After enabling http2 my website doesn't work anymore

Question

I just upgraded apache (on Ubuntu 14.04) from 2.4.7 to 2.4.25, and everything was ok, after that I have enabled http2 module and inserted this in my virtual host:

Protocols h2 http/1.1

After that I've tried to open site in browser and it is just loading and loading.

Here are my SSL settings:

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/*/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/*/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/*/chain.pem

Here is my virtualhost:

DocumentRoot /home/mywebsite
ServerName mywebsite.com

</Directory>


<IfModule mod_php7.c>
        php_admin_flag allow_url_fopen Off
        php_admin_value open_basedir "/home/mywebsite/:/tmp/"
</IfModule>

<IfModule mod_headers.c>
    Header unset ETag
    Header set X-Frame-Options: deny
    Header set X-XSS-Protection: "1; mode=block"
    Header set X-Content-Type-Options: nosniff
    Header set X-WebKit-CSP: "default-src 'self'"
    Header set X-Permitted-Cross-Domain-Policies: "master-only"
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</IfModule>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>

If I try from curl (curl -I hxxps://mywebsite.com) Im getting this:

Upgrade: h2
Connection: Upgrade

Also I have checked logs (access & error), but there is nothing.

Any ideas, why my website doesn't work after enabling http2 protocol?

If I test mywebsite here: https://tools.keycdn.com/http2-test, it says that my site supports HTTP/2.0.

After changing from LogLevel http2:info to LogLevel http2:debug, I'm getting this in my error.log:

[Wed Jan 25 07:40:25.830096 2017] [http2:debug] [pid 5300] h2_session.c(1007): [client 192.168.1.25:43190] AH03200: h2_session(5) created, max_streams=100, stream_mem=65536, workers_limit=6, workers_max=1, push_diary(type=1,N=256)
[Wed Jan 25 07:40:25.830143 2017] [http2:debug] [pid 5300] h2_session.c(1109): [client 192.168.1.25:43190] AH03201: h2_session(5): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
[Wed Jan 25 07:40:25.830153 2017] [http2:debug] [pid 5300] h2_session.c(2073): [client 192.168.1.25:43190] AH03079: h2_session(5): started on mywebsite.com:443
[Wed Jan 25 07:40:25.830166 2017] [http2:debug] [pid 5300] h2_session.c(1742): [client 192.168.1.25:43190] AH03078: h2_session(5): transit [INIT] -- init --> [BUSY]
[Wed Jan 25 07:40:25.830196 2017] [http2:debug] [pid 5300] h2_session.c(661): [client 192.168.1.25:43190] AH03068: h2_session(5): sent FRAME[SETTINGS[length=6, stream=0]], frames=0/0 (r/s)
[Wed Jan 25 07:40:25.830206 2017] [http2:debug] [pid 5300] h2_session.c(661): [client 192.168.1.25:43190] AH03068: h2_session(5): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=0/1 (r/s)
[Wed Jan 25 07:40:25.830248 2017] [http2:debug] [pid 5300] h2_session.c(1742): [client 192.168.1.25:43190] AH03078: h2_session(5): transit [BUSY] -- no io (keepalive) --> [IDLE]
[Wed Jan 25 07:40:25.873960 2017] [http2:debug] [pid 5300] h2_session.c(439): [client 192.168.1.25:43190] AH03066: h2_session(5): recv FRAME[SETTINGS[length=12, stream=0]], frames=0/2 (r/s)
[Wed Jan 25 07:40:25.873992 2017] [http2:debug] [pid 5300] h2_session.c(439): [client 192.168.1.25:43190] AH03066:  h2_stream(5-13): opened
[Wed Jan 25 07:40:25.874084 2017] [http2:debug] [pid 5300] h2_session.c(439): [client 192.168.1.25:43190] AH03066: h2_session(5): recv FRAME[HEADERS[length=331, hend=1, stream=13, eos=1]], frames=7/2 (r/s)




