How-to: Enable HTTP/2 in Apache/Nginx/cURL

DutchLearner

Verified User
Joined
Jul 30, 2016
Messages
26
Updated Centos to 1708

set http2=1 in directadmin.conf
rebuilt nginx_apache

KeyCDN HTTP/2 test results are:
"does not support HTTP/2.0. Supported protocols: http/1.1"
"ALPN is not supported"

Openssl version is 1.0.2k

am I missing a step?
I would like to know the same thing. With apache it runs straight out of the box, but setting 'nginx_apache' as the webserver disables HTTP/2, even after rebuilding both Apache and NGINX.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
If you have nginx in front of apache you need to compile nginx with support of HTTP/2. And enabling HTTP/2 in Apache used as a backend is useless.
 

stefantriep

Verified User
Joined
Dec 15, 2012
Messages
21
Location
Haarlem
Is it possible to create an knowledge base article for HTTP2 with all the current versions and commands?

Got it working with Openssl 1.0.2l on Apache 2.4.28 on CentOS 6

With OpenSSL 1.1.0f you need these symlinks to the change the lib path:

ln -s /usr/local/lib_http2/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib_http2/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
638
Location
Netherlands Germany
@Martynas Bendorius

i see you updated topic first post ;)

But what to do if updated CentOS from 7.3. to 7.4 with the HTTP2 running with your Tutorial before under 7.3 so custom and so on

also openssl version updated and no more in yum update as someone her showed on his support site i thinks this was for CURL update problem.

Can we let it stay / leave the old way , or needed after update centos7.4 pluskernel to change things advisable?

See no warning or howto for that if needed?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,331
Location
LT, EU
With CentOS 7.4 just remove custom/ folder from CB 2.0 and recompile nghttp2, apache and curl :) That's it.

For all the .so symlinkers - you're doing very bad things on your system :) This tutorial is for static compilation of openssl into apache binaries, not for changing your openssl libraries on the system... :)
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
638
Location
Netherlands Germany

adamus007p

Verified User
Joined
Aug 29, 2015
Messages
7
Hello,

I was trying to install http2 on my server. I was googling and searching post on forum, no results.

I was following:

http://forum.directadmin.com/showthread.php?t=52590
http://forum.directadmin.com/showthread.php?t=55045


I follow all steps from two post e.g
wget ftp://ftp.openssl.org/source/openssl-1.0.2m.tar.gz
tar xzf openssl-1.0.2m.tar.gz
cd openssl-1.0.2m
./config --prefix=/usr/local/lib_http2 no-ssl2 no-ssl3 zlib-dynamic -fPIC
make depend
make install

no results, still I have version OpenSSL 1.0.1e 11 Feb 2013


I use Debian 7.11.


Any help or ideas what is wrong?

Thank you in advance.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
The steps you followed will install OpenSSL 1.0.2 into /usr/local/lib_http2 as the optional instance, it won't replace the main OpenSSL version installed by apt-get/apt.
 

adamus007p

Verified User
Joined
Aug 29, 2015
Messages
7
@zEitEr

How to replace it? What are steps to update the main OpenSSL?

I have update everything insted of OpenSSL.

I read that min version to use HTTP2 is OpenSSL/1.0.1f, but I have stil OpenSSL/1.0.1e.

How to update OpenSSL/1.0.1e ?

curl -V
curl 7.57.0 (x86_64-pc-linux-gnu) libcurl/7.57.0 OpenSSL/1.0.1e zlib/1.2.7 nghttp2/1.28.0
Release-Date: 2017-11-29

# openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Sun Feb 28 23:52:01 UTC 2016
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"



I was searching forum, google and I am not able to find the answer.


Kind regards
 
Last edited:

adamus007p

Verified User
Joined
Aug 29, 2015
Messages
7
Hello,
I have used the script

cd /usr/local/directadmin/scripts/
wget https://raw.githubusercontent.com/poralix/directadmin-utils/master/openssl/openssl.install-1.0.1-primary.sh -O openssl.install-1.0.1-primary.sh
chmod 755 openssl.install-1.0.1-primary.sh
./openssl.install-1.0.1-primary.sh


with 2nd script I was not able to rebuild cURL.



