RE: [users@httpd] Apache static compile
I have tried that, but I still get this when making: ab.c:(.text+0x66b5): undefined reference to `TLSv1_1_client_method' ab.c:(.text+0x66dd): undefined reference to `TLSv1_2_client_method' which tells me it is still using the old system openssl libraries and not the location of the new one. I have tried all of these: --with-ssl=../openssl-1.1.1t \ --enable-ssl \ --enable-speling=shared \ --enable-rewrite=shared \ --enable-ssl-staticlib-deps \ --enable-mods-static=ssl \ --enable-compat But when trying to make it is appears to still use the old ssl library on the system. -Original Message- From: Rainer Canavan Sent: Wednesday, April 12, 2023 12:01 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Apache static compile On Wed, Apr 12, 2023 at 1:49 AM Chris me wrote: > > Basically I am trying to run a later version of apache that supports the > newer TLS alongside a much older version. I know it is better to upgrade the > server, etc. but that is not an option for the legacy server. > > I basically need a completely stand alone version of httpd so I don’t have to > worry about upgrading the server libs and current openssl version. set an installation path with --prefix=/usr/local/completelyseparatehttpd and LDFLAGS=-Wl,-rpath,/usr/local/completelyseparatetlslibrary when you configure your httpd and you should be done. rainer - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Apache static compile
Right. Is there an option to compile Apache using a non-standard location for dynamic libs? IE instead of /usr/lib it could use /usr/lib/custom I was not able to find anything other than using an ELF patcher to try and change the paths directly in the httpd binary file, but not sure how that would turn out. -Original Message- From: Bjoern Voigt Sent: Saturday, April 1, 2023 3:06 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Apache static compile On 29.03.23 18:49, Chris me wrote: > Thanks, unfortuanetely those options made no difference at all, the same > things are still dynamically linked. > At the very least I figured I can make due with only have the SSL library > statically linked but I have tried -with-ssl=path (as per my other email). I think, the first problem is to find a Linux distribution which still contains static versions of all needed libraries. For instance my distribution, openSUSE Tumbleweed, does only contain very few static libraries. All other libraries are dynamic. This is documented in the "openSUSE:Shared library packaging policy": "Avoid packaging static libraries. You should use --disable-static configure option or, as a last resort, remove static libraries after make install. If in doubt, ask." Source: https://en.opensuse.org/openSUSE:Shared_library_packaging_policy With such distributions it is impossible to build a fully static Apache server. Björn - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Apache static compile
Basically I am trying to run a later version of apache that supports the newer TLS alongside a much older version. I know it is better to upgrade the server, etc. but that is not an option for the legacy server. I basically need a completely stand alone version of httpd so I don’t have to worry about upgrading the server libs and current openssl version. -Original Message- From: Rainer Canavan Sent: Tuesday, April 11, 2023 3:41 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Apache static compile On Sat, Apr 8, 2023 at 11:22 PM Chris me wrote: > > Right. Is there an option to compile Apache using a non-standard > location for dynamic libs? IE instead of /usr/lib it could use > /usr/lib/custom > > I was not able to find anything other than using an ELF patcher to try and > change the paths directly in the httpd binary file, but not sure how that > would turn out. Those are usually configured during link time, i.e. via LDFLAGS. It's not entirely clear what you want, and the are at least a dozen rules how the various options interact, so I'd recommend you check the man page for your system's runtime linker (probably man ld). Normally, you'l just pass -Wl,-rpath,/your/lib/search/path, but maybe you want to mess with DT_RUNPATH, DT_RPATH or SEARCH_DIR. Rainer - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache static compile
Hi, I hope this is an OK question. I have a need to build apache with all libraries statically linked and included in the httpd executable. Is this possible? Right now ldd is showing: libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1 librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 /lib64/ld-linux-x86-64.so.2 But I would like those included in httpd itself.
