cPanel & WHM Version 80 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
 
This object is in archive! 

mod_h2 - Apache HTTP/2 support -- EasyApache 3

andyf shared this idea 3 years ago
Completed

Please consider adding mod_h2 to EasyApache for Apache 2.4, marked experimental. This will provide HTTP/2 support for testing and planning in advance of stable deployment which is anticipated to happen with the inclusion in forthcoming 2.4 releases.


https://github.com/icing/mod_h2

Best Answer
photo

Hi,

We released EA 3.32.9 on Tuesday which provides the proper make files for mod_http2, and with your custom configurations and compilations, you'll be able to get mod_http2 working.

Note, we at cPanel won't be officially supporting mod_http2 with EA3. This is a custom configuration, and any problems with it working or getting it to work most likely won't be fixed or supported by us.

We have further work in getting it running on EA4, considering it's dependencies and requirements for an upgraded OpenSSL version with proper ALPN support. This is something we'll get working eventually, but there are no plans at this time to start working on it. We want to get EA4 fully stable for 56+ and start working on caching before we look into http2.

Thanks, and enjoy! Please let us know in the forums how it's working for you!

There is a new request specifically for EasyApache 4 support of HTTP2, which can be found here. Definitely go show your support and interest by voting on that request.

Comments (36)

photo
2

This is now in Apache 2.4.17


https://icing.github.io/mod_h2/howto.html

photo
1

Yes but you also need nghttp annnd 2.4.17 got pulled from EA for mod_<other> problems.


I would be great if they supported this via EA.


Directadmin has supported this for a while now

photo
2

Please add support for mod_h2 as it really does speed up the time pages load in.

photo
1

Big +1 for this, or at least a roadmap from cPanel on this :)

photo
2

Hi,


We are planning to add official HTTP2 support in EasyApache 4 here after we can see how it's being implemented and used amongst the industry. I'd love to see ideas for implementation and usage!

photo
1

HTTP2 is fully supported by CloudFlare. They have more than 2 million domains). Do you think a company with 76 data centers in 40 countries / 5 continents and more than 2 million domains plus Google Chrome is not enough to say implemented by the industry?

.. and cPanel don't? Really?

photo
1

HTTP2 only seems to need the h2 module enabling to provide support for it. I would suspect it would be good to provide the ability to turn it on and off if the customer wants, but also allow hosts to choose to control this and override the function in the package features.

photo
2

So with EasyApache4 we can run PHP7 on the latest stable Apache with the mod_h2 module enabled? That would be awesome.


PHP7RC7 is available now: http://news.php.net/php.internals/89196 ;)

photo
1

Getting more requests for HTTP/2 support so it would be nice to see mod_h2 included soon.

photo
2

We really want to start implementing HTTP2, please add the Apache mod_http2 module as soon as possible. It will positively benefit all types of websites in many different ways. Looking forward to WHM / cPanel support!

photo
1

mod_http2 is available in Apache by default since version 2.4.17 (released 2015-10-13)


https://httpd.apache.org/docs/2.4/mod/mod_http2.html


... so when a new stable release will appear this automatically will be supported via Apache.

photo
2

This is pretty much it. When EA3 gets 2.4.18 (hopefully this week or next), http2 support will automatically be there. We don't plan to make any changes to EA3 to make it a one click install, but it's very simple to pass the compile flag via a rawopt and install nghttp2.

photo
1

I don't understand cPanelJacob. Will it automatically be there, or do you have to "pass the compile flag..." ? Also is there anything to configure to get h2 working?

photo
1

Probably you have to customize your EasyApache profile, so select the latest Apache version in step 1 and also make sure that mod_h2 is used.

photo
1

When 2.4.17 was released, many widespread issues were reported, and there was no immediate way to downgrade to 2.4.16, and those affected had to wait until cPanel reverted to 2.4.16. Will there be a safety plan when 2.4.18 is released?

photo
1

I have updated EA3 to have apache 2.4.18 (thanks WHM!).


I then did this search via putty: $find /usr/loca/apache | grep http2

./manual/mod/mod_http2.html

./manual/mod/mod_http2.html.en


I'm not seeing any .so for it. Is there a simple way to setup http/2 now that 2.4.18 is out. I've not ventured out from EasyApache for a long time. This forum seems like the best source of data, so am posting the question here.


I saw the post about "it's very simple to pass the compile flag via a rawopt and install nghttp2.". But I'm hoping for a bit more than that.


