I just recompiled nginx in order to add the HttpStripModule module. (i followed this: https://serverfault.com/a/279536/111652)
this is the configure options i used to make / make install:
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-debug --with-http_stub_status_module --with-http_flv_module --with-http_ssl_module --with-http_dav_module --with-http_gzip_static_module --with-http_realip_module --with-mail --with-mail_ssl_module --with-ipv6 --add-module=/usr/src/gnosek-nginx-upstream-fair-5f6a3b7 --add-module=/usr/src/mod_strip
and then as soon as make install was completed, i did a nginx restart and ran nginx -V
and the output was:
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-debug --with-http_stub_status_module --with-http_flv_module --with-http_ssl_module --with-http_dav_module --with-http_gzip_static_module --with-http_realip_module --with-mail --with-mail_ssl_module --with-ipv6 --add-module=/build/buildd/nginx-0.7.65/modules/nginx-upstream-fair
As you can see... it didn't take my strip module. :(
what's going on here?
UPDATE: After all of this, I realized that my original install of nginx never was actually replaced.
This issue was solved by specifying the --sbin-path flag to the current location of nginx and then make installing. then the files were actually overwritten. After starting the nginx server now shows that it is the new version.
The module is probably included. Until recently, nginx's error logging could only print strings up to 2048 chars, so a really long ./configure string would get truncated when printed out.
Specifying --sbin-path to the configure command solved my issue as well.
Related
I was trying to include the LDAP module to nginx. I could add the module and make install nginx successfully, however, while trying to restart the nginx, I get the following error:
sudo /usr/local/nginx/sbin/nginx -c /var/www/conf/nginx.conf -t
nginx: [emerg] dlopen() "/usr/local/nginx/modules/ngx_http_auth_ldap_module.so" failed (/usr/local/nginx/modules/ngx_http_auth_ldap_module.so: undefined symbol: ngx_ssl_handshake) in /var/www/conf/nginx.conf:11
nginx: configuration file /var/www/conf/nginx.conf test failed
When I looked at the ngx_http_auth_ldap_module.c file, I found that there is a call to this function. I am not sure where is this function being called from. Is there any other library that needs to be installed?
I have already installed the following:
openssl-devel.x86_64
openldap-devel.x86_64
zlib-devel.x86_64
I figured it out that I wasn't configuring nginx with the http_ssl_module option.
To make it work, I re-configured the nginx as:
./configure --add-module=/path/to/ldap_module --with-http_ssl_module
And then issued make and install commands. The ngx_ssl_handshake error got removed.
I'm trying to upgrade to Apache 2.4.27, from 2.4.26. The configure, make & make install all complete, but when I try to bounce Apache, I get the following:
httpd: Syntax error on line 145 of /usr/local/apache2/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: SSL_get_srp_userinfo
OpenSSL version is openssl-1.0.2l, installed by running:
./config --prefix=/usr/local/ --openssldir=/usr/local/openssl enable-tlsext shared
make && make install
Apache 2.4.27 was installed by running:
./configure --enable-modules=all --enable-ssl --with-included-apr --enable-mod-proxy --with-included-apr-util
make && make install
I've had the same problem several times before, and the answer was to make sure LD_LIBRARY_PATH was set to /usr/local/lib64:/usr/local/lib however that isn't helping this time. I've tried configuring & compiling with this set, and with no LD_LIBRARY_PATH, neither helped.
mod_ssl.so looks like it's getting compiled against the yum installed version of OpenSSL:
[root#localhost httpd-2.4.27]# yum list installed |grep -i ssl
openssl.i686 1.0.1e-57.el6 #ol6_latest
openssl.x86_64 1.0.1e-57.el6 #ol6_latest
openssl-devel.x86_64 1.0.1e-57.el6 #ol6_latest
pyOpenSSL.x86_64 0.13.1-2.el6 #ol6_latest
ldd /usr/local/apache2/modules/mod_ssl.so
linux-vdso.so.1 => (0x00007ffd012ba000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f3258fb7000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f3258bd1000)
I've tried plenty of different options (way too many to list here), such as --with-ssl=/usr/local/openssl, --enable-ssl=shared as well as setting LDFLAGS="-L/usr/local/lib64" in config.nice but still no joy.
Any ideas?
Finally managed to solve this from a comment at https://serverfault.com/questions/587267/upgrade-to-apache-2-4-9-opensssl-error-ssl-get-srp-userinfo. Turns out setting LDFLAGS was the answer:
LDFLAGS="-L/usr/local/lib64"; export LDFLAGS
"./configure" \
"--enable-so" \
"--with-included-apr" \
"--enable-ssl" \
"--with-ssl=/usr/local/openssl" \
"LDFLAGS=-L/usr/local/lib64" \
"$#"
Recently was trying to setup load balancing using mod_jk in apache 2.4 in RHEL 7.