RE: [users@httpd] Apache static compile
Thanks, unfortuanetely those options made no difference at all, the same things are still dynamically linked. At the very least I figured I can make due with only have the SSL library statically linked but I have tried -with-ssl=path (as per my other email). -Original Message- From: Bjoern Voigt Sent: Wednesday, March 29, 2023 6:37 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Apache static compile On 28.03.23 00:14, Chris me wrote: > > Hi, I hope this is an OK question. > > I have a need to build apache with all libraries statically linked and > included in the httpd executable. > > Is this possible? > In https://serverfault.com/a/715193 you will find the answer, to use "configure --disable-shared", but this option is not available in newer Apache servers. Now you have multiple "static link" options. See # httpd-2.4.56/configure --help [...] --enable-mods-static=MODULE-LIST Space-separated list of static modules to enable | "all" | "most" | "few" | "reallyall" [...] --enable-so DSO capability. This module will be automatically enabled unless you build all modules statically. [...] --enable-ssl-staticlib-deps link mod_ssl with dependencies of OpenSSL's static libraries (as indicated by "pkg-config --static"). Must be specified in addition to --enable-ssl. [...] --enable-static-support Build a statically linked version of the support binaries [...] --enable-jansson-staticlib-deps link mod_md with dependencies of libjansson's static libraries (as indicated by "pkg-config --static"). Must be specified in addition to --enable-md. [...] I tried this on openSUSE Tumbleweed, but for the most libraries the configure scripts does not find static libraries. So the resulting "httpd" has a lot of dynamic dependent libraries. ./configure --enable-mods-static=all --disable-so --enable-ssl-staticlib-deps ldd targetdir/bin/httpd linux-vdso.so.1 (0x7ffd6d7c9000) libssl.so.3 => /usr/lib64/libssl.so.3 (0x7fc06e81c000) libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x7fc06e20) libjansson.so.4 => /usr/lib64/libjansson.so.4 (0x7fc06e80b000) libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x7fc06e75e000) [...] Björn - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Compile with different version of ssl
Hi, I am trying to compile with --with-ssl=../openssl-1.1.1t, but it is being ignored. How do I get this to work?
RE: [users@httpd] Compile with different version of ssl
Appears that is still an issue, I get the errors: undefined reference to `TLSv1_1_client_method' undefined reference to `TLSv1_2_client_method' -Original Message- From: Daniel Ferradal Sent: Wednesday, March 29, 2023 10:08 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Compile with different version of ssl Make sure their libs are in use by the system in the session where you want to compile httpd to use them. That is, export LD_LIBRARY_PATH="/path/to/openssl-1.1.1t/lib" prior to the configure and make steps. El mié, 29 mar 2023 a las 18:38, Chris me () escribió: > > Hi, I am trying to compile with --with-ssl=../openssl-1.1.1t, but it is being > ignored. How do I get this to work? -- Daniel Ferradal HTTPD Project #httpd help at Libera.Chat - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Unicode Chars not working
I rechecked the response headers, interesting thing is the server that works is just sending content-type: text/thml but the one that does not work is sending content-type: text/html and charset=UTF-8 even though it is sending the charset after I un-commented it in charset.conf. So why does the old server work properly even though it does not explicitly set the charset, but the new server does not, even when it is set? Is it the linux system itself that might be serving the file to apache weird? One thing I did notice in the headers, is the old server has transfer-encoding: chunked but the new server does not have that, it has Vary: accept-encoding From: phunction Sent: Saturday, November 11, 2023 4:14 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Unicode Chars not working Seeing how it's an exact copy from the other server and the other server is fine I would think that's more of a Apache configuration isn't it? The content itself does not specify a character set. Sent from my Galaxy Original message From: Frank Gingras mailto:thu...@apache.org>> Date: 2023-11-11 4:02 p.m. (GMT-08:00) To: users@httpd.apache.org<mailto:users@httpd.apache.org> Subject: Re: [users@httpd] Unicode Chars not working On Sat, Nov 11, 2023 at 6:49 PM Chris me mailto:phunct...@hotmail.com>> wrote: Hi, I am moving my site from one server to another, both are apache 2. The files where tarred and zipped on one linux server and copied to another linux server. On the new server, any pages with a Unicode character is getting served with the black diamond and question mark. I enabled AddDefaultCharset UTF-8 on the new server it does not make a difference. What else do I need to change? Are you sure your content is not producing html header with the wrong charset? I would inspect it.
