How-to: Enable HTTP/2 in Apache/Nginx/cURL

Updated Centos to 1708

set http2=1 in directadmin.conf
rebuilt nginx_apache

KeyCDN HTTP/2 test results are:
"does not support HTTP/2.0. Supported protocols: http/1.1"
"ALPN is not supported"

Openssl version is 1.0.2k

am I missing a step?
I would like to know the same thing. With apache it runs straight out of the box, but setting 'nginx_apache' as the webserver disables HTTP/2, even after rebuilding both Apache and NGINX.
 
If you have nginx in front of apache you need to compile nginx with support of HTTP/2. And enabling HTTP/2 in Apache used as a backend is useless.
 
Is it possible to create an knowledge base article for HTTP2 with all the current versions and commands?

Got it working with Openssl 1.0.2l on Apache 2.4.28 on CentOS 6

With OpenSSL 1.1.0f you need these symlinks to the change the lib path:

ln -s /usr/local/lib_http2/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib_http2/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
 
@Martynas Bendorius

i see you updated topic first post ;)

But what to do if updated CentOS from 7.3. to 7.4 with the HTTP2 running with your Tutorial before under 7.3 so custom and so on

also openssl version updated and no more in yum update as someone her showed on his support site i thinks this was for CURL update problem.

Can we let it stay / leave the old way , or needed after update centos7.4 pluskernel to change things advisable?

See no warning or howto for that if needed?
 
With CentOS 7.4 just remove custom/ folder from CB 2.0 and recompile nghttp2, apache and curl :) That's it.

For all the .so symlinkers - you're doing very bad things on your system :) This tutorial is for static compilation of openssl into apache binaries, not for changing your openssl libraries on the system... :)
 
Hello,

I was trying to install http2 on my server. I was googling and searching post on forum, no results.

I was following:

http://forum.directadmin.com/showthread.php?t=52590
http://forum.directadmin.com/showthread.php?t=55045


I follow all steps from two post e.g
wget ftp://ftp.openssl.org/source/openssl-1.0.2m.tar.gz
tar xzf openssl-1.0.2m.tar.gz
cd openssl-1.0.2m
./config --prefix=/usr/local/lib_http2 no-ssl2 no-ssl3 zlib-dynamic -fPIC
make depend
make install

no results, still I have version OpenSSL 1.0.1e 11 Feb 2013


I use Debian 7.11.


Any help or ideas what is wrong?

Thank you in advance.
 
The steps you followed will install OpenSSL 1.0.2 into /usr/local/lib_http2 as the optional instance, it won't replace the main OpenSSL version installed by apt-get/apt.
 
@zEitEr

How to replace it? What are steps to update the main OpenSSL?

I have update everything insted of OpenSSL.

I read that min version to use HTTP2 is OpenSSL/1.0.1f, but I have stil OpenSSL/1.0.1e.

How to update OpenSSL/1.0.1e ?

curl -V
curl 7.57.0 (x86_64-pc-linux-gnu) libcurl/7.57.0 OpenSSL/1.0.1e zlib/1.2.7 nghttp2/1.28.0
Release-Date: 2017-11-29

# openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Sun Feb 28 23:52:01 UTC 2016
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"



I was searching forum, google and I am not able to find the answer.


Kind regards
 
Last edited:
Hello,
I have used the script

cd /usr/local/directadmin/scripts/
wget https://raw.githubusercontent.com/p...ster/openssl/openssl.install-1.0.1-primary.sh -O openssl.install-1.0.1-primary.sh
chmod 755 openssl.install-1.0.1-primary.sh
./openssl.install-1.0.1-primary.sh


with 2nd script I was not able to rebuild cURL.



Then I made

change to php-fpm

and

cd /usr/local/directadmin/custombuild/
./build clean
./build update
./build curl


then

./build apache

Installing configuration files
[PRESERVING EXISTING HTDOCS SUBDIR: /var/www/htdocs]
[PRESERVING EXISTING ERROR SUBDIR: /var/www/error]
[PRESERVING EXISTING ICONS SUBDIR: /var/www/icons]
[PRESERVING EXISTING CGI SUBDIR: /var/www/cgi-bin]
Installing header files
Installing build system files
Installing man pages and online manual
make[1]: Leaving directory `/usr/local/directadmin/custombuild/httpd-2.4.29'
Restoring certificate and key, and turning on httpd for DirectAdmins's check.
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
System start/stop links for /etc/init.d/httpd already exist.
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
Using xxxxxxx for your server IP
Restarting apache.
Stopping httpd:
Starting httpd: AH00526: Syntax error on line 31 of /etc/httpd/conf/extra/httpd-includes.conf:
Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration

Done!





build php

checking for GNU gettext support... yes
checking for bindtextdomain in -lintl... no
checking for bindtextdomain in -lc... no
configure: error: Unable to find required gettext library

*** There was an error while trying to configure php. Check the configure file



any help? How to solve this error?



Is it something wrong? Is there anything what I should to do?


In general I made
change to php-fpm mode

cd /usr/local/directadmin/custombuild/
./build clean
./build update
./build curl

./build apache
./build php d
./build exim
./build dovecot

./build rewrite_confs


Apache 2.4.29 Running
DirectAdmin 1.52.1 Running
Exim 4.90 Running
MariaDB 10.0.33 Running
Named 9.8.4 Running
sshd Running
dovecot 2.2.33.2 (d6601f4ec) Running
pure-ftpd 1.0.47 Running
Php 7.0.26 Installed
 
Last edited:
Starting httpd: AH00526: Syntax error on line 31 of /etc/httpd/conf/extra/httpd-includes.conf:
Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration

this check tryout

And warning the script you use is CENTOS
 
Last edited:
It's recommended to run PHP in PHP-FPM mode, so that PHP wouldn't be installed as a module of Apache (otherwise you might have openssl library conflict, if PHP is compiled as apache module and uses the old (OS) version of openssl).

Cloudlinux PHP Selector is currently not compatible with PHP-FPM. I usually install Directadmin servers with one Native PHP version in SuPHP mode.

PHP Selector is compatible with the following technologies: suPHP, mod_fcgid, CGI (suexec).

So is it safe to install Directadmin with native php in SuPHP mode? since were not really using it and using CL Alt-PHP.
 
Just curious.

Is it just me or does ftp fail using wget? I have to use http.
==> PASV ... couldn't connect to 194.97.150.234 port 52245: Connection refused

That said, I do use CSF, maybe it's that?
 
Hi, I have debian 8 and open ssl
root@serwer:/# openssl version
OpenSSL 1.0.1t 3 May 2016

what should I do in this case? Install all components from #1 post or update only opensll and CB will enable it by default?
CB, Apache, DA up to date
 
Custombuild is the first thing you should try when you have OpenSSL 1.0.1 or higher.

Just make sure you don't have outdated configs under custom/ folder of custombuild.
 
Hello,

is there anyone that can give me step by step points to enable http/2 on my VPS server?

I have CentOS 7.5.1804
CustomBuild 2.0 latest version
Php 7.1.24 mod_php

All my websites have SSL certificate.
 
Back
Top