Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

I tried to enable HTTP/2 (http2) but failed?

https://forum.vestacp.com/viewtopic.php?f=11&t=12732

Page 1 of 2

I tried to enable HTTP/2 (http2) but failed?

Posted: Mon Sep 26, 2016 11:45 am
by baijianpeng
Recently I completely re-installed my VPS (centOS 7) with VestaCP the latest version, v0.9.8-16.

It seems that the NginX installed by this version of VestaCP already supports http2:

Code: Select all

[root web]# nginx -V
nginx version: nginx/1.10.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
You can see that there is "--with-http_v2_module" string.

Then I installed SSL certificate, and I can visit my website via HTTPS protocol. Please test it:

https://www.joomlagate.com/

Then I added http2 to the "listen" directive of nginx configuration file:

file name: /home/<vestausername>/conf/web/snginx.conf

listen directive:

Code: Select all

listen      120.27.137.71:443 ssl http2;
Then I restarted NginX with this command:

Code: Select all

# systemctl restart nginx

NginX restarted successfully, but when I check my webpage with Chrome browser development tool, there is no http2 or h2 in the "protocol" column.

Why? Did I missed something?

Or, does this mean that nginx v1.10.1 has a bug?

Thank you.

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Mon Sep 26, 2016 12:49 pm
by skurudo
baijianpeng wrote: NginX restarted successfully, but when I check my webpage with Chrome browser development tool, there is no http2 or h2 in the "protocol" column.Why? Did I missed something?
Online service https://tools.keycdn.com/http2-test say with http2 on your site all good.
I think your Chrome tool fail test. Try to write about this to author ;-)

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Mon Sep 26, 2016 1:45 pm
by mehargags
Chrome stopped NPN support and ALPN is not yet supported so that may be the problem.

Support without ALPN is still broken for full http/2 so alot of DETECTORs will report wrong.

Check here:

https://spdycheck.org/#joomlagate.com
or
https://tools.keycdn.com/http2-test

ALPN Warning is OK... we are all waiting for it

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Mon Sep 26, 2016 2:02 pm
by baijianpeng
I searched , it seems that openssl 1.0.2h has ALPN support.

That is very bad that centOS still has not upgrade to openssl 1.0.2 now.

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Mon Sep 26, 2016 2:18 pm
by skurudo
baijianpeng wrote: That is very bad that centOS still has not upgrade to openssl 1.0.2 now.
Sad, may be you can write a letter to mainteiners or in their maillist?

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Mon Sep 26, 2016 2:32 pm
by baijianpeng
I don't know how to contact them. Do you have any email address or google group address or forum address of the maintainers?

Thank you.

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Mon Sep 26, 2016 2:35 pm
by skurudo
baijianpeng wrote:I don't know how to contact them. Do you have any email address or google group address or forum address of the maintainers?
Oldschool guys uses mailist ;-)
https://lists.centos.org/mailman/listinfo/centos

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Mon Sep 26, 2016 2:40 pm
by baijianpeng
Great!

I have submitted my subscription request to that list.

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Wed Sep 28, 2016 12:49 pm
by baijianpeng
I can't wait for RedHat team to upgrade openssl. So today I recompiled my nginx with openssl 1.0.2j on my server, just following this tutorial:

viewtopic.php?f=20&t=12522&p=50885#p49618

Now my website has http/2 support!

Re: I tried to enable HTTP/2 (http2) but failed?

Posted: Thu Sep 29, 2016 5:39 pm
by mehargags
baijianpeng wrote:I can't wait for RedHat team to upgrade openssl. So today I recompiled my nginx with openssl 1.0.2j on my server, just following this tutorial:

viewtopic.php?f=20&t=12522&p=50885#p49618

Now my website has http/2 support!
Congratulations...
the only downside to this is... you can't YUM UPDATE this pkg now and if the other libraries get updated, it can break your nginx!
so just be careful with the updates
All times are UTC
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/