I don't see anything in /var/cpanel/easy/apache/rawopts/, but am unsure if that's what's needed by your rawopt comment. Or if it was meant to do a 'yum install nghttp2' to install that.


thank you!

photo
1

I have tested this in Centos 7.1, and this doesn't work, because the provided version of OpenSSL doesn't support ALPN. Without at least OpenSSL 1.0.2e, which contains this commit: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f017a8f9db3a79f3a3406cf8d493ccd346db691


You can compile support into apache and install nghttp2, but it won't work.

photo
1

Jacob,


Congratulations on Apache 2.4.18 release, however I still cannot pass the --enable-http2 parameter to EasyApache3 rawopt. During EasyApache compile, it says:


checking whether to enable mod_http2... no


Even though I can see that the rawopts are read properly before the compilation started. Posted a ticket: 7407869


Note: nghttp2 is already installed.

photo
2

Here's how to get this as far as it can be gotten without a newer TLS provider:


You need to install the nghttp2 headers and files, so if you're on CentOS, yum install libnghttp2-devel, or on debian apt-get install libnghttp2-dev. Now you can build Apache against nghttp2.

Then, add the flag --enable-http2=shared to /var/cpanel/easy/apache/rawopts/Apache2_4 (There's your mistake Boxintense -- you need to specify static or shared)

Trigger the build, the build will succeed.

Add Protocols h2 http/1.1 and/or Protocols h2c http/1.1 to one of your include files, or if it's just for one domain, that domain's include file.

Now, if not for missing the ALPN handshake, it would work. You could manually grab an RPM or a DEB or whatever for the latest version, but you'd then cut yourself off from the spiffy upstream security updates coming through Red Hat or Debian, and that is unacceptable. You could also switch TLS providers to LibreSSL or whatever, and maybe that would work. Probably no security updates. Another thing you could do is manually apply the security updates that come through RHEL or Debian to your own custom build of OpenSSL, rebuilding and reinstalling regularly. You'll need to invest a whole lot of time to this.

photo
1

Jacob once said that moving to h2 would be a piece of cake (even with EA3), but can't find any checkbox for that ;-) I'd expect it to be a checkbox in the Exhaustive Options List of the EA3 profiles.

photo
2

Hi,


As stated before, we're not doing anything with http2 support in EA3. You can pass the needed / required configure options via a rawopt to get it to build.


Currently, there looks to be an issue at the moment where upstream Apache provided a .gitignore, which blocked the MakeFile.in in ./modules/http2 from being synced out. We've talked to them about this, and it seemed to be a 'bug' of sorts. We'll be fixing this here in a bit and will have an update out within the next week or so.

photo
3

Sorry Jacob,


but EA4 is not ready for production. It still display this warning message when I try to upgrade:


  1. This action will install a Technology Preview release of EasyApache4 for cPanel & WHM. This means that you understand the following:

    • Not all features in cPanel & WHM are operational.

    • Not all EasyApache features are included in the Technology Preview.

    • Features and functionality in the release may change over time.

    • We will quickly address severe or critical issues only.

    • Security bounties are not available.

    Do you wish to continue?

Then why are you asking us to upgrade to EA4 to get Http2?

Please include in EA3 since EA4 is not ready to production.

photo
5

Hi,


We never asked anyone to upgrade to EA4 to get http2 support. We stated we're not adding http2 support into EA3, but that's not saying that you can't add it yourself, which we are providing in EA3. We should have a build out this week that allows building of http2 support.


  1. Confirmed with EasyApache v 3.32.9
  2. root@i-000072c8 [/nghttp2]# httpd -v
  3. Server version: Apache/2.4.18 (Unix)
  4. Server built: Jan 11 2016 04:02:16
  5. Cpanel::Easy::Apache v3.32.9 rev9999
  6. root@i-000072c8 [/nghttp2]# httpd -M | grep http2
  7. http2_module (static)
  8. root@i-000072c8 [/nghttp2]# ls -al /home/cpeasyapache/src/httpd-2.4/modules/http2/Makefile*
  9. -rw-r--r-- 1 root root 1127 Jan 11 04:00 /home/cpeasyapache/src/httpd-2.4/modules/http2/Makefile
  10. -rw-r--r-- 1 root root 845 Sep 7 17:37 /home/cpeasyapache/src/httpd-2.4/modules/http2/Makefile.in
  11. root@i-000072c8 [/nghttp2]# cat /var/cpanel/easy/apache/rawopts/Apache2_4
  12. --enable-http2=static
  13. --with-nghttp2=/opt/nghttp2
  14. root@i-000072c8 [/nghttp2]# nghttp -uv http://10.17.17.137
  15. [ 0.003] Connected
  16. [ 0.004] HTTP Upgrade request
  17. GET / HTTP/1.1
  18. Host: 10.17.17.137
  19. Connection: Upgrade, HTTP2-Settings
  20. Upgrade: h2c
  21. HTTP2-Settings: AAMAAABkAAQAAP__
  22. Accept: */*
  23. User-Agent: nghttp2/1.2.1
  24. [ 0.016] HTTP Upgrade response
  25. HTTP/1.1 101 Switching Protocols
  26. Upgrade: h2c
  27. Connection: Upgrade
  28. [ 0.016] HTTP Upgrade success
  29. [ 0.016] recv SETTINGS frame <length=6, flags=0x00, stream_id=0>
  30. (niv=1)
  31. [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
  32. [ 0.016] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
  33. (window_size_increment=2147418112)
  34. [ 0.016] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
  35. (niv=2)

photo
2

Hi,

We released EA 3.32.9 on Tuesday which provides the proper make files for mod_http2, and with your custom configurations and compilations, you'll be able to get mod_http2 working.