The web server and application are hosted in Amazon Cloud Service.The problem i am facing is with versions of mod_jk. Apparently lot of searching i got to know that latest version of mod_jk is available untill apache 2.2.X versions.I am getting mod_jk would not be loaded error.Please provide inputs on this issue.In am not able to down grade it to 2.2 either.
mod_jk.conf
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkMount /application/* loadbalancer
workers.properties
worker.list=loadbalancer,status
worker.node1.port=8009
worker.node1.host=node1.mydomain.com
worker.node1.type=ajp13
worker.node1.ping_mode=A
worker.node1.lbfactor=1
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=node1,node2
worker.loadbalancer.sticky_session=1
worker.status.type=status
You can install mod_jk by following the below steps:
# cd /var/java/
# mkdir mod-jk
# cd mod-jk
# wget http://www.eu.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz
# tar -xf tomcat-connectors-1.2.41-src.tar.gz
# yum install -y httpd-devel gcc gcc-c++ make libtool
# cd tomcat-connectors-1.2.41-src/native
# ./configure --with-apxs=/usr/sbin/apxs
# make
# libtool --finish /usr/lib64/httpd/modules
# make install
# service httpd restart
The link in Ghayel's answer is dead, but you can download tomcat-connectors from: https://tomcat.apache.org/download-connectors.cgi
I get it work on 2021-03-02 using this tomcat tarball :
https://downloads.apache.org/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz
Before, I had the same error as describe after upgrading from RHEL6 to RHEL7.
httpd refuse to start with error :
Syntax error on line 4 of /etc/httpd/conf.d/svc_jk.conf: Cannot load modules/mod_jk.so into server: /etc/httpd/modules/mod_jk.so: undefined symbol: ap_log_error
Having a deeper look show me that my mod_jk was not update by RHEL upgrader process and the current mod_jk was not availiable for httpd in yum repository
The ONLY change I did is from the configure command I ran :
./configure --with-apxs=/usr/bin/apxs
(I found apxs from httpd-devel in /usr/bin not in /usr/sbin )
And effectively, "make install" publish the new mod_jk.so in /usr/lib64/httpd/modules , not "libtool --finish /usr/lib64/httpd/modules"
Regards
nbanba
I need to compile for the modules from mod_cluster using https 2.4.17 and I am having an issue compiling the modules. The process fails at the make step.
I have successfully build httpd 2.4.17 into and rpm and installed it without issue.
I am pulling the mod_cluster from source at: https://github.com/modcluster/mod_cluster
I am following procedure to build mod_cluster:
cd /mod_cluster//native/advertise # Advertise the first of four modules
./buildconf
./configure --with-apxs=/usr/bin/apxs
checking for Apache httpd installation... APXS is /usr/bin/apxs
apxs_support is true
Use of uninitialized value in concatenation (.) or string at /usr/bin/apxs line 222.
configure: creating ./config.status
config.status: creating Makefile
make
Makefile:10: //build/rules.mk: No such file or directory
make: *** No rule to make target `//build/rules.mk'. Stop.
I believe the issue with the top_builddir directive in the make file.
Note: That there is not /build/rules.mk being written to /
# Makefile.in for mod_proxy_cluster
# copy the source in the httpd Apache source tree
APACHE_BASE = /usr
top_builddir = /
# For .deps.
builddir = /srv/apache/mod_cluster-master/native/advertise
# For the apache includes
top_srcdir = /usr
include $(top_builddir)/build/rules.mk
SH_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CC) -I../include -prefer-pic -c $< && touch $#
all: mod_advertise.so
mod_advertise.so: mod_advertise.la
$(top_builddir)/build/instdso.sh SH_LIBTOOL='$(LIBTOOL)' mod_advertise.la `pwd`
mod_advertise.la: mod_advertise.slo
$(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_advertise.lo
clean:
rm -f *.o *.lo *.slo *.so
rm -rf .libs
Thank you
mod_cluster master compiles just fine with httpd 2.4.17. You might take a look at my Dockerfile that shows how it is done. I've just triggered a new DockerHub build, it will be available on DockerHub eventually.
In order to be absolutely sure, I repeated the process on Fedora22 x86_64 a minute ago manually:
wget http://archive.apache.org/dist/httpd/httpd-2.4.17.tar.gz
wget http://archive.apache.org/dist/httpd/httpd-2.4.17-deps.tar.gz
tar xvf ..., cd ...
./configure --prefix=/opt/httpd-2.4.17-build --with-mpm=worker --enable-mods-shared=most --enable-maintainer-mode --with-expat=builtin --enable-ssl --enable-proxy --enable-proxy-http --enable-proxy-ajp --with-threads
git clone https://github.com/modcluster/mod_cluster.git
cd mod_cluster/native
modules="advertise mod_cluster_slotmem mod_manager mod_proxy_cluster";for module in $modules;do cd $module;./buildconf;./configure --with-apxs=/opt/httpd-2.4.17-build/bin/apxs;make clean;make;cd ..;done;
So, apparently, the problem lies with your httpd build. Could you share your src rpm?
I installed Danginx and when REMOTE_ADDR shows server ip instead of user ip.
I tryed use mod_remoteip (I have apache 2.4) but its shows me error.
apxs -cia mod_remoteip.c
/var/www/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT-D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -O2 -pthread -I/usr/include/apache -I/usr/includ/apache -I/usr/include/apache -c -o mod_remoteip.lo mod_remoteip.c && touch mod_remoteip.slo
gcc: mod_remoteip.c: No such file or directory
gcc: no input files
apxs:Error: Command failed with rc=65536
After that I tryed to download this module and compile it, and than when I tryed enable httpd service it told me that I try enable build-in module.
What can I do for show real IP of users?
Thank you!