Posted June 7, 20231 yr In this tutorial We’ll install Apache 2.4 and enable HTTP/2 Support in CWP. HTTP/2 will make our applications faster, simpler, and more robust — a rare combination — by allowing us to undo many of the HTTP/1.1 workarounds previously done within our applications and address these concerns within the transport layer itself. Even better, it also opens up a number of entirely new opportunities to optimize our applications and improve performance! The primary goals for HTTP/2 are to reduce latency by enabling full request and response multiplexing, minimize protocol overhead via efficient compression of HTTP header fields, and add support for request prioritization and server push. To implement these requirements, there is a large supporting cast of other protocol enhancements, such as new flow control, error handling, and upgrade mechanisms, but these are the most important features that every web developer should understand and leverage in their applications. This tutorial is now old to enable http/2 and TLS1.3 go to New tutorial : Ensure you already have SSL certs/LE certs installed for your domains HTTP2 will only work with HTTPS let’s get started Ensure you’ve root access and ssh access in order to install/upgrade this packages :- Upgrading OS to latest version : yum clean all yum -y update Upgrading Autoconf : cd /usr/local/src rm -rf autoconf-* wget https://ftp.gnu.org/gnu/autoconf/autoconf-latest.tar.gz tar zxvf autoconf-latest.tar.gz cd autoconf-*/ ./configure --prefix=/usr make && make install Installing openssl : cd /usr/local/src rm -rf openssl* wget https://www.openssl.org/source/openssl-1.1.1u.tar.gz tar zxvf openssl-1.1.1u.tar.gz cd openssl-1.1.1u ./config --prefix=/usr/local/opensslso --openssldir=/usr/local/opensslso zlib shared make && make install *Building openssl will take some time Installing Nghttp2 : nghttp2 is an implementation of HTTP/2 cd /usr/local/src rm -rf nghttp2-* yum install libtool -y wget https://github.com/nghttp2/nghttp2/releases/download/v1.42.0/nghttp2-1.42.0.tar.gz tar zxvf nghttp2-1.42.0.tar.gz cd nghttp2-*/ ./configure --prefix=/usr make && make install Install APR: cd /usr/local/src rm -rf apr* wget https://archive.apache.org/dist/apr/apr-1.6.5.tar.gz wget https://archive.apache.org/dist/apr/apr-util-1.6.1.tar.gz tar -xf apr-1.6.5.tar.gz tar -xf apr-util-1.6.1.tar.gz cd /usr/local/src/apr-1.6.5 ./configure --prefix=/usr/local/apr1 make make install cd /usr/local/src/apr-util-1.6.1 ./configure --with-apr=/usr/local/apr1 --prefix=/usr/local/apr-util1 make make install Rebuilding Apache with http2 support from CWP GUI : First backup the httpd.conf cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak Goto Apache Settings >> Apache Re-Build >> Select Next : Next delete/replace all with this flags/lines under “Additional configuration” : ./configure --enable-so --prefix=/usr/local/apache --enable-unique-id --enable-ssl=/usr/local/opensslso --enable-rewrite --enable-deflate --enable-suexec --with-suexec-docroot="/home" --with-suexec-caller="nobody" --with-suexec-logfile="/usr/local/apache/logs/suexec_log" --enable-asis --enable-filter --with-pcre --with-apr=/usr/local/apr1/bin/apr-1-config --with-apr-util=/usr/local/apr-util1/bin/apu-1-config --enable-headers --enable-expires --enable-proxy --enable-rewrite --enable-userdir --enable-http2 then Click on Start Compiler in background. After you built Apache we need to enable HTTP/2 withing Apache config : nano /usr/local/apache/conf.d/http2.conf then add this line and save it : LoadModule http2_module modules/mod_http2.so LogLevel http2:info Protocols h2 h2c http/1.1 OR You can also use this command to create and add the lines automatically : cat > /usr/local/apache/conf.d/http2.conf << EOF LoadModule http2_module modules/mod_http2.so LogLevel http2:info Protocols h2 h2c http/1.1 EOF Restart Apache : service httpd restart you can check http/2 is enabled or not via this site: https://tools.keycdn.com/http2-test If something goes wrong restore the Apache httpd.conf backup : rm -rf /usr/local/apache/conf/httpd.conf cp /usr/local/apache/conf/httpd.conf.bak /usr/local/apache/conf/httpd.conf service httpd restart
February 5, 20241 yr Hi @Sandeep B. Thank you for the tutorial. It works in a newly installed VPS powered by CWPPro. The only issue is: The installed mod_security (CWP admin panel) brakes the httpd.service with HTTP2 protocol and produced the following error lines: What do you suggest? How to handle it? Feb 5 15:17:40 vps apachectl: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup Feb 5 15:17:40 vps systemd: httpd.service: control process exited, code=exited status=1 Feb 5 15:17:40 vps systemd: Failed to start Web server Apache. Feb 5 15:17:40 vps systemd: Unit httpd.service entered failed state.
