Page 1 of 8 123 ... LastLast
Results 1 to 20 of 159

Thread: How-to: Enable HTTP/2 in Apache/Nginx/cURL

  1. #1
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,070

    How-to: Enable HTTP/2 in Apache/Nginx/cURL

    NOTE: Do not follow this on CentOS 7.4, Debian 9, FreeBSD 11. If your OpenSSL already supports ALPN extension, CustomBuild will enable it by default on your OS!

    It's most likely that your OpenSSL does not support ALPN extension, that's why it's difficult to get HTTP/2 running with Apache. Please follow these steps to get HTTP/2 enabled with Apache:
    1) Install OpenSSL, with ALPN support:
    Code:
    wget ftp://ftp.openssl.org/source/openssl-1.0.2s.tar.gz
    tar xzf openssl-1.0.2s.tar.gz
    cd openssl-1.0.2s
    ./config --prefix=/usr/local/lib_http2 no-ssl2 no-ssl3 zlib-dynamic -fPIC
    make depend
    make install
    2) Install nghttp2:
    Code:
    cd /usr/local/directadmin/custombuild
    ./build update
    ./build nghttp2
    3) Enable http2 in Apache:
    Code:
    cd /usr/local/directadmin/custombuild
    mkdir -p custom/ap2
    cp -p configure/ap2/configure.apache custom/ap2/configure.apache
    Edit custom/ap2/configure.apache, find:
    Code:
        "--with-ssl=/usr" \
    Replace with:
    Code:
        "--enable-http2" \
        "--enable-ssl-staticlib-deps" \
        "--with-ssl=/usr/local/lib_http2" \
    Re-install apache:
    Code:
    ./build apache
    4) Configure Apache to run http2:
    Code:
    echo 'ProtocolsHonorOrder On' >> /etc/httpd/conf/extra/httpd-includes.conf
    echo 'Protocols h2 h2c http/1.1' >> /etc/httpd/conf/extra/httpd-includes.conf
    Update SSL Ciphers in /etc/httpd/conf/extra/httpd-ssl.conf:
    Code:
    cd /usr/local/directadmin/custombuild
    ./build rewrite_confs
    Restart apache now It's recommended to run PHP in PHP-FPM mode, so that PHP wouldn't be installed as a module of Apache (otherwise you might have openssl library conflict, if PHP is compiled as apache module and uses the old (OS) version of openssl).

    To enable HTTP/2 in cURL, add the following code to /usr/local/directadmin/custombuild/custom/curl/configure.curl:
    Code:
    #!/bin/sh
    perl -pi -e 's|CURL_CHECK_PKGCONFIG\(zlib\)|#CURL_CHECK_PKGCONFIG(zlib)|g' configure.ac
    LIBS="-ldl" ./configure --with-nghttp2=/usr/local --with-ssl=/usr/local/lib_http2
    And execute:
    Code:
    cd /usr/local/directadmin/custombuild
    chmod 700 custom/curl/configure.curl
    ./build curl
    To enable HTTP/2 in Nginx:
    Code:
    cd /usr/local/src/
    wget ftp://ftp.openssl.org/source/openssl-1.1.0k.tar.gz
    tar xzf openssl-1.1.0k.tar.gz
    For standalone Nginx:
    Code:
    cd /usr/local/directadmin/custombuild
    mkdir -p custom/nginx
    cp -p configure/nginx/configure.nginx custom/nginx/configure.nginx
    For Nginx_Apache:
    Code:
    cd /usr/local/directadmin/custombuild
    mkdir -p custom/nginx_reverse
    cp -p configure/nginx_reverse/configure.nginx custom/nginx_reverse/configure.nginx
    Build Nginx with statically linked OpenSSL library:
    1) Edit configure.nginx which was copied to custom/ folder
    2) Add "--with-openssl=/usr/local/src/openssl-1.1.0k" and "--with-http_v2_module" flags
    3) Run "./build nginx"
    4) Execute:
    Code:
    cd /usr/local/directadmin/data/templates/
    cp -fp nginx_server_secure.conf custom/nginx_server_secure.conf
    cp -fp nginx_server_secure_sub.conf custom/nginx_server_secure_sub.conf
    perl -pi -e 's#listen \|IP\|:\|PORT_443\| ssl#listen |IP|:|PORT_443| ssl http2#g' custom/nginx_server_secure.conf custom/nginx_server_secure_sub.conf
    cd /usr/local/directadmin/custombuild
    ./build rewrite_confs
    Last edited by smtalk; 08-22-2019 at 03:50 AM. Reason: Updated version to 1.0.2s and 1.1.0k for nginx
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  2. #2
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,099
    Tested and works.

    On FreeBSD 9, simply use openssl, nghttp2 and spdylay from ports and use "-with-ssl=/usr/local/lib"

    To test, load Chrome, hit F12, go to the Network tab, right-click on the headers, add "protocol" and refresh the page
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  3. #3
    Join Date
    Nov 2012
    Posts
    44
    Strange. I do everything and everything goes ok. But.. When i test it i hot information that protocol it's 1.1 not h2.
    CentOS
    I got apache 2.4.18
    and i got loaded (i don't know why) libssl
    # ldd /usr/local/bin/php | grep ssl
    libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f886ee7c000)
    Last edited by traskowski; 02-02-2016 at 06:01 AM.

