Jump to content

CWP Apache Enable HTTP/2 with mod_http2 module - Control Web Panel


Recommended Posts

In this tutorial We’ll install Apache 2.4 and enable HTTP/2 Support in CWP. HTTP/2 will make our applications faster, simpler, and more robust — a rare combination — by allowing us to undo many of the HTTP/1.1 workarounds previously done within our applications and address these concerns within the transport layer itself. Even better, it also opens up a number of entirely new opportunities to optimize our applications and improve performance!

The primary goals for HTTP/2 are to reduce latency by enabling full request and response multiplexing, minimize protocol overhead via efficient compression of HTTP header fields, and add support for request prioritization and server push. To implement these requirements, there is a large supporting cast of other protocol enhancements, such as new flow control, error handling, and upgrade mechanisms, but these are the most important features that every web developer should understand and leverage in their applications.

This tutorial is now old to enable http/2 and TLS1.3 go to New tutorial :

Ensure you already have SSL certs/LE certs installed for your domains HTTP2 will only work with HTTPS

let’s get started
Ensure you’ve root access and ssh access in order to install/upgrade this packages :-

Upgrading OS to latest version :

yum clean all
yum -y update


Upgrading Autoconf :

cd /usr/local/src
rm -rf autoconf-*
wget https://ftp.gnu.org/gnu/autoconf/autoconf-latest.tar.gz
tar zxvf autoconf-latest.tar.gz
cd autoconf-*/
./configure --prefix=/usr
make && make install


Installing openssl :

cd /usr/local/src
rm -rf  openssl*
wget https://www.openssl.org/source/openssl-1.1.1u.tar.gz
tar zxvf openssl-1.1.1u.tar.gz
cd openssl-1.1.1u
./config --prefix=/usr/local/opensslso --openssldir=/usr/local/opensslso zlib shared
make && make install


*Building openssl will take some time

Installing Nghttp2 :
nghttp2 is an implementation of HTTP/2

cd /usr/local/src
rm -rf nghttp2-*
yum install libtool -y
wget https://github.com/nghttp2/nghttp2/releases/download/v1.42.0/nghttp2-1.42.0.tar.gz
tar zxvf nghttp2-1.42.0.tar.gz
cd nghttp2-*/
./configure --prefix=/usr
make && make install


Install APR:

cd /usr/local/src
rm -rf apr*
wget https://archive.apache.org/dist/apr/apr-1.6.5.tar.gz
wget https://archive.apache.org/dist/apr/apr-util-1.6.1.tar.gz
tar -xf apr-1.6.5.tar.gz
tar -xf apr-util-1.6.1.tar.gz
cd /usr/local/src/apr-1.6.5
./configure --prefix=/usr/local/apr1
make
make install
cd /usr/local/src/apr-util-1.6.1
./configure --with-apr=/usr/local/apr1 --prefix=/usr/local/apr-util1
make
make install


Rebuilding Apache with http2 support from CWP GUI :
First backup the httpd.conf

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak


Goto Apache Settings >> Apache Re-Build >> Select Next :


Next delete/replace all with this flags/lines under “Additional configuration” :

./configure 
--enable-so 
--prefix=/usr/local/apache 
--enable-unique-id 
--enable-ssl=/usr/local/opensslso 
--enable-rewrite  
--enable-deflate 
--enable-suexec 
--with-suexec-docroot="/home" 
--with-suexec-caller="nobody" 
--with-suexec-logfile="/usr/local/apache/logs/suexec_log" 
--enable-asis 
--enable-filter 
--with-pcre 
--with-apr=/usr/local/apr1/bin/apr-1-config 
--with-apr-util=/usr/local/apr-util1/bin/apu-1-config 
--enable-headers 
--enable-expires 
--enable-proxy 
--enable-rewrite 
--enable-userdir 
--enable-http2


then Click on Start Compiler in background.


After you built Apache we need to enable HTTP/2 withing Apache config :

nano /usr/local/apache/conf.d/http2.conf


then add this line and save it :

LoadModule http2_module modules/mod_http2.so
LogLevel http2:info
Protocols h2 h2c http/1.1


OR

You can also use this command to create and add the lines automatically :

cat > /usr/local/apache/conf.d/http2.conf << EOF
LoadModule http2_module modules/mod_http2.so
LogLevel http2:info
Protocols h2 h2c http/1.1
EOF


Restart Apache :

service httpd restart


you can check http/2 is enabled or not via this site:

https://tools.keycdn.com/http2-test


If something goes wrong restore the Apache httpd.conf backup :

rm -rf /usr/local/apache/conf/httpd.conf
cp /usr/local/apache/conf/httpd.conf.bak /usr/local/apache/conf/httpd.conf
service httpd restart
Link to comment
Share on other sites

  • Sandeep B. changed the title to CWP Apache Enable HTTP/2 with mod_http2 module - Control Web Panel
  • 7 months later...

Hi @Sandeep B. 
Thank you for the tutorial. It works in a newly installed VPS powered by CWPPro.

The only issue is: The installed mod_security (CWP admin panel) brakes the httpd.service with HTTP2 protocol and produced the following error lines:
What do you suggest? How to handle it?

Feb  5 15:17:40 vps apachectl: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
Feb  5 15:17:40 vps systemd: httpd.service: control process exited, code=exited status=1
Feb  5 15:17:40 vps systemd: Failed to start Web server Apache.
Feb  5 15:17:40 vps systemd: Unit httpd.service entered failed state.
Link to comment
Share on other sites

3 hours ago, TheHolbi said:

Hi @Sandeep B. 
Thank you for the tutorial. It works in a newly installed VPS powered by CWPPro.

The only issue is: The installed mod_security (CWP admin panel) brakes the httpd.service with HTTP2 protocol and produced the following error lines:
What do you suggest? How to handle it?

Feb  5 15:17:40 vps apachectl: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
Feb  5 15:17:40 vps systemd: httpd.service: control process exited, code=exited status=1
Feb  5 15:17:40 vps systemd: Failed to start Web server Apache.
Feb  5 15:17:40 vps systemd: Unit httpd.service entered failed state.

will check what is the issue exactly

Link to comment
Share on other sites

OK, thank you.
Is there a special reason to use Nghttp2 version 1.42.0, and not the latest, available Nghttp2 v1.59.0 in the tutorial?
It is true, the Nghttp2 v1.59.0 dropped the support old OpenSSL (< 1.1.1) but we uses 1.1.1u in the build and it can be good.

Edited by TheHolbi
English syntax
Link to comment
Share on other sites

Hi @Sandeep B. 
The process in the tutorial was tested in an other CWPPro instance of my services. The mod_security was installed on the server before this test.

The error appeared after running Goto Apache Settings >> Apache Re-Build >> Select Next :

Next delete/replace all with this flags/lines under “Additional configuration” (the config was changed properly) -- then Click on Start Compiler in background.

Feb 06 12:55:27 vps.trianity.dev systemd[1]: Stopped Web server Apache.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: Unit httpd.service entered failed state.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service failed.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: Starting Web server Apache...
Feb 06 12:55:27 vps.trianity.dev apachectl[30361]: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service: control process exited, code=exited status=1
Feb 06 12:55:27 vps.trianity.dev systemd[1]: Failed to start Web server Apache.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: Unit httpd.service entered failed state.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service failed.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...