在幸狐RV1106板子上用gcc14.2本地编译安装apache2.4.63,开启http2和tls1.3,并且https支持XP系统的IE6-8浏览器

幸狐RV1106开发板从SD卡启动自己的busybox1.36.1根文件系统:https://blog.csdn.net/ZLK1214/article/details/149076266

在fedora42虚拟机上用arm-gnu-toolchain-14.2交叉编译器编译gcc14.2、gdb14.2和make4.4,得到gcc本地编译器,然后在幸狐rv1106开发板上运行:https://blog.csdn.net/ZLK1214/article/details/149076762

请注意一定要设置C_INCLUDE_PATH=/usr/include环境变量,否则编译会失败。

bash 复制代码
make[3]: Entering directory '/root/software/httpd-2.4.59/srclib/apr'
/bin/sh /root/software/httpd-2.4.59/srclib/apr/libtool --silent --mode=compile --tag=CC gcc -g -O2   -DHAVE_CONFIG_H  -DLINUX -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE   -I./include -I/root/software/httpd-2.4.59/srclib/apr/include/arch/unix -I./include/arch/unix -I/root/software/httpd-2.4.59/srclib/apr/include/arch/unix -I/root/software/httpd-2.4.59/srclib/apr/include -I/root/software/httpd-2.4.59/srclib/apr/include/private -I/root/software/httpd-2.4.59/srclib/apr/include/private  -o encoding/apr_encode.lo -c encoding/apr_encode.c && touch encoding/apr_encode.lo
In file included from ./include/apr_encode.h:24,
                 from encoding/apr_encode.c:28:
./include/apr.h:632:2: error: #error no decision has been made on APR_PATH_MAX for your platform
  632 | #error no decision has been made on APR_PATH_MAX for your platform
      |  ^~~~~
make[3]: *** [/root/software/httpd-2.4.59/srclib/apr/build/apr_rules.mk:207: encoding/apr_encode.lo] Error 1
make[3]: Leaving directory '/root/software/httpd-2.4.59/srclib/apr'
make[2]: *** [/root/software/httpd-2.4.59/srclib/apr/build/apr_rules.mk:119: all-recursive] Error 1
make[2]: Leaving directory '/root/software/httpd-2.4.59/srclib/apr'
make[1]: *** [/root/software/httpd-2.4.59/build/rules.mk:75: all-recursive] Error 1
make[1]: Leaving directory '/root/software/httpd-2.4.59/srclib'
make: *** [/root/software/httpd-2.4.59/build/rules.mk:75: all-recursive] Error 1 

【参考文章】Ubuntu14.04安装2024年最新版apache-2.4.59+openssl-1.1.1w+php-8.3.6,并启用https和HTTP2,且XP系统下的IE6和IE8能正常访问https:Ubuntu14.04安装2024年最新版apache-2.4.59+openssl-1.1.1w+php-8.3.6,并启用https和HTTP2,且XP系统下的IE6和IE8能正常访问https_php-8.3.6编译安装-CSDN博客

工作目录:

mkdir -p /root/software/apache

cd /root/software/apache

【源码编译安装openssl-1.1.1w】

之前做busybox根文件系统,弄wifi的时候已经编译安装好了。

(编译时记得设置enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers选项,这样才能让https支持XP系统的IE6-8浏览器)

【源码编译安装nghttp2-1.66.0(不需要绑定openssl)】

bash 复制代码
​wget https://github.com/nghttp2/nghttp2/releases/download/v1.66.0/nghttp2-1.66.0.tar.gz --no-check-certificate
tar xf nghttp2-1.66.0.tar.gz
cd nghttp2-1.66.0
./configure --prefix=/opt/nghttp2-1.66.0 --enable-shared
make
make install
cd ..

【编译安装apache前所需的软件包】

在板子上编译安装pcre2-10.45软件包:

bash 复制代码
wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.45/pcre2-10.45.tar.bz2 --no-check-certificate
tar xf pcre2-10.45.tar.bz2
cd pcre2-10.45
./configure
make
make install
ldconfig
cd ..

在板子上编译安装zlib-1.3.1软件包:

bash 复制代码
wget https://www.zlib.net/zlib-1.3.1.tar.gz --no-check-certificate
tar xf zlib-1.3.1.tar.gz
cd zlib-1.3.1
./configure
make
make install
ldconfig
cd ..

在板子上编译安装expat-2.7.1软件包:

bash 复制代码
wget https://github.com/libexpat/libexpat/releases/download/R_2_7_1/expat-2.7.1.tar.gz --no-check-certificate
tar xf expat-2.7.1.tar.gz
cd expat-2.7.1
./configure
make
make install
ldconfig
cd ..

在板子上编译安装perl-5.40.2软件包:

bash 复制代码
wget https://www.cpan.org/src/5.0/perl-5.40.2.tar.gz --no-check-certificate
tar xf perl-5.40.2.tar.gz
cd perl-5.40.2
./configure.gnu
make
make install
ldconfig
cd ..

在板子上编译安装libxcrypt-4.4.38软件包:

bash 复制代码
wget https://github.com/besser82/libxcrypt/releases/download/v4.4.38/libxcrypt-4.4.38.tar.xz --no-check-certificate
tar xf libxcrypt-4.4.38.tar.xz
cd libxcrypt-4.4.38
./configure
make
make install
ldconfig
cd ..

【源码编译安装apache-2.4.63】

bash 复制代码
wget https://dlcdn.apache.org/httpd/httpd-2.4.63.tar.gz --no-check-certificate
tar xf httpd-2.4.63.tar.gz
cd httpd-2.4.63/srclib
wget https://dlcdn.apache.org/apr/apr-1.7.6.tar.gz --no-check-certificate
tar xf apr-1.7.6.tar.gz
mv apr-1.7.6 apr
wget https://dlcdn.apache.org/apr/apr-util-1.6.3.tar.gz --no-check-certificate
tar xf apr-util-1.6.3.tar.gz
mv apr-util-1.6.3 apr-util
cd ..
./configure --prefix=/opt/httpd-2.4.63 --enable-deflate --enable-expires --enable-mpms-shared=all --with-mpm=event --enable-rewrite --enable-so --with-included-apr --enable-ssl --enable-modules=most --enable-mods-shared=all --enable-http2 --with-nghttp2=/opt/nghttp2-1.66.0
make
make install
cd ..

关闭busybox自带的http服务器:

ps aux | grep httpd

83 root 0:00 httpd -h /var/www/html

344 root 0:00 grep httpd

kill -9 83

添加daemon用户和组:

(系统用户,且不可登录。-S表示编号从100开始)

addgroup -S daemon

adduser -G daemon -SDH daemon

启动apache服务器:/opt/httpd-2.4.63/bin/apachectl start

重启apache服务器:/opt/httpd-2.4.63/bin/apachectl restart

停止apache服务器:/opt/httpd-2.4.63/bin/apachectl stop

【生成sha1签名的https证书】

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha1 -keyout /opt/httpd-2.4.63/conf/server.key -out /opt/httpd-2.4.63/conf/server.crt

下面的内容不用填,直接按回车键就行了。

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:

Email Address []:

提示:sha1证书的兼容性好,完美支持原版win2000sp4系统的ie5和ie6浏览器,以及xp sp2和sp3系统的ie6-8浏览器。

但现在市场上销售的一般是sha256证书,xp sp3的ie6-8可以直接访问,但64位xp sp2需要安装KB968730补丁后ie6-8才能访问。

win2000sp4的ie5不支持sha256证书,访问https会无法显示网页。

win2000sp4的ie6要安装黑翼猫扩展内核后,才能访问使用了sha256证书的https网站。

【apache服务器启用https】

vi /opt/httpd-2.4.63/conf/httpd.conf

取消注释LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

取消注释LoadModule ssl_module modules/mod_ssl.so

取消注释Include conf/extra/httpd-ssl.conf

vi /opt/httpd-2.4.63/conf/extra/httpd-ssl.conf

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

修改为

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4

SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3

修改为

SSLProtocol all

SSLProxyProtocol all

(-SSLv3前面的减号表示禁止的意思,禁用了SSLv3的话IE6就打不开https网站了)

另外还要正确配置SSLCertificateFile和SSLCertificateKeyFile(https证书文件)。

如:

SSLCertificateFile /home/xxx/certificate/xxx.com.crt

SSLCertificateKeyFile /home/xxx/certificate/xxx.com.key

测试配置是否正确:/opt/httpd-2.4.63/bin/httpd -t(输出Syntax OK表示配置正确)

重启:/opt/httpd-2.4.63/bin/apachectl restart

经检验,IE6、IE8、edge、firefox均能正常访问https。

【apache服务器启用http2】

vi /opt/httpd-2.4.63/conf/httpd.conf

取消注释LoadModule http2_module modules/mod_http2.so

在文件末尾添加:

Protocols h2 http/1.1

LogLevel http2:info

重启:/opt/httpd-2.4.63/bin/apachectl restart

经检验,XP系统下的firefox52.9esr可以正常通过HTTP/2访问https,且不影响IE6-8的http/1.1访问。

XP系统下用mypal68浏览器访问https,采用的是tls1.3协议。

chrome49:

firefox52.9esr:

mypal68.14.4b:

supermium124:

手机edge浏览器:

资源占用情况:

bash 复制代码
[root@luckfox-rv1106 ~/software/lamp]# ps aux | grep httpd
  379 root      0:00 /opt/httpd-2.4.63/bin/httpd -k start
  584 daemon    0:00 /opt/httpd-2.4.63/bin/httpd -k start
  585 daemon    0:00 /opt/httpd-2.4.63/bin/httpd -k start
  586 daemon    0:00 /opt/httpd-2.4.63/bin/httpd -k start
  743 daemon    0:01 /opt/httpd-2.4.63/bin/httpd -k start
  806 root      0:00 grep httpd
[root@luckfox-rv1106 ~/software/lamp]# free -h
              total        used        free      shared  buff/cache   available
Mem:         215.4M       23.4M        4.4M      472.0K      187.6M      184.2M
Swap:             0           0           0
[root@luckfox-rv1106 ~/software/lamp]#

开机自动启动apache服务器:

vi /etc/init.d/rcS

删除里面的httpd -h /var/www/html语句

添加/opt/httpd-2.4.63/bin/apachectl start


Windows 2000 SP4的IE5浏览器访问https:

(服务器必须采用sha1签名的https证书)

Windows 2000 SP4(未安装黑翼猫扩展内核)的IE6浏览器访问https:

(服务器必须采用sha1签名的https证书)

Vista的IE8浏览器:


在幸狐RV1106板子上用gcc14.2本地编译安装php-8.4.8:https://blog.csdn.net/ZLK1214/article/details/149077324

在幸狐RV1106开发板上用gcc14.2本地编译安装postgresql17.5数据库:https://blog.csdn.net/ZLK1214/article/details/149030585