  4. #4
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,070
    You're checking PHP binary. The how-to is for Apache, so check:
    Code:
    ldd /usr/sbin/httpd | grep ssl
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  5. #5
    Join Date
    Nov 2012
    Posts
    44
    I got the same:
    # ldd /usr/sbin/httpd | grep ssl
    libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fa624cd1000)

    And it's don't load http/2. Just http 1.1

  6. #6
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,070
    That's why, for some reason your apache uses openssl from /usr/lib64. Probably you did not remove "--with-ssl=/usr" from configure.apache.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  7. #7
    Join Date
    Nov 2012
    Posts
    44
    Offcorse i did it.. I replace it with:
    "--enable-http2" \
    "--enable-ssl-staticlib-deps" \
    "--with-ssl=/usr/local/lib_http2" \

  8. #8
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,070
    Please post the output of:
    Code:
    ls -l /usr/local/lib_http2
    ./build used_configs
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  9. #9
    Join Date
    Nov 2012
    Posts
    44
    Hi. Thanks @smtalk for help. I don't know but the system don't compile for me lib_http2. Now everything working!

  10. #10
    Join Date
    Oct 2007
    Posts
    18
    hi smtalk I follow all the steps. there is no problem when installing Openssl ver openssl-1.0.1r and apache v 2.4.18. What kind of work was going to be a problem

  11. #11
    Join Date
    Apr 2014
    Location
    Tel Aviv, IL
    Posts
    7

    Getting http/2 and php in mod_php to work (using openssl 1.0.2)

    Here is how I got the mod_php to work with http/2:

    Following scrupul0us's experience (from thread: http://forum.directadmin.com/showthr...age=3&p=270371, php compilation errors, versions indiscrepancies in phpinfo() and instability), I tried to compile the new version of openssl as a shared library (and to use that shared library only in apache and mod_php)

    Here are the changes from the original procedure:

    Building the openssl 1.0.2, and creating a shared library:
    Using the command

    Code:
    ./config --openssldir=/usr/local/lib_http2 zlib-dynamic shared
    Note that this command is different, then the suggested config command.
    It includes the "shared"" argument and it does not have the flags -no-ssl2 and -no-ssl3.
    (see openssl documentation https://wiki.openssl.org/index.php/C...d_Installation),

    These protocols (sslv2 and 3) should be removed, but it seems that mod_ssl requires at least sslv3 and I did have the instability issue as scrupul0us described without these flags (but it requires further testing, I haven't tested it it with -no-ssl2 only).

    Once the compilation of openssl 1.0.2 completed, the created shared libraries has been copied to /usr/local/lib

    Code:
    cp /usr/local/lib_http2/lib/libcrypto.so.1.0.0 /usr/local/lib
    cp /usr/local/lib_http2/lib/libssl.so.1.0.0    /usr/local/lib
    Now the custom configuration files for compiling apache at the locations, should be created (or modified)

    custom/ap/configure.apache
    and
    custom/ap/configure.php55 (your version might vary)

    Replace in custom/ap/configure.apache the phrase

    Code:
     "--with-ssl=/usr" \
    with:

    Code:
     "--enable-http2" \
     "--with-ssl=/usr/local/lib_http2" \
    (The flag --enable-ssl-staticlib-deps as used in the original guide has been removed, since we are using the shared libraries and not static libraries)

    and in the php custom configuration:
    replace the original

    Code:
    --with-openssl \
    with the following:

    Code:
     --with-openssl=/usr/local/lib_http2 \
     --with-openssl-dir=/usr/local/lib_http2 \
    (I am not sure whether the second line is required --with-openssl-dir=/usr/local/lib_http2, a line --with-open-ssl-dir does not exist in the original confiure.apache in custombuild)

    now used custombuild to build php and apache

    ./build php
    ./build apache

    (and doing all the other steps in the original guide, except with the changes described here)

    Now there is no discrepancy in phpinfo() output:

    openssl

    OpenSSL support enabled
    OpenSSL Library Version OpenSSL 1.0.2f 28 Jan 2016
    OpenSSL Header Version OpenSSL 1.0.2f 28 Jan 2016

    Without copying the .so.1.0.0 files to /usr/local/lib, an error would appear that says that libssl.so.1.0.1 cannot be found (this can be resolved using other ways such as executing setting the environment variable PHP_RPATHS to include the new library path /usr/local/lib_http2/lib before executing custombuild's./build php).

    (it seems that copying these shared library files to /usr/local/lib does not affect the system's openssl e.g. some other package will use this new openssl instead of the old but stable operaing system openssl)

  12. #12
    Join Date
    Jan 2013
    Posts
    104
    Hello SMTALK

    I run server:
    PHP 5.5 with mod_php
    opache
    zend
    webserver - apache 2.4 (last)
    mod_ruid2

    can i use this guide?
    Last edited by davidd1; 02-20-2016 at 08:35 PM.

