How-to: Enable HTTP/2 in Apache/Nginx/cURL

Active8

Verified User
Joined
Jul 13, 2013
Messages
369
wget ftp://ftp.openssl.org/source/openssl-1.0.2u.tar.gz
Is not available anymore (no more support) can we use the 1.1.1 branch?
I have some Centos 6.10 servers which I want to provide with http/2, so any help is appreciated
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
369
Hi, @ikkeben ,I had found that, but the questions was more if it was compatible with the 1.1 branch or not
Thank you
 

Jan_E

Verified User
Joined
Apr 29, 2011
Messages
121
Location
Amsterdam, NL, EU
Try installing OpenSSL in /usr/local/ssl-1.1.1 and use this in
custombuild/custom/ap2/configure.apache

Code:
        "--enable-http2" \
        "--enable-ssl-staticlib-deps" \
        "--with-ssl=/usr/local/ssl-1.1.1" \
https://toolsforresearch.com/ is running on CentOS 6.10 as well.

Snippet from my custombuild/custom/fpm/configure.php73

Code:
    --with-openssl=/usr/local/ssl-1.1.1 \
    CFLAGS=-I/usr/local/include \
    LDFLAGS=-L/usr/local/lib \
    LIBS="-ldl -lpthread -lnghttp2 -lrtmp -lldap" \
    OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl -lpthread" \
    OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" \
 
Last edited:

Active8

Verified User
Joined
Jul 13, 2013
Messages
369
In the first place everyting wenr well but the problem started after i executed the yum update command:


Tried to make the solution as:
Code:
mv /usr/lib64/python2.6/site-packages/pycurl.so /usr/lib64/python2.6/site-packages/pycurl.so_back
rpm -ihv http://mirror.centos.org/centos/6/os/x86_64/Packages/python-devel-2.6.6-66.el6_8.x86_64.rpm
wget https://dl.bintray.com/pycurl/pycurl/pycurl-7.43.0.2.tar.gz
tar xzf pycurl-7.43.0.2.tar.gz
cd pycurl-7.43.0.2
python setup.py build --curl-config=/usr/local/bin/curl-config
cp -p build/lib.linux-x86_64-2.6/pycurl.so /usr/lib64/python2.6/site-packages/pycurl.so
But step;:
Code:
python setup.py build --curl-config=/usr/local/bin/curl-config
gave grrc compile error

Give up set the backup back
 

jamgames2

Verified User
Joined
Aug 16, 2019
Messages
68
In the first place everyting wenr well but the problem started after i executed the yum update command:


Tried to make the solution as:
Code:
mv /usr/lib64/python2.6/site-packages/pycurl.so /usr/lib64/python2.6/site-packages/pycurl.so_back
rpm -ihv http://mirror.centos.org/centos/6/os/x86_64/Packages/python-devel-2.6.6-66.el6_8.x86_64.rpm
wget https://dl.bintray.com/pycurl/pycurl/pycurl-7.43.0.2.tar.gz
tar xzf pycurl-7.43.0.2.tar.gz
cd pycurl-7.43.0.2
python setup.py build --curl-config=/usr/local/bin/curl-config
cp -p build/lib.linux-x86_64-2.6/pycurl.so /usr/lib64/python2.6/site-packages/pycurl.so
But step;:
Code:
python setup.py build --curl-config=/usr/local/bin/curl-config
gave grrc compile error

Give up set the backup back

YOU NEED TO INSTALL library of python, Then in my Centos 7
yum install python-devel


If you don't want to do anything just move to Centos 8. It has Openssl 1.1.1 in base operation and can easy update openssl
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
369
YOU NEED TO INSTALL library of python, Then in my Centos 7
yum install python-devel
If you don't want to do anything just move to Centos 8. It has Openssl 1.1.1 in base operation and can easy update openssl
Did you read my post ? it is Centos 6.10 , I know with Centos 7.0 http/2 is already possible without tweaks
We have several Centos 7 an 8 servers, all with http/2 so that is not the issue,
The guide which @smtalk had provided was ok till i had run the yum command :(

I will try later to do this with openssl 1.1.1
Thanks
 

jamgames2

Verified User
Joined
Aug 16, 2019
Messages
68
Did you read my post ? it is Centos 6.10 , I know with Centos 7.0 http/2 is already possible without tweaks
We have several Centos 7 an 8 servers, all with http/2 so that is not the issue,
The guide which @smtalk had provided was ok till i had run the yum command :(

I will try later to do this with openssl 1.1.1
Thanks
ok I try to tell you about pycurl that need openssl1.1.x

because when you run "yum update" you'll got update libcurl to lastest version and also custombuild2 can update libcurl too. then when you complier pycurl of python

if you don't install python library you will get error like something that when you try to complier " pycurl " or anything and also if your openssl doesn't support you will get critical error on any command like curl, yum, etc...
 

