Score:0

Server

Enabled HTTP/2 Support in apache2 v2.4.25 on Debian 9.13 but Tests Show No Support for HTTP/2

hyjinx

1/9/23, 12:26 PM

I am trying to configure HTTP/2 support but something is going wrong

My server is a google compute engine vm running Debian 9.13 (stretch) server version Apache/2.4.25 with SSL certs configured using OpenSSL. When I run openssl version it reports version 1.1.1g. When running phpinfo(); it reports OpenSSL/1.0.2u. PHP version 7.4.11 and phpinfo(); also reports...

SSL_VERSION_INTERFACE  ->  mod_ssl/2.4.25
SSL_VERSION_LIBRARY  ->  OpenSSL/1.0.2u
SSL_PROTOCOL  ->  TLSv1.2

I followed the instructions here to "Enable HTTP/2 module in Apache" and "Enable HTTP/2 in your Apache virtual host" and also here. After doing so, when I run the command apache2ctl -M | grep http2 it returns http2_module (shared) which signals HTTP/2 Support is enabled. But it isn't in production.

Here is the line used in my apache2 virtual hosts configuration file /etc/apache2/sites-available/default-ssl.conf

<VirtualHost _default_:443>
    Protocols h2 h2c http/1.1
    ...

Here is the verbose connection information when using curl -vso http2_debug.log --http2 https://pharealty.com/ command which does successfully download the page.

*   Trying 35.236.101.224...
* TCP_NODELAY set
* Connected to pharealty.com (35.236.101.224) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [109 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4036 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=pharealty.com
*  start date: Jul 10 01:53:04 2021 GMT
*  expire date: Oct  8 01:53:03 2021 GMT
*  subjectAltName: host "pharealty.com" matched cert's "pharealty.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
} [5 bytes data]
> GET / HTTP/1.1
> Host: pharealty.com
> User-Agent: curl/7.52.1
> Accept: */*
>
{ [5 bytes data]
< HTTP/1.1 200 OK
< Date: Wed, 08 Sep 2021 17:20:21 GMT
< Server: Apache
< Upgrade: h2,h2c
< Connection: Upgrade
< Set-Cookie: PHPSESSID=1mv9jqka4n7c7fb6qmtavfsgue; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< X-Pingback: https://pharealty.com/xmlrpc.php
< Link: <https://pharealty.com/wp-json/>; rel="https://api.w.org/"
< Link: <https://pharealty.com/wp-json/wp/v2/pages/48>; rel="alternate"; type="application/json"
< Link: <https://pharealty.com/>; rel=shortlink
< Set-Cookie: phaLandingPage=%2F; expires=Tue, 08-Mar-2022 17:20:21 GMT; Max-Age=15638400; path=/
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8
<
{ [7 bytes data]
* Curl_http_done: called premature == 0
* Connection #0 to host pharealty.com left intact

It looks like it is working perfectly at first then later reverts to HTTP/1.1

As far as I can tell I've got a new enough version of OpenSSL. And although this page that I mentioned previously highly recommends a version of apache higher than 2.4.25, I have been unable to update apache to anything other than 2.4.25.

Do I need to setup a new SSL certificate after making the switch? Is the version of apache what's causing the issues?

I've tested the site on several http/2 test websites and it fails every time.

223

0 + 2

debian

http2

apache2

djdomi

1/9/23, 2:21 PM

Please upgrade urgently your server, Stretch is OOS - did you enabled it in gernally or only on a specific host? default does not mean its working for all in gernally.

djdomi

1/9/23, 2:26 PM

Additional updatE: verify your situation: https://www.howtoforge.com/how-to-enable-http-2-in-apache/

hyjinx

1/9/23, 5:59 PM

@djdomi yeah, I can't believe I haven't upgraded the OS. Managed to keep everything else up to date except that, jeez. I am upgrading to Debain 10 buster. Should I edit the configuration to use the asterisk instead? I can't remember how or why it currently is set to ```_default_```.

djdomi

1/9/23, 6:16 PM

I would first update, then upgrade and also add the protocol header also the the vhost

hyjinx

1/10/23, 7:36 AM

@djdomi after upgrading to Debian 10 buster and following the steps in the link you provided I was able to get everything to work. I was trying to get it work with Debian 10 and PHP 7.4 but I couldn't. Using PHP 7.3 did work because php7.3-fpm is available. But after rolling back to 7.3 from 7.4 I had to install all the PHP extensions again. The commands to disable PHP, enable PHP-FPM, disable mpm_prefork, and enable mpm_event, are what made the difference in finding my solution. If you post your comment as an answer, I'll flag it as the answer and get you the points.

djdomi

1/10/23, 4:34 PM

I did it, please update the question in case you have still an issue, and yes you might have to install required modules for each version of php separately you may want to see [my github site script](https://raw.githubusercontent.com/djdomi/php-install/master/run.sh) to install all common modules

Score:0

Server

djdomi

1/10/23, 10:17 AM

Upgrade to a Supported OS

You used Debian Stretch, which main Support is IMHO already EOL. (End of Life)
The Security-Patches remain available until 2022-06-30.

Change the Apache Handling Module

sudo a2dismod mpm_prefork
sudo a2enmod mpm_event

Enable SSL & http2 Module

sudo a2enmod ssl  
sudo a2enmod http2

Enable http2 support global or via vhost

Add to Apache2.conf:

Protocols h2 http/1.1

Or Edit the vhost and add Protocols h2 http/1.1

<VirtualHost *:443>
  ServerName example.com
  ServerAlias www.example.com
  DocumentRoot /var/www/public_html/example.com
  SSLEngine on
  SSLCertificateKeyFile /path/to/private.pem
  SSLCertificateFile /path/to/cert.pem
  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
  Protocols h2 http/1.1 #add this here
</VirtualHost>

Remind to reload the Apache Server.

sudo systemctl restart apache2

to fetch all php versions you might take a look into my bash script

https://raw.githubusercontent.com/djdomi/php-install/master/run.sh

Reference

Regarding this guide

0 + 0

hyjinx

1/10/23, 9:24 PM

Yep. Updating Debian and then running through the steps again was the trick. I had been using PHP 7.4 but couldn't keep using it because there was no php7.4-fpm module to enable after disabling php7.4. So I reverted to PHP 7.3 and the switch to HTTP/2 was completed. The only thing that remained was to install all the PHP 7.3 extensions I was missing. All test sites are now testing positive for HTTP/2. And mobile page speed score jumped 12 points on Google Page Speed Insights after HTTP/2. Thanks for your help. I can't believe I didn't think to update the OS.

djdomi

1/11/23, 10:40 AM

php7. 4-fpm should be available after running my script, for sure, even I think php8 also

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Enabled HTTP/2 Support in apache2 v2.4.25 on Debian 9.13 but Tests Show No Support for HTTP/2

TH: เปิดใช้งานการรองรับ HTTP/2 ใน apache2 v2.4.25 บน Debian 9.13 แต่การทดสอบไม่รองรับ HTTP/2

RO: Compatibilitate HTTP/2 activată în apache2 v2.4.25 pe Debian 9.13, dar testele arată că nu există suport pentru HTTP/2

RU: Включена поддержка HTTP/2 в apache2 v2.4.25 в Debian 9.13, но тесты не показывают поддержки HTTP/2

VI: Đã bật hỗ trợ HTTP/2 trong apache2 v2.4.25 trên Debian 9.13 nhưng các thử nghiệm cho thấy không có hỗ trợ cho HTTP/2

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.