How-to: Enable HTTP/2 in Apache/Nginx/cURL

wget ftp://ftp.openssl.org/source/openssl-1.0.2u.tar.gz
Is not available anymore (no more support) can we use the 1.1.1 branch?
I have some Centos 6.10 servers which I want to provide with http/2, so any help is appreciated
 
Hi, @ikkeben ,I had found that, but the questions was more if it was compatible with the 1.1 branch or not
Thank you
 
Try installing OpenSSL in /usr/local/ssl-1.1.1 and use this in
custombuild/custom/ap2/configure.apache

Code:
        "--enable-http2" \
        "--enable-ssl-staticlib-deps" \
        "--with-ssl=/usr/local/ssl-1.1.1" \

https://toolsforresearch.com/ is running on CentOS 6.10 as well.

Snippet from my custombuild/custom/fpm/configure.php73

Code:
    --with-openssl=/usr/local/ssl-1.1.1 \
    CFLAGS=-I/usr/local/include \
    LDFLAGS=-L/usr/local/lib \
    LIBS="-ldl -lpthread -lnghttp2 -lrtmp -lldap" \
    OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl -lpthread" \
    OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" \
 
Last edited:
In the first place everyting wenr well but the problem started after i executed the yum update command:


Tried to make the solution as:
Code:
mv /usr/lib64/python2.6/site-packages/pycurl.so /usr/lib64/python2.6/site-packages/pycurl.so_back
rpm -ihv http://mirror.centos.org/centos/6/os/x86_64/Packages/python-devel-2.6.6-66.el6_8.x86_64.rpm
wget https://dl.bintray.com/pycurl/pycurl/pycurl-7.43.0.2.tar.gz
tar xzf pycurl-7.43.0.2.tar.gz
cd pycurl-7.43.0.2
python setup.py build --curl-config=/usr/local/bin/curl-config
cp -p build/lib.linux-x86_64-2.6/pycurl.so /usr/lib64/python2.6/site-packages/pycurl.so

But step;:
Code:
python setup.py build --curl-config=/usr/local/bin/curl-config
gave grrc compile error

Give up set the backup back
 
In the first place everyting wenr well but the problem started after i executed the yum update command:


Tried to make the solution as:
Code:
mv /usr/lib64/python2.6/site-packages/pycurl.so /usr/lib64/python2.6/site-packages/pycurl.so_back
rpm -ihv http://mirror.centos.org/centos/6/os/x86_64/Packages/python-devel-2.6.6-66.el6_8.x86_64.rpm
wget https://dl.bintray.com/pycurl/pycurl/pycurl-7.43.0.2.tar.gz
tar xzf pycurl-7.43.0.2.tar.gz
cd pycurl-7.43.0.2
python setup.py build --curl-config=/usr/local/bin/curl-config
cp -p build/lib.linux-x86_64-2.6/pycurl.so /usr/lib64/python2.6/site-packages/pycurl.so

But step;:
Code:
python setup.py build --curl-config=/usr/local/bin/curl-config
gave grrc compile error

Give up set the backup back


YOU NEED TO INSTALL library of python, Then in my Centos 7
yum install python-devel


If you don't want to do anything just move to Centos 8. It has Openssl 1.1.1 in base operation and can easy update openssl
 
YOU NEED TO INSTALL library of python, Then in my Centos 7
yum install python-devel
If you don't want to do anything just move to Centos 8. It has Openssl 1.1.1 in base operation and can easy update openssl

Did you read my post ? it is Centos 6.10 , I know with Centos 7.0 http/2 is already possible without tweaks
We have several Centos 7 an 8 servers, all with http/2 so that is not the issue,
The guide which @smtalk had provided was ok till i had run the yum command :(

I will try later to do this with openssl 1.1.1
Thanks
 
Did you read my post ? it is Centos 6.10 , I know with Centos 7.0 http/2 is already possible without tweaks
We have several Centos 7 an 8 servers, all with http/2 so that is not the issue,
The guide which @smtalk had provided was ok till i had run the yum command :(

I will try later to do this with openssl 1.1.1
Thanks

ok I try to tell you about pycurl that need openssl1.1.x

because when you run "yum update" you'll got update libcurl to lastest version and also custombuild2 can update libcurl too. then when you complier pycurl of python

if you don't install python library you will get error like something that when you try to complier " pycurl " or anything and also if your openssl doesn't support you will get critical error on any command like curl, yum, etc...
 
This is my custombuild/custom/curl/configure.curl
Code:
#!/bin/sh
./configure --with-nghttp2=/usr/local --with-ssl=/usr/local/ssl-1.1.1 --disable-shared
make && make install
make clean
perl -pi -e 's|CURL_CHECK_PKGCONFIG\(zlib\)|#CURL_CHECK_PKGCONFIG(zlib)|g' configure.ac
LIBS="-ldl" ./configure --prefix=/usr/local/ssl-1.1.1 --with-nghttp2=/usr/local --with-ssl=/usr/local/ssl-1.1.1 --disable-shared

It builds curl in 2 places. I do not know anymore if that is really needed but I care not to change it since it works with updates as well.
Code:
[root@vps2 ~]# which curl
/usr/local/bin/curl
[root@vps2 ~]# /usr/local/bin/curl --version
curl 7.69.1 (x86_64-pc-linux-gnu) libcurl/7.69.1 OpenSSL/1.1.1d zlib/1.2.11 nghttp2/1.40.0 librtmp/2.3
Release-Date: 2020-03-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
[root@vps2 ~]# /usr/local/ssl-1.1.1/bin/curl --version
curl 7.69.1 (x86_64-pc-linux-gnu) libcurl/7.69.1 OpenSSL/1.1.1d zlib/1.2.11 nghttp2/1.40.0 librtmp/2.3
Release-Date: 2020-03-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
Note that I have also updated zlib to 1.2.11 with prefix /usr/local.

In my custombuild/custom/fpm/configure.php73, I also have
Code:
    --with-curl=/usr/local/ssl-1.1.1 \
besides
Code:
    --with-openssl=/usr/local/ssl-1.1.1 \
    CFLAGS=-I/usr/local/include \
    LDFLAGS=-L/usr/local/lib \
    LIBS="-ldl -lpthread -lnghttp2 -lrtmp -lldap" \
    OPENSSL_LIBS="-L/usr/local/ssl-1.1.1/lib -l:libssl.a -l:libcrypto.a -ldl -lpthread" \
    OPENSSL_CFLAGS="-I/usr/local/ssl-1.1.1/include" \
Yum still works. Live output of 'yum update':
Code:
Resolving Dependencies
--> Running transaction check
---> Package libicu.x86_64 0:4.2.1-14.el6 will be updated
---> Package libicu.x86_64 0:4.2.1-15.el6_10 will be an update
---> Package libicu-devel.x86_64 0:4.2.1-14.el6 will be updated
---> Package libicu-devel.x86_64 0:4.2.1-15.el6_10 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================================================================
Package                                 Arch                              Version                                      Repository                          Size
=================================================================================================================================================================
Updating:
libicu                                  x86_64                            4.2.1-15.el6_10                              updates                            4.9 M
libicu-devel                            x86_64                            4.2.1-15.el6_10                              updates                            617 k

Transaction Summary
=================================================================================================================================================================
Upgrade       2 Package(s)

Total download size: 5.5 M
Is this ok [y/N]:
I am still using Python 2.6:
Code:
root@vps2 ~]# python --version
Python 2.6.6
[root@vps2 ~]# which python
/usr/bin/python
 
Last edited:
I upgraded to OpenSSL 1.1.1f today on my CentOS 6.10 servers. Build script (in conjunction with the others scripts in the previous messages):

Code:
cd /usr/local/src
rm -f openssl-*.tar.gz*
rm -rf openssl-1.1.1f
wget https://www.openssl.org/source/openssl-1.1.1f.tar.gz
tar xzf openssl-1.1.1f.tar.gz
cd openssl-1.1.1f
TARGET_DIR=/usr/local/ssl-1.1.1
./config -fPIC no-shared --prefix=${TARGET_DIR} --openssldir=${TARGET_DIR}/conf
make clean
make
rm -rf /usr/local/ssl-1.1.1
make test && make install
cd /usr/local/src
rm -f openssl-*.tar.gz*
rm -rf openssl-1.1.1*
 
@Jan_E thanks for sharing, i didnt had time since my last problem with the script from @smtalk .
I assume this script only updates http/2 and not curl right ?
 
It only installs (or updates) OpenSSL in /usr/local/ssl-1.1.1. If you did not have OpenSSL 1.1.1d in Apache, PHP or Curl yet (using the other scripts) nothing changes at all.
 
In the first place everyting wenr well but the problem started after i executed the yum update command:

I once had this problem as well on CentOS 6. Yum depends on the libcurl.so in /usr/local/lib/libcurl.so.4, which symlinks to /usr/local/lib/libcurl.so.4.6.0. If you install a Curl with shared libs in /usr/local Yum will stop working. If you want a new version of curl in /usr/local be sure to compile it with '--disable-shared'.

To be certain I can always have a working Yum I have a backup copy of /usr/local/lib/libcurl.so.4.6.0, stored as /usr/local/lib/libcurl.so.4.6.0.yum.

On-topic in this thread: my CentOS 6 systems are happily running with OpenSSL 1.1.1g and HTTP/2 now. For the build scripts start reading at https://forum.directadmin.com/threa...in-apache-nginx-curl.52590/page-9#post-311589
 
Last edited:
DirectAdmin 1.645
What i can do ?????????????????
Install/update server components: |
| ./build apache |
| ./build awstats |
| ./build csf |
| ./build clamav |
| ./build composer |
| ./build dovecot |
| ./build exim |
| ./build imagemagick |
| ./build imapsync |
| ./build jailshell |
| ./build lego |
| ./build libmodsecurity |
| ./build litespeed |
| ./build mod_lsapi |
| ./build mod_proctitle |
| ./build mod_aclr2 |
| ./build mod_ruid2 |
| ./build mod_htscanner2 |
| ./build mod_fcgid |
| ./build modsecurity |
| ./build modsecurity_rules |
| ./build mysql |
| ./build netdata |
| ./build nginx |
| ./build nginx_apache |
| ./build openlitespeed |
| ./build pigeonhole |
| ./build php |
| ./build proftpd |
| ./build pureftpd |
| ./build redis |
| ./build rspamd |
| ./build spamassassin |
| ./build suphp |
| ./build unit |
| ./build webalizer |
| ./build wp |
+-----------------------------------------------------------+
| Install/update PHP extensions: |
| ./build php_gmp |
| ./build php_igbinary |
| ./build php_ioncube |
| ./build php_imagick |
| ./build php_imap |
| ./build php_ldap |
| ./build php_opcache |
| ./build php_phalcon |
| ./build php_psr |
| ./build php_redis |
| ./build php_readline |
| ./build php_snuffleupagus |
| ./build php_suhosin |
| ./build php_xmlrpc |
| ./build php_zend |
+-----------------------------------------------------------+
| Components configuration options: |
| ./build exim_conf |
| ./build dovecot_conf |
| ./build blockcracking |
| ./build easy_spam_fighter |
| ./build php_ini |
| ./build rewrite_confs |
| ./build secure_php |
| ./build spamassassin_cron |
| ./build litespeed_license |
| ./build litespeed_license_migrate |
+-----------------------------------------------------------+
| Install/update web applications: |
| ./build phpmyadmin |
| ./build roundcube |
| ./build squirrelmail |
+-----------------------------------------------------------+
| CustomBuild related options/functions: |
| ./build create_options |
| ./build custombuild_plugin |
| ./build cron |
| ./build opt_help |
| ./build options_nobold |
| ./build list_removals |
| ./build remove_items |
| ./build set |
| ./build update_da |
| ./build update_versions |
| ./build update_webapps |
| ./build used_configs |
| ./build versions |
+-----------------------------------------------------------+
| Remove old build data: |
| ./build clean |
| ./build clean_old_webapps |
+-----------------------------------------------------------+
| Build everything what is set in the options.conf file: |
| ./build all |
+-----------------------------------------------------------+
| Build all PHP extensions set set in the php_extensions.conf file: |
| ./build php_extensions |
+-----------------------------------------------------------+
| Recommended for experienced users only (!): |
| ./build php_expert php_release php_mode |
| ./build php_htscanner2 php_release |
| ./build set_service service ON|OFF|delete |
+-----------------------------------------------------------+
| You can pass a 2nd argument to automate the input: |
| ./build <option> d : do the default action |
| ./build <option> y : answer yes to all questions |
| ./build <option> n : answer no to all questions
 
Hi quocdanh,

I had te same on the step:
./build nghttp2

Instead of building it I just saw all the Custombuild options. I checked the files and it seems like it was build before. Not sure when, I did not do it, must be in some recent DA updates?

Anyway, I continued the other steps as described in the OP and it all works fine.
 
Last edited:
Hi quocdanh,

I had te same on the step:


Instead of building it I just saw all the Custombuild options. I checked the files and it seems like it was build before. Not sure when, I did not do it, must be in some recent DA updates?

Anyway, I continued the other steps as described in the OP and it all works fine.
how did it run.
Steps I did:
1. https://forum.directadmin.com/members/bibiugly.55252/
✅ change apache_mpm=auto to apache_mpm=event
✅ Build apcache and php d agian
Thanks everyone for the help ? from a Vietnamese girl getting acquainted with a Web server ???
 
Back
Top