CWP Apache Enable HTTP/2 with mod_http2 module - Control Web Panel

[Sandeep B.]

In this tutorial We’ll install Apache 2.4 and enable HTTP/2 Support in CWP. HTTP/2 will make our applications faster, simpler, and more robust — a rare combination — by allowing us to undo many of the HTTP/1.1 workarounds previously done within our applications and address these concerns within the transport layer itself. Even better, it also opens up a number of entirely new opportunities to optimize our applications and improve performance!

The primary goals for HTTP/2 are to reduce latency by enabling full request and response multiplexing, minimize protocol overhead via efficient compression of HTTP header fields, and add support for request prioritization and server push. To implement these requirements, there is a large supporting cast of other protocol enhancements, such as new flow control, error handling, and upgrade mechanisms, but these are the most important features that every web developer should understand and leverage in their applications.

This tutorial is now old to enable http/2 and TLS1.3 go to New tutorial :

Ensure you already have SSL certs/LE certs installed for your domains HTTP2 will only work with HTTPS

let’s get started
Ensure you’ve root access and ssh access in order to install/upgrade this packages :-

Upgrading OS to latest version :

yum clean all
yum -y update

Upgrading Autoconf :

cd /usr/local/src
rm -rf autoconf-*
wget https://ftp.gnu.org/gnu/autoconf/autoconf-latest.tar.gz
tar zxvf autoconf-latest.tar.gz
cd autoconf-*/
./configure --prefix=/usr
make && make install

Installing openssl :

cd /usr/local/src
rm -rf  openssl*
wget https://www.openssl.org/source/openssl-1.1.1u.tar.gz
tar zxvf openssl-1.1.1u.tar.gz
cd openssl-1.1.1u
./config --prefix=/usr/local/opensslso --openssldir=/usr/local/opensslso zlib shared
make && make install

*Building openssl will take some time

Installing Nghttp2 :
nghttp2 is an implementation of HTTP/2

cd /usr/local/src
rm -rf nghttp2-*
yum install libtool -y
wget https://github.com/nghttp2/nghttp2/releases/download/v1.42.0/nghttp2-1.42.0.tar.gz
tar zxvf nghttp2-1.42.0.tar.gz
cd nghttp2-*/
./configure --prefix=/usr
make && make install

Install APR:

cd /usr/local/src
rm -rf apr*
wget https://archive.apache.org/dist/apr/apr-1.6.5.tar.gz
wget https://archive.apache.org/dist/apr/apr-util-1.6.1.tar.gz
tar -xf apr-1.6.5.tar.gz
tar -xf apr-util-1.6.1.tar.gz
cd /usr/local/src/apr-1.6.5
./configure --prefix=/usr/local/apr1
make
make install
cd /usr/local/src/apr-util-1.6.1
./configure --with-apr=/usr/local/apr1 --prefix=/usr/local/apr-util1
make
make install

Rebuilding Apache with http2 support from CWP GUI :
First backup the httpd.conf

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak

Goto Apache Settings >> Apache Re-Build >> Select Next :

Next delete/replace all with this flags/lines under “Additional configuration” :

./configure 
--enable-so 
--prefix=/usr/local/apache 
--enable-unique-id 
--enable-ssl=/usr/local/opensslso 
--enable-rewrite  
--enable-deflate 
--enable-suexec 
--with-suexec-docroot="/home" 
--with-suexec-caller="nobody" 
--with-suexec-logfile="/usr/local/apache/logs/suexec_log" 
--enable-asis 
--enable-filter 
--with-pcre 
--with-apr=/usr/local/apr1/bin/apr-1-config 
--with-apr-util=/usr/local/apr-util1/bin/apu-1-config 
--enable-headers 
--enable-expires 
--enable-proxy 
--enable-rewrite 
--enable-userdir 
--enable-http2

then Click on Start Compiler in background.

After you built Apache we need to enable HTTP/2 withing Apache config :

nano /usr/local/apache/conf.d/http2.conf

then add this line and save it :

LoadModule http2_module modules/mod_http2.so
LogLevel http2:info
Protocols h2 h2c http/1.1

OR

You can also use this command to create and add the lines automatically :

cat > /usr/local/apache/conf.d/http2.conf << EOF
LoadModule http2_module modules/mod_http2.so
LogLevel http2:info
Protocols h2 h2c http/1.1
EOF

Restart Apache :

service httpd restart

you can check http/2 is enabled or not via this site:

https://tools.keycdn.com/http2-test

If something goes wrong restore the Apache httpd.conf backup :

rm -rf /usr/local/apache/conf/httpd.conf
cp /usr/local/apache/conf/httpd.conf.bak /usr/local/apache/conf/httpd.conf
service httpd restart

[TheHolbi]

Hi @Sandeep B. 
Thank you for the tutorial. It works in a newly installed VPS powered by CWPPro.

The only issue is: The installed mod_security (CWP admin panel) brakes the httpd.service with HTTP2 protocol and produced the following error lines:
What do you suggest? How to handle it?

Feb  5 15:17:40 vps apachectl: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
Feb  5 15:17:40 vps systemd: httpd.service: control process exited, code=exited status=1
Feb  5 15:17:40 vps systemd: Failed to start Web server Apache.
Feb  5 15:17:40 vps systemd: Unit httpd.service entered failed state.

[Sandeep B.]

3 hours ago, TheHolbi said:

Hi @Sandeep B. 
Thank you for the tutorial. It works in a newly installed VPS powered by CWPPro.

The only issue is: The installed mod_security (CWP admin panel) brakes the httpd.service with HTTP2 protocol and produced the following error lines:
What do you suggest? How to handle it?

Feb  5 15:17:40 vps apachectl: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
Feb  5 15:17:40 vps systemd: httpd.service: control process exited, code=exited status=1
Feb  5 15:17:40 vps systemd: Failed to start Web server Apache.
Feb  5 15:17:40 vps systemd: Unit httpd.service entered failed state.

will check what is the issue exactly

[TheHolbi]

OK, thank you.
Is there a special reason to use Nghttp2 version 1.42.0, and not the latest, available Nghttp2 v1.59.0 in the tutorial?
It is true, the Nghttp2 v1.59.0 dropped the support old OpenSSL (< 1.1.1) but we uses 1.1.1u in the build and it can be good.

Edited February 6 by TheHolbi
English syntax

[TheHolbi]

Hi @Sandeep B. 
The process in the tutorial was tested in an other CWPPro instance of my services. The mod_security was installed on the server before this test.

The error appeared after running Goto Apache Settings >> Apache Re-Build >> Select Next :

Next delete/replace all with this flags/lines under “Additional configuration” (the config was changed properly) -- then Click on Start Compiler in background.

Feb 06 12:55:27 vps.trianity.dev systemd[1]: Stopped Web server Apache.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: Unit httpd.service entered failed state.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service failed.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: Starting Web server Apache...
Feb 06 12:55:27 vps.trianity.dev apachectl[30361]: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service: control process exited, code=exited status=1
Feb 06 12:55:27 vps.trianity.dev systemd[1]: Failed to start Web server Apache.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: Unit httpd.service entered failed state.
Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service failed.

[TheHolbi]

Other data: The HTTP2 installation deletes the mod_security2.so file from the modules folder. And if mod_security is installed again, it will incompatible and won't load.

[TheHolbi]

On 2/5/2024 at 7:11 PM, Sandeep B. said:

will check what is the issue exactly

Hi @Sandeep B. do you find any solutions to handle this issue?

[TheHolbi]

On 2/5/2024 at 7:11 PM, Sandeep B. said:

will check what is the issue exactly

Hi @Sandeep B. Did you find any solutions to this issue?
Kindest regards:
TheHolbi

[overseer]

Any considerations about whether this works with EL7 (CentOS 7.9) or works better with an EL8 release? Obviously CentOS 7 is just about to go fully EOL, so I will be migrating to AlmaLinux in short order. Sandeep, what OS releases have you tested against?

[Sandeep B.]

On 2/24/2024 at 12:24 AM, TheHolbi said:

Hi @Sandeep B. Did you find any solutions to this issue?
Kindest regards:
TheHolbi

not yet i think the issue is with openssl you can downgrade the version and check 

[Sandeep B.]

On 2/26/2024 at 7:25 AM, overseer said:

Any considerations about whether this works with EL7 (CentOS 7.9) or works better with an EL8 release? Obviously CentOS 7 is just about to go fully EOL, so I will be migrating to AlmaLinux in short order. Sandeep, what OS releases have you tested against?

wait for cwp el9 it will be released soon if you want to upgrade you can use centos 8 stream or alamalinux 8

[TheHolbi]

On 2/27/2024 at 8:19 AM, Sandeep B. said:

not yet i think the issue is with openssl you can downgrade the version and check 

Thank you. I will back soon after tests.