How to update Apache and PHP using SCL?

centos package-management repository scl
9,242

Here are my field notes for the upgrade of Apache, Python and PHP. It also includes mod_ssl, but lacks mod_security. I cannot find mod_security in the SCL.

##################################################
# https://access.redhat.com/solutions/527703
# https://www.hogarthuk.com/?q=node/15
# https://developers.redhat.com/blog/2014/03/19/permanently-enable-a-software-collection/

##################################################
# Enable SCL
##################################################
yum -y install centos-release-scl
yum-config-manager --enable rhel-server-rhscl-7-rpms

##################################################
# Python 2.7
##################################################
yum -y install python27

# Add enable-scl-python27.sh
cat /etc/profile.d/enable-scl-python27.sh
#!/usr/bin/env bash
source scl_source enable python27

##################################################
# PHP 7.1
##################################################
yum -y install rh-php71 rh-php71-php rh-php71-ssl rh-php71-php-mysqlnd

# Config at /etc/opt/rh/rh-php71/php.ini

# Add enable-scl-php71.sh
cat /etc/profile.d/enable-scl-php71.sh
#!/usr/bin/env bash
source scl_source enable rh-php71

##################################################
# Apache 2.4
##################################################
yum -y install httpd24
yum -y install httpd24-httpd-tools httpd24-mod_php httpd24-mod_ssl

# Add enable-scl-php71.sh
cat /etc/profile.d/enable-scl-httpd24.sh
#!/usr/bin/env bash
source scl_source enable httpd24

# Disable old, enable new
systemctl disable httpd.service
systemctl enable httpd24-httpd.service

# Config at /opt/rh/httpd24/root/etc/httpd/httpd.conf
#        or /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf

# Config at /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf

##################################################
# httpd-ssl-pass-dialog

# The original ssl.conf probably includes this:
# SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

# Change it to this:
# /opt/rh/httpd24/root/usr/libexec/httpd-ssl-pass-dialog

##################################################
# !!! TEST APACHE !!!
apachectl configtest

# ps -aux | egrep 'apache|http'
root      1424  0.1  1.2 319644 13376 ?        Ss   00:54   0:00 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
apache    1425  0.0  0.8 361184  8400 ?        Sl   00:54   0:00 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
...

##################################################
# Backup fresh CONF
##################################################
cp /etc/opt/rh/rh-php71/php.ini /etc/opt/rh/rh-php71/php.ini.bu
cp /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf.bu
cp /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf.bu

##################################################
# Copy old CONF to new CONF
##################################################
# Copy httpd.conf and ssl.conf from /etc/httpd to /opt/rh/httpd24/root/etc/httpd
# Change SERVER_ROOT from /etc/httpd to /opt/rh/httpd24/root/etc/httpd
# Leave DOCUMENT_ROOT unchanged. The new server can serve from the old location.
# Leave mod_ssl unchanged. The old and new mod_ssl use /etc/pki/tls/certs and /etc/pki/tls/private.
# php.ini is too different between version 5 and version 7. Manually copy the hardening.

##################################################
# Hardening
##################################################
# List unneeded functions from PHP in disable_functions
# Comment unneeded modules in /opt/rh/httpd24/root/etc/httpd/conf.modules.d

##################################################
# Important Diff's after cp
##################################################
diff /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf.bu /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
diff /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf.bu /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
Share:
9,242

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin almost 2 years

    I'm testing an upgrade of PHP using SCLs. The testing is happening on a local VM so its OK to break things as we develop a procedure. Following The SCL Repositories I was able to update Python to 2.7.13 and activate it through profiles.d/. I'm now trying to upgrade Apache and PHP.

    According to Apache Downloads the latest is Apache 2.4.29. When I attempt to update Apache with yum install httpd I am told Package httpd-2.4.6-67.el7.centos.6.x86_64 already installed and the latest. And if I use yum install httpd24 then SCL tries to install Apache 1.18.

    yum search httpd is not that helpful. It lists the packages (and sometimes notes SCL) but it lacks version numbers.

    How does one install the latest Apache and PHP when using SCL programs?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Install Apache 2.4 on CentOS using yum
Yum Cannot Retrieve Repository CentOS 6
How to add a CentOS repo, having URL of Packages
How to download a file from repo, and install it later w/o internet connection?
Which repo files can we remove after a failed Remi-Safe repo install?
Trying to install android-tools-adb and getting unable to locate package
Kubernetes installation failing - Ubuntu 16.04
warning: the following packages cannot be authenticated!
apt-get says Version was not found but it is there
Ubuntu 16.04 apt-get update fails with local repository