  13. #13
    Join Date
    Apr 2014
    Location
    Tel Aviv, IL
    Posts
    7
    Quote Originally Posted by davidd1 View Post

    I run server:
    PHP 5.5 with mod_php
    opache
    zend
    webserver - apache 2.4 (last)
    mod_ruid2

    can i use this guide?
    The method I described in reply #11 worked for me with exactly the same setup: php5.5 with mod_php, opcache, zend, apache 2.4.18, mod_ruid2

  14. #14
    Join Date
    Jan 2013
    Posts
    104
    I think you should build in CustomBuild 2.0
    ./build_http2 (Or something like that)

  15. #15
    Join Date
    Mar 2016
    Posts
    2
    Quote Originally Posted by dolphi View Post
    The method I described in reply #11 worked for me with exactly the same setup: php5.5 with mod_php, opcache, zend, apache 2.4.18, mod_ruid2
    Can't you just update your server to the latest openssl version and then recompile PHP via directadmin?

    And if that doesn't work, can't you force directadmin to use openssl 1.0.2+ when it compiles PHP?

  16. #16
    Join Date
    Oct 2015
    Posts
    4
    Quote Originally Posted by smtalk View Post
    Please post the output of:
    Code:
    ls -l /usr/local/lib_http2
    ./build used_configs
    It still show http1.1

    Below is detail which i did.
    how to enable http/2? did i miss something?
    Code:
    cd /usr/local/src/
    wget ftp://ftp.openssl.org/source/openssl-1.0.2g.tar.gz
    tar xzf openssl-1.0.2g.tar.gz
    
    cd /usr/local/directadmin/custombuild
    mkdir -p custom/nginx_reverse
    cp -p configure/nginx_reverse/configure.nginx custom/nginx_reverse/configure.nginx
    
    Then, i did this:
    1) Edit configure.nginx which was copied to custom/ folder
    2) Add "--with-openssl=/usr/local/src/openssl-1.0.2g" flag
    3) Run "./build nginx" 
    
    below result of configure.nginx in custom folder.
    =================================
    #!/bin/sh
    ./configure \
            "--user=nginx" \
            "--group=nginx" \
            "--prefix=/usr" \
            "--sbin-path=/usr/sbin" \
            "--conf-path=/etc/nginx/nginx.conf" \
            "--pid-path=/var/run/nginx.pid" \
            "--http-log-path=/var/log/nginx/access_log" \
            "--error-log-path=/var/log/nginx/error_log" \
            "--with-ipv6" \
            "--without-mail_imap_module" \
            "--without-mail_smtp_module" \
            "--with-http_ssl_module" \
            "--with-http_realip_module" \
            "--with-http_stub_status_module" \
            "--with-http_gzip_static_module" \
            "--with-http_dav_module" \
            "--with-cc-opt='-D FD_SETSIZE=32768'" \
            "--with-openssl=/usr/local/src/openssl-1.0.2g"
    
    ================================

  17. #17
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,070
    Please check #4 to enable http/2 in nginx configs.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  18. #18
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    536
    Ok i must overseeing something it was the apache version

    while:
    gives latest version apache v2.4.12

    updating with
    https://help.directadmin.com/item.php?id=1

    or build update plugin script stays with apache v2.4.12 because of custom_versions. i changed that.

    you need for this http/2 manual howto here

    the :
    ProtocolsHonorOrder
    but error:
    Invalid command 'ProtocolsHonorOrder', perhaps misspelled or defined by a module not included in the server configuration

    https://httpd.apache.org/docs/trunk/mod/core.html

    You need minimal apache v2..4.17 Is here the cause of this error.

    Therefore the custom_versions updaten to newer apache

    That did it is ok now!
    Last edited by ikkeben; 04-23-2016 at 08:01 AM. Reason: apache version solved
    DUTCH GERMAN, GERMAN DUTCH

  19. #19
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    536

    While gzip is not supported in http/2 please ad howto brotli compression apache?

    Brotli compression is supported in http/2
    https://github.com/google/brotli/

    So a idee to ad manual / howto here in this thread, to install google's brotli support in apache apache directadmin custombuild.?
    https://www.keycdn.com/support/brotli-compression/

    Some partly here but not the howto for directadmin boxes apache part:
    https://lyncd.com/2015/11/brotli-support-apache/

    Also you can check/test your aplied http 2 support here:

    https://tools.keycdn.com/http2-test
    Last edited by ikkeben; 04-23-2016 at 07:36 AM.
    DUTCH GERMAN, GERMAN DUTCH

  20. #20
    Join Date
    Jul 2015
    Posts
    48
    im getting this error

    /usr/local/directadmin/custombuild/custom/nginx/configure.nginx: line 20: --with-openssl=/usr/local/src/openssl-1.0.2h: No such file or directory

Page 1 of 8 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •