背景
セキュリティ上の理由から、EC2で使用しているApache(httpd)を最新バージョンにアップグレードする必要がある。
httpdの現在のバージョン2.4.48から2.4.62へアップグレードする。
Apacheのセキュリティに関する情報
Reporting Security Problems with Apache - The Apache HTTP Server Project
2024年10月1日現在、Apache httpdは2.4.62が最新です。
環境
CentOS
EC2インスタンス
Apache(httpd バージョン: 2.4.48)
アプリ: Laravel10.24.0、PHP8.2.11 (これらのバージョンで動作確認を実施)
手順
1. httpdのバージョンを確認。古いバージョンなのでアップグレードを進める。
[hoge ~]$ httpd -v
Server version: Apache/2.4.48 ()
Server built: Jan 1 2020 00:00:00
2. httpdを含む3つのパッケージの更新可能なバージョンが表示されていることを確認する。
yum list updatesコマンドはyum check-updateと同一の結果になります。
[hoge ~]$ yum list updates
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core | 3.6 kB 00:00:00
296 packages excluded due to repository priority protections
Updated Packages
[省略]
httpd.x86_64 2.4.62-1.amzn2.0.2 amzn2-core
httpd-filesystem.noarch 2.4.62-1.amzn2.0.2 amzn2-core
httpd-tools.x86_64 2.4.62-1.amzn2.0.2 amzn2-core
[省略]
3. 検証環境や本番環境の場合、アプリをメンテナンスモードに切り替えておく。
[hoge ~]$ php artisan down
INFO Application is now in maintenance mode.
4. httpdを停止する。
[hoge ~]$ sudo systemctl stop httpd
[hoge ~]$ sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/httpd.service.d
└─php-fpm.conf
Active: inactive (dead) since Tue 2024-10-01 00:00:00 JST; 14s ago
Docs: man:httpd.service(8)
Process: 27209 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 5320 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
Main PID: 5320 (code=exited, status=0/SUCCESS)
Status: "Total requests: 9; Idle/Busy workers 100/0;Requests/sec: 0.13; Bytes served/sec: 201 B/sec"
Oct 01 00:00:00 ip-hoge.fuga.compute.internal systemd[1]: Starting The A...
Oct 01 00:00:00 ip-hoge.fuga.compute.internal systemd[1]: Started The Ap...
Oct 01 00:00:00 ip-hoge.fuga.compute.internal systemd[1]: Stopping The A...
Oct 01 00:00:00 ip-hoge.fuga.compute.internal systemd[1]: Stopped The Ap...
Hint: Some lines were ellipsized, use -l to show in full.
5. httpdをアップデート
[hoge ~]$ sudo yum update httpd httpd-filesystem httpd-tools -y
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core | 3.6 kB 00:00:00
296 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.48-2.amzn2 will be updated
---> Package httpd.x86_64 0:2.4.62-1.amzn2.0.2 will be an update
---> Package httpd-filesystem.noarch 0:2.4.48-2.amzn2 will be updated
---> Package httpd-filesystem.noarch 0:2.4.62-1.amzn2.0.2 will be an update
---> Package httpd-tools.x86_64 0:2.4.48-2.amzn2 will be updated
---> Package httpd-tools.x86_64 0:2.4.62-1.amzn2.0.2 will be an update
--> Processing Conflict: httpd-2.4.62-1.amzn2.0.2.x86_64 conflicts apr < 1.7.0-1
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package apr.x86_64 0:1.6.3-5.amzn2.0.2 will be updated
---> Package apr.x86_64 0:1.7.2-1.amzn2 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================
Package Arch Version Repository Size
=============================================================================================
Updating:
apr x86_64 1.7.2-1.amzn2 amzn2-core 130 k
httpd x86_64 2.4.62-1.amzn2.0.2 amzn2-core 1.4 M
httpd-filesystem noarch 2.4.62-1.amzn2.0.2 amzn2-core 25 k
httpd-tools x86_64 2.4.62-1.amzn2.0.2 amzn2-core 89 k
Transaction Summary
