【介绍】
mod_gnutls 是 RFC3546 中的 Server Name Indication (SNI)的一个解决方案,通过 TLS extension 达成 name-based 的 SSL 虚拟主机设定。
mod_gnutls 的开发目的类似于 mod_ssl,但它并不依赖 OpenSSL。 OpenSSL 0.9.8 已经内置这一功能,新版的Nginx也支持SNI。
【依赖】
需要安装GNUTLS:
【安装】
参考:https://mod.gnutls.org/wiki/develop
下载:https://mod.gnutls.org/downloads/
最新版本:mod_gnutls-0.8.6
wget https://mod.gnutls.org/downloads/mod_gnutls-0.8.4.tar.bz2 && tar -xjvf mod_gnutls-0.8.4.tar.bz2 && cd mod_gnutls-0.8.4 export LIBGNUTLS_CFLAGS="-I/usr/include/gnutls" LIBGNUTLS_LIBS="-L/usr/lib -lgnutls" ./configure --with-apxs=/usr/local/apache2/bin/apxs make && make install
配置信息:
Configuration summary for mod_gnutls: * mod_gnutls version: 0.8.4 * Apache Modules directory: /usr/local/apache2/modules * GnuTLS Library version: * CFLAGS for GnuTLS: -I/usr/include/gnutls * LDFLAGS for GnuTLS: -L/usr/lib -lgnutls * SRP Authentication: yes * MSVA Client Verification: no * Build documentation: no
输出:
... Libraries have been installed in: /usr/local/apache2/modules
输出:
... Libraries have been installed in: /usr/local/apache2/modules ...
编译安装完成。
【验证】
设置Apache,重启Apache之后,查看phpinfo:
... Apache Environment Variable Value HTTPS on SSL_VERSION_LIBRARY GnuTLS/3.6.5 SSL_VERSION_INTERFACE mod_gnutls/0.8.4 SSL_PROTOCOL TLS1.2 ...
【排错】
make 时报错:gnutls_cache.c:55:24: fatal error: apr_escape.h: No such file or directory
参考:https://github.com/mikkolehtisalo/mod_gllog/issues/1
参考:https://issues.jboss.org/browse/MODCLUSTER-453?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&showAll=true&_sscc=t
先编译安装apr+apr-util:http://amon.org/apr
直接拷贝 /usr/local/apr/include/apr-1/apr_escape.h 到源码目录:
cp -R /usr/local/apr/include/apr-1/apr_escape.h /root/mod_gnutls/src/
问题解决!
make check时报错:/bin/sh: pem2openpgp: command not found
参考:https://lists.gt.net/gnupg/users/64409
yum install monkeysphere
问题解决!
重启Apache,报错:undefined symbol: apr_escape_hex
httpd: Syntax error on line 36 of /usr/local/apache2/conf/httpd.conf: Cannot load modules/mod_gnutls.so into server: /usr/local/apache2/modules/mod_gnutls.so: undefined symbol: apr_escape_hex
可能原因:系统载入的apr版本和apache编译时使用的apr版本不一致,但尝试保持一致之后,问题依然不能解决。
/usr/local/apache2/bin/httpd -V
输出:
Server version: Apache/2.4.23 (Unix)
Server built: Dec 20 2016 03:07:00
Server's Module Magic Number: 20120211:61
Server loaded: APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture: 64-bit
Server MPM: worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/usr/local/apache2"
-D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
【参考】
参考:https://openrepos.net/content/inte/taskwarrior
参考:https://httpd.apache.org/docs/current/mod/mod_authn_dbm#authdbmuserfile
参考:https://www.linuxunbound.com/2011/07/using-gnutls-with-apache-httpd-2-2/
参考:https://qnalist.com/questions/6428858/users-httpd-dso-load-failed-when-using-mod-authn-dbm-for-berkeley-db
参考:https://www.experts-exchange.com/questions/21140440/mod-ssl-Cannot-open-SSLSessionCache-DBM-file
参考:https://qnalist.com/questions/986000/users-httpd-cannot-open-sslsessioncache-dbm-file
参考:http://addls.com/1%e4%b8%aaipn%e4%b8%aa%e5%9f%9f%e5%90%8dn%e4%b8%aa%e8%af%81%e4%b9%a6
参考:https://holmesian.org/linode-vps-centos-anyconnect
参考:https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/
参考:http://gnupg.10057.n7.nabble.com/GnuTLS-OpenSSL-support-for-TLS1-1-1-2-td26933
参考:https://www.linuxunbound.com/2011/07/using-gnutls-with-apache-httpd-2-2/
参考:https://sourceforge.net/p/mod-gnutls/mailman/mod-gnutls-support/
参考:http://www.outoforder.cc/projects/apache/mod_gnutls/docs/
