How-to: Enable HTTP/2 in Apache/Nginx/cURL

[Sean510]

https://caniuse.com/#search=HTTP2 READ CAREFUL THERE

I tried it and it does not work

 

[ShinJii]

https://caniuse.com/#search=HTTP2 READ CAREFUL THERE

Hmmm ok.. but if it's even partial or not supported it shouldn't go through HTTP 1.1? If HTTP 2 is not available in browser...

 

[ikkeben]

Hmmm ok.. but if it's even partial or not supported it shouldn't go through HTTP 1.1? If HTTP 2 is not available in browser...

Please do a test your site her
https://tools.keycdn.com/http2-test

Also you can see there other sites with hhtp2 wich you can test at your Iphone.

Results?

 

[ShinJii]

Please do a test your site her
https://tools.keycdn.com/http2-test

Also you can see there other sites with hhtp2 wich you can test at your Iphone.

Results?

Yeah! XXX supports HTTP/2.0
ALPN supported.

Other sites works.... wtf?! What should I check or change? :/ I did everything like in this tutorial (1st post) nginx_apache etc.

 

[ikkeben]

SAfari only with TLS, maybe to look there if something wrong i don't know have no experience with the nginx.

Cypers that safari need...

 

[Sean510]

Facebook is seen on safari with http2. How does it work?

 

[Sean510]

Facebook works with http2. How will he work?

 

[Xenlost]

Can someone confirm the following:
"I had to write this "--with-ssl=/usr/local/lib_http2/lib" "

I have CentOs 7 and I did all in 1st post but there's not all good in this instruction....

1. In apache "--with-ssl=/usr/local/lib_http2" \ I had to write this "--with-ssl=/usr/local/lib_http2/lib" \ because without this I had error

httpd[9110]: /usr/sbin/httpd: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: ...directory
systemd[1]: Failed to start The Apache HTTP Server.

 

[Xenlost]

I had this problem yesterday too. It would be nice if this fix / correction in the how-to can be confirmed.

 

[Sean510]

Same thing also for me on apache with centos 7

 

[Sean510]

I confirm ... same problem with centos 7

 

[Yoshua]

Can someone confirm the following:
"I had to write this "--with-ssl=/usr/local/lib_http2/lib" "

I confirm ... same problem with centos 7

This can help:

Try to create these two links:

ln -s /usr/local/lib_http2/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib_http2/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

And try again build.

 

[Sean510]

I was able to find a working configuration for all browsers (safari included). Hope to help. She is working for me

My configuration is:

Centos 7
Apache 2.4.27
Nginx 1.13.3
Php 7.0.22
Build Nginx_Apache


Remove http/2 apache configuration (custom file ap2)
and empty /etc/httpd/conf/extra/httpd-includes.conf

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

# yum info openssl

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.ratiokontakt.de
* epel: mirrors.n-ix.net
* extras: mirror.de.leaseweb.net
* updates: mirror.softaculous.com
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 51.el7_2.1
Size : 1.5 M
Repo : installed
From repo : updates
Summary : Utilities from the general purpose cryptography library with TLS
: implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
: between machines. OpenSSL includes a certificate management tool
: and shared libraries which provide various cryptographic
: algorithms and protocols.

# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz
# cd openssl-1.0.2l        (make sure the downloaded version)
# ./config
# make
# make test
# make install

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

# openssl version
OpenSSL 1.0.2l  25 May 2017

Once the version is verified, we install http / 2 only for nginx

# cd /usr/local/directadmin/custombuild
# mkdir -p custom/nginx_reverse
# cp -p configure/nginx_reverse/configure.nginx custom/nginx_reverse/configure.nginx

# nano custom/nginx_reverse/configure.nginx

Add "--with-openssl=/usr/local/src/openssl-1.0.2l" \ (make sure the downloaded version)

Save and close

# ./build nginx_apache

# cd /usr/local/directadmin/data/templates/
# cp -fp nginx_server_secure.conf custom/nginx_server_secure.conf
# cp -fp nginx_server_secure_sub.conf custom/nginx_server_secure_sub.conf
# perl -pi -e 's#listen \|IP\|:\|PORT_443\| ssl#listen |IP|:|PORT_443| ssl http2#g' custom/nginx_server_secure.conf custom/nginx_server_secure_sub.conf
# cd /usr/local/directadmin/custombuild
# ./build rewrite_confs

Go to https://tools.keycdn.com/http2-test


HTTP/2 Test Result www.domain.com

Yeah! www.domain.com supports HTTP/2.0

ALPN supported.

 

[Xenlost]

Here on Apache 2.4.x, so that's not one to one comparable.

 

[Xenlost]

I will wait till it is implemented in DA / custombuild by default.

 

[gate2vn]

If you are using CloudLinux, version 7.4 has been released today with OpenSSL 1.0.2k, which supports for ALPN already. So you don't need to compile manually.

 

[alexjohn]

I will wait till it is implemented in DA / custombuild by default.

I can confirm that the issue is as follows:

1) With the current guide, although the new SSL is being installed in a different dir and indeed apache is being told to look there it really doesn't
2) Thus, use the original instructions
3) Add the sym links

And that should work for the time being!

 

[DutchLearner]

I can't get it to work. I've followed both this tutorial and the one on the Vultr-website multiple times, but the HTTP/2 testing-site keeps saying HTTP/2 and ALPN are not supported. I've tried it multiple times, even on fresh CentOS 7 + DirectAdmin installs. No errors, and I've read and checked every single command.

Vultr tutorial: https://www.vultr.com/docs/how-to-activate-http2-support-on-directadmin-centos

The only thing I had to do different in my own setup was change all the paths '/usr/local/lib_http2' to '/usr/local/lib_http2/lib', since the first one didn't contain the necessary OpenSSL-resources.

What am I missing?

 

[ikkeben]

read logs

mpm as prefork?

could do this with apache httpd2.4.27 not more supporting http2 with prefork mpm version so you have to switch to worker or event.

And:

It's recommended to run PHP in PHP-FPM mode

?

 

[DutchLearner]

read logs

mpm as prefork?

could do this with apache httpd2.4.27 not more supporting http2 with prefork mpm version so you have to switch to worker or event.

And:
?

PHP is running with php-fpm. The following log shows that regular http is still being used:
redacted - - [02/Sep/2017:10:35:44 +0100] "GET / HTTP/1.1" 200 739 "-" "Mozilla/5.0 (X11; CrOS x86_64 9592.85.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.112 Safari/537.36"

I have Custombuild 2.0 running with php-fpm, so prefork shouldn't be running by default then anymore. See the following:

[root@server]# httpd -V
Server version: Apache/2.4.27 (Unix)
Server built: Sep 2 2017 11:09:38
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.6.2, APR-UTIL 1.6.0
Compiled using: APR 1.6.2, APR-UTIL 1.6.0
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/httpd"
-D HAVE_SYSTEMD
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/var/logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"