[Tutorial] Apache HTTP2 Module

Hello.
First of all, we need to download & upgrade some apps:

1. OpenSSL (min. 1.0.2 is required to run ANPL)
We will use the latest 1.0.2l version.

Code: [Select]

cd ~
mkdir installers
cd installers
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
tar -zxvf openssl-1.0.2l.tar.gz
cd openssl-1.0.2l
./config shared zlib-dynamic --prefix=/usr/local/ssl
make
make install
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
cd ..

After this you need to add the /usr/local/lib and /usr/local/ssl/lib directories to the LD_LIBRARY_PATH.

Code: [Select]

nano /etc/ld.so.conf.d/http2.conf
/usr/local/lib
/usr/local/ssl/lib
After you save it (Ctrl+X -> Yes), you need to run ldconfig

2. NGHTTP2 (needed for mod_http2)

Code: [Select]

wget https://github.com/nghttp2/nghttp2/releases/download/v1.26.0/nghttp2-1.26.0.tar.gz
tar -zxvf nghttp2-1.26.0.tar.gz
cd nghttp2-1.26.0
export OPENSSL_CFLAGS="-I/usr/local/ssl/include"
export OPENSSL_LIBS="-L/usr/local/ssl/lib -lssl -lcrypto"
./configure
make
make install
cd ..

3. APR

Code: [Select]

wget http://mirrors.whoishostingthis.com/apache/apr/apr-1.6.2.tar.gz
tar -zxvf apr-1.6.2.tar.gz
cd apr-1.6.2
./configure
make
make install
cd ..

4. APR-Util

Code: [Select]

wget http://mirrors.whoishostingthis.com/apache/apr/apr-util-1.6.0.tar.gz
tar -zxvf apr-util-1.6.0.tar.gz
cd apr-util-1.6.0
./configure --with-apr=/usr/local/apr
make
make install
cd ..

5. Apache
Because of the existing vulnerabilities in anterior versions, we will use the latest one 2.4.28.

Code: [Select]

wget http://mirrors.whoishostingthis.com/apache/httpd/httpd-2.4.28.tar.gz
tar -zxvf httpd-2.4.28.tar.gz
cd httpd-2.4.28
cp -r ../apr-1.6.2 srclib/apr
cp -r ../apr-util-1.6.0 srclib/apr-util
./configure --enable-so --prefix=/usr/local/apache --with-ssl=/usr/local/ssl --enable-unique-id --enable-ssl=shared --enable-rewrite  --enable-deflate --enable-suexec --with-suexec-docroot="/home" --with-suexec-caller="nobody" --with-suexec-logfile="/usr/local/apache/logs/suexec_log" --enable-asis --enable-filter --with-pcre --with-included-apr  --enable-headers --enable-expires --enable-proxy --enable-rewrite --enable-userdir --enable-http2
make
make install
cd

6. Add and activate the http/2 module
You just have to open the apache config and add this line:

Code: [Select]

LoadModule http2_module modules/mod_http2.so
And finally turn on the http/2 protocol by adding this line to apache config (for all sites) or in ssl vhosts for the sites you want:

Code: [Select]

Protocols h2 http/1.1
Restart Apache with: service httpd restart

Possible Problems:
1. Apache will not start because of the mod_security
If you had mod_security, probably you will have this error when restarting:

Code: [Select]

Starting httpd: httpd: Syntax error on line 509 of /usr/local/apache/conf/httpd.conf: Syntax error on line 5 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup

To repair it, you need to recompile and install the new mod_security:

Code: [Select]

cd ~/installers
wget https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz
tar -zxvf modsecurity-2.9.2.tar.gz
cd modsecurity-2.9.2
./configure --with-apxs=/usr/local/apache/bin/apxs
make
make install
cd

After this, you run service httpd restart and the server should start.

 

Quic Reply, just to say man you are great and this works fine. Not a single problem was found within this simple tutorial and it works perfectly even on Production VPS using CWP.Pro

I have opened /usr/local/apache/conf/httpd.conf
and two lines:

LoadModule http2_module modules/mod_http2.so
Protocols h2 http/1.1

After that while restarting httpd getting below error:

Getting this error:
Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Syntax error on line 501 of /usr/local/apache/conf/httpd.conf: Cannot load modules/mod_http2.so into server: libnghttp2.so.14: cannot open shared object file: No such file or directory
                                                           [FAILED]

So, you would need to put this line

LoadModule http2_module modules/mod_http2.so

Right below last LoadModule line in config file so it should look something like this

LoadModule some_module modules/module.so
LoadModule http2_module modules/mod_http2.so

And

Protocols h2 http/1.1

needs to be put before closing of config file

Also did you compiled correctly everything because this kind of error for a first looks like a just minor config file bug, but on second hand it maybe look like a bad compile.
Just for a try do as said for  first thing, then if it fails again notify me so I can give some advices as Sys Admin for couple of medium-big sized hosts with all enabled (finally) HTTP2 with CWP without issue.

Please correct ./configure make in step 3. Make, should be at new line.
Thanks for the great tutorial!!!

Please correct ./configure make in step 3. Make, should be at new line.
Thanks for the great tutorial!!!

corrected

Will http2 in CentOS web panel be configured on by default?

And I have some problem with this tutorial. When I install and restarted httpd service I have this error: httpd: Could not open configuration file /usr/local/apache2/conf/httpd.conf: No such file or directory

Short fix in console:

Code: [Select]

ln -s /usr/local/apache/ /usr/local/apache2

Will http2 in CentOS web panel be configured on by default?

yes soon it can be configured in nginx reverse proxy

Will http2 in CentOS web panel be configured on by default?

yes soon it can be configured in nginx reverse proxy

Cool!

Mihai
Pls, fix version APR, APR-Util and Apache

Mihai
Pls, fix version APR, APR-Util and Apache

what kind of issue do you have with apr, apr-util and apache ?

Thank you for this amazing Tutorial. You should Update your Tutorial to latest Versions.

greets

Mihai
Pls, fix version APR, APR-Util and Apache

what kind of issue do you have with apr, apr-util and apache ?

Problem like this

Use the new versions for APR

Code: [Select]

http://mirrors.whoishostingthis.com/apache/apr/apr-1.6.3.tar.gz and APR-Util

Code: [Select]

http://mirrors.whoishostingthis.com/apache/apr/apr-util-1.6.1.tar.gz.