在之前的一篇文章中,我介绍过如何使用apxs为已安装的apache添加mod_deflate模块。为了生产需要,现在需要在apache中在追加mod_ssl模块。添加的方法一样,具体可以参考《不重新编译apache安装mod_deflate模块》:http://blog.nbqykj.cn/?p=1726.html 。基本步骤和添加mod_deflate模块一样,不过mod_ssl添加的时候如要加几个参数,不然会出现各种错误。
安装步骤
1、进入apache源码目录。
2、进入module文件夹下的ssl目录。
3、找到oepnssl 的include路径,ubuntu系统是在/usr/include/openssl目录。
4、运行apxs
root@v238:~/httpd-2.2.26/modules/ssl# /usr/local/apache2/bin/apxs -i -c -a -D HAVE_OPENSSL=1 -I /usr/include/openssl -lcrypto -lssl -ldl *.c /usr/local/apr-httpd//build-1/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache2/include -I/usr/local/apr-httpd//include/apr-1 -I/usr/local/apr-util-httpd/include/apr-1 -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o mod_ssl.lo mod_ssl.c && touch mod_ssl.slo /usr/local/apr-httpd//build-1/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache2/include -I/usr/local/apr-httpd//include/apr-1 -I/usr/local/apr-util-httpd/include/apr-1 -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_config.lo ssl_engine_config.c && touch ssl_engine_config.slo ...... /usr/local/apache2/build/instdso.sh SH_LIBTOOL='/usr/local/apr-httpd//build-1/libtool' mod_ssl.la /usr/local/apache2/modules /usr/local/apr-httpd//build-1/libtool --mode=install cp mod_ssl.la /usr/local/apache2/modules/ libtool: install: cp .libs/mod_ssl.so /usr/local/apache2/modules/mod_ssl.so libtool: install: cp .libs/mod_ssl.lai /usr/local/apache2/modules/mod_ssl.la libtool: install: cp .libs/mod_ssl.a /usr/local/apache2/modules/mod_ssl.a libtool: install: chmod 644 /usr/local/apache2/modules/mod_ssl.a libtool: install: ranlib /usr/local/apache2/modules/mod_ssl.a libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/jvm/jdk1.7.0_45/bin:/sbin" ldconfig -n /usr/local/apache2/modules ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/apache2/modules if you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- chmod 755 /usr/local/apache2/modules/mod_ssl.so [activating module `ssl' in /usr/local/apache2/conf/httpd.conf]
5、检查配置、重启
执行成功后可以在httpd.conf配置文件中看到已经添加了mod_ssl模块,apache安装目录下的module中也创建了mod_ssl.so 文件。
root@v238:~/httpd-2.2.26/modules/ssl# /usr/local/apache2/bin/httpd -t httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.0.238 for ServerName Syntax OK
提示syntax ok,重启apache。
错误处理
错误一、
错误代码,error “Unrecognized SSL Toolkit!、declaration for parameter ‘XXXXXX’ but no such parameter 。
出现这个错误是由于 HAVE_OPENSSL这个没有define ,可以通过添加-D HAVE_OPENSSL=1 解决。
root@v238:~/httpd-2.2.26/modules/ssl# /usr/local/apache2/bin/apxs -i -c -a mod_ssl.c /usr/local/apr-httpd//build-1/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache2/include -I/usr/local/apr-httpd//include/apr-1 -I/usr/local/apr-util-httpd/include/apr-1 -c -o mod_ssl.lo mod_ssl.c && touch mod_ssl.slo In file included from ssl_private.h:60:0, from mod_ssl.c:27: ssl_toolkit_compat.h:267:2: error: #error "Unrecognized SSL Toolkit!" In file included from ssl_private.h:72:0, from mod_ssl.c:27: ssl_util_ssl.h:78:31: error: unknown type name 'SSL' ssl_util_ssl.h:79:31: error: unknown type name 'SSL' ssl_util_ssl.h:80:1: error: unknown type name 'X509' ... ssl_private.h:637:14: error: declaration for parameter 'ssl_hook_Upgrade' but no such parameter ssl_private.h:636:14: error: declaration for parameter 'ssl_hook_ReadReq' but no such parameter ssl_private.h:635:14: error: declaration for parameter 'ssl_hook_Fixup' but no such parameter ssl_private.h:634:14: error: declaration for parameter 'ssl_hook_Access' but no such parameter ssl_private.h:633:14: error: declaration for parameter 'ssl_hook_UserCheck' but no such parameter ssl_private.h:632:14: error: declaration for parameter 'ssl_hook_Auth' but no such parameter ssl_private.h:629:14: error: declaration for parameter 'ssl_init_ModuleKill' but no such parameter ssl_private.h:628:14: error: declaration for parameter 'ssl_init_Child' but no such parameter mod_ssl.c:573:1: error: expected '{' at end of input apxs:Error: Command failed with rc=65536 #解决 root@v238:~/httpd-2.2.26/modules/ssl# /usr/local/apache2/bin/apxs -i -c -a -D HAVE_OPENSSL=1 -I /usr/include/openssl mod_ssl.c
错误二、
错误代码,undefined symbol: ssl_cmd_SSLMutex 。
apxs编译追加模块成功,但是apache启动失败。出现这个错误后,我把运行apxs时指定mod_ssl.c改成*.c 。和添加mod_deflate不一样,ssl中包含多个源代码文件。
root@v238:~/httpd-2.2.26/modules/ssl# /usr/local/apache2/bin/httpd -t httpd: Syntax error on line 107 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: ssl_cmd_SSLMutex root@v238:~/httpd-2.2.26/modules/ssl# #解决 root@v238:~/httpd-2.2.26/modules/ssl# /usr/local/apache2/bin/apxs -i -c -a -D HAVE_OPENSSL=1 -I /usr/include/openssl *.c
错误三、
错误代码,undefined symbol: X509_INFO_free ,这个通常是由于静态连接了 openssl的库造成的(默认),解决办法是添加-lcrypto -lssl -ldl参数。
root@v238:~/httpd-2.2.26/modules/ssl# /usr/local/apache2/bin/httpd -t httpd: Syntax error on line 107 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: X509_INFO_free #解决 root@v238:~/httpd-2.2.26/modules/ssl# /usr/local/apache2/bin/apxs -i -c -a -D HAVE_OPENSSL=1 -I /usr/include/openssl -lcrypto -lssl -ldl *.c
到这里在已安装的apache中追加mod_ssl模块就完成了,不过还是建议在第一次编译apache的时候就添加ssl模块 。
参考链接:
1、http://blog.nbqykj.cn/?p=1726.html