如何使用 SCL 更新 Apache 和 PHP？

Question

以下是我对 Apache、Python 和 PHP 升级的现场笔记。它也包括mod_ssl，但缺乏mod_security。我mod_security在 SCL 中找不到。

##################################################
# https://access.redhat.com/solutions/527703
# https://www.hogarthuk.com/?q=node/15
# https://developers.redhat.com/blog/2014/03/19/permanently-enable-a-software-collection/

##################################################
# Enable SCL
##################################################
yum -y install centos-release-scl
yum-config-manager --enable rhel-server-rhscl-7-rpms

##################################################
# Python 2.7
##################################################
yum -y install python27

# Add enable-scl-python27.sh
cat /etc/profile.d/enable-scl-python27.sh
#!/usr/bin/env bash
source scl_source enable python27

##################################################
# PHP 7.1
##################################################
yum -y install rh-php71 rh-php71-php rh-php71-ssl rh-php71-php-mysqlnd

# Config at /etc/opt/rh/rh-php71/php.ini

# Add enable-scl-php71.sh
cat /etc/profile.d/enable-scl-php71.sh
#!/usr/bin/env bash
source scl_source enable rh-php71

##################################################
# Apache 2.4
##################################################
yum -y install httpd24
yum -y install httpd24-httpd-tools httpd24-mod_php httpd24-mod_ssl

# Add enable-scl-php71.sh
cat /etc/profile.d/enable-scl-httpd24.sh
#!/usr/bin/env bash
source scl_source enable httpd24

# Disable old, enable new
systemctl disable httpd.service
systemctl enable httpd24-httpd.service

# Config at /opt/rh/httpd24/root/etc/httpd/httpd.conf
#        or /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf

# Config at /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf

##################################################
# httpd-ssl-pass-dialog

# The original ssl.conf probably includes this:
# SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

# Change it to this:
# /opt/rh/httpd24/root/usr/libexec/httpd-ssl-pass-dialog

##################################################
# !!! TEST APACHE !!!
apachectl configtest

# ps -aux | egrep 'apache|http'
root      1424  0.1  1.2 319644 13376 ?        Ss   00:54   0:00 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
apache    1425  0.0  0.8 361184  8400 ?        Sl   00:54   0:00 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
...

##################################################
# Backup fresh CONF
##################################################
cp /etc/opt/rh/rh-php71/php.ini /etc/opt/rh/rh-php71/php.ini.bu
cp /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf.bu
cp /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf.bu

##################################################
# Copy old CONF to new CONF
##################################################
# Copy httpd.conf and ssl.conf from /etc/httpd to /opt/rh/httpd24/root/etc/httpd
# Change SERVER_ROOT from /etc/httpd to /opt/rh/httpd24/root/etc/httpd
# Leave DOCUMENT_ROOT unchanged. The new server can serve from the old location.
# Leave mod_ssl unchanged. The old and new mod_ssl use /etc/pki/tls/certs and /etc/pki/tls/private.
# php.ini is too different between version 5 and version 7. Manually copy the hardening.

##################################################
# Hardening
##################################################
# List unneeded functions from PHP in disable_functions
# Comment unneeded modules in /opt/rh/httpd24/root/etc/httpd/conf.modules.d

##################################################
# Important Diff's after cp
##################################################
diff /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf.bu /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
diff /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf.bu /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf

Answer 1

以下是我对 Apache、Python 和 PHP 升级的现场笔记。它也包括mod_ssl，但缺乏mod_security。我mod_security在 SCL 中找不到。

##################################################
# https://access.redhat.com/solutions/527703
# https://www.hogarthuk.com/?q=node/15
# https://developers.redhat.com/blog/2014/03/19/permanently-enable-a-software-collection/

##################################################
# Enable SCL
##################################################
yum -y install centos-release-scl
yum-config-manager --enable rhel-server-rhscl-7-rpms

##################################################
# Python 2.7
##################################################
yum -y install python27

# Add enable-scl-python27.sh
cat /etc/profile.d/enable-scl-python27.sh
#!/usr/bin/env bash
source scl_source enable python27

##################################################
# PHP 7.1
##################################################
yum -y install rh-php71 rh-php71-php rh-php71-ssl rh-php71-php-mysqlnd

# Config at /etc/opt/rh/rh-php71/php.ini

# Add enable-scl-php71.sh
cat /etc/profile.d/enable-scl-php71.sh
#!/usr/bin/env bash
source scl_source enable rh-php71

##################################################
# Apache 2.4
##################################################
yum -y install httpd24
yum -y install httpd24-httpd-tools httpd24-mod_php httpd24-mod_ssl

# Add enable-scl-php71.sh
cat /etc/profile.d/enable-scl-httpd24.sh
#!/usr/bin/env bash
source scl_source enable httpd24

# Disable old, enable new
systemctl disable httpd.service
systemctl enable httpd24-httpd.service

# Config at /opt/rh/httpd24/root/etc/httpd/httpd.conf
#        or /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf

# Config at /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf

##################################################
# httpd-ssl-pass-dialog

# The original ssl.conf probably includes this:
# SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

# Change it to this:
# /opt/rh/httpd24/root/usr/libexec/httpd-ssl-pass-dialog

##################################################
# !!! TEST APACHE !!!
apachectl configtest

# ps -aux | egrep 'apache|http'
root      1424  0.1  1.2 319644 13376 ?        Ss   00:54   0:00 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
apache    1425  0.0  0.8 361184  8400 ?        Sl   00:54   0:00 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
...

##################################################
# Backup fresh CONF
##################################################
cp /etc/opt/rh/rh-php71/php.ini /etc/opt/rh/rh-php71/php.ini.bu
cp /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf.bu
cp /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf.bu

##################################################
# Copy old CONF to new CONF
##################################################
# Copy httpd.conf and ssl.conf from /etc/httpd to /opt/rh/httpd24/root/etc/httpd
# Change SERVER_ROOT from /etc/httpd to /opt/rh/httpd24/root/etc/httpd
# Leave DOCUMENT_ROOT unchanged. The new server can serve from the old location.
# Leave mod_ssl unchanged. The old and new mod_ssl use /etc/pki/tls/certs and /etc/pki/tls/private.
# php.ini is too different between version 5 and version 7. Manually copy the hardening.

##################################################
# Hardening
##################################################
# List unneeded functions from PHP in disable_functions
# Comment unneeded modules in /opt/rh/httpd24/root/etc/httpd/conf.modules.d

##################################################
# Important Diff's after cp
##################################################
diff /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf.bu /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
diff /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf.bu /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf

如何使用 SCL 更新 Apache 和 PHP？

答案1

相关内容