How-to: Enable HTTP/2 in Apache/Nginx/cURL

I also have it running for a longer time now, so not knowing what are causing probs in CENTOS . ( at our DA box all is running OK)

Maybe because i did install openssl 1.0 1u this way so system : opensssl -v is giving this version.
http://forum.directadmin.com/showthread.php?t=54756&p=280853#post280853

https://help.poralix.com/articles/error-building-curl-7.54.0-on-directadmin-with-openssl-1.0.2
Let's get it fixed!

This is how you can fix it: you should upgrade the basic version the package to the latest available OpenSSL 1.0.1u or even newer OpenSSL 1.0.2 or OpenSSL 1.1.0.

Here are instructions on how to update it to the latest OpenSSL 1.0.1:
Click to expand...
 
Last edited:
DutchLearner said:
PHP is running with php-fpm. The following log shows that regular http is still being used:
redacted - - [02/Sep/2017:10:35:44 +0100] "GET / HTTP/1.1" 200 739 "-" "Mozilla/5.0 (X11; CrOS x86_64 9592.85.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.112 Safari/537.36"

I have Custombuild 2.0 running with php-fpm, so prefork shouldn't be running by default then anymore. See the following:

[root@server]# httpd -V
Server version: Apache/2.4.27 (Unix)
Server built: Sep 2 2017 11:09:38
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.6.2, APR-UTIL 1.6.0
Compiled using: APR 1.6.2, APR-UTIL 1.6.0
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/httpd"
-D HAVE_SYSTEMD
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/var/logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Click to expand...

I have the same result so maybe try as in my post 1 post up to get a later system openssl version,
( here HTTP2 is up and running! with redhat relase Centos 7.3.1611 Core only Apache ( no NINGX)
Latest Custombuild 2 DA

and have this:

Edit custom/ap2/configure.apache, find:
Code:

"--with-ssl=/usr" \

Replace with:
Code:

"--enable-http2" \
"--enable-ssl-staticlib-deps" \
"--with-ssl=/usr/local/lib_http2" \
Click to expand...
 
Last edited:
ditto said:
For everybody that is on CentOS, I would think it is better to wait. Because RedHat 7.4 is already released, and therefor soon CentOS 7.4 will come. And in 7.4 there is default support for ALPN https://ma.ttias.be/centos-7-4-ship-tls-1-2-alpn/
Click to expand...

http://forum.directadmin.com/showthread.php?t=54756&p=280889#post280889
By the way Red Hat Enterprise Linux 7 and its derivatives including CentOS 7 will have OpenSSL 1.0.2 as a base version. It will allow to serve HTTP/2 traffic an easier way.

Release version: 7.4
Expected to be released on November 2017.

Really good news, isn't it!

Related:
- https://bugzilla.redhat.com/show_bug.cgi?id=1276310
- https://access.redhat.com/articles/3078
Click to expand...
 
@ikkeben, I don't think we need to wait to november. RedHat 7.4 was released a month ago, so it should only be a matter of a week or two until CentOS 7.4 also is released.
 
ikkeben said:
I have the same result so maybe try as in my post 1 post up to get a later system openssl version,
( here HTTP2 is up and running! with redhat relase Centos 7.3.1611 Core only Apache ( no NINGX)
Latest Custombuild 2 DA

and have this:
Click to expand...
Thanks for your response. I'm afraid that has already been done. The original tutorial was followed (and also the one on Vultr to double check). OpenSSL version 1.1.0f was installed, like the OP described. CentOS is also fully up-to-date (7.3), Custombuild 2.0, Apache and everything else that Custombuild 2.0 finds with doing a ./build update.

Also the code replacements in custom/ap2/configure.apache have been done. Like I said, the tutorial was fully followed in the written order.

Is there anything else to try?
 
Last edited:
DutchLearner said:
Thanks for your response. I'm afraid that has already been done. The original tutorial was followed (and also the one on Vultr to double check). OpenSSL version 1.1.0f was installed, like the OP described. CentOS is also fully up-to-date (7.3), Custombuild 2.0, Apache and everything else that Custombuild 2.0 finds with doing a ./build update.

Also the code replacements in custom/ap2/configure.apache have been done. Like I said, the tutorial was fully followed in the written order.

Is there anything else to try?
Click to expand...


Did you try the symlink?
 
DutchLearner said:
Thanks for your response. I'm afraid that has already been done. The original tutorial was followed (and also the one on Vultr to double check). OpenSSL version 1.1.0f was installed, like the OP described. CentOS is also fully up-to-date (7.3), Custombuild 2.0, Apache and everything else that Custombuild 2.0 finds with doing a ./build update.

Also the code replacements in custom/ap2/configure.apache have been done. Like I said, the tutorial was fully followed in the written order.

