Development Tip

Apache2에 OpenSSL 및 mod_ssl이 설치되어 있는지 확인하는 방법

yourdevel 2021. 1. 10. 19:41
반응형

Apache2에 OpenSSL 및 mod_ssl이 설치되어 있는지 확인하는 방법


OpenSSL 및 mod_ssl이 Apache2에 설치되어 있는지 확인하는 명령을 아는 사람이 있습니까?


서버에 PHP가 설치되어있는 경우 phpinfo.php라는 이름의 php 파일을 생성하고이를 추가 <?php echo phpinfo();?>한 다음 브라우저에서 파일을 열면 시스템 환경에 대한 정보가 표시되고로드 된 Apache에 대한 정보를 빠르게 찾을 수 있습니다. 모듈의 경우 결과 페이지에서 '로드 된 모듈'을 찾습니다.


서버에 PHP가 설치되어있는 경우 " extension_loaded " 기능을 사용하여 런타임에서 확인할 수 있습니다 . 다음과 같이 :

<?php
if (!extension_loaded('openssl')) {
    // no openssl extension loaded.
}
?>

일반적으로 apache2 서버를 컴파일 할 때 (또는 패키지 기능으로 설치할 때) 다음 명령을 탭하여 사용할 수있는 지시문을 확인할 수 있습니다.

~# $(which httpd) -L | grep SSL # on RHEL/CentOS/Fedora
~# $(which apache2) -L | grep SSL # on Ubuntu/Debian

SSL * 지시문이 표시되지 않으면 mod_ssl이 컴파일 된 apache2가 없음을 의미합니다.

도움이되기를 바랍니다;)


기본 Apache 설치는 서버 헤더 행 에서이 정보를 보내도록 구성됩니다 . curl 명령을 사용하여 모든 서버에 대해이를 볼 수 있습니다.

$ curl --head http://localhost/
HTTP/1.1 200 OK
Date: Fri, 04 Sep 2009 08:14:03 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8a DAV/2 PHP/5.2.6 SVN/1.5.4 proxy_html/3.0.0

다음 명령을 사용하십시오.

$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 (or similar output)

RHEL / CentOS / Fedora의 경우 :

$ httpd -t -D DUMP_MODULES | grep ssl
ssl_module (shared)

Ubuntu / Debian의 경우

$ apache2 -t -D DUMP_MODULES | grep ssl
ssl_module (shared)

SUSE 용

$ httpd2 -t -D DUMP_MODUELS | grep ssl
ssl_module (shared)

Apache 2를 사용하면 다음 명령을 실행하여 현재 HTTP 데몬에 의해로드 된 모듈을 확인할 수 있습니다.

apache2ctl -M

-M옵션은 실제로 httpd에 전달되는 매개 변수 입니다.

apache2ctl은 Apache HTTP (HyperText Transfer Protocol) 서버의 프런트 엔드입니다. 관리자가 Apache apache2 데몬의 기능을 제어 할 수 있도록 설계되었습니다.

   NOTE: The default Debian configuration requires the environment variables APACHE_RUN_USER,
   APACHE_RUN_GROUP, and APACHE_PID_FILE to be set in /etc/apache2/envvars.

   The apache2ctl script returns a 0 exit value on success, and >0 if an error  occurs.   For
   more details, view the comments in the script.

You should install this Apache mod, http://httpd.apache.org/docs/2.0/mod/mod_info.html, it basically gives you a run down of the mods you're using and the Apache settings. I have this enabled on my Apache and it gives me this info for my website,

Server Version: Apache/2.2.3 (Debian) mod_jk/1.2.18 PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8


If you just run openssl in your terminal it should present the openSSL shell. My first clue to knowing that I didn't have mode_ssl was when I got the following error after adding SSLEngine on in my virtualhost file:

Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

In centos I just had to install it via yum install mod_ssl


To determine openssl & ssl_module

# rpm -qa | grep openssl
openssl-libs-1.0.1e-42.el7.9.x86_64
openssl-1.0.1e-42.el7.9.x86_64
openssl098e-0.9.8e-29.el7.centos.2.x86_64
openssl-devel-1.0.1e-42.el7.9.x86_64

mod_ssl

# httpd -M | grep ssl

or

# rpm -qa | grep ssl

Fortunately, Most flavors of Linux have OpenSSL "out of the box".

To verify installation:

openssl version
Response:
OpenSSL 1.0.1t 3 May 2016

Note: version OpenSSL 1.0.1 through 1.0.1f (inclusive)
are vulnerable to the OpenSSL Heartbleed Bug.
Versions 1.0.1g and greater are fixed.

For additional install info:

Ubuntu/Debian
dpkg -l | grep -i openssl
Response:
ii libcrypt-openssl-random-perl 0.04-2+b1 amd64 module to access the OpenSSL pseudo-random number generator
ii libcurl3:amd64 7.38.0-4+deb8u5 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
ii libgnutls-openssl27:amd64 3.3.8-6+deb8u4 amd64 GNU TLS library - OpenSSL wrapper
ii openssl 1.0.1t-1+deb8u6 amd64 Secure Sockets Layer toolkit - cryptographic utility
ii python-ndg-httpsclient 0.3.2-1 all enhanced HTTPS support for httplib and urllib2 using PyOpenSSL
ii python-openssl 0.14-1 all Python 2 wrapper around the OpenSSL library
ii ssl-cert 1.0.35 all simple debconf wrapper for OpenSSL

Yea, OpenSSL is installed!

To install OpenSSL if you don't have it, try:

Debian/Ubuntu:
sudo apt-get install openssl

RedHat/CentOS:
yum install openssl


Just look in the ssl_engine.log in your Apache log directory where you should find something like:

[ssl:info] [pid 5963:tid 139718276048640] AH01876: mod_ssl/2.4.9 compiled against Server: Apache/2.4.9, Library: OpenSSL/1.0.1h

to verify in php command lie

 $php -i | grep openssl

Enable mod_ssl in httpd.conf and restart the apache. You will see the openssl information in error.log as below

[Fri Mar 23 15:13:38.448268 2018] [mpm_worker:notice] [pid 8891:tid 1] AH00292: Apache/2.4.29 (Unix) OpenSSL/1.0.2n configured -- resuming normal operations
[Fri Mar 23 15:13:38.448502 2018] [core:notice] [pid 8891:tid 1] AH00094: Command line: '/opt/apps/apache64/2.4.29/bin/httpd'


To find the ssl version

  1. Go to Apache bin folder in command prompt
  2. Enter these commands "openssl version"

In my case this is how I got the information:

  • find where apache logs are located, and go there, in my case:

    cd /var/log/apache2

  • find in which log openssl information can be found:

    grep -i apache.*openssl *_log

    e.g. error_log ...

  • to get fresh information, restart apache, e.g.

    rcapache2 restart # or service apache2 restart

  • check for last entries in the log, e.g.

    /var/log/apache2 # tail error_log

    [Thu Jun 09 07:42:24 2016] [notice] Apache/... (Linux/...) mod_ssl/2.2.22 OpenSSL/1.0.1t ...

ReferenceURL : https://stackoverflow.com/questions/1367545/how-to-determine-if-openssl-and-mod-ssl-are-installed-on-apache2

반응형