{"id":1894,"date":"2019-02-04T23:21:19","date_gmt":"2019-02-04T14:21:19","guid":{"rendered":"https:\/\/test.ji0vwl.net\/?p=1894"},"modified":"2019-02-17T21:57:06","modified_gmt":"2019-02-17T12:57:06","slug":"apache2-4-38-openssl1-1-1a%e3%82%92%e3%82%bd%e3%83%bc%e3%82%b9%e3%81%8b%e3%82%89%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab","status":"publish","type":"post","link":"https:\/\/ji0vwl.net\/index.php\/2019\/02\/04\/1894\/","title":{"rendered":"Apache2.4.38 + OpenSSL1.1.1a\u3092\u30bd\u30fc\u30b9\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb"},"content":{"rendered":"

CentOS7\u306bApache2.4.38+OpenSSL1.1.1a+PHP7.3.1\u3092\u30bd\u30fc\u30b9\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h1>\n

\u5148\u65e5Apache2.4.37<\/a>\u3092\u30bd\u30fc\u30b9\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u307f\u3066\u3001\u305d\u3053\u305d\u3053\u5b89\u5b9a\u7a3c\u50cd\u3059\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u304d\u307e\u3057\u305f\u304c\u3001\u6700\u8fd1Apache\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u4e0a\u304c\u3063\u305f\u3088\u3046\u306a\u306e\u3067\u65e9\u901f\u5165\u308c\u3066\u307f\u307e\u3057\u305f\u3002\u3069\u3046\u3084\u3089Apache2.4.37\u306e\u30d0\u30b0\u4fee\u6b63\uff08DoS\u8106\u5f31\u6027\u306e\u4fee\u6b63<\/a>\uff09\u306e\u3088\u3046\u3067\u3059\u3002PHP\u30827.3.0\u21927.3.1\u306b\u4e0a\u304c\u3063\u3066\u3044\u305f\u306e\u3067\u4e00\u7dd2\u306b\u3042\u3052\u3066\u307f\u307e\u3059\u3002\u5ff5\u306e\u70bahttpd\u3001httpd2\u306f\u6b8b\u3057\u305f\u307e\u307e\u3001\u300chttpd3\u300d\u3068\u3044\u3046\u65b0\u3057\u3044\u30b5\u30fc\u30d3\u30b9\u3092\u7acb\u3061\u4e0a\u3052\u308b\u3053\u3068\u306b\u3057\u307e\u3059\u3002<\/p>\n

1. OpenSSL 1.1.1a \u3092 \/usr\/local\/ssl \u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n

\u3053\u308c\u306f\u524d\u56de<\/a>\u3068\u540c\u3058\u306a\u306e\u3067\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3053\u3068\u306a\u304f\u305d\u306e\u307e\u307e\u4f7f\u3044\u307e\u3057\u305f\u3002<\/p>\n

$ sudo -i\r\n# yum -y groupinstall base\r\n# yum -y groupinstall development\r\n# yum -y update\r\n# yum -y install zlib-devel\r\n# yum -y install perl-core\r\n# cd \/usr\/local\/src\/\r\n# wget https:\/\/www.openssl.org\/source\/openssl-1.1.1a.tar.gz\r\n# tar xvfz openssl-1.1.1a.tar.gz\r\n# cd openssl-1.1.1a\r\n# .\/config --prefix=\/usr\/local\/ssl --openssldir=\/usr\/local\/ssl shared zlib\r\n# make depend\r\n# make\r\n# make test\r\n# make install\r\n# ln -s \/usr\/local\/ssl\/lib\/libcrypto.so.1.1 \/lib64\/libcrypto.so.1.1\r\n# ln -s \/usr\/local\/ssl\/lib\/libssl.so.1.1 \/lib64\/libssl.so.1.1\r\n# \/usr\/local\/ssl\/bin\/openssl version\r\n# echo \/usr\/local\/ssl\/lib > \/etc\/ld.so.conf.d\/openssl111a.conf\r\n# ldconfig\r\n# \/usr\/local\/ssl\/bin\/openssl ciphers -v TLSv1.3<\/pre>\n