RE: [users@httpd] Unicode Chars not working
Yes, the headers are the same on both, there is no header directive to set character set, as I have stated. IE, there is nothing like in the header. There has to be something different in the 2 apache servers, the one that works is an older 2.4.4 and the new one is 2.4.57 that is not working right. Still can’t figure out what is causing the difference. From: Frank Gingras Sent: Saturday, November 11, 2023 5:44 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Unicode Chars not working On Sat, Nov 11, 2023 at 8:31 PM phunction mailto:phunct...@hotmail.com>> wrote: Seeing how it's an exact copy from the other server and the other server is fine I would think that's more of a Apache configuration isn't it? The content itself does not specify a character set. Sent from my Galaxy Original message From: Frank Gingras mailto:thu...@apache.org>> Date: 2023-11-11 4:02 p.m. (GMT-08:00) To: users@httpd.apache.org<mailto:users@httpd.apache.org> Subject: Re: [users@httpd] Unicode Chars not working On Sat, Nov 11, 2023 at 6:49 PM Chris me mailto:phunct...@hotmail.com>> wrote: Hi, I am moving my site from one server to another, both are apache 2. The files where tarred and zipped on one linux server and copied to another linux server. On the new server, any pages with a Unicode character is getting served with the black diamond and question mark. I enabled AddDefaultCharset UTF-8 on the new server it does not make a difference. What else do I need to change? Are you sure your content is not producing html header with the wrong charset? I would inspect it. Try to inspect the response headers with your browser (F12) next.
[users@httpd] Unicode Chars not working
Hi, I am moving my site from one server to another, both are apache 2. The files where tarred and zipped on one linux server and copied to another linux server. On the new server, any pages with a Unicode character is getting served with the black diamond and question mark. I enabled AddDefaultCharset UTF-8 on the new server it does not make a difference. What else do I need to change?
[users@httpd] Multi site SSL problems
Hi, I am having an issue trying to get multiple sites with their own SSL cert. I purchased AlphaSSL certs for them. The strange thing, the first cert works, the second gives me an ERR_SSL_PROTOCOL_ERROR, but only on some systems. This is what I am using now: ( Site1 is fine, Site2 gives me the error. I originally tried with NameVirtualHost *.443 And then But when I go to site2, it complains that the cert is invalid because it is using the cert from site1? ) NameVirtualHost 192.99.9.188:443 ServerName www.site1.com ServerAdmin webmas...@site1.com DocumentRoot /home/httpd/sites/site1 Order allow,deny Allow from all SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile/etc/ssl/site1.ca/server.crt SSLCertificateKeyFile /etc/ssl/site1.ca/server.key SSLCertificateChainFile /etc/ssl/site1.ca/bundle.crt ServerName www.site2.com ServerAdmin webmas...@site2.com DocumentRoot /home/httpd/sites/site2 Order allow,deny Allow from all SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile/etc/ssl/site2.ca/server.crt SSLCertificateKeyFile /etc/ssl/site2.ca/server.key SSLCertificateChainFile /etc/ssl/site2.ca/bundle.crt
RE: [users@httpd] Multi site SSL problems
I found NameVirtualHost *:443 was commented out in ports.conf, I changed that. Now I am back to the ssl protocol error for the second site. From: Chris me Sent: Friday, May 10, 2024 8:40 AM To: users@httpd.apache.org Subject: RE: [users@httpd] Multi site SSL problems I set up each entry with but when I do that, the second site will complain that the cert is for site1. So if I go to site2.com, I get a browser error that the cert is for site1. It will show me the content for site1. I am not sure why the difference, my non ssl hosts, ie all work fine, each site gives me the correct content, so why does it not work for ? The Entries are ServerName www.site1.com<http://www.site1.com> ServerName www.site2.com<http://www.site2.com> I am not sure how to do this part: Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require instead I am running Apache 2.2, does it still apply? It does not look like mod_access_compat is listed under mods-enabled From: Frank Gingras mailto:thu...@apache.org>> Sent: Thursday, May 9, 2024 4:12 PM To: users@httpd.apache.org<mailto:users@httpd.apache.org> Subject: Re: [users@httpd] Multi site SSL problems On Thu, May 9, 2024 at 6:54 PM Chris me mailto:phunct...