Page 6 of 7 FirstFirst ... 4567 LastLast
Results 101 to 120 of 127

Thread: How-to: Enable HTTP/2 in Apache/Nginx/cURL

  1. #101
    Join Date
    Apr 2009
    Posts
    2,027
    For everybody that is on CentOS, I would think it is better to wait. Because RedHat 7.4 is already released, and therefor soon CentOS 7.4 will come. And in 7.4 there is default support for ALPN https://ma.ttias.be/centos-7-4-ship-tls-1-2-alpn/

  2. #102
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    278
    I also have it running for a longer time now, so not knowing what are causing probs in CENTOS . ( at our DA box all is running OK)

    Maybe because i did install openssl 1.0 1u this way so system : opensssl -v is giving this version.
    http://forum.directadmin.com/showthr...853#post280853

    https://help.poralix.com/articles/er...-openssl-1.0.2
    Let's get it fixed!

    This is how you can fix it: you should upgrade the basic version the package to the latest available OpenSSL 1.0.1u or even newer OpenSSL 1.0.2 or OpenSSL 1.1.0.

    Here are instructions on how to update it to the latest OpenSSL 1.0.1:
    Last edited by ikkeben; 09-02-2017 at 06:00 AM.
    DUTCH GERMAN, GERMAN DUTCH

  3. #103
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    278
    Quote Originally Posted by DutchLearner View Post
    PHP is running with php-fpm. The following log shows that regular http is still being used:
    redacted - - [02/Sep/2017:10:35:44 +0100] "GET / HTTP/1.1" 200 739 "-" "Mozilla/5.0 (X11; CrOS x86_64 9592.85.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.112 Safari/537.36"

    I have Custombuild 2.0 running with php-fpm, so prefork shouldn't be running by default then anymore. See the following:

    [root@server]# httpd -V
    Server version: Apache/2.4.27 (Unix)
    Server built: Sep 2 2017 11:09:38
    Server's Module Magic Number: 20120211:68
    Server loaded: APR 1.6.2, APR-UTIL 1.6.0
    Compiled using: APR 1.6.2, APR-UTIL 1.6.0
    Architecture: 64-bit
    Server MPM: event
    threaded: yes (fixed thread count)
    forked: yes (variable process count)
    Server compiled with....
    -D APR_HAS_SENDFILE
    -D APR_HAS_MMAP
    -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
    -D APR_USE_SYSVSEM_SERIALIZE
    -D APR_USE_PTHREAD_SERIALIZE
    -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
    -D APR_HAS_OTHER_CHILD
    -D AP_HAVE_RELIABLE_PIPED_LOGS
    -D DYNAMIC_MODULE_LIMIT=256
    -D HTTPD_ROOT="/etc/httpd"
    -D HAVE_SYSTEMD
    -D SUEXEC_BIN="/usr/sbin/suexec"
    -D DEFAULT_PIDLOG="/var/logs/httpd.pid"
    -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
    -D DEFAULT_ERRORLOG="logs/error_log"
    -D AP_TYPES_CONFIG_FILE="conf/mime.types"
    -D SERVER_CONFIG_FILE="conf/httpd.conf"
    I have the same result so maybe try as in my post 1 post up to get a later system openssl version,
    ( here HTTP2 is up and running! with redhat relase Centos 7.3.1611 Core only Apache ( no NINGX)
    Latest Custombuild 2 DA

    and have this:

    Edit custom/ap2/configure.apache, find:
    Code:

    "--with-ssl=/usr" \

    Replace with:
    Code:

    "--enable-http2" \
    "--enable-ssl-staticlib-deps" \
    "--with-ssl=/usr/local/lib_http2" \
    Last edited by ikkeben; 09-02-2017 at 06:30 AM.
    DUTCH GERMAN, GERMAN DUTCH

  4. #104
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    278
    Quote Originally Posted by ditto View Post
    For everybody that is on CentOS, I would think it is better to wait. Because RedHat 7.4 is already released, and therefor soon CentOS 7.4 will come. And in 7.4 there is default support for ALPN https://ma.ttias.be/centos-7-4-ship-tls-1-2-alpn/
    http://forum.directadmin.com/showthr...889#post280889
    By the way Red Hat Enterprise Linux 7 and its derivatives including CentOS 7 will have OpenSSL 1.0.2 as a base version. It will allow to serve HTTP/2 traffic an easier way.