<\/h4>\n
2. Ngttp2\u3068Brotli\u3092 \/usr\/local\/lib \u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n
\u524d\u56de<\/a>\u306fHTTP\/2\u5bfe\u5fdc\u7528\u306bNgttp2\u306fyum\u304b\u3089\u5165\u308c\u307e\u3057\u305f\u304c\u3001\u4eca\u56de\u306f\u30bd\u30fc\u30b9\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306b\u30c8\u30e9\u30a4\u3002\u307e\u305f\u3001\u9ad8\u901f\u5316\u3067\u304d\u308b\u3068\u3044\u3046\u5642\u306eBrotli<\/a>\u3082\u8ffd\u52a0\u3067\u5165\u308c\u3066\u307f\u307e\u3059\u3002<\/p>\n
2.1. Ngttp2\uff08libnghttp2\uff09<\/h5>\n
OpenSSL 1.1.1a\u306f \/usr\/local\/ssl \u914d\u4e0b\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3042\u308b\u306e\u3067\u3001env\u3067\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
# yum -y install jansson-devel\r\n# yum -y install libev-devel\r\n# yum -y install c-ares-devel\r\n# yum -y install centos-release-scl\r\n# yum -y install devtoolset-7\r\n# scl enable devtoolset-7 bash\r\n# cd \/usr\/local\/src\/\r\n# wget https:\/\/github.com\/nghttp2\/nghttp2\/releases\/download\/v1.36.0\/nghttp2-1.36.0.tar.gz\r\n# tar xvzf nghttp2-1.36.0.tar.gz\r\n# cd nghttp2-1.36.0\/\r\n# env OPENSSL_CFLAGS=\"-I\/usr\/local\/ssl\/include\" OPENSSL_LIBS=\"-L\/usr\/local\/ssl\/lib -lssl -lcrypto\" .\/configure -enable-app\r\n# make\r\n# make install<\/pre>\n
2.2. Brotli<\/h5>\n
# yum -y install cmake\r\n# cd \/usr\/local\/src\/\r\n# wget https:\/\/github.com\/google\/brotli\/archive\/v1.0.7.tar.gz\r\n# tar xvzf v1.0.7.tar.gz\r\n# cd brotli-1.0.7\/\r\n# mkdir out && cd out\r\n# ..\/configure-cmake\r\n# make\r\n# make test\r\n# make install\r\n# echo \/usr\/local\/lib > \/etc\/ld.so.conf.d\/usr-local-lib.conf\r\n# ldconfig<\/pre>\n
<\/h5>\n
3. Apache 2.4.38 \u3092 \/usr\/local\/httpd3 \u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n
\u524d\u56de<\/a>\u306fapr\u3068apr-util\u306fyum\u304b\u3089\u5165\u308c\u305f\u3082\u306e\u3092\u4f7f\u3044\u307e\u3057\u305f\u304c\u3001mpm_event\u304c\u7121\u3044\u306e\u304c\u3053\u306e\u305b\u3044\u304b\u3082\uff1f\uff1f\u3068\u601d\u3044\u3001\u3053\u308c\u3082\u30bd\u30fc\u30b9\u304b\u3089\u5165\u308c\u3066\u307f\u307e\u3059\u3002<\/p>\n
3.1. APR<\/h5>\n
# cd \/usr\/local\/src\/\r\n# wget http:\/\/ftp.jaist.ac.jp\/pub\/apache\/\/apr\/apr-1.6.5.tar.gz\r\n# tar xvzf apr-1.6.5.tar.gz\r\n# cd apr-1.6.5\/\r\n# .\/configure\r\n# make\r\n# make install<\/pre>\n
3.2. APR-util<\/h5>\n
# cd \/usr\/local\/src\/\r\n# wget http:\/\/ftp.jaist.ac.jp\/pub\/apache\/\/apr\/apr-util-1.6.1.tar.gz\r\n# tar xvzf apr-util-1.6.1.tar.gz\r\n# cd apr-util-1.6.1\/\r\n# .\/configure --with-apr=\/usr\/local\/apr\r\n# make\r\n# make install<\/pre>\n
3.3. Apache 2.4.38<\/h5>\n
—prefix=\/usr\/local\/httpd3 \u3068\u3059\u308b\u3053\u3068\u3067\u300chttpd3\u300d\u306e\u30d5\u30a9\u30eb\u30c0\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n
# cd \/usr\/local\/src\/\r\n# wget http:\/\/ftp.jaist.ac.jp\/pub\/apache\/\/httpd\/httpd-2.4.38.tar.gz\r\n# tar xvzf httpd-2.4.38.tar.gz\r\n# cd httpd-2.4.38\/\r\n# .\/configure \\\r\n--prefix=\/usr\/local\/httpd3 \\\r\n--enable-http2 \\\r\n--enable-brotli \\\r\n--with-brotli=\/usr\/local\/lib \\\r\n--enable-ssl \\\r\n--with-ssl=\/usr\/local\/ssl \\\r\n--with-apr=\/usr\/local\/apr \\\r\n--with-apr-util=\/usr\/local\/apr \\\r\n--enable-so \\\r\n--enable-mods-shared=all \\\r\n--enable-mpms-shared=all\r\n# make\r\n# make install<\/pre>\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u3089Apache\u306e\u8a2d\u5b9a\u3002httpd.conf\u306e\u8a72\u5f53\u7b87\u6240\u3092\u6709\u52b9\u5316\u3001\u8ffd\u8a18\u30fb\u4fee\u6b63\u3057\u307e\u3059\u3002<\/p>\n
\u203b\u5b9f\u969b\u306b\u306fhttpd2\u306econf\u30d5\u30a1\u30a4\u30eb\u3092\u305d\u306e\u307e\u307e\u30b3\u30d4\u30fc\u3057\u3066\u3001\u30b5\u30fc\u30d0\u30fc\u30eb\u30fc\u30c8\u4ed6\u3092\/usr\/local\/httpd2\u2192\/usr\/local\/httpd3\u306b\u3001Brotli\u8ffd\u52a0\u3001mpm_worker\u2192mpm_event\u306b\u66f8\u304d\u63db\u3048\u307e\u3057\u305f\u3002\u4eca\u56de\u306f\u3001apr\u3092\u30bd\u30fc\u30b9\u304b\u3089\u5165\u308c\u305f\u304b\u3089\u304b\uff1f\uff1f\uff08\u771f\u56e0\u4e0d\u660e\uff09mpm_event\u304c\u3042\u308a\u307e\u3057\u305f\uff01<\/p>\n
# cd \/usr\/local\/httpd3\/conf\r\n# vi httpd.conf\r\n-----------------------------------------\r\n# for Brotli\r\nLoadModule brotli_module modules\/mod_brotli.so\r\n# for HTTP\/2 MPM event\uff08\u2605\u4eca\u56de\u306fmpm_event\u304c\u3042\u3063\u305f\u305e\uff01\u2605\uff09\r\nLoadModule mpm_event_module modules\/mod_mpm_event.so\r\n#LoadModule mpm_prefork_module modules\/mod_mpm_prefork.so\r\n#LoadModule mpm_worker_module modules\/mod_mpm_worker.so\r\n# for HTTPS\r\nLoadModule ssl_module modules\/mod_ssl.so\r\nLoadModule socache_shmcb_module modules\/mod_socache_shmcb.so\r\n# for HTTP\/2\r\nLoadModule http2_module modules\/mod_http2.so\r\n# for VirtualHost\r\nLoadModule vhost_alias_module modules\/mod_vhost_alias.so\r\n# for Rewrite\r\nLoadModule rewrite_module modules\/mod_rewrite.so\r\n# for php-fpm\r\nLoadModule proxy_fcgi_module modules\/mod_proxy_fcgi.so\r\nLoadModule proxy_module modules\/mod_proxy.so\r\n# for gZip\r\nLoadModule deflate_module modules\/mod_deflate.so\r\n# for cash expire\r\nLoadModule expires_module modules\/mod_expires.so\r\n.\r\n.\r\nUser apache\r\nGroup apache\r\n.\r\n.\r\n# for cash expire\r\n<IfModule mod_expires.c>\r\n    <filesMatch \".(jpg|jpeg|png|gif|swf|js|css)$\">\r\n        ExpiresActive On\r\n        ExpiresDefault \"access plus 30 days\"\r\n    <\/filesMatch>\r\n<\/IfModule>\r\n.