Then I made

change to php-fpm

and

cd /usr/local/directadmin/custombuild/
./build clean
./build update
./build curl


then

./build apache

Installing configuration files
[PRESERVING EXISTING HTDOCS SUBDIR: /var/www/htdocs]
[PRESERVING EXISTING ERROR SUBDIR: /var/www/error]
[PRESERVING EXISTING ICONS SUBDIR: /var/www/icons]
[PRESERVING EXISTING CGI SUBDIR: /var/www/cgi-bin]
Installing header files
Installing build system files
Installing man pages and online manual
make[1]: Leaving directory `/usr/local/directadmin/custombuild/httpd-2.4.29'
Restoring certificate and key, and turning on httpd for DirectAdmins's check.
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
System start/stop links for /etc/init.d/httpd already exist.
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
Using xxxxxxx for your server IP
Restarting apache.
Stopping httpd:
Starting httpd: AH00526: Syntax error on line 31 of /etc/httpd/conf/extra/httpd-includes.conf:
Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration

Done!





build php

checking for GNU gettext support... yes
checking for bindtextdomain in -lintl... no
checking for bindtextdomain in -lc... no
configure: error: Unable to find required gettext library

*** There was an error while trying to configure php. Check the configure file



any help? How to solve this error?



Is it something wrong? Is there anything what I should to do?


In general I made
change to php-fpm mode

cd /usr/local/directadmin/custombuild/
./build clean
./build update
./build curl

./build apache
./build php d
./build exim
./build dovecot

./build rewrite_confs


Apache 2.4.29 Running
DirectAdmin 1.52.1 Running
Exim 4.90 Running
MariaDB 10.0.33 Running
Named 9.8.4 Running
sshd Running
dovecot 2.2.33.2 (d6601f4ec) Running
pure-ftpd 1.0.47 Running
Php 7.0.26 Installed
 
Last edited:

ikkeben

Verified User
Joined
May 22, 2014
Messages
638
Location
Netherlands Germany
Starting httpd: AH00526: Syntax error on line 31 of /etc/httpd/conf/extra/httpd-includes.conf:
Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration
this check tryout

And warning the script you use is CENTOS
 
Last edited:

bluebirdnet

Verified User
Joined
Feb 3, 2010
Messages
123
Location
Canada
It's recommended to run PHP in PHP-FPM mode, so that PHP wouldn't be installed as a module of Apache (otherwise you might have openssl library conflict, if PHP is compiled as apache module and uses the old (OS) version of openssl).
Cloudlinux PHP Selector is currently not compatible with PHP-FPM. I usually install Directadmin servers with one Native PHP version in SuPHP mode.

PHP Selector is compatible with the following technologies: suPHP, mod_fcgid, CGI (suexec).

So is it safe to install Directadmin with native php in SuPHP mode? since were not really using it and using CL Alt-PHP.
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,747
Location
London UK
Just curious.

Is it just me or does ftp fail using wget? I have to use http.
==> PASV ... couldn't connect to 194.97.150.234 port 52245: Connection refused
That said, I do use CSF, maybe it's that?
 

Mattpl

Verified User
Joined
Jun 28, 2017
Messages
78
Location
ZS
Hi, I have debian 8 and open ssl
root@serwer:/# openssl version
OpenSSL 1.0.1t 3 May 2016
what should I do in this case? Install all components from #1 post or update only opensll and CB will enable it by default?
CB, Apache, DA up to date
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
Custombuild is the first thing you should try when you have OpenSSL 1.0.1 or higher.

Just make sure you don't have outdated configs under custom/ folder of custombuild.
 

Tazmanian79

Verified User
Joined
Jul 24, 2010
Messages
82
Hello,

is there anyone that can give me step by step points to enable http/2 on my VPS server?

I have CentOS 7.5.1804
CustomBuild 2.0 latest version
Php 7.1.24 mod_php

All my websites have SSL certificate.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
Top