KAGOYACLOUD/VPSでやったことメモ その1 Apache インストール篇

estis2017/05/23 (火) 10:23 に投稿

タイプA-SSD・CentOS 7 64bit でインスタンス作成。

# yum -y groupinstall base

# yum -y groupinstall development

# cd /usr/local/src/

# wget http://ftp.meisei-u.ac.jp/mirror/apache/dist//apr/apr-1.5.2.tar.bz2
# tar xvf apr-1.5.2.tar.bz2
# cd apr-1.5.2/
# ./configure
# make
# make install

# cd ..

# wget http://ftp.meisei-u.ac.jp/mirror/apache/dist//apr/apr-util-1.5.4.tar.bz2
# tar xvf apr-util-1.5.4.tar.bz2
# cd apr-util-1.5.4/
# ./configure --with-apr=/usr/local/apr
# make
# make install

# cd ..

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.bz2
# tar xvf pcre-8.40.tar.bz2
# cd pcre-8.40
# ./configure --enable-pcre16 --enable-pcre32 --enable-utf --enable-pcregrep-libz --enable-pcregrep-libbz2

** Cannot --enable-pcregrep-libz because zlib.h was not found
と言われた。

# yum install zlib-devel

# ./configure --enable-pcre16 --enable-pcre32 --enable-utf --enable-pcregrep-libz --enable-pcregrep-libbz2

今度は、
** Cannot --enable-pcregrep-libbz2 because bzlib.h was not found
と言われる。

# yum install bzip2-devel

# ./configure --enable-pcre16 --enable-pcre32 --enable-utf --enable-pcregrep-libz --enable-pcregrep-libbz2

pcre-8.40 configuration summary:

    Install prefix .................. : /usr/local
    C preprocessor .................. : gcc -E
    C compiler ...................... : gcc
    C++ preprocessor ................ : g++ -E
    C++ compiler .................... : g++
    Linker .......................... : /usr/bin/ld -m elf_x86_64
    C preprocessor flags ............ : 
    C compiler flags ................ : -g -O2 -fvisibility=hidden
    C++ compiler flags .............. : -O2 -fvisibility=hidden -fvisibility-inlines-hidden
    Linker flags .................... : 
    Extra libraries ................. : 

    Build 8 bit pcre library ........ : yes
    Build 16 bit pcre library ....... : yes
    Build 32 bit pcre library ....... : yes
    Build C++ library ............... : yes
    Enable JIT compiling support .... : no
    Enable UTF-8/16/32 support ...... : yes
    Unicode properties .............. : no
    Newline char/sequence ........... : lf
    \R matches only ANYCRLF ......... : no
    EBCDIC coding ................... : no
    EBCDIC code for NL .............. : n/a
    Rebuild char tables ............. : no
    Use stack recursion ............. : yes
    POSIX mem threshold ............. : 10
    Internal link size .............. : 2
    Nested parentheses limit ........ : 250
    Match limit ..................... : 10000000
    Match limit recursion ........... : MATCH_LIMIT
    Build shared libs ............... : yes
    Build static libs ............... : yes
    Use JIT in pcregrep ............. : no
    Buffer size for pcregrep ........ : 20480
    Link pcregrep with libz ......... : yes
    Link pcregrep with libbz2 ....... : yes
    Link pcretest with libedit ...... : no
    Link pcretest with libreadline .. : no
    Valgrind support ................ : no
    Code coverage ................... : no

通った。

# make
# make install

# cd ..

# wget http://ftp.kddilabs.jp/infosystems/apache//httpd/httpd-2.4.25.tar.gz
# tar xvf httpd-2.4.25.tar.gz
# cd httpd-2.4.25
# ./configure --enable-mods-shared=all --with-apr=/usr/local/apr --enable-ssl --enable-http2 --enable-so

checking for OpenSSL version >= 0.9.8a... FAILED
configure: WARNING: OpenSSL version is too old
no
checking whether to enable mod_ssl... configure: error: mod_ssl has been requested but can not be built due to prerequisite failures
と言われる。

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

そんなことないので、openssl-devel をインストールする。

# yum install openssl-devel
# ./configure --enable-mods-shared=all --with-apr=/usr/local/apr --enable-ssl --enable-http2 --enable-so

今度は、
checking for nghttp2... checking for user-provided nghttp2 base directory... none
checking for pkg-config along ... checking for nghttp2 version >= 1.2.1... FAILED
configure: WARNING: nghttp2 version is too old
no
checking whether to enable mod_http2... configure: error: mod_http2 has been requested but can not be built due to prerequisite failures

Nghttp2 のインストールを忘れていた。

# yum install libev-devel c-ares-devel

# cd ..

# wget https://github.com/nghttp2/nghttp2/releases/download/v1.22.0/nghttp2-1.22.0.tar.xz
# tar xvf nghttp2-1.22.0.tar.xz
# cd nghttp2-1.22.0
# ./configure

こんなWANING が出る。

configure: WARNING:
  Could not link test program to Python. Maybe the main Python library has been
  installed in some non-standard library path. If so, pass it to configure,
  via the LDFLAGS environment variable.
  Example: ./configure LDFLAGS="-L/usr/non-standard-path/python/lib"
  ============================================================================
   ERROR!
   You probably have to install the development version of the Python package
   for your distribution.  The exact name of this package varies among them.
  ============================================================================

気になるので、python-devel インストール。

# yum install python-devel
# ./configure

WARNING 消えたので、

# make
# make install

# cd ../httpd-2.4.25
# ./configure --enable-mods-shared=all --with-apr=/usr/local/apr --enable-ssl --enable-http2 --enable-so

configure: summary of build options:

    Server Version: 2.4.25
    Install prefix: /usr/local/apache2
    C compiler:     gcc -std=gnu99
    CFLAGS:          -g -O2 -pthread
    LDFLAGS:         
    LIBS:           
    CPPFLAGS:        -DLINUX -D_REENTRANT -D_GNU_SOURCE
    C preprocessor: gcc -E

ようやく通った。

# make
# make install

# /usr/local/apache2/bin/httpd -v
Server version: Apache/2.4.25 (Unix)
Server built:   May 23 2017 10:12:23
# /usr/local/apache2/bin/apachectl -k start
httpd (pid 10273) already running

既にうごいているらしい。

# curl 127.0.0.1
<html><body><h1>It works!</h1></body></html>

このサーバーは、デフォルトで、iptables によるアクセス制限が設定されている。

# iptables -vnL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   32  2288 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 16 packets, 2016 bytes)
 pkts bytes target     prot opt in     out     source               destination

ので、80番ポートを空ける。

# iptables -A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
 
 # iptables -vnL
Chain INPUT (policy DROP 1 packets, 40 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  198 14715 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
    3   192 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:80

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 43 packets, 5302 bytes)
 pkts bytes target     prot opt in     out     source               destination 
 
 # iptables-save > /etc/sysconfig/iptables