\r\n.\r\n<IfModule dir_module>\r\n    # index.php\u8ffd\u52a0\uff08WordPress\u306b\u5fc5\u8981\uff09\r\n    #DirectoryIndex index.html\r\n    DirectoryIndex index.html index.php\r\n<\/IfModule>\r\n.\r\n.\r\n# php\u8ffd\u52a0\r\nAddType application\/x-httpd-php .php\r\nAddType application\/x-httpd-php-source .phps\r\n.\r\n.\r\nInclude conf\/extra\/httpd-mpm.conf\r\n.\r\n.\r\n# Virtual hosts\uff08http\u7528\u3001https\u7528\u306f\u5206\u3051\u3066\u8a2d\u5b9a\u3057\u307e\u3059\uff09\r\n#Include conf\/extra\/httpd-vhosts.conf\r\nInclude conf\/extra\/httpd-vhosts-http.conf\r\nInclude conf\/extra\/httpd-vhosts-https.conf\r\n.\r\n.\r\nInclude conf\/extra\/httpd-ssl.conf\r\n-----------------------------------------\r\n:wq<\/pre>\n
mpm_event\u306e\u8a2d\u5b9a<\/p>\n
# cd extra\r\n# vi httpd-mpm.conf \r\n-----------------------------------------\r\n.\r\n.\r\n<IfModule mpm_event_module>\r\n    StartServers            2\r\n    MinSpareThreads         2\r\n    MaxSpareThreads         4\r\n    ThreadsPerChild         2\r\n    MaxRequestWorkers       4\r\n    MaxConnectionsPerChild 150\r\n<\/IfModule>\r\n.\r\n.\r\n-----------------------------------------\r\n:wq\r\n<\/pre>\n
HTTPS\u306e\u8a2d\u5b9a\u3002httpd-ssl.conf\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u8ffd\u8a18\u30fb\u4fee\u6b63\u3057\u307e\u3059\u3002\u305b\u3063\u304b\u304f\u306a\u306e\u3067\u3088\u308a\u5b89\u5168\u306aTLS 1.2\u3001TLS 1.3\u3060\u3051\u306b\u5bfe\u5fdc\u3057\u307e\u3059\u3002<\/p>\n
# vi httpd-ssl.conf\r\n-----------------------------------------\r\n.\r\n.\r\n# \u5e38\u6642SSL\r\nHeader set Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\"\r\nHeader edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure\r\nHeader always set X-Frame-Options SAMEORIGIN\r\nHeader always set X-Content-Type-Options nosniff\r\n.\r\n.\r\n# \u660e\u793a\u7684\u306bSSL\u5727\u7e2e\u3092OFF\r\nSSLCompression off\r\n.\r\n.\r\nSSLCipherSuite \"TLS_AES_256_GCM_SHA384 \\\r\nTLS_CHACHA20_POLY1305_SHA256 \\\r\nECDHE-RSA-AES128-GCM-SHA256 \\\r\nECDHE-RSA-AES256-GCM-SHA384 \\\r\nECDHE-RSA-AES256-SHA \\\r\nECDHE-RSA-AES256-SHA384 \\\r\nDHE-RSA-AES256-GCM-SHA384 \\\r\nDHE-RSA-AES256-SHA \\\r\nDHE-RSA-AES256-SHA256\"\r\n\r\nSSLProxyCipherSuite \"TLS_AES_256_GCM_SHA384 \\\r\nTLS_CHACHA20_POLY1305_SHA256 \\\r\nECDHE-RSA-AES128-GCM-SHA256 \\\r\nECDHE-RSA-AES256-GCM-SHA384 \\\r\nECDHE-RSA-AES256-SHA \\\r\nECDHE-RSA-AES256-SHA384 \\\r\nDHE-RSA-AES256-GCM-SHA384 \\\r\nDHE-RSA-AES256-SHA \\\r\nDHE-RSA-AES256-SHA256\"\r\n.\r\n.\r\nSSLProtocol all -SSLv3 -TLSv1 -TLSv1.1\r\nSSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1\r\n.\r\n.\r\n# for OCSP\r\nSSLUseStapling on\r\nSSLStaplingResponderTimeout 5\r\nSSLStaplingReturnResponderErrors off\r\nSSLStaplingCache shmcb:\/var\/run\/ocsp(128000)\r\n.\r\n.\r\n#ServerName www.example.com:443\r\n#ServerAdmin you@example.com\r\n.\r\n.\r\nSSLEngine on\r\n    #Include \/etc\/letsencrypt\/options-ssl-apache.conf\r\n    SSLCertificateFile \/etc\/letsencrypt\/live\/ji0vwl.net\/cert.pem\r\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/ji0vwl.net\/privkey.pem\r\n    SSLCertificateChainFile \/etc\/letsencrypt\/live\/ji0vwl.net\/chain.pem\r\n.\r\n.\r\n#SSLCertificateFile \"\/usr\/local\/httpd2\/conf\/server.crt\"\r\n.\r\n.\r\n#SSLCertificateKeyFile \"\/usr\/local\/httpd2\/conf\/server.key\"\r\n-----------------------------------------\r\n:wq<\/pre>\n
HTTP\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u306e\u8a2d\u5b9a<\/p>\n
# vi httpd-vhosts-http.conf\r\n-----------------------------------------\r\n<VirtualHost *:80>\r\n    DocumentRoot \/var\/www\/html\r\n    ServerName test.ji0vwl.net\r\n\r\n    <Directory \"\/var\/www\/html\/\">\r\n        Options FollowSymlinks Includes\r\n        AllowOverride All\r\n        AddType text\/html .html\r\n        Require all granted\r\n    <\/Directory>\r\n    \r\n    # HTTPS\u306b\u30ea\u30e9\u30a4\u30c8\u3059\u308b\u5834\u5408\u306f\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u89e3\u9664\r\n    #RewriteEngine on\r\n    #RewriteCond %{SERVER_NAME} =test.ji0vwl.net\r\n    #RewriteRule ^ https:\/\/%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]\r\n<\/VirtualHost>\r\n-----------------------------------------\r\n:wq<\/pre>\n
HTTPS\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u306e\u8a2d\u5b9a<\/p>\n
# vi httpd-vhosts-https.conf\r\n-----------------------------------------\r\n<IfModule mod_ssl.c>\r\n<VirtualHost *:443>\r\n    DocumentRoot \/var\/www\/html\r\n    ServerName test.ji0vwl.net\r\n    \r\n    # HTTP\/2\u6709\u52b9\u5316\uff08h2\u8ffd\u52a0\uff09\r\n    Protocols h2 http\/1.1\r\n\r\n    <Directory \"\/var\/www\/html\/\">\r\n        Options FollowSymlinks Includes\r\n        AllowOverride All\r\n        AddType text\/html .html\r\n        Require all granted\r\n    <\/Directory>\r\n\r\n    # SSL\u8a3c\u660e\u66f8\r\n    SSLCertificateFile \/etc\/letsencrypt\/live\/ji0vwl.net\/fullchain.pem\r\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/ji0vwl.net\/privkey.pem\r\n    #SSLCertificateFile \/etc\/letsencrypt\/live\/ji0vwl.net\/cert.pem\r\n    #SSLCertificateChainFile \/etc\/letsencrypt\/live\/ji0vwl.net\/chain.pem\r\n\r\n    # for gZip\u5727\u7e2e\r\n   <IfModule mod_deflate.c>\r\n       DeflateCompressionLevel 1\r\n       <IfModule mod_filter.c>\r\n        FilterDeclare COMPRESS\r\n        FilterProvider COMPRESS DEFLATE \"%{CONTENT_TYPE} =~ m#^text\/#i\"\r\n        FilterProvider COMPRESS DEFLATE \"%{CONTENT_TYPE} =~ m#^application\/(atom\\+xml|javascript|json|rss\\+xml|xml|xhtml\\+xml)#i\"\r\n        