Hello.
First of all, we need to download & upgrade some apps:
1. OpenSSL (min. 1.0.2 is required to run ANPL)We will use the latest 1.0.2l version.
cd ~
mkdir installers
cd installers
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
tar -zxvf openssl-1.0.2l.tar.gz
cd openssl-1.0.2l
./config shared zlib-dynamic --prefix=/usr/local/ssl
make
make install
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
cd ..
After this you need to add the /usr/local/lib and /usr/local/ssl/lib directories to the LD_LIBRARY_PATH.
nano /etc/ld.so.conf.d/http2.conf
/usr/local/lib
/usr/local/ssl/lib
After you save it (Ctrl+X -> Yes), you need to run
ldconfig2. NGHTTP2 (needed for mod_http2)wget https://github.com/nghttp2/nghttp2/releases/download/v1.26.0/nghttp2-1.26.0.tar.gz
tar -zxvf nghttp2-1.26.0.tar.gz
cd nghttp2-1.26.0
export OPENSSL_CFLAGS="-I/usr/local/ssl/include"
export OPENSSL_LIBS="-L/usr/local/ssl/lib -lssl -lcrypto"
./configure
make
make install
cd ..
3. APRwget http://mirrors.whoishostingthis.com/apache/apr/apr-1.6.2.tar.gz
tar -zxvf apr-1.6.2.tar.gz
cd apr-1.6.2
./configure
make
make install
cd ..
4. APR-Utilwget http://mirrors.whoishostingthis.com/apache/apr/apr-util-1.6.0.tar.gz
tar -zxvf apr-util-1.6.0.tar.gz
cd apr-util-1.6.0
./configure --with-apr=/usr/local/apr
make
make install
cd ..
5. ApacheBecause of the existing vulnerabilities in anterior versions, we will use the latest one 2.4.28.
wget http://mirrors.whoishostingthis.com/apache/httpd/httpd-2.4.28.tar.gz
tar -zxvf httpd-2.4.28.tar.gz
cd httpd-2.4.28
cp -r ../apr-1.6.2 srclib/apr
cp -r ../apr-util-1.6.0 srclib/apr-util
./configure --enable-so --prefix=/usr/local/apache --with-ssl=/usr/local/ssl --enable-unique-id --enable-ssl=shared --enable-rewrite --enable-deflate --enable-suexec --with-suexec-docroot="/home" --with-suexec-caller="nobody" --with-suexec-logfile="/usr/local/apache/logs/suexec_log" --enable-asis --enable-filter --with-pcre --with-included-apr --enable-headers --enable-expires --enable-proxy --enable-rewrite --enable-userdir --enable-http2
make
make install
cd
6. Add and activate the http/2 moduleYou just have to open the apache config and add this line:
LoadModule http2_module modules/mod_http2.so
And finally turn on the http/2 protocol by adding this line to apache config (for all sites) or in ssl vhosts for the sites you want:
Protocols h2 http/1.1
Restart Apache with:
service httpd restartPossible Problems:1. Apache will not start because of the mod_security
If you had mod_security, probably you will have this error when restarting:
Starting httpd: httpd: Syntax error on line 509 of /usr/local/apache/conf/httpd.conf: Syntax error on line 5 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
To repair it, you need to recompile and install the new mod_security:
cd ~/installers
wget https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz
tar -zxvf modsecurity-2.9.2.tar.gz
cd modsecurity-2.9.2
./configure --with-apxs=/usr/local/apache/bin/apxs
make
make install
cd
After this, you run
service httpd restart and the server should start.