    Release version: 7.4
    Expected to be released on November 2017.

    Really good news, isn't it!

    Related:
    - https://bugzilla.redhat.com/show_bug.cgi?id=1276310
    - https://access.redhat.com/articles/3078
    DUTCH GERMAN, GERMAN DUTCH

  5. #105
    Join Date
    Apr 2009
    Posts
    2,027
    @ikkeben, I don't think we need to wait to november. RedHat 7.4 was released a month ago, so it should only be a matter of a week or two until CentOS 7.4 also is released.

  6. #106
    Join Date
    Jul 2016
    Posts
    26
    Quote Originally Posted by ikkeben View Post
    I have the same result so maybe try as in my post 1 post up to get a later system openssl version,
    ( here HTTP2 is up and running! with redhat relase Centos 7.3.1611 Core only Apache ( no NINGX)
    Latest Custombuild 2 DA

    and have this:
    Thanks for your response. I'm afraid that has already been done. The original tutorial was followed (and also the one on Vultr to double check). OpenSSL version 1.1.0f was installed, like the OP described. CentOS is also fully up-to-date (7.3), Custombuild 2.0, Apache and everything else that Custombuild 2.0 finds with doing a ./build update.

    Also the code replacements in custom/ap2/configure.apache have been done. Like I said, the tutorial was fully followed in the written order.

    Is there anything else to try?
    Last edited by DutchLearner; 09-02-2017 at 08:05 AM.

  7. #107
    Join Date
    Sep 2017
    Posts
    4
    Quote Originally Posted by DutchLearner View Post
    Thanks for your response. I'm afraid that has already been done. The original tutorial was followed (and also the one on Vultr to double check). OpenSSL version 1.1.0f was installed, like the OP described. CentOS is also fully up-to-date (7.3), Custombuild 2.0, Apache and everything else that Custombuild 2.0 finds with doing a ./build update.

    Also the code replacements in custom/ap2/configure.apache have been done. Like I said, the tutorial was fully followed in the written order.

    Is there anything else to try?

    Did you try the symlink?

  8. #108
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    278
    Quote Originally Posted by DutchLearner View Post
    Thanks for your response. I'm afraid that has already been done. The original tutorial was followed (and also the one on Vultr to double check). OpenSSL version 1.1.0f was installed, like the OP described. CentOS is also fully up-to-date (7.3), Custombuild 2.0, Apache and everything else that Custombuild 2.0 finds with doing a ./build update.

    Also the code replacements in custom/ap2/configure.apache have been done. Like I said, the tutorial was fully followed in the written order.

    Is there anything else to try?
    openssl version... gives at your box?

    If not the 1.0.1u then try this also
    http://forum.directadmin.com/showthr...180#post283180

    Because i have that done, not for the error but for the curlupdate probs., you never know..

    oyea f is not the latest version so take a look at newer versin then the .f same procedure only newer package!!!!!! ( i donư know wich version for now but could be k


    nono i have done with this i think
    openssl-1.0.2l.tar.gz the before version was the .k of that sorry see newest versions ftp://ftp.openssl.org/source/ the 1.1 have some more things you should taken care of i believed reading somewhere!
    Last edited by ikkeben; 09-03-2017 at 10:22 AM.
    DUTCH GERMAN, GERMAN DUTCH

  9. #109
    Join Date
    Apr 2009
    Posts
    2,027
    Update: CentOS 7.4 with ALPN support and newer OpenSSL version is now released: https://www.mail-archive.com/centos-.../msg10523.html

  10. #110
    Join Date
    Oct 2016
    Posts
    3

    Centos 7 1708 released

    Since Centos 7 1708 is now released, what are the steps for enabling http/2 on directadmin with nginx_apache?
    Any workarounds that need to be applied?

  11. #111
    Join Date
    Jul 2016
    Posts
    26
    Since CentOS 7.4 has been released, does the original tutorial change for regular Apache?