FilterProvider COMPRESS DEFLATE \"%{CONTENT_TYPE} =~ m#^image\/(svg\\+xml|vnd\\.microsoft\\.icon)#i\"\r\n        FilterChain COMPRESS\r\n        FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no\r\n       <\/IfModule>\r\n   <\/Ifmodule>\r\n    \r\n    # for dosdetector\r\n    DoSDetection on\r\n    DoSPeriod 60\r\n    DoSThreshold 250\r\n    DoSBanPeriod 60\r\n    DoSTableSize 100\r\n    RewriteEngine On\r\n    RewriteCond %{ENV:SuspectDoS} =1\r\n    RewriteRule .*  - [R=503,L]\r\n    ErrorDocument 503 \"<h1>Sorry, ji0vwl.net is busy.. Please access later.<\/h1>\"\r\n<\/VirtualHost>\r\n<\/IfModule> \r\n-----------------------------------------\r\n:wq\r\n<\/pre>\n
4. Apache 2.4.38 \u3092 httpd3.service \u306b\u767b\u9332<\/h4>\n
\u300csystemctl start httpd3\u300d\u3067\u8d77\u52d5\u3067\u304d\u308b\u3088\u3046\u306b\u3001httpd3 \u3068\u3044\u3046\u540d\u524d\u306e\u30b5\u30fc\u30d3\u30b9\u3068\u3057\u3066\u767b\u9332\u3057\u307e\u3059\u3002reload=graceful<\/a>\u52d5\u4f5c\u3067\u3059\u3002<\/p>\n
 # vi \/etc\/systemd\/system\/httpd3.service\r\n-----------------------------------------\r\n[Unit]\r\nDescription=The Apache HTTP Server\r\nAfter=network.target remote-fs.target nss-lookup.target\r\n \r\n[Service]\r\nType=forking\r\nExecStart=\/usr\/local\/httpd3\/bin\/apachectl start\r\nExecReload=\/usr\/local\/httpd3\/bin\/apachectl graceful\r\nExecStop=\/usr\/local\/httpd3\/bin\/apachectl stop\r\n \r\n[Install]\r\nWantedBy=multi-user.target\r\n-----------------------------------------\r\n:wq<\/pre>\n
# systemctl daemon-reload\r\n# systemctl list-unit-files | grep httpd3<\/pre>\n
<\/h4>\n
5. PHP 7.3.1 \u3092 \/usr\/local\/php7.3.1 \u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b<\/h4>\n
–with-apxs2=[dir]\u3067PHP\u3068Apache\u3092\u3001–with-openssl=[dir]\u3067PHP\u3068OpenSSL\u3092\u3001–with-mysql-sock=[dir]\u3067PHP\u3068mySQL\u3092\u7d50\u3073\u3064\u3051\u307e\u3059\u3002<\/p>\n
# cd \/usr\/local\/src\r\n# yum -y install libxml2-devel systemd-devel libpng-devel\r\n# wget http:\/\/jp2.php.net\/get\/php-7.3.1.tar.gz\/from\/this\/mirror -O \/usr\/local\/src\/php-7.3.1.tar.gz\r\n# tar -xvzf php-7.3.1.tar.gz\r\n# cd php-7.3.1\r\n# .\/configure \\\r\n--prefix=\/usr\/local\/php7.3.1 \\\r\n--with-apxs2=\/usr\/local\/httpd3\/bin\/apxs \\\r\n--with-openssl=\/usr\/local\/ssl \\\r\n--with-mysql-sock=\/var\/lib\/mysql\/mysql.sock \\\r\n--with-mysqli \\\r\n--with-pdo-mysql \\\r\n--enable-mbstring \\\r\n--with-gd \\\r\n--with-zlib \\\r\n--with-fpm-systemd \\\r\n--with-fpm-user=apache \\\r\n--with-fpm-group=apache \\\r\n--enable-fpm\r\n# make\r\n# make install\r\n# libtool --finish \/usr\/local\/src\/php-7.3.1\/libs<\/pre>\n
<\/h4>\n
6. httpd2\u3092\u505c\u6b62\u3057\u3001\u4eca\u5165\u308c\u305fhttpd3\u3092\u8d77\u52d5<\/h4>\n