@hotmail.com>> wrote: Hi, I am having an issue trying to get multiple sites with their own SSL cert. I purchased AlphaSSL certs for them. The strange thing, the first cert works, the second gives me an ERR_SSL_PROTOCOL_ERROR, but only on some systems. This is what I am using now: ( Site1 is fine, Site2 gives me the error. I originally tried with NameVirtualHost *.443 And then But when I go to site2, it complains that the cert is invalid because it is using the cert from site1? ) NameVirtualHost 192.99.9.188:443<http://192.99.9.188:443> http://www.site1.com:443>> ServerName www.site1.com<http://www.site1.com> ServerAdmin webmas...@site1.com<mailto:webmas...@site1.com> DocumentRoot /home/httpd/sites/site1 Order allow,deny Allow from all SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/ssl/site1.ca/server.crt<http://site1.ca/server.crt> SSLCertificateKeyFile /etc/ssl/site1.ca/server.key<http://site1.ca/server.key> SSLCertificateChainFile /etc/ssl/site1.ca/bundle.crt<http://site1.ca/bundle.crt> http://www.site2.com:443>> ServerName www.site2.com<http://www.site2.com> ServerAdmin webmas...@site2.com<mailto:webmas...@site2.com> DocumentRoot /home/httpd/sites/site2 Order allow,deny Allow from all SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/ssl/site2.ca/server.crt<http://site2.ca/server.crt> SSLCertificateKeyFile /etc/ssl/site2.ca/server.key<http://site2.ca/server.key> SSLCertificateChainFile /etc/ssl/site2.ca/bundle.crt<http://site2.ca/bundle.crt> So many red flags here: - Always use *:PORT when defining a vhost, unless you know exactly what you are doing - Set the ServerName directive in every single vhost - Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require instead - Unload the mod_access_compat module when apachectl configtest passes Lastly, show the output from apachectl -S when the fixes are applied
[users@httpd] Require paramater
The Apache docs recommend dong this to setup a default deny to file locations: Require all denied Do I do that in httpd.conf or do I add that to each entry?
RE: [users@httpd] Multi site SSL problems
I set up each entry with but when I do that, the second site will complain that the cert is for site1. So if I go to site2.com, I get a browser error that the cert is for site1. It will show me the content for site1. I am not sure why the difference, my non ssl hosts, ie all work fine, each site gives me the correct content, so why does it not work for ? The Entries are ServerName www.site1.com ServerName www.site2.com I am not sure how to do this part: Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require instead I am running Apache 2.2, does it still apply? It does not look like mod_access_compat is listed under mods-enabled From: Frank Gingras Sent: Thursday, May 9, 2024 4:12 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Multi site SSL problems On Thu, May 9, 2024 at 6:54 PM Chris me mailto:phunct...@hotmail.com>> wrote: Hi, I am having an issue trying to get multiple sites with their own SSL cert. I purchased AlphaSSL certs for them. The strange thing, the first cert works, the second gives me an ERR_SSL_PROTOCOL_ERROR, but only on some systems. This is what I am using now: ( Site1 is fine, Site2 gives me the error. I originally tried with NameVirtualHost *.443 And then But when I go to site2, it complains that the cert is invalid because it is using the cert from site1? ) NameVirtualHost 192.99.9.188:443<http://192.99.9.188:443> http://www.site1.com:443>> ServerName www.site1.com<http://www.site1.com> ServerAdmin webmas...@site1.com<mailto:webmas...@site1.com> DocumentRoot /home/httpd/sites/site1 Order allow,deny Allow from all SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/ssl/site1.ca/server.crt<http://site1.ca/server.crt> SSLCertificateKeyFile /etc/ssl/site1.ca/server.key<http://site1.ca/server.key> SSLCertificateChainFile /etc/ssl/site1.ca/bundle.crt<http://site1.ca/bundle.crt> http://www.site2.com:443>> ServerName www.site2.com<http://www.site2.com> ServerAdmin webmas...@site2.com<mailto:webmas...@site2.com> DocumentRoot /home/httpd/sites/site2 Order allow,deny Allow from all SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/ssl/site2.ca/server.crt<http://site2.ca/server.crt> SSLCertificateKeyFile /etc/ssl/site2.ca/server.key<http://site2.ca/server.key> SSLCertificateChainFile /etc/ssl/site2.ca/bundle.crt<http://site2.ca/bundle.crt> So many red flags here: - Always use *:PORT when defining a vhost, unless you know exactly what you are doing - Set the ServerName directive in every single vhost - Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require instead - Unload the mod_access_compat module when apachectl configtest passes Lastly, show the output from apachectl -S when the fixes are applied
