How-to: Enable HTTP/2 in Apache/Nginx/cURL

[duntuk]

Apache 2.4.26-SVN and HTTP2 fix

Alright... Here's the long awaited Apache 2.4.26-SVN and HTTP2 fix.

Revisited this issue again on a production server, and decided Apache 2.4.26-SVN version should be stable enough by now to manually compile with Custombuild.

Anyhow...

Posted the how-to on my blog:

https://duntuk.com/how-install-svn-version-apache-using-directadmin-custombuild

Verified and works fine.

Here is the relavant portion of my /usr/local/directadmin/custombuild.conf

#PHP Settings
php1_release=7.0
php1_mode=php-fpm
php2_release=5.6
php2_mode=php-fpm
opcache=yes
htscanner=no
php_ini=no
php_timezone=UTC
php_ini_type=production
ioncube=no
zend=no
suhosin=no
x_mail_header=yes

 

[ikkeben]

Duntuk Your site

FF latest. Win10 pro

Also with FF latest stable on the home page duntuk, don't know or these are related ?

This error at bottom of the page >

Error
×
Error message

Warning: Cannot modify header information - headers already sent by (output started at /home/yourpath/public_html/includes/common.inc:2773) in drupal_send_headers() (line 1481 of /home/yourpath/public_html/includes/bootstrap.inc).
Error: Call to a member function get_name() on null in backup_migrate_schedule->run() (line 652 of /home/domains/dyourpath/includes/schedules.inc).

I don't know cause is the/your update or these errors/ probs where there before you did the update?


Duntuk after your reply i also removed this in my comment her above.
Also i see the error is gone .

 

[duntuk]

Oh, thanks for the heads up, removed the link to kakuzen.com, which I've purposely took down over a year ago, due to Non-disclosure agreements of the companies I worked for.

Other than that, everything has been running smooth after the Apache-svn update.

 

[ShinJii]

I have CentOs 7 and I did all in 1st post but there's not all good in this instruction....

1. In apache "--with-ssl=/usr/local/lib_http2" \ I had to write this "--with-ssl=/usr/local/lib_http2/lib" \ because without this I had error

httpd[9110]: /usr/sbin/httpd: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: ...directory
systemd[1]: Failed to start The Apache HTTP Server.

2. Build nginx I have

/usr/local/directadmin/custombuild/custom/nginx_reverse/configure.nginx: line 20: --with-openssl=/usr/local/src/openssl-1.1.0f: No such file or directory
/usr/local/directadmin/custombuild/custom/nginx_reverse/configure.nginx: line 21: --with-http_v2_module: command not found

But there is /usr/local/src/openssl-1.1.0f what I have to do?

# nginx -V
nginx version: nginx/1.12.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --with-ipv6 --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-cc-opt=''-D FD_SETSIZE=32768''

 

[smtalk]

2. Build nginx I have

/usr/local/directadmin/custombuild/custom/nginx_reverse/configure.nginx: line 20: --with-openssl=/usr/local/src/openssl-1.1.0f: No such file or directory
/usr/local/directadmin/custombuild/custom/nginx_reverse/configure.nginx: line 21: --with-http_v2_module: command not found

You seem to be missing '\' character at the end of lines you've added. First and last lines in the file should not contain '/'​, all the others - should.

 

[Magician]

Apache with http2 works fine.
For curl I got:
(...)
collect2: error: ld returned 1 exit status
make[2]: *** [curl] Error 1
make[2]: Leaving directory `/usr/local/directadmin/custombuild/curl-7.54.1/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/local/directadmin/custombuild/curl-7.54.1/src'
make: *** [all-recursive] Error 1

*** The make has failed, would you like to try to make again? (y,n):

Any help, please?

 

[ikkeben]

Apache with http2 works fine.
For curl I got:
(...)
collect2: error: ld returned 1 exit status
make[2]: *** [curl] Error 1
make[2]: Leaving directory `/usr/local/directadmin/custombuild/curl-7.54.1/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/local/directadmin/custombuild/curl-7.54.1/src'
make: *** [all-recursive] Error 1

*** The make has failed, would you like to try to make again? (y,n):

Any help, please?

It is late but have a look here
http://forum.directadmin.com/showthread.php?t=54756

 

[ShinJii]

You seem to be missing '\' character at the end of lines you've added. First and last lines in the file should not contain '/'​, all the others - should.

Yeah, now it works... but in my 1st point in earlier post I think you have to change this in instruction? That path in apache? Because why I have to add /lib at the end?

 

[Sean510]

Hi, how did you fix it with safari. Firefox and Chrome work smoothly. Safari does not charge anything

 

[ShinJii]

Hi, how did you fix it with safari. Firefox and Chrome work smoothly. Safari does not charge anything

Yeah, I saw yesterday my page doesn't load on Safari and I was thinking it's probably because of http/2...

 

[pppplus]

I have the error when I do :

# ./build apache
/usr/sbin/httpd: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

I've found only libssl.so.1.0.1e, not 1.1

Thanks for your help.
I'm on centos 7 64b

 

[Yoshua]

I have the error when I do :

# ./build apache
/usr/sbin/httpd: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

I've found only libssl.so.1.0.1e, not 1.1

Thanks for your help.
I'm on centos 7 64b

Could the error be due to the installed version of Openssl? look at the first post, this has been edited with the new version of openssl-1.1.0f: "Last edited by smtalk; 06-20-2017 at 09:21 PM. Reason: Updated version to 1.1.0f"

1) Install OpenSSL, with ALPN support:

wget ftp://ftp.openssl.org/source/openssl-1.1.0f.tar.gz
tar xzf openssl-1.1.0f.tar.gz
cd openssl-1.1.0f
./config --prefix=/usr/local/lib_http2 no-ssl2 no-ssl3 zlib-dynamic -fPIC
make depend
make install

After compiling this new version you should have the library in: /usr/local/lib_http2/lib/libssl.so.1.1

 

[pppplus]

Hi

Yes, I compiled with openssl-1.1.0f, as smtalk wrote in 1st post
And yes, this file is in /usr/local/lib_http2/lib/libssl.so.1.1

So, what's the better thing to avoid my error ?
move the file to /usr/sbin/httpd ?

 

[Yoshua]

Hi

Yes, I compiled with openssl-1.1.0f, as smtalk wrote in 1st post
And yes, this file is in /usr/local/lib_http2/lib/libssl.so.1.1

So, what's the better thing to avoid my error ?
move the file to /usr/sbin/httpd ?

Now try "./build apache" again.

And make sure you perform all the steps, the path is specified in step 3 by editing "configure.apache" with this line "--with-ssl=/usr/local/lib_http2".

 

[pppplus]

Thanks for your help.
But I've already done apache configuration, and tried to ./build apache

Always the same error, the file libssl.so.1.1 is not found.

 

[Yoshua]

Thanks for your help.
But I've already done apache configuration, and tried to ./build apache

Always the same error, the file libssl.so.1.1 is not found.

Try to create these two links:

ln -s /usr/local/lib_http2/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib_http2/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

And try again build.

 

[pppplus]

Thanks Yoshua.

That's ok now !

Now, just a problem to install curl with http/2
The different solutions don't work for me. Less important.

EDIT : for curl, I do : (following http://forum.directadmin.com/showthread.php?t=54756&p=280853#post280853)

cd /usr/local/directadmin/scripts/
wget https://raw.githubusercontent.com/poralix/directadmin-utils/master/openssl/openssl.install-1.0.1-primary.sh

then, I rename the file to openssl.install-1.1.0-primary.sh
I change version in the file VER = 1.1.0

Then

chmod 755 openssl.install-1.1.0-primary.sh
./openssl.install-1.1.0-primary.sh

And after, I build curl
And it works.

 

[Sean510]

Yeah, I saw yesterday my page doesn't load on Safari and I was thinking it's probably because of http/2...

The problem is http2. I've read that there are more h2 and h2c protocols. I have not found any solution

 

[ShinJii]

The problem is http2. I've read that there are more h2 and h2c protocols. I have not found any solution

But it only happens on Safari in Iphone... weird...

 

[ikkeben]

https://caniuse.com/#search=HTTP2 READ CAREFUL THERE

2 Only supports HTTP2 over TLS (https)

3 Partial support in Safari refers to being limited to OSX 10.11+