# systemctl stop httpd2\r\n# systemctl disable httpd2\r\n# systemctl start httpd3\r\n# systemctl enable httpd3<\/pre>\n
 <\/p>\n
7. cron\u3092\u66f4\u65b0\u3057\u3066\u5b8c\u6210\uff01<\/h4>\n
\u6700\u5f8c\u306b\u3001\u5b9a\u6642\u518d\u8d77\u52d5\u3084Let’s Encrypt\u306eSSL\u8a3c\u660e\u66f8\u66f4\u65b0\u5f8c\u306ereload\u3092httpd3\u306b\u5909\u66f4\u3059\u308b\u306e\u3092\u5fd8\u308c\u305a\u306b\uff01<\/p>\n
# vi \/etc\/cron.d\/dailyjobs\r\n-------------------------------\r\n.\r\n.\r\n# run-parts\r\n30 * * * * root \/bin\/systemctl reload httpd3\r\n00 2 1 * * root \/bin\/certbot renew --force-renew --rsa-key-size 4096 --post-hook \"systemctl reload httpd3\"\r\n00 3 * * * root free -m && \/bin\/systemctl restart httpd3 && swapoff -a && swapon -a && free -m\r\n02 4 * * * root [ ! -f \/etc\/cron.hourly\/0anacron ] && run-parts \/etc\/cron.daily\r\n22 4 * * 0 root [ ! -f \/etc\/cron.hourly\/0anacron ] && run-parts \/etc\/cron.weekly\r\n42 4 1 * * root [ ! -f \/etc\/cron.hourly\/0anacron ] && run-parts \/etc\/cron.monthly\r\n.\r\n.\r\n-------------------------------\r\n:wq\r\n<\/pre>\n
# systemctl restart crond<\/pre>\n
 <\/p>\n
httpd3\u3092\u8d77\u52d5\u3057\u3066SSL Labs\u3067HTTPS\u306e\u691c\u8a3c<\/a>\u3092\u884c\u3063\u305f\u3068\u3053\u308d\u3002\u7121\u4e8b\u3001Apache 2.4.38\/OpenSSL 1.1.1a\/PHP 7.3.1<\/strong>\u306e\u74b0\u5883\u306b\u3066\u3001TLS 1.3\u306e\u5bfe\u5fdc\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\uff01
\n<\/a><\/p>\n
\"\"<\/p>\n
\"\"<\/p>\n
\"\"<\/p>\n","protected":false},"excerpt":{"rendered":"
CentOS7\u306bApache2.4.38+OpenSSL1.1.1a+PHP7.3.1\u3092\u30bd\u30fc\u30b9\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb \u5148\u65e5Apache2.4.37\u3092\u30bd\u30fc\u30b9\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u307f\u3066\u3001\u305d\u3053\u305d\u3053\u5b89\u5b9a\u7a3c\u50cd\u3059\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u304d\u307e\u3057\u305f\u304c\u3001\u6700 … \u7d9a\u304d\u3092\u8aad\u3080 Apache2.4.38 + OpenSSL1.1.1a\u3092\u30bd\u30fc\u30b9\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1894","post","type-post","status-publish","format-standard","hentry","category-server"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/posts\/1894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/comments?post=1894"}],"version-history":[{"count":0,"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/posts\/1894\/revisions"}],"wp:attachment":[{"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/media?parent=1894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/categories?post=1894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ji0vwl.net\/index.php\/wp-json\/wp\/v2\/tags?post=1894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}