How-to: Enable HTTP/2 in Apache/Nginx/cURL

SAfari only with TLS, maybe to look there if something wrong i don't know have no experience with the nginx.

Cypers that safari need...
 
Can someone confirm the following:
"I had to write this "--with-ssl=/usr/local/lib_http2/lib" "

I have CentOs 7 and I did all in 1st post but there's not all good in this instruction....

1. In apache "--with-ssl=/usr/local/lib_http2" \ I had to write this "--with-ssl=/usr/local/lib_http2/lib" \ because without this I had error
Code:
httpd[9110]: /usr/sbin/httpd: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: ...directory
systemd[1]: Failed to start The Apache HTTP Server.
 
I had this problem yesterday too. It would be nice if this fix / correction in the how-to can be confirmed.
 
I was able to find a working configuration for all browsers (safari included). Hope to help. She is working for me

My configuration is:

Centos 7
Apache 2.4.27
Nginx 1.13.3
Php 7.0.22
Build Nginx_Apache


Remove http/2 apache configuration (custom file ap2)
and empty /etc/httpd/conf/extra/httpd-includes.conf


Code:
# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Code:
# yum info openssl

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.ratiokontakt.de
* epel: mirrors.n-ix.net
* extras: mirror.de.leaseweb.net
* updates: mirror.softaculous.com
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 51.el7_2.1
Size : 1.5 M
Repo : installed
From repo : updates
Summary : Utilities from the general purpose cryptography library with TLS
: implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
: between machines. OpenSSL includes a certificate management tool
: and shared libraries which provide various cryptographic
: algorithms and protocols.


Code:
# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz
# cd openssl-1.0.2l        (make sure the downloaded version)
# ./config
# make
# make test
# make install

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

# openssl version
OpenSSL 1.0.2l  25 May 2017


Once the version is verified, we install http / 2 only for nginx


Code:
# cd /usr/local/directadmin/custombuild
# mkdir -p custom/nginx_reverse
# cp -p configure/nginx_reverse/configure.nginx custom/nginx_reverse/configure.nginx

# nano custom/nginx_reverse/configure.nginx

Add "--with-openssl=/usr/local/src/openssl-1.0.2l" \ (make sure the downloaded version)

Save and close

Code:
# ./build nginx_apache

# cd /usr/local/directadmin/data/templates/
# cp -fp nginx_server_secure.conf custom/nginx_server_secure.conf
# cp -fp nginx_server_secure_sub.conf custom/nginx_server_secure_sub.conf
# perl -pi -e 's#listen \|IP\|:\|PORT_443\| ssl#listen |IP|:|PORT_443| ssl http2#g' custom/nginx_server_secure.conf custom/nginx_server_secure_sub.conf
# cd /usr/local/directadmin/custombuild
# ./build rewrite_confs



Go to https://tools.keycdn.com/http2-test


HTTP/2 Test Result www.domain.com

Yeah! www.domain.com supports HTTP/2.0

ALPN supported.
 
Last edited:
If you are using CloudLinux, version 7.4 has been released today with OpenSSL 1.0.2k, which supports for ALPN already. So you don't need to compile manually.
 
I will wait till it is implemented in DA / custombuild by default.

I can confirm that the issue is as follows:

1) With the current guide, although the new SSL is being installed in a different dir and indeed apache is being told to look there it really doesn't
2) Thus, use the original instructions
3) Add the sym links

And that should work for the time being!
 
I can't get it to work. I've followed both this tutorial and the one on the Vultr-website multiple times, but the HTTP/2 testing-site keeps saying HTTP/2 and ALPN are not supported. I've tried it multiple times, even on fresh CentOS 7 + DirectAdmin installs. No errors, and I've read and checked every single command.

Vultr tutorial: https://www.vultr.com/docs/how-to-activate-http2-support-on-directadmin-centos

The only thing I had to do different in my own setup was change all the paths '/usr/local/lib_http2' to '/usr/local/lib_http2/lib', since the first one didn't contain the necessary OpenSSL-resources.

What am I missing?
 
read logs

mpm as prefork?

could do this with apache httpd2.4.27 not more supporting http2 with prefork mpm version so you have to switch to worker or event.

And:
It's recommended to run PHP in PHP-FPM mode
?
 
Last edited:
read logs

mpm as prefork?

could do this with apache httpd2.4.27 not more supporting http2 with prefork mpm version so you have to switch to worker or event.

And:
?
PHP is running with php-fpm. The following log shows that regular http is still being used:
redacted - - [02/Sep/2017:10:35:44 +0100] "GET / HTTP/1.1" 200 739 "-" "Mozilla/5.0 (X11; CrOS x86_64 9592.85.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.112 Safari/537.36"

I have Custombuild 2.0 running with php-fpm, so prefork shouldn't be running by default then anymore. See the following:

[root@server]# httpd -V
Server version: Apache/2.4.27 (Unix)
Server built: Sep 2 2017 11:09:38
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.6.2, APR-UTIL 1.6.0
Compiled using: APR 1.6.2, APR-UTIL 1.6.0
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/httpd"
-D HAVE_SYSTEMD
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/var/logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
 
Last edited:
Back
Top