    [Wed Jan 25 08:00:43.593021 2017] [http2:debug] [pid 6637] h2_session.c(439): [client 192.168.1.25:43518] AH03066: h2_session(21): recv FRAME[PING[length=8, ack=0, stream=0]], frames=10/3 (r/s)
[Wed Jan 25 08:00:43.593096 2017] [http2:debug] [pid 6637] h2_session.c(661): [client 192.168.1.25:43518] AH03068: h2_session(21): sent FRAME[PING[length=8, ack=1, stream=0]], frames=11/3 (r/s)

So I presume it works fine in curl and those are additional headings? And does removing h2 from the Protocol section (but leaving mod_http2 enabled) and then bouncing make it work again? Very off that nothing at all in error files. Did you try a full stop and start instead of just a graceful restart? — Barry Pollard, Jan 21 '17 at 14:34
Also I presume you were already on https and this is not just a firewall issue blocking access to port 443 for your browser? — Barry Pollard, Jan 21 '17 at 14:58
Sorry for late response, but yeah I did all of that @BazzaDP, but nothing, still same problem. — user134969, Jan 22 '17 at 05:03
I asked a lot of questions and you didn't answer them at all. Here's another to add to the list: what version of Apache did you upgrade from! — Barry Pollard, Jan 22 '17 at 08:56
If you change this line: "Protocols h2 http/1.1" to this: "Protocols http/1.1" (or alternatively just comment it out completely) and restart Apache does it work? Also you never answered if you had a https site previously or if that was added at same time as http/2? — Barry Pollard, Jan 22 '17 at 19:05
What version of nghttp2 do you have installed? What browsers have you tried? Have you turned up logging on mod_http2? Is there anything sitting in front of Apache (e.g. LoadBalancer)? Are you running any Antivirus that does SSL traffic scanning? What OS is Apache running on? How did you upgrade to 2.4.25 - by downloading a packed install or by compiling from source? Please answer all questions. — Barry Pollard, Jan 23 '17 at 23:52
Can you post both of your VirtualHosts please? And do you use any kind of CMS? — Orphans, Jan 25 '17 at 08:16

Barry Pollard · Answer 1 · 2017-01-24T09:26:05.220

2

You need nghttp to run mod_http2.

You you add the following to your config:

<IfModule http2_module>
    LogLevel http2:info
</IfModule>

And then restart Apache with a full stop and start not just a graceful restart. In the error log you should see details like this:

[Wed Jan 04 18:12:07.003271 2016] [http2:info] [pid 12345:tid 123456789012345] mod_http2 (v1.8.3, nghttp2 1.18.0), initializing...
[Wed Jan 04 18:12:07.004910 2016] [mpm_event:notice] [pid 12345:tid 123456789012345] AH00489: Apache/2.4.25 (Unix) OpenSSL/1.0.2j configured -- resuming normal operations

Please add your version of above to your question.

Can you see the requests coming into the access logs? Is it HTTP/1.1 or HTTP/2 there?

Also I presume you enabled the http2 module?

a2enmod http2

Can you start Apache manually and see if you get any errors by running the following as root?:

/etc/init.d/apache2 restart

edited Jan 24 '17 at 09:26

answered Jan 24 '17 at 08:00

Barry Pollard

4,591
15
26

Is Apache even running? Run a "ps -ef | grep apache" to confirm. – Barry Pollard Jan 24 '17 at 08:28
So you see log files for those? Can you add the Logging info at the server level instead of the vhost level and see if that shows in the main error log? – Barry Pollard Jan 24 '17 at 09:20
Ok so it is loading mod_http2 so that's good news. So must be something in your config for that site. I note you are using a * in they key, cert and chain config. That doesn't look correct as could match many files. Can you try with actual filenames? – Barry Pollard Jan 24 '17 at 12:46
You've got me real curious here... Can you raise the LogLevel of http2 to debug instead of info? – Barry Pollard Jan 24 '17 at 20:22
I'm really stumped. It's saying the client (i.e. the web browser) closed the connection. I've just fired up a clean Ubuntu install and updated as per here: https://www.dadcomputerclub.com/ubuntu-14-04-3-apache-http-2-web-server-setup/ (ignoring the PHP stuff) and couldn't repeat the issue. So am stumped to be honest. All I can suggest is trying the same form a clean server. Let us know if you figure it out. – Barry Pollard Jan 26 '17 at 21:18

After enabling http2 my website doesn't work anymore

1 Answers1