0

here's the thing I've enabled mod_http2 ( apachectl -M shows : http2_module ) and set this within this vhost

<VirtualHost *:443>
  ServerName s74.fr
  Protocols h2 h2c http/1.1
  H2Direct on
  H2EarlyHints on

Thing is when I run this curl command : I see ALPN offering h2 at the top

But while using a browset or simple website validator, HTTP2 is never used at all ..

Do you guys have any clue on this topic ?

Any remarks, notes, clue, enlightment would be greatly appreciated ;)

curl -v --http2 https://s74.fr

* Connected to s74.fr (91.121.146.195) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:\prog\ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data] ...

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ***ALPN, server accepted to use http/1.1***
* Server certificate:
*  subject: CN=s74.fr
*  start date: Oct 10 08:02:34 2018 GMT
*  expire date: Jan  8 08:02:34 2019 GMT
*  subjectAltName: host "s74.fr" matched cert's "s74.fr"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
} [5 bytes data]
> GET / HTTP/1.1
> Host: s74.fr
> User-Agent: curl/7.53.1
> Accept: */*
>
{ [5 bytes data]
< HTTP/1.1 200 OK
< Date: Fri, 19 Oct 2018 06:32:01 GMT
< Server: Apache/2.4.34 (Debian)
< Upgrade: h2,h2c
< Connection: Upgrade
< Etag: 1539924168
< Last-Modified: Fri, 19 Oct 2018 04:42:48 GMT
< Cache-Control: private
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=utf-8
GAD3R
  • 4,317
  • 1
  • 23
  • 34
Jack
  • 184
  • 1
  • 11
  • Well the issue was definely mpm_prefork I've installed php7.2-fpm along with mpm_worker, and http2 alpn shows up ( as well as the required headers for returning a proper 304 responses ) :) That made my Day ;) – Jack Oct 19 '18 at 15:08
  • Welcome, it is petter to post your answer instead of saying solved in the question. – GAD3R Oct 19 '18 at 19:40
  • 1
    Or accept someone else’s answer is they solved it for you, or at least pushed you in the right direction... – Barry Pollard Oct 20 '18 at 08:48
  • is this okay so ?,mpm_prefork and mod_http2 aren't friendly binded together .. – Jack Oct 21 '18 at 07:57

3 Answers3

3

If you are using mod_prefork then Apache will show an error in the logs on restart.

Can you add the following to your main apache config file:

<IfModule http2_module>
    #Enable HTTP/2 support
    Protocols h2 http/1.1
    LogLevel http2:info
</IfModule>

Then restart. Then provide check the start of the error log to see if it says anything.

It would also be worth running httpd -V (or apachectl -V) to see what the environment is configured for.

Barry Pollard
  • 40,655
  • 7
  • 76
  • 92
  • Sorry but "Enable HTTP/2 support" gives Invalid command 'Enable', anyways that was my http2.conf file allready Server version: Apache/2.4.34 (Debian) Server built: 2018-07-27T19:37:37 – Jack Oct 19 '18 at 12:02
  • 1
    Sorry that should have been commented out. I was more interested about adding the LogLevel and then seeing the output that that put in your error log after restart. – Barry Pollard Oct 19 '18 at 13:10
1

Taken from https://http2.pro/doc/Apache

Ubuntu / Debain Apache web server distributed in default software repositories of Ubuntu and Debian do not include mod_http2 needed to enable HTTP/2 functionality. You will need to add a third-party package source with latest Apache version that also inludes mod_http2.

apt-get install software-properties-common python-software-properties
add-apt-repository ppa:ondrej/apache2
apt-get update

This will install some utilities (if not installed already) that help us add external PPAs. Secondly, we add the ondrej/apache2 PPA which contains the latest Apache2 builds. Third, we update your systems package information.

apt-get install apache2
apachectl -v

This is to upgrade your existing Apache2 version to the latest version. After upgrading, the apachectl -v command will reveal your upgraded Apache version. This will be 2.4.29 or later.

Add HTTP/2 Support

We highly recommend you enable HTTPS support for your web site first. Most web browser simply do not support HTTP/2 over plain text. Besides, there are no excuses to not use HTTPS anymore. HTTP/2 can be enabled site-by-site basis. Locate your web site's Apache virtual host configuration file, and add the following right after the opening tag: Protocols h2 http/1.1

Overall, your configuration file should look something like this:

<VirtualHost *:443>
  Protocols h2 http/1.1
  ServerAdmin you@your-awesome-site.com
  ServerName your-awesome-site.com
  ...
</VirtualHost>

After the changes, don't forget to reload/restart Apache.

apachectl restart

Also, next chance you can get, I'd recommend updating to debian 9.

CecilMerrell aka bringrainfire
  • 704
  • 6
  • 19
  • 1
    But surely if mod_http2 was not enabled then the `H2Direct` and `H2EarlyHints` config the OP included should have shown an error as unrecognised directives? – Barry Pollard Oct 19 '18 at 08:39
  • 1
    It should. You can also use "chrome://net-internals/#http2" while you have the site you want to check is opened in a separate tab. If http2 is working the site will be listed there. – CecilMerrell aka bringrainfire Oct 19 '18 at 09:47
  • 1
    Agreed but Curl output clearly shows its being asked for but not being used. But the upgrade header is there. So mod_http2 is on. So it’s half working. I suspect it’s the worker MPM thing. – Barry Pollard Oct 19 '18 at 11:00
1

Thanks to Barry Pollard comment - at the worker MPM thing, I've realized my server was running MPM_prefork, a latter googling I've realized my setup wasn't complete .. so I've installed and configured php7.2-fpm, disabled modphp, disabled mpm_prefork, then enabled mpm_worker and It worked right away + somehow provided support for getting the right headers in https mode to trigger 304 responses

Jack
  • 184
  • 1
  • 11