SSL平行支撐的兩個端口不工作在靜態編譯Apache2的二進制

Question

我觀察了以下問題：

的Apache2是用下面的標誌編譯：

./configure \ 
    --prefix=/usr \ 
    --sysconfdir=/etc \ 
    --localstatedir=/var \ 
    --host=arm-cortexa9-linux-gnueabi \ 
    --build=i686-host-linux-gnu \ 
    --includedir=/usr/include/apache2 \ 
    --enable-ssl \ 
    --with-ssl \ 
    --enable-ssl-staticlib-deps \ 
    --enable-mods-static="headers rewrite gd log_config mime alias actions unixd access_compat authn_core authz_core cgi ssl http2" \ 
    --with-apr=/opt/PHYTEC_BSPs/PTXDist/platform-phyFLEX-i.MX6/sysroot-target/usr/bin/apr-1-config \ 
    --with-apr-util=/opt/PHYTEC_BSPs/PTXDist/platform-phyFLEX-i.MX6/sysroot-target/usr/bin/apu-1-config \ 
    BUILDCC=/usr/bin/gcc \ 
    --with-mpm=prefork 

這導致了一個二進制以下模塊編譯

Compiled in modules: 
    core.c 
    mod_authn_core.c 
    mod_authz_core.c 
    mod_access_compat.c 
    mod_so.c 
    http_core.c 
    mod_mime.c 
    mod_log_config.c 
    mod_headers.c 
    mod_ssl.c 
    mod_http2.c 
    prefork.c 
    mod_unixd.c 
    mod_cgi.c 
    mod_actions.c 
    mod_alias.c 
    mod_rewrite.c 

的ports.conf在端口443和80使得能夠收聽：

Listen 80 

<IfModule ssl_module> 
    Listen 443 
</IfModule> 

的網站最簡單的配置如下：

<VirtualHost *:443> 
    <IfModule ssl_module> 
     SSLEngine On 
     SSLCertificateFile /etc/ssl/certs/cert.crt 
     SSLCertificateKeyFile /etc/ssl/private/key.pem 
    </IfModule> 
</VirtualHost> 

我們將使用第二個端口80用於自動化重定向到HTTPS頁面。對於手頭的問題，相應的VirtualHost不是必需的。

實際上，如果從ports.conf中刪除Listen 80，則對https頁面（https://192.168.2.3:443）的請求正在工作。這意味着ssl支持已正確編譯到二進制文件中。如果均爲Listen指令存在於ports.conf中，那麼對https頁面（https://192.168.2.3:443）的請求仍然沒有響應。甚至沒有ERR_ *響應。

關於ports，apache2，ssl的幾個不同的搜索沒有幫助縮小問題的範圍。與標準apache2二進制文件相同的配置完美無瑕。增加LogLevel到debug給出了兩個afforementioned場景相同的輸出：

[ssl:info] [pid 1583025418028449792] [client 192.168.2.82:51478] AH01964: Connection to child 0 established (server localhost:443) 
[ssl:debug] [pid 9122084304870461440] ssl_engine_kernel.c(2143): [client 192.168.2.82:51478] AH02645: Server name not provided via TLS extension (using default/first virtual host) 
[ssl:debug] [pid 9122084442309416064] ssl_engine_kernel.c(2143): [client 192.168.2.82:51478] AH02645: Server name not provided via TLS extension (using default/first virtual host) 
[core:debug] [pid 4294967296] protocol.c(1893): [client 192.168.2.82:51478] AH03155: select protocol from , choices=h2,http/1.1 for server localhost 
[ssl:debug] [pid 7159351466806950200] ssl_engine_kernel.c(2042): [client 192.168.2.82:51478] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) 
[ssl:debug] [pid 3905800881399477553] ssl_engine_kernel.c(366): [client 192.168.2.82:51478] AH02034: Initial (No.1) HTTPS request received for child 0 (server localhost:443) 
[authz_core:debug] [pid 3358932565584236] mod_authz_core.c(809): [client 192.168.2.82:51478] AH01626: authorization result of Require all denied: denied 
[authz_core:debug] [pid 30064771072] mod_authz_core.c(809): [client 192.168.2.82:51478] AH01626: authorization result of <RequireAny>: denied 
[authz_core:error] [pid 30064771072] [client 192.168.2.82:51478] AH01630: client denied by server configuration: /var/www/ 
[ssl:debug] [pid 2113123909637] ssl_engine_io.c(1033): [client 192.168.2.82:51478] AH02001: Connection closed to child 0 with standard shutdown (server localhost:443) 

有沒有人，如果可能的模塊應該被添加到二進制的想法？任何幫助將非常感激。

Answer 1

set ac_cv_o_nonblock_inherited = no在APR Package的配置選項中。

Cross compiling causes multiple Listen directives to not work properly