我正在观察以下问题:
Apache2 使用以下标志编译:
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--host=arm-cortexa9-linux-gnueabi \
--build=i686-host-linux-gnu \
--includedir=/usr/include/apache2 \
--enable-ssl \
--with-ssl \
--enable-ssl-staticlib-deps \
--enable-mods-static="headers rewrite gd log_config mime alias actions unixd access_compat authn_core authz_core cgi ssl http2" \
--with-apr=/opt/PHYTEC_BSPs/PTXDist/platform-phyFLEX-i.MX6/sysroot-target/usr/bin/apr-1-config \
--with-apr-util=/opt/PHYTEC_BSPs/PTXDist/platform-phyFLEX-i.MX6/sysroot-target/usr/bin/apu-1-config \
BUILDCC=/usr/bin/gcc \
--with-mpm=prefork
这导致一个二进制文件在
中编译了以下模块Compiled in modules:
core.c
mod_authn_core.c
mod_authz_core.c
mod_access_compat.c
mod_so.c
http_core.c
mod_mime.c
mod_log_config.c
mod_headers.c
mod_ssl.c
mod_http2.c
prefork.c
mod_unixd.c
mod_cgi.c
mod_actions.c
mod_alias.c
mod_rewrite.c
ports.conf
启用监听端口 443 和 80:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
站点的最简单配置如下:
<VirtualHost *:443>
<IfModule ssl_module>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/cert.crt
SSLCertificateKeyFile /etc/ssl/private/key.pem
</IfModule>
</VirtualHost>
我们将使用第二个端口 80 自动重定向到 https 页面。对于手头的问题,不需要相应的 VirtualHost。
如果从 ports.conf< 中删除
。这意味着 ssl 支持已正确编译到二进制文件中。如果 both Listen 80
,实际上对 https 页面 (https://192.168.2.3:443
) 的请求正在工作Listen
指令存在于 ports.conf 中,则对 https 页面 (https://192.168.2.3:443
) 的请求仍然存在没有回应。甚至没有 ERR_* 响应。
有关端口、apache2、ssl 的多个不同搜索无助于缩小问题范围。使用标准 apache2 二进制文件的相同配置可以完美运行。将 LogLevel
增加到 debug
可为上述两种情况提供相同的输出:
[ssl:info] [pid 1583025418028449792] [client 192.168.2.82:51478] AH01964: Connection to child 0 established (server localhost:443)
[ssl:debug] [pid 9122084304870461440] ssl_engine_kernel.c(2143): [client 192.168.2.82:51478] AH02645: Server name not provided via TLS extension (using default/first virtual host)
[ssl:debug] [pid 9122084442309416064] ssl_engine_kernel.c(2143): [client 192.168.2.82:51478] AH02645: Server name not provided via TLS extension (using default/first virtual host)
[core:debug] [pid 4294967296] protocol.c(1893): [client 192.168.2.82:51478] AH03155: select protocol from , choices=h2,http/1.1 for server localhost
[ssl:debug] [pid 7159351466806950200] ssl_engine_kernel.c(2042): [client 192.168.2.82:51478] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[ssl:debug] [pid 3905800881399477553] ssl_engine_kernel.c(366): [client 192.168.2.82:51478] AH02034: Initial (No.1) HTTPS request received for child 0 (server localhost:443)
[authz_core:debug] [pid 3358932565584236] mod_authz_core.c(809): [client 192.168.2.82:51478] AH01626: authorization result of Require all denied: denied
[authz_core:debug] [pid 30064771072] mod_authz_core.c(809): [client 192.168.2.82:51478] AH01626: authorization result of <RequireAny>: denied
[authz_core:error] [pid 30064771072] [client 192.168.2.82:51478] AH01630: client denied by server configuration: /var/www/
[ssl:debug] [pid 2113123909637] ssl_engine_io.c(1033): [client 192.168.2.82:51478] AH02001: Connection closed to child 0 with standard shutdown (server localhost:443)
有没有人知道是否应该将模块添加到二进制文件中?非常感谢任何帮助。
最佳答案
在 APR 包的配置选项中设置 ac_cv_o_nonblock_inherited=no。
Cross compiling causes multiple Listen directives to not work properly
关于apache - 并行支持两个端口的 SSL 在静态编译的 Apache2 二进制文件中不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40791172/