We are trying to run simplesamlphp as an SP on RedHat Linux 7. The code is failing with a HP Fatal error:
Call to undefined function mcrypt_module_open().
simplesamlphp uses xmlseclibs 1.3.1, which in turn uses mcrypt, and mcrypt is not supported on RedHat Linux 7. Has anyone found a way to get around this problem? Is this a version of xmlseclibs that does not use mcrypt, or a version of simplesamlphp that does not use xmlseclibs?
You should be able to install the php-mcrypt extension from the Fedora project repo:
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/php-mcrypt-5.3.3-1.el6.x86_64.rpm
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-2.5.8-9.el6.x86_64.rpm
Check the versions available, above is just an example.
As a note, SimpleSAMLphp requires mcrypt for encrypting assertions only. See SimpleSAMLphp prerequisites:
https://simplesamlphp.org/docs/1.5/simplesamlphp-install#section_3
I cant answer your question completely but we are also trying to get simplesamlphp to work on RedHat7. No luck. We have to install php56 or we have issues. In order to get php56 to work with provided Apache in RedHat7 I had to get it from here: http://developers.redhat.com/products/softwarecollections/get-started-rhel7-php/ and hack the default php.conf under /etc/http/conf.d/ to look like this.
#<FilesMatch \.php$>
# SetHandler application/x-httpd-php
#</FilesMatch>
# Redirect to local php-fpm is mod_php not available
<IfModule !mod_php5.c>
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
</IfModule>
#
I currently have the simplesaml web page working again but under the configuration tab of simplesamlphp I see I no longer have MCrypt or MySQL support or LDAP Extension working. I had to have everything working in order for simplesaml to work kinda. We had issues that they say are fixed if we run php56. I did try to remove all default RedHat7 php and downloaded php56 from https://webtatic.com/packages/php56/ and had simplesaml working like it should but I just don't trust third party software builds for the production systems.
Hope this helps someone.
Related
I am trying to compile ModSecurity for the Nginx OSS web server. I have followed all of the instructions from their "Quick Start Guide", but am running into an issue. After linking up the new module, the config test fails.
Error output from /var/log/nginx/error.log is:
2018/02/10 00:47:51 [emerg] 6026#6026: module "/usr/share/nginx/modules/ngx_http_modsecurity_module.so" is not binary compatible in /etc/nginx/modules-enabled/50-mod-http-modsecurity.conf:1
originally the dynamic module was compiled with
sh
./configure --with-compat --add-dynamic-module=../ModSecurity-nginx
but this results in the error.
from what I've read, I need to compile the module with identical options as the existing Nginx instance.
I found the current options using nginx -V, and then re-ran the ./configure using all of the output options, but this gives the same error.
Can anyone point me down the right path here?
Thanks for any help.
UPDATE 10/29/18
It seems the original binary also needs to be compiled with the --with-compat flag. I have submitted a bug report on the issue that can be found here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897926
Maybe it can get some traction.
I had a similar issue. I was using Nginx 1.10.3 which is the default for Debian Stretch. This version does not seem to work with the latest Nginx ModSecurity connector.
I removed the default Nginx version and installed the latest stable Nginx from http://nginx.org/en/linux_packages.html. After that I was able to install and load the ModSecurity module for Nginx without problems. I followed this guide: https://www.linuxjournal.com/content/modsecurity-and-nginx for installing the ModSecurity module for Nginx.
The latest stable version of Nginx which is 1.14.2 supports the --with-compat flag. When compiling Nginx source code make sure to use the same compiler options that were used with your running Nginx. To find out which compile time options were used to build your currently running Nginx, run the command: nginx -V
when i'm entering the domain-name or IP on the browser for setup of magento2, then its shows me this error.
please check htaccess file. Rename htaccess file then again check.
check your php install or not. If installed then check its version beacuse magento 2.0 version working on 7.0.2 php.
check here requirement
I have installed Nginx in our redhat machine using rpm. Now we want to add nginx-rtmp module, but inorder to add new module as per the document i need to build it by downloading the tar ball. Does it mean that i have to remove the rpm and install it as per the document.
Ref: https://github.com/arut/nginx-rtmp-module/wiki/Getting-started-with-nginx-rtmp
./configure --add-module=/usr/build/nginx-rtmp-module
make
make install
With nginx 1.9.11, it's not necessary to recompile the server, as they added support for dynamic modules. Take a look here:
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/
Unlike Apache, all modules, including the 3rd party modules, are going to be compiled into nginx. So every time you want to add a new module, you have to recompile nginx.
So yes, you have to install it as per the document. There is no much value of keeping 2 nginx runtimes on the same server any way. So you may also want to remove the previous nginx.
I had a similar problem where the auth-pam module broke after an upgrade. Here's what fixed it for me (debian stretch/sid, nginx 1.10.2):
apt install libnginx-mod-http-auth-pam
ln -s /usr/share/nginx/modules-available/mod-http-auth-pam.conf /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf
The config file contains a single “load_module” directive which tells nginx to dynamically load the module on startup. As jekennedy mentioned, this would only apply to newer versions of nginx that support dynamic module loading.
Yes, you have to uninstall nginx (installed via rpm) and re-install it according to the mentioned document that is from source file. There are some disadvantages of installing nginx using source, like you cannot use nginx as a service. Here, you can find instructions to do same thing with all the functionalities you get while installing nginx using OS-respective packages.
Following the steps in this post from the nginx blog page called "Compilation of Dynamic Modules for NGINX Plus", i could compiled the RTMP módule, downloading the nginx-rtmp-module from Github and import it on my webserver.
Regards.
I've got a VPS setup with Nginx & PHP5-FPM.
Being fairly new to unix, VPS etc... it took me ages to get the setup I wanted.
However Now I want to be able to install some extensions onto PHP without haveing to rebuild the entire thing. For example. Is there a way to install the php_tidy extension on an existing PHP setup?
You can compile an extensions as a shared library. Then you just have to declare your module in the php.ini.
There is a description at php.net for phpize.
Performance differences between a module and a full compilation are discussed here.
Check out the documentation at http://pecl.php.net/ on how to install PHP extensions.
It's usually as easy as running a command such as
pecl install tidy
I've followed the instructions for installing phusion passenger with nginx in ubuntu. I had some issues while installing since I use rvm and I had to install as root and the installer was failing to find rake so i temporarily chmoded /opt to be owned by my user and after installation I resetted ownership to root. I can see nginx welcome page but when I try to visit a sinatra app I get forbidden, the virtual host is pointed to the sinatra app public dir and the permissions for the whole app are 777.
Try Passenger 3. It automatically detects most permission problems and tells you how to fix them.
If this is for a production system, you really don't need the flexibility of RVM as you should be using a single stable version of Ruby and Rails for Phusion. Install the version you need, using Aptitude if that version is available, and be done with it.
Because this is the page that Google brought me to for my issue, which isn't a Passenger issue, but a Nginx reverse-proxy issue, you need to add the line
disable :protection
somewhere in your sinatra app. I have mine at the very end, outside any method (in global scope).
Well my mistake was not using rvmsudo to install nginx with passenger, instructions here: http://rvm.io/integration/passenger/.