How-to: Enable HTTP/2 in Apache/Nginx/cURL

ikkeben

Verified User
Joined
May 22, 2014
Messages
642
Location
Netherlands Germany
SAfari only with TLS, maybe to look there if something wrong i don't know have no experience with the nginx.

Cypers that safari need...
 

Xenlost

New member
Joined
Aug 10, 2017
Messages
7
Can someone confirm the following:
"I had to write this "--with-ssl=/usr/local/lib_http2/lib" "

I have CentOs 7 and I did all in 1st post but there's not all good in this instruction....

1. In apache "--with-ssl=/usr/local/lib_http2" \ I had to write this "--with-ssl=/usr/local/lib_http2/lib" \ because without this I had error
Code:
httpd[9110]: /usr/sbin/httpd: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: ...directory
systemd[1]: Failed to start The Apache HTTP Server.
 

Xenlost

New member
Joined
Aug 10, 2017
Messages
7
I had this problem yesterday too. It would be nice if this fix / correction in the how-to can be confirmed.
 

Yoshua

Verified User
Joined
Apr 9, 2007
Messages
70
Location
Spain

Sean510

Verified User
Joined
Dec 1, 2016
Messages
10
I was able to find a working configuration for all browsers (safari included). Hope to help. She is working for me

My configuration is:

Centos 7
Apache 2.4.27
Nginx 1.13.3
Php 7.0.22
Build Nginx_Apache


Remove http/2 apache configuration (custom file ap2)
and empty /etc/httpd/conf/extra/httpd-includes.conf


Code:
# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
Code:
# yum info openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.ratiokontakt.de
* epel: mirrors.n-ix.net
* extras: mirror.de.leaseweb.net
* updates: mirror.softaculous.com
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 51.el7_2.1
Size : 1.5 M
Repo : installed
From repo : updates
Summary : Utilities from the general purpose cryptography library with TLS
: implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
: between machines. OpenSSL includes a certificate management tool
: and shared libraries which provide various cryptographic
: algorithms and protocols.


Code:
# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz
# cd openssl-1.0.2l        (make sure the downloaded version)
# ./config
# make
# make test
# make install

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

# openssl version
OpenSSL 1.0.2l  25 May 2017

Once the version is verified, we install http / 2 only for nginx


Code:
# cd /usr/local/directadmin/custombuild
# mkdir -p custom/nginx_reverse
# cp -p configure/nginx_reverse/configure.nginx custom/nginx_reverse/configure.nginx

# nano custom/nginx_reverse/configure.nginx
Add "--with-openssl=/usr/local/src/openssl-1.0.2l" \ (make sure the downloaded version)

Save and close

Code:
# ./build nginx_apache

# cd /usr/local/directadmin/data/templates/
# cp -fp nginx_server_secure.conf custom/nginx_server_secure.conf
# cp -fp nginx_server_secure_sub.conf custom/nginx_server_secure_sub.conf
# perl -pi -e 's#listen \|IP\|:\|PORT_443\| ssl#listen |IP|:|PORT_443| ssl http2#g' custom/nginx_server_secure.conf custom/nginx_server_secure_sub.conf
# cd /usr/local/directadmin/custombuild
# ./build rewrite_confs


Go to https://tools.keycdn.com/http2-test


HTTP/2 Test Result www.domain.com

Yeah! www.domain.com supports HTTP/2.0

ALPN supported.
 
Last edited:

gate2vn

Verified User
Joined
Nov 9, 2004
Messages
298
If you are using CloudLinux, version 7.4 has been released today with OpenSSL 1.0.2k, which supports for ALPN already. So you don't need to compile manually.
 

alexjohn

New member
Joined
Sep 1, 2017
Messages
4
I will wait till it is implemented in DA / custombuild by default.
I can confirm that the issue is as follows:

1) With the current guide, although the new SSL is being installed in a different dir and indeed apache is being told to look there it really doesn't
2) Thus, use the original instructions
3) Add the sym links

And that should work for the time being!
 

DutchLearner

Verified User
Joined
Jul 30, 2016
Messages
26
I can't get it to work. I've followed both this tutorial and the one on the Vultr-website multiple times, but the HTTP/2 testing-site keeps saying HTTP/2 and ALPN are not supported. I've tried it multiple times, even on fresh CentOS 7 + DirectAdmin installs. No errors, and I've read and checked every single command.

Vultr tutorial: https://www.vultr.com/docs/how-to-activate-http2-support-on-directadmin-centos

The only thing I had to do different in my own setup was change all the paths '/usr/local/lib_http2' to '/usr/local/lib_http2/lib', since the first one didn't contain the necessary OpenSSL-resources.

What am I missing?
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
642
Location
Netherlands Germany
read logs

mpm as prefork?

could do this with apache httpd2.4.27 not more supporting http2 with prefork mpm version so you have to switch to worker or event.

And:
It's recommended to run PHP in PHP-FPM mode
?
 
Last edited:

DutchLearner

Verified User
Joined
Jul 30, 2016
Messages
26
read logs

mpm as prefork?

could do this with apache httpd2.4.27 not more supporting http2 with prefork mpm version so you have to switch to worker or event.

And:
?
PHP is running with php-fpm. The following log shows that regular http is still being used:
redacted - - [02/Sep/2017:10:35:44 +0100] "GET / HTTP/1.1" 200 739 "-" "Mozilla/5.0 (X11; CrOS x86_64 9592.85.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.112 Safari/537.36"

I have Custombuild 2.0 running with php-fpm, so prefork shouldn't be running by default then anymore. See the following:

[root@server]# httpd -V
Server version: Apache/2.4.27 (Unix)
Server built: Sep 2 2017 11:09:38
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.6.2, APR-UTIL 1.6.0
Compiled using: APR 1.6.2, APR-UTIL 1.6.0
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/httpd"
-D HAVE_SYSTEMD
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/var/logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
 
Last edited:
Top