Note, we at cPanel won't be officially supporting mod_http2 with EA3. This is a custom configuration, and any problems with it working or getting it to work most likely won't be fixed or supported by us.

We have further work in getting it running on EA4, considering it's dependencies and requirements for an upgraded OpenSSL version with proper ALPN support. This is something we'll get working eventually, but there are no plans at this time to start working on it. We want to get EA4 fully stable for 56+ and start working on caching before we look into http2.

Thanks, and enjoy! Please let us know in the forums how it's working for you!

There is a new request specifically for EasyApache 4 support of HTTP2, which can be found here. Definitely go show your support and interest by voting on that request.

photo
1

Hi Jacob,


i really cannot understand how we can recompile with a custom configuration if apache is compiled by EA3. By shell? By httpd global include?

How?

photo
2

Good morning!


This is done via rawopts. You can tell EA3 to use a custom openssl version, and pass the appropriate config options via rawopts to tell Apache to build http2. A user has posted some small instructions in this request a bit higher that should help get you started on this.


Thanks!

photo
1

Jacob tried with rawopt and did not succeed.


If yuou say is so easy why don't you tell the steps ?

photo
2

Good morning,


This is a highly advanced custom configuration that cPanel is not going to support. We will allow you to customize EA to make this happen, but we're not going to support these changes in any way, including directions on getting it working. This will only cause problems for users who are not familiar with customizing the web stack, and runs a high chance of problems. Thus, we won't be supporting this configuration, nor advising on getting it working.


This isn't to say that someone from the community can't share their steps. If someone would like to do that, throw a post on the forums and link it here!

photo
2

I guess that decision was inevitable considering the dependencies. You'd actually need every distro to provide an ALPN-enabled OpenSSL in order to guarantee this will work. Failing that, CPanel would have to incorporate custom builds of OpenSSL from source into the mix. That would be highly irresponsible, because you could break existing https configs, and cut yourself off from security updates for months at a time. Then there's the Nghttp2 dependency as well.


If my instructions above are not sufficient, I will post more detailed step-by-step instructions, but only if someone can show that they have a TLS provider that does ALPN.

photo
2

I understand there are a lot of technical hurdles, but you would think cPanel as a business would want to be one of the first platforms out there that would support HTTP/2. They could gain market share or at a very minimum make a big splash about their solutions. Everything I understand about HTTP/2, it will be a major advancement in speeding up websites along with other benefits that will help web developers. I wish they could fully understand the importance of this solution. Just my 2-cents.

photo
3

Ohhhhhhhh... THESE IS TALKING!

We want cPanel to be the 1st panel that support natively HTTP/2.

photo
2

Speeding up the web, consistently, making the world a better place for everyone! Directly and indirectly, people will smile!


Now isn't this something that will put joy in your heart, even if it were to be on "old" software and might take a few extra hours of work and maintenance? :D


Go cPanel! Be not only the best, but also the first :D


(also directed at the PHP7 requests)

photo
3

Good morning!

While I understand the importance of http2 in the industry, you must understand that the underlying requirements for HTTP2 are not provided by Operating Systems supported by cPanel & WHM at this time. HTTP2 requires a very high version of OpenSSL that's not being provided by any OS. If we started providing / building our own OpenSSL, this would be a nightmare to cPanel customers and the suite of software as a whole.

Setting up, and even using HTTP2 is a very technical process. If not setup properly, it will cause problems with the web stack and a lot more things. We've already dealt with tickets with customers attempting to setup HTTP2 and failing, and not able to get their system back up and running. This is the type of problems we are trying to avoid. You must be very familiar with how Apache and the entire web stack works in order to set this up and maintain it. It's not for the novice user. This is one of the primary reasons we are not 'officially' supporting HTTP2 in EA3. We'll allow you to still build it, but we're not going to help get it setup, fix it, etc.

photo
2

Hi Jacob,


Now I completely understand! Thanks for sharing the culprit :)


I noticed nghttp2 wasn't included with 3.32.9. Fair warning for others: so I tried to install it myself from Github, failed miserably, build crashed... removing the flags and restoring the previous EA3 build resolved it however :)


I'll wait for EA4 :) Thanks for your efforts!

photo
2

Is there a release date in EA4 for this ?

photo
1

To quote Jacob: "We want to get EA4 fully stable for 56+"

Maybe Jacob can also pin a "best answer" to this topic to keep the status up-to-date.

Comments have been locked on this page!