
apachectl configtest

# ps -aux | egrep 'apache|http'
root      1424  0.1  1.2 319644 13376 ?        Ss   00:54   0:00 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
apache    1425  0.0  0.8 361184  8400 ?        Sl   00:54   0:00 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
...

##################################################
# Backup fresh CONF
##################################################
cp /etc/opt/rh/rh-php71/php.ini /etc/opt/rh/rh-php71/php.ini.bu
cp /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf.bu
cp /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf.bu

##################################################
# Copy old CONF to new CONF
##################################################
# Copy httpd.conf and ssl.conf from /etc/httpd to /opt/rh/httpd24/root/etc/httpd
# Change SERVER_ROOT from /etc/httpd to /opt/rh/httpd24/root/etc/httpd
# Leave DOCUMENT_ROOT unchanged. The new server can serve from the old location.
# Leave mod_ssl unchanged. The old and new mod_ssl use /etc/pki/tls/certs and /etc/pki/tls/private.
# php.ini is too different between version 5 and version 7. Manually copy the hardening.

##################################################
# Hardening
##################################################
# List unneeded functions from PHP in disable_functions
# Comment unneeded modules in /opt/rh/httpd24/root/etc/httpd/conf.modules.d

##################################################
# Important Diff's after cp
##################################################
diff /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf.bu /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
diff /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf.bu /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
    
por 21.12.2017 / 06:06