=============================================================================================
Upgrade 4 Packages
Total download size: 1.6 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/4): apr-1.7.2-1.amzn2.x86_64.rpm | 130 kB 00:00:00
(2/4): httpd-filesystem-2.4.62-1.amzn2.0.2.noarch.rpm | 25 kB 00:00:00
(3/4): httpd-2.4.62-1.amzn2.0.2.x86_64.rpm | 1.4 MB 00:00:00
(4/4): httpd-tools-2.4.62-1.amzn2.0.2.x86_64.rpm | 89 kB 00:00:00
---------------------------------------------------------------------------------------------
Total 8.4 MB/s | 1.6 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : apr-1.7.2-1.amzn2.x86_64 1/8
Updating : httpd-tools-2.4.62-1.amzn2.0.2.x86_64 2/8
Updating : httpd-filesystem-2.4.62-1.amzn2.0.2.noarch 3/8
Updating : httpd-2.4.62-1.amzn2.0.2.x86_64 4/8
Cleanup : httpd-2.4.48-2.amzn2.x86_64 5/8
Cleanup : httpd-tools-2.4.48-2.amzn2.x86_64 6/8
Cleanup : httpd-filesystem-2.4.48-2.amzn2.noarch 7/8
Cleanup : apr-1.6.3-5.amzn2.0.2.x86_64 8/8
Verifying : httpd-2.4.62-1.amzn2.0.2.x86_64 1/8
Verifying : apr-1.7.2-1.amzn2.x86_64 2/8
Verifying : httpd-tools-2.4.62-1.amzn2.0.2.x86_64 3/8
Verifying : httpd-filesystem-2.4.62-1.amzn2.0.2.noarch 4/8
Verifying : httpd-filesystem-2.4.48-2.amzn2.noarch 5/8
Verifying : httpd-tools-2.4.48-2.amzn2.x86_64 6/8
Verifying : apr-1.6.3-5.amzn2.0.2.x86_64 7/8
Verifying : httpd-2.4.48-2.amzn2.x86_64 8/8
Updated:
apr.x86_64 0:1.7.2-1.amzn2 httpd.x86_64 0:2.4.62-1.amzn2.0.2
httpd-filesystem.noarch 0:2.4.62-1.amzn2.0.2 httpd-tools.x86_64 0:2.4.62-1.amzn2.0.2
Complete!
6. httpdのバージョンを確認
[hoge ~]$ httpd -v
Server version: Apache/2.4.62 ()
Server built: Aug 13 2024 20:16:58
7. httpdを起動
[hoge ~]$ sudo systemctl restart httpd
[hoge ~]$ sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/httpd.service.d
└─php-fpm.conf
Active: active (running) since Tue 2024-10-01 00:00:00 JST; 5s ago
Docs: man:httpd.service(8)
Main PID: 6866 (httpd)
Status: "Processing requests..."
Memory: 52.6M
CGroup: /system.slice/httpd.service
├─6866 /usr/sbin/httpd -DFOREGROUND
├─6893 /usr/sbin/httpd -DFOREGROUND
├─6897 /usr/sbin/httpd -DFOREGROUND
├─6907 /usr/sbin/httpd -DFOREGROUND
├─6921 /usr/sbin/httpd -DFOREGROUND
├─6933 /usr/sbin/httpd -DFOREGROUND
├─6941 /usr/sbin/httpd -DFOREGROUND
├─6947 /usr/sbin/httpd -DFOREGROUND
├─6953 /usr/sbin/httpd -DFOREGROUND
├─6959 /usr/sbin/httpd -DFOREGROUND
├─6965 /usr/sbin/httpd -DFOREGROUND
├─6972 /usr/sbin/httpd -DFOREGROUND
├─6979 /usr/sbin/httpd -DFOREGROUND
├─6985 /usr/sbin/httpd -DFOREGROUND
├─6991 /usr/sbin/httpd -DFOREGROUND
├─6997 /usr/sbin/httpd -DFOREGROUND
├─6998 /usr/sbin/httpd -DFOREGROUND
├─7004 /usr/sbin/httpd -DFOREGROUND
├─7018 /usr/sbin/httpd -DFOREGROUND
├─7024 /usr/sbin/httpd -DFOREGROUND
├─7030 /usr/sbin/httpd -DFOREGROUND
├─7036 /usr/sbin/httpd -DFOREGROUND
├─7042 /usr/sbin/httpd -DFOREGROUND
├─7048 /usr/sbin/httpd -DFOREGROUND
├─7054 /usr/sbin/httpd -DFOREGROUND
└─7060 /usr/sbin/httpd -DFOREGROUND
Oct 01 00:00:00 ip-hoge.fuga.compute.internal systemd[1]: Starting The A...
Oct 01 00:00:00 ip-hoge.fuga.compute.internal systemd[1]: Started The Ap...
Hint: Some lines were ellipsized, use -l to show in full.
8. アプリのメンテナンスモードを解除
[hoge ~]$ php artisan up
INFO Application is now live.