  12. #112
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    6,791
    You don't need to do any of the steps with CentOS7.4. "./build apache" or "./build nginx" will enable HTTP/2 by default, if it detects OpenSSL 1.0.2 or higher installed on the system.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  13. #113
    Join Date
    Jul 2016
    Posts
    26
    Quote Originally Posted by smtalk View Post
    You don't need to do any of the steps with CentOS7.4. "./build apache" or "./build nginx" will enable HTTP/2 by default, if it detects OpenSSL 1.0.2 or higher installed on the system.
    Thank you for your reply. Is php-fpm still required? After building Apache, the following shows at the end of the installation process:
    Apache 2.4.27 and higher will not negotiate http2 with mpm_prefork. Please do not use mod_php or disable http2 in the directadmin.conf

  14. #114
    Join Date
    Apr 2009
    Posts
    2,027
    Quote Originally Posted by smtalk View Post
    You don't need to do any of the steps with CentOS7.4. "./build apache" or "./build nginx" will enable HTTP/2 by default, if it detects OpenSSL 1.0.2 or higher installed on the system.
    But at https://www.directadmin.com/features.php?id=1884 it says: "Requires: http2=1 in the directadmin.conf."

    Can you please confirm it still is needed to have http2=1 in directadmin.conf, and that it still is needed to have pre-release of DirectAdmin 1.515?

  15. #115
    Join Date
    Apr 2009
    Posts
    2,027
    Quote Originally Posted by DutchLearner View Post
    Thank you for your reply. Is php-fpm still required? After building Apache, the following shows at the end of the installation process:
    Apache 2.4.27 and higher will not negotiate http2 with mpm_prefork. Please do not use mod_php or disable http2 in the directadmin.conf
    Apache MPM event is requered, and you don't get MPM event when you use mod_php. The message you see after recompiling Apache is also mentioned in the latest Apache announcement at https://www.apache.org/dist/httpd/Announcement2.4.html

  16. #116
    Join Date
    May 2008
    Posts
    525
    Quote Originally Posted by DutchLearner View Post
    Thank you for your reply. Is php-fpm still required? After building Apache, the following shows at the end of the installation process:
    Apache 2.4.27 and higher will not negotiate http2 with mpm_prefork. Please do not use mod_php or disable http2 in the directadmin.conf
    HTTP2 will not work with Prefork. That's not DA limitation but Apache one. You must switch to event mode (use php-fpm).

  17. #117
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    6,791
    Quote Originally Posted by ditto View Post
    But at https://www.directadmin.com/features.php?id=1884 it says: "Requires: http2=1 in the directadmin.conf."

    Can you please confirm it still is needed to have http2=1 in directadmin.conf, and that it still is needed to have pre-release of DirectAdmin 1.515?
    CustomBuild sets http2=1 automatically if it detects that OpenSSL supports ALPN extension. So, there is no need to do it. If you'd like to permanently disable http2 on your system, http2=0 needs to be set in directadmin.conf. If you already have http2=0 in directadmin.conf, CustomBuild will not change it's value. I hope it's clear
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  18. #118
    Join Date
    Apr 2009
    Posts
    2,027
    Quote Originally Posted by smtalk View Post
    CustomBuild sets http2=1 automatically if it detects that OpenSSL supports ALPN extension. So, there is no need to do it. If you'd like to permanently disable http2 on your system, http2=0 needs to be set in directadmin.conf. If you already have http2=0 in directadmin.conf, CustomBuild will not change it's value. I hope it's clear
    Thank you for the information! The only thing that is not clear for me now, is if DirectAdmin pre-release 1.515 is needed to get HTTP/2 work correct? Will HTTP/2 work correct already in current DirectAdmin version 1.514? The reason it is not clear to me is because of this guide https://www.directadmin.com/features.php?id=1884 seems to indicate it is only available in the next release 1.515?

  19. #119
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    6,791
    Ah, yes, DA 1.515 has template changes for nginx_server*.conf to enable http2 there. However, it fully works with Apache and DA 1.514.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  20. #120
    Join Date
    Oct 2016
    Posts
    3

    ALPN is not supported

    Updated Centos to 1708

    set http2=1 in directadmin.conf
    rebuilt nginx_apache

    KeyCDN HTTP/2 test results are:
    "does not support HTTP/2.0. Supported protocols: http/1.1"
    "ALPN is not supported"

    Openssl version is 1.0.2k

    am I missing a step?

Page 6 of 7 FirstFirst ... 4567 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •