作者共發了14篇帖子。
在瑞芯微RV1106板子上用gcc14.2本地編譯安裝apache2.4.63,開啟http2和tls1.3,並且https支持XP系統的IE6-8瀏覽器
 |
|
|
在瑞芯微RV1106板子上用gcc14.2本地編譯安裝apache2.4.63,開啟http2和tls1.3,並且https支持XP系統的IE6-8瀏覽器
參考文章:https://blog.csdn.net/ZLK1214/article/details/138168428 瑞芯微RV1106從SD卡啟動自己的busybox1.36.1根文件系統:https://zh.purasbar.com/post.php?t=32786 在fedora42上用arm-gnu-toolchain-14.2交叉編譯器編譯gcc14.2、gdb14.2和make4.4:https://zh.purasbar.com/post.php?t=32816 請注意一定要設置C_INCLUDE_PATH=/usr/include環境變量,否則編譯會失敗。 make[3]: Entering directory '/root/software/httpd-2.4.59/srclib/apr' /bin/sh /root/software/httpd-2.4.59/srclib/apr/libtool --silent --mode=compile --tag=CC gcc -g -O2 -DHAVE_CONFIG_H -DLINUX -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -I./include -I/root/software/httpd-2.4.59/srclib/apr/include/arch/unix -I./include/arch/unix -I/root/software/httpd-2.4.59/srclib/apr/include/arch/unix -I/root/software/httpd-2.4.59/srclib/apr/include -I/root/software/httpd-2.4.59/srclib/apr/include/private -I/root/software/httpd-2.4.59/srclib/apr/include/private -o encoding/apr_encode.lo -c encoding/apr_encode.c && touch encoding/apr_encode.lo In file included from ./include/apr_encode.h:24, from encoding/apr_encode.c:28: ./include/apr.h:632:2: error: #error no decision has been made on APR_PATH_MAX for your platform 632 | #error no decision has been made on APR_PATH_MAX for your platform | ^~~~~ make[3]: *** [/root/software/httpd-2.4.59/srclib/apr/build/apr_rules.mk:207: encoding/apr_encode.lo] Error 1 make[3]: Leaving directory '/root/software/httpd-2.4.59/srclib/apr' make[2]: *** [/root/software/httpd-2.4.59/srclib/apr/build/apr_rules.mk:119: all-recursive] Error 1 make[2]: Leaving directory '/root/software/httpd-2.4.59/srclib/apr' make[1]: *** [/root/software/httpd-2.4.59/build/rules.mk:75: all-recursive] Error 1 make[1]: Leaving directory '/root/software/httpd-2.4.59/srclib' make: *** [/root/software/httpd-2.4.59/build/rules.mk:75: all-recursive] Error 1 |
|
工作目錄:
mkdir -p /root/software/lamp cd /root/software/lamp |
|
【源碼編譯安裝openssl-1.1.1w】
之前弄wifi的時候已經編譯安裝好了。 (編譯時記得設置enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers選項,這樣才能讓https支持XP系統的IE6-8瀏覽器) 見https://zh.purasbar.com/post.php?t=32786 【源碼編譯安裝nghttp2-1.66.0(不需要綁定openssl)】 wget https://github.com/nghttp2/nghttp2/releases/download/v1.66.0/nghttp2-1.66.0.tar.gz --no-check-certificate tar xf nghttp2-1.66.0.tar.gz cd nghttp2-1.66.0 ./configure --prefix=/opt/nghttp2-1.66.0 --enable-shared make make install cd .. 【編譯安裝apache前所需的軟體包】 在板子上編譯安裝pcre2-10.45軟體包: wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.45/pcre2-10.45.tar.bz2 --no-check-certificate tar xf pcre2-10.45.tar.bz2 cd pcre2-10.45 ./configure make make install ldconfig cd .. 在板子上編譯安裝zlib-1.3.1軟體包: wget https://www.zlib.net/zlib-1.3.1.tar.gz --no-check-certificate tar xf zlib-1.3.1.tar.gz cd zlib-1.3.1 ./configure make make install ldconfig cd .. 在板子上編譯安裝expat-2.7.1軟體包: wget https://github.com/libexpat/libexpat/releases/download/R_2_7_1/expat-2.7.1.tar.gz --no-check-certificate tar xf expat-2.7.1.tar.gz cd expat-2.7.1 ./configure make make install ldconfig cd .. 在板子上編譯安裝perl-5.40.2軟體包: wget https://www.cpan.org/src/5.0/perl-5.40.2.tar.gz --no-check-certificate tar xf perl-5.40.2.tar.gz cd perl-5.40.2 ./configure.gnu make make install ldconfig cd .. 在板子上編譯安裝libxcrypt-4.4.38軟體包: wget https://github.com/besser82/libxcrypt/releases/download/v4.4.38/libxcrypt-4.4.38.tar.xz --no-check-certificate tar xf libxcrypt-4.4.38.tar.xz cd libxcrypt-4.4.38 ./configure make make install ldconfig cd .. 【源碼編譯安裝apache-2.4.63】 wget https://dlcdn.apache.org/httpd/httpd-2.4.63.tar.gz --no-check-certificate tar xf httpd-2.4.63.tar.gz cd httpd-2.4.63/srclib wget https://dlcdn.apache.org/apr/apr-1.7.6.tar.gz --no-check-certificate tar xf apr-1.7.6.tar.gz mv apr-1.7.6 apr wget https://dlcdn.apache.org/apr/apr-util-1.6.3.tar.gz --no-check-certificate tar xf apr-util-1.6.3.tar.gz mv apr-util-1.6.3 apr-util cd .. ./configure --prefix=/opt/httpd-2.4.63 --enable-deflate --enable-expires --enable-mpms-shared=all --with-mpm=event --enable-rewrite --enable-so --with-included-apr --enable-ssl --enable-modules=most --enable-mods-shared=all --enable-http2 --with-nghttp2=/opt/nghttp2-1.66.0 執行這條命令的時候本人遇到了configure: error: cannot compute sizeof (pid_t)的錯誤。 筆者單獨找了個地方wget http://archive.apache.org/dist/apr/apr-1.7.4.tar.gz --no-check-certificate。 ./configure報一樣的錯誤。修改configure第2051行,if (sizeof (($2)))改成if (sizeof ($2))。 ./configure報configure: error: cannot make gcc report undeclared builtins。 再把configure文件改回來,./configure就成功了。 回到httpd-2.4.63目錄,什麼都沒改,就能configure成功。可能是緩存的問題吧。 make make install cd .. 關閉busybox自帶的http伺服器: # ps aux | grep httpd 83 root 0:00 httpd -h /var/www/html 344 root 0:00 grep httpd # kill -9 83 添加daemon用戶和組: (系統用戶,且不可登錄。-S表示編號從100開始) addgroup -S daemon adduser -G daemon -SDH daemon 啟動apache伺服器:/opt/httpd-2.4.63/bin/apachectl start 重啟apache伺服器:/opt/httpd-2.4.63/bin/apachectl restart 停止apache伺服器:/opt/httpd-2.4.63/bin/apachectl stop 【生成sha1簽名的https證書】 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha1 -keyout /opt/httpd-2.4.63/conf/server.key -out /opt/httpd-2.4.63/conf/server.crt 下面的內容不用填,直接按回車鍵就行了。 Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: 提示:sha1證書的兼容性好,完美支持原版win2000sp4系統的ie5和ie6瀏覽器,以及xp sp2和sp3系統的ie6-8瀏覽器。 但現在市場上銷售的一般是sha256證書,xp sp3的ie6-8可以直接訪問,但64位xp sp2需要安裝KB968730補丁後ie6-8才能訪問。 win2000sp4的ie5不支持sha256證書,訪問https會無法顯示網頁。 win2000sp4的ie6要安裝黑翼貓擴展內核後,才能訪問使用了sha256證書的https網站。 【apache伺服器啟用https】 vi /opt/httpd-2.4.63/conf/httpd.conf 取消注釋LoadModule socache_shmcb_module modules/mod_socache_shmcb.so 取消注釋LoadModule ssl_module modules/mod_ssl.so 取消注釋Include conf/extra/httpd-ssl.conf vi /opt/httpd-2.4.63/conf/extra/httpd-ssl.conf 將 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES 修改為 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 將 SSLProtocol all -SSLv3 SSLProxyProtocol all -SSLv3 修改為 SSLProtocol all SSLProxyProtocol all (-SSLv3前面的減號表示禁止的意思,禁用了SSLv3的話IE6就打不開https網站了) 另外還要正確配置SSLCertificateFile和SSLCertificateKeyFile(https證書文件)。 如: SSLCertificateFile /home/xxx/certificate/xxx.com.crt SSLCertificateKeyFile /home/xxx/certificate/xxx.com.key 測試配置是否正確:/opt/httpd-2.4.63/bin/httpd -t(輸出Syntax OK表示配置正確) 重啟:/opt/httpd-2.4.63/bin/apachectl restart 經檢驗,IE6、IE8、edge、firefox均能正常訪問https。 【apache伺服器啟用http2】 vi /opt/httpd-2.4.63/conf/httpd.conf 取消注釋LoadModule http2_module modules/mod_http2.so 在文件末尾添加: Protocols h2 http/1.1 LogLevel http2:info 重啟:/opt/httpd-2.4.63/bin/apachectl restart 經檢驗,XP系統下的firefox52.9esr可以正常通過HTTP/2訪問https,且不影響IE6-8的http/1.1訪問。 XP系統下用mypal68瀏覽器訪問https,採用的是tls1.3協議。 |
|
chrome49:
 |
|
firefox52.9esr:
 |
|
mypal68.14.4b:
 |
|
supermium124:
 |
|
手機edge瀏覽器:
 |
|
 |