February 5, 20241 yr Author 3 hours ago, TheHolbi said: Hi @Sandeep B. Thank you for the tutorial. It works in a newly installed VPS powered by CWPPro. The only issue is: The installed mod_security (CWP admin panel) brakes the httpd.service with HTTP2 protocol and produced the following error lines: What do you suggest? How to handle it? Feb 5 15:17:40 vps apachectl: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup Feb 5 15:17:40 vps systemd: httpd.service: control process exited, code=exited status=1 Feb 5 15:17:40 vps systemd: Failed to start Web server Apache. Feb 5 15:17:40 vps systemd: Unit httpd.service entered failed state. will check what is the issue exactly
February 6, 20241 yr OK, thank you. Is there a special reason to use Nghttp2 version 1.42.0, and not the latest, available Nghttp2 v1.59.0 in the tutorial? It is true, the Nghttp2 v1.59.0 dropped the support old OpenSSL (< 1.1.1) but we uses 1.1.1u in the build and it can be good. Edited February 6, 20241 yr by TheHolbi English syntax
February 6, 20241 yr Hi @Sandeep B. The process in the tutorial was tested in an other CWPPro instance of my services. The mod_security was installed on the server before this test. The error appeared after running Goto Apache Settings >> Apache Re-Build >> Select Next : Next delete/replace all with this flags/lines under “Additional configuration” (the config was changed properly) -- then Click on Start Compiler in background. Feb 06 12:55:27 vps.trianity.dev systemd[1]: Stopped Web server Apache. Feb 06 12:55:27 vps.trianity.dev systemd[1]: Unit httpd.service entered failed state. Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service failed. Feb 06 12:55:27 vps.trianity.dev systemd[1]: Starting Web server Apache... Feb 06 12:55:27 vps.trianity.dev apachectl[30361]: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service: control process exited, code=exited status=1 Feb 06 12:55:27 vps.trianity.dev systemd[1]: Failed to start Web server Apache. Feb 06 12:55:27 vps.trianity.dev systemd[1]: Unit httpd.service entered failed state. Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service failed.
February 6, 20241 yr Other data: The HTTP2 installation deletes the mod_security2.so file from the modules folder. And if mod_security is installed again, it will incompatible and won't load.
February 8, 20241 yr On 2/5/2024 at 7:11 PM, Sandeep B. said: will check what is the issue exactly Hi @Sandeep B. do you find any solutions to handle this issue?
February 23, 20241 yr On 2/5/2024 at 7:11 PM, Sandeep B. said: will check what is the issue exactly Hi @Sandeep B. Did you find any solutions to this issue? Kindest regards: TheHolbi
February 26, 20241 yr Any considerations about whether this works with EL7 (CentOS 7.9) or works better with an EL8 release? Obviously CentOS 7 is just about to go fully EOL, so I will be migrating to AlmaLinux in short order. Sandeep, what OS releases have you tested against?
February 27, 20241 yr Author On 2/24/2024 at 12:24 AM, TheHolbi said: Hi @Sandeep B. Did you find any solutions to this issue? Kindest regards: TheHolbi not yet i think the issue is with openssl you can downgrade the version and check
February 27, 20241 yr Author On 2/26/2024 at 7:25 AM, overseer said: Any considerations about whether this works with EL7 (CentOS 7.9) or works better with an EL8 release? Obviously CentOS 7 is just about to go fully EOL, so I will be migrating to AlmaLinux in short order. Sandeep, what OS releases have you tested against? wait for cwp el9 it will be released soon if you want to upgrade you can use centos 8 stream or alamalinux 8
March 8, 20241 yr On 2/27/2024 at 8:19 AM, Sandeep B. said: not yet i think the issue is with openssl you can downgrade the version and check Thank you. I will back soon after tests.
September 11, 2024Sep 11 On 2/27/2024 at 8:20 AM, Sandeep B. said: wait for cwp el9 it will be released soon if you want to upgrade you can use centos 8 stream or alamalinux 8 Hello @Sandeep B. I started to move all my CWP based servers the CWP el9 with AlmaLinux 9.4.x Is there any update to the tutorial described above? The Apache or the NGINX version of HTTP2 recommended by you? Thank you for advance.
September 16, 2024Sep 16 Author On 9/11/2024 at 10:16 PM, TheHolbi said: Hello @Sandeep B. I started to move all my CWP based servers the CWP el9 with AlmaLinux 9.4.x Is there any update to the tutorial described above? The Apache or the NGINX version of HTTP2 recommended by you? Thank you for advance. you can use the same tutorial
Create an account or sign in to comment