Author Topic: [Tutorial] Apache HTTP2 Module  (Read 172 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
[Tutorial] Apache HTTP2 Module
« on: October 12, 2017, 04:42:50 AM »
Hello.
First of all, we need to download & upgrade some apps:

1. OpenSSL (min. 1.0.2 is required to run ANPL)
We will use the latest 1.0.2l version.
Code: [Select]
cd ~
mkdir installers
cd installers
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
tar -zxvf openssl-1.0.2l.tar.gz
cd openssl-1.0.2l
./config shared zlib-dynamic --prefix=/usr/local/ssl
make
make install
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
cd ..

After this you need to add the /usr/local/lib and /usr/local/ssl/lib directories to the LD_LIBRARY_PATH.
Code: [Select]
nano /etc/ld.so.conf.d/http2.conf
/usr/local/lib
/usr/local/ssl/lib
After you save it (Ctrl+X -> Yes), you need to run ldconfig

2. NGHTTP2 (needed for mod_http2)
Code: [Select]
wget https://github.com/nghttp2/nghttp2/releases/download/v1.26.0/nghttp2-1.26.0.tar.gz
tar -zxvf nghttp2-1.26.0.tar.gz
cd nghttp2-1.26.0
export OPENSSL_CFLAGS="-I/usr/local/ssl/include"
export OPENSSL_LIBS="-L/usr/local/ssl/lib -lssl -lcrypto"
./configure
make
make install
cd ..

3. APR
Code: [Select]
wget http://mirrors.whoishostingthis.com/apache/apr/apr-1.6.2.tar.gz
tar -zxvf apr-1.6.2.tar.gz
cd apr-1.6.2
./configure make
make install
cd ..

4. APR-Util
Code: [Select]
wget http://mirrors.whoishostingthis.com/apache/apr/apr-util-1.6.0.tar.gz
tar -zxvf apr-util-1.6.0.tar.gz
cd apr-util-1.6.0
./configure --with-apr=/usr/local/apr
make
make install
cd ..

5. Apache
Because of the existing vulnerabilities in anterior versions, we will use the latest one 2.4.28.
Code: [Select]
wget http://mirrors.whoishostingthis.com/apache/httpd/httpd-2.4.28.tar.gz
tar -zxvf httpd-2.4.28.tar.gz
cd httpd-2.4.28
cp -r ../apr-1.6.2 srclib/apr
cp -r ../apr-util-1.6.0 srclib/apr-util
./configure --enable-so --prefix=/usr/local/apache --with-ssl=/usr/local/ssl --enable-unique-id --enable-ssl=shared --enable-rewrite  --enable-deflate --enable-suexec --with-suexec-docroot="/home" --with-suexec-caller="nobody" --with-suexec-logfile="/usr/local/apache/logs/suexec_log" --enable-asis --enable-filter --with-pcre --with-included-apr  --enable-headers --enable-expires --enable-proxy --enable-rewrite --enable-userdir --enable-http2
make
make install
cd

6. Add and activate the http/2 module
You just have to open the apache config and add this line:
Code: [Select]
LoadModule http2_module modules/mod_http2.so
And finally turn on the http/2 protocol by adding this line to apache config (for all sites) or in ssl vhosts for the sites you want:
Code: [Select]
Protocols h2 http/1.1
Restart Apache with: service httpd restart

Possible Problems:
1. Apache will not start because of the mod_security
If you had mod_security, probably you will have this error when restarting:
Code: [Select]
Starting httpd: httpd: Syntax error on line 509 of /usr/local/apache/conf/httpd.conf: Syntax error on line 5 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup

To repair it, you need to recompile and install the new mod_security:
Code: [Select]
cd ~/installers
wget https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz
tar -zxvf modsecurity-2.9.2.tar.gz
cd modsecurity-2.9.2
./configure --with-apxs=/usr/local/apache/bin/apxs
make
make install
cd

After this, you run service httpd restart and the server should start.

 :)

Offline
*
Re: [Tutorial] Apache HTTP2 Module
« Reply #1 on: October 12, 2017, 12:05:29 PM »
Quic Reply, just to say man you are great and this works fine. Not a single problem was found within this simple tutorial and it works perfectly even on Production VPS using CWP.Pro ;)

Offline
*
Re: [Tutorial] Apache HTTP2 Module
« Reply #2 on: October 16, 2017, 12:16:35 PM »
I have opened /usr/local/apache/conf/httpd.conf
and two lines:

LoadModule http2_module modules/mod_http2.so
Protocols h2 http/1.1

After that while restarting httpd getting below error:

Getting this error:
Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Syntax error on line 501 of /usr/local/apache/conf/httpd.conf: Cannot load modules/mod_http2.so into server: libnghttp2.so.14: cannot open shared object file: No such file or directory
                                                           [FAILED]

Offline
*
Re: [Tutorial] Apache HTTP2 Module
« Reply #3 on: October 16, 2017, 05:28:59 PM »
So, you would need to put this line

LoadModule http2_module modules/mod_http2.so

Right below last LoadModule line in config file so it should look something like this

LoadModule some_module modules/module.so
LoadModule http2_module modules/mod_http2.so

And

Protocols h2 http/1.1

needs to be put before closing of config file

Also did you compiled correctly everything because this kind of error for a first looks like a just minor config file bug, but on second hand it maybe look like a bad compile.
Just for a try do as said for  first thing, then if it fails again notify me so I can give some advices as Sys Admin for couple of medium-big sized hosts with all enabled (finally) HTTP2 with CWP without issue.