Is there anything else to try?
Click to expand...
openssl version... gives at your box?

If not the 1.0.1u then try this also
http://forum.directadmin.com/showthread.php?t=52590&page=6&p=283180#post283180

Because i have that done, not for the error but for the curlupdate probs., you never know.. ;)

oyea f is not the latest version so take a look at newer versin then the .f same procedure only newer package!!!!!! ( i doný know wich version for now but could be k


nono i have done with this i think
openssl-1.0.2l.tar.gz the before version was the .k of that sorry see newest versions ftp://ftp.openssl.org/source/ the 1.1 have some more things you should taken care of i believed reading somewhere!
 
Last edited:
Centos 7 1708 released

Since Centos 7 1708 is now released, what are the steps for enabling http/2 on directadmin with nginx_apache?
Any workarounds that need to be applied?
 
You don't need to do any of the steps with CentOS7.4. "./build apache" or "./build nginx" will enable HTTP/2 by default, if it detects OpenSSL 1.0.2 or higher installed on the system.
 
smtalk said:
You don't need to do any of the steps with CentOS7.4. "./build apache" or "./build nginx" will enable HTTP/2 by default, if it detects OpenSSL 1.0.2 or higher installed on the system.
Click to expand...
Thank you for your reply. Is php-fpm still required? After building Apache, the following shows at the end of the installation process:
Apache 2.4.27 and higher will not negotiate http2 with mpm_prefork. Please do not use mod_php or disable http2 in the directadmin.conf
 
smtalk said:
You don't need to do any of the steps with CentOS7.4. "./build apache" or "./build nginx" will enable HTTP/2 by default, if it detects OpenSSL 1.0.2 or higher installed on the system.
Click to expand...

But at https://www.directadmin.com/features.php?id=1884 it says: "Requires: http2=1 in the directadmin.conf."

Can you please confirm it still is needed to have http2=1 in directadmin.conf, and that it still is needed to have pre-release of DirectAdmin 1.515?
 
DutchLearner said:
Thank you for your reply. Is php-fpm still required? After building Apache, the following shows at the end of the installation process:
Apache 2.4.27 and higher will not negotiate http2 with mpm_prefork. Please do not use mod_php or disable http2 in the directadmin.conf
Click to expand...

Apache MPM event is requered, and you don't get MPM event when you use mod_php. The message you see after recompiling Apache is also mentioned in the latest Apache announcement at https://www.apache.org/dist/httpd/Announcement2.4.html
 
DutchLearner said:
Thank you for your reply. Is php-fpm still required? After building Apache, the following shows at the end of the installation process:
Apache 2.4.27 and higher will not negotiate http2 with mpm_prefork. Please do not use mod_php or disable http2 in the directadmin.conf
Click to expand...

HTTP2 will not work with Prefork. That's not DA limitation but Apache one. You must switch to event mode (use php-fpm).
 
ditto said:
But at https://www.directadmin.com/features.php?id=1884 it says: "Requires: http2=1 in the directadmin.conf."

Can you please confirm it still is needed to have http2=1 in directadmin.conf, and that it still is needed to have pre-release of DirectAdmin 1.515?
Click to expand...

CustomBuild sets http2=1 automatically if it detects that OpenSSL supports ALPN extension. So, there is no need to do it. If you'd like to permanently disable http2 on your system, http2=0 needs to be set in directadmin.conf. If you already have http2=0 in directadmin.conf, CustomBuild will not change it's value. I hope it's clear :)
 
smtalk said:
CustomBuild sets http2=1 automatically if it detects that OpenSSL supports ALPN extension. So, there is no need to do it. If you'd like to permanently disable http2 on your system, http2=0 needs to be set in directadmin.conf. If you already have http2=0 in directadmin.conf, CustomBuild will not change it's value. I hope it's clear :)
Click to expand...

Thank you for the information! The only thing that is not clear for me now, is if DirectAdmin pre-release 1.515 is needed to get HTTP/2 work correct? Will HTTP/2 work correct already in current DirectAdmin version 1.514? The reason it is not clear to me is because of this guide https://www.directadmin.com/features.php?id=1884 seems to indicate it is only available in the next release 1.515?
 
Ah, yes, DA 1.515 has template changes for nginx_server*.conf to enable http2 there. However, it fully works with Apache and DA 1.514.
 
ALPN is not supported

Updated Centos to 1708

set http2=1 in directadmin.conf
rebuilt nginx_apache

KeyCDN HTTP/2 test results are:
"does not support HTTP/2.0. Supported protocols: http/1.1"
"ALPN is not supported"

Openssl version is 1.0.2k

am I missing a step?
 
You must log in or register to reply here.
Back
Top