Jan_E

Verified User
Joined
Apr 29, 2011
Messages
121
Location
Amsterdam, NL, EU
This is my custombuild/custom/curl/configure.curl
Code:
#!/bin/sh
./configure --with-nghttp2=/usr/local --with-ssl=/usr/local/ssl-1.1.1 --disable-shared
make && make install
make clean
perl -pi -e 's|CURL_CHECK_PKGCONFIG\(zlib\)|#CURL_CHECK_PKGCONFIG(zlib)|g' configure.ac
LIBS="-ldl" ./configure --prefix=/usr/local/ssl-1.1.1 --with-nghttp2=/usr/local --with-ssl=/usr/local/ssl-1.1.1 --disable-shared
It builds curl in 2 places. I do not know anymore if that is really needed but I care not to change it since it works with updates as well.
Code:
[root@vps2 ~]# which curl
/usr/local/bin/curl
[root@vps2 ~]# /usr/local/bin/curl --version
curl 7.69.1 (x86_64-pc-linux-gnu) libcurl/7.69.1 OpenSSL/1.1.1d zlib/1.2.11 nghttp2/1.40.0 librtmp/2.3
Release-Date: 2020-03-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
[root@vps2 ~]# /usr/local/ssl-1.1.1/bin/curl --version
curl 7.69.1 (x86_64-pc-linux-gnu) libcurl/7.69.1 OpenSSL/1.1.1d zlib/1.2.11 nghttp2/1.40.0 librtmp/2.3
Release-Date: 2020-03-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
Note that I have also updated zlib to 1.2.11 with prefix /usr/local.

In my custombuild/custom/fpm/configure.php73, I also have
Code:
    --with-curl=/usr/local/ssl-1.1.1 \
besides
Code:
    --with-openssl=/usr/local/ssl-1.1.1 \
    CFLAGS=-I/usr/local/include \
    LDFLAGS=-L/usr/local/lib \
    LIBS="-ldl -lpthread -lnghttp2 -lrtmp -lldap" \
    OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl -lpthread" \
    OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" \
Yum still works. Live output of 'yum update':
Code:
Resolving Dependencies
--> Running transaction check
---> Package libicu.x86_64 0:4.2.1-14.el6 will be updated
---> Package libicu.x86_64 0:4.2.1-15.el6_10 will be an update
---> Package libicu-devel.x86_64 0:4.2.1-14.el6 will be updated
---> Package libicu-devel.x86_64 0:4.2.1-15.el6_10 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================================================================
Package                                 Arch                              Version                                      Repository                          Size
=================================================================================================================================================================
Updating:
libicu                                  x86_64                            4.2.1-15.el6_10                              updates                            4.9 M
libicu-devel                            x86_64                            4.2.1-15.el6_10                              updates                            617 k

Transaction Summary
=================================================================================================================================================================
Upgrade       2 Package(s)

Total download size: 5.5 M
Is this ok [y/N]:
I am still using Python 2.6:
Code:
root@vps2 ~]# python --version
Python 2.6.6
[root@vps2 ~]# which python
/usr/bin/python
 
Last edited:

Jan_E

Verified User
Joined
Apr 29, 2011
Messages
121
Location
Amsterdam, NL, EU
I upgraded to OpenSSL 1.1.1f today on my CentOS 6.10 servers. Build script (in conjunction with the others scripts in the previous messages):

Code:
cd /usr/local/src
rm -f openssl-*.tar.gz*
rm -rf openssl-1.1.1f
wget https://www.openssl.org/source/openssl-1.1.1f.tar.gz
tar xzf openssl-1.1.1f.tar.gz
cd openssl-1.1.1f
TARGET_DIR=/usr/local/ssl-1.1.1
./config -fPIC no-shared --prefix=${TARGET_DIR} --openssldir=${TARGET_DIR}/conf
make clean
make
rm -rf /usr/local/ssl-1.1.1
make test && make install
cd /usr/local/src
rm -f openssl-*.tar.gz*
rm -rf openssl-1.1.1*
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
369
@Jan_E thanks for sharing, i didnt had time since my last problem with the script from @smtalk .
I assume this script only updates http/2 and not curl right ?
 

Jan_E

Verified User
Joined
Apr 29, 2011
Messages
121
Location
Amsterdam, NL, EU
It only installs (or updates) OpenSSL in /usr/local/ssl-1.1.1. If you did not have OpenSSL 1.1.1d in Apache, PHP or Curl yet (using the other scripts) nothing changes at all.
 

Jan_E

Verified User
Joined
Apr 29, 2011
Messages
121
Location
Amsterdam, NL, EU
In the first place everyting wenr well but the problem started after i executed the yum update command:

I once had this problem as well on CentOS 6. Yum depends on the libcurl.so in /usr/local/lib/libcurl.so.4, which symlinks to /usr/local/lib/libcurl.so.4.6.0. If you install a Curl with shared libs in /usr/local Yum will stop working. If you want a new version of curl in /usr/local be sure to compile it with '--disable-shared'.

To be certain I can always have a working Yum I have a backup copy of /usr/local/lib/libcurl.so.4.6.0, stored as /usr/local/lib/libcurl.so.4.6.0.yum.

On-topic in this thread: my CentOS 6 systems are happily running with OpenSSL 1.1.1g and HTTP/2 now. For the build scripts start reading at https://forum.directadmin.com/threa...in-apache-nginx-curl.52590/page-9#post-311589
 
Last edited:
Top