mod_h2 - Apache HTTP/2 support -- EasyApache 3

HTTP2 is fully supported by CloudFlare. They have more than 2 million domains). Do you think a company with 76 data centers in 40 countries / 5 continents and more than 2 million domains plus Google Chrome is not enough to say implemented by the industry?

.. and cPanel don't? Really?

This is pretty much it. When EA3 gets 2.4.18 (hopefully this week or next), http2 support will automatically be there. We don't plan to make any changes to EA3 to make it a one click install, but it's very simple to pass the compile flag via a rawopt and install nghttp2.

I don't understand cPanelJacob. Will it automatically be there, or do you have to "pass the compile flag..." ? Also is there anything to configure to get h2 working?

Probably you have to customize your EasyApache profile, so select the latest Apache version in step 1 and also make sure that mod_h2 is used.

When 2.4.17 was released, many widespread issues were reported, and there was no immediate way to downgrade to 2.4.16, and those affected had to wait until cPanel reverted to 2.4.16. Will there be a safety plan when 2.4.18 is released?

I have updated EA3 to have apache 2.4.18 (thanks WHM!).

I then did this search via putty: $find /usr/loca/apache | grep http2

./manual/mod/mod_http2.html

./manual/mod/mod_http2.html.en

I'm not seeing any .so for it. Is there a simple way to setup http/2 now that 2.4.18 is out. I've not ventured out from EasyApache for a long time. This forum seems like the best source of data, so am posting the question here.

I saw the post about "it's very simple to pass the compile flag via a rawopt and install nghttp2.". But I'm hoping for a bit more than that.

I don't see anything in /var/cpanel/easy/apache/rawopts/, but am unsure if that's what's needed by your rawopt comment. Or if it was meant to do a 'yum install nghttp2' to install that.

thank you!

Jacob once said that moving to h2 would be a piece of cake (even with EA3), but can't find any checkbox for that ;-) I'd expect it to be a checkbox in the Exhaustive Options List of the EA3 profiles.

Hi,

As stated before, we're not doing anything with http2 support in EA3. You can pass the needed / required configure options via a rawopt to get it to build.

Currently, there looks to be an issue at the moment where upstream Apache provided a .gitignore, which blocked the MakeFile.in in ./modules/http2 from being synced out. We've talked to them about this, and it seemed to be a 'bug' of sorts. We'll be fixing this here in a bit and will have an update out within the next week or so.

Sorry Jacob,

but EA4 is not ready for production. It still display this warning message when I try to upgrade:

1. This action will install a Technology Preview release of EasyApache4 for cPanel & WHM. This means that you understand the following:

   • Not all features in cPanel & WHM are operational.

   • Not all EasyApache features are included in the Technology Preview.

   • Features and functionality in the release may change over time.

   • We will quickly address severe or critical issues only.

   • Security bounties are not available.

   Do you wish to continue?

Then why are you asking us to upgrade to EA4 to get Http2?

Please include in EA3 since EA4 is not ready to production.

Hi,

We never asked anyone to upgrade to EA4 to get http2 support. We stated we're not adding http2 support into EA3, but that's not saying that you can't add it yourself, which we are providing in EA3. We should have a build out this week that allows building of http2 support.

1. Confirmed with EasyApache v 3.32.9
3. root@i-000072c8 [/nghttp2]# httpd -v
4. Server version: Apache/2.4.18 (Unix)
5. Server built: Jan 11 2016 04:02:16
6. Cpanel::Easy::Apache v3.32.9 rev9999
7. root@i-000072c8 [/nghttp2]# httpd -M | grep http2
8. http2_module (static)
9. root@i-000072c8 [/nghttp2]# ls -al /home/cpeasyapache/src/httpd-2.4/modules/http2/Makefile*
10. -rw-r--r-- 1 root root 1127 Jan 11 04:00 /home/cpeasyapache/src/httpd-2.4/modules/http2/Makefile
11. -rw-r--r-- 1 root root 845 Sep 7 17:37 /home/cpeasyapache/src/httpd-2.4/modules/http2/Makefile.in
12. root@i-000072c8 [/nghttp2]# cat /var/cpanel/easy/apache/rawopts/Apache2_4
13. --enable-http2=static
14. --with-nghttp2=/opt/nghttp2
15. root@i-000072c8 [/nghttp2]# nghttp -uv http://10.17.17.137
16. [ 0.003] Connected
17. [ 0.004] HTTP Upgrade request
18. GET / HTTP/1.1
19. Host: 10.17.17.137
20. Connection: Upgrade, HTTP2-Settings
21. Upgrade: h2c
22. HTTP2-Settings: AAMAAABkAAQAAP__
23. Accept: */*
24. User-Agent: nghttp2/1.2.1
27. [ 0.016] HTTP Upgrade response
28. HTTP/1.1 101 Switching Protocols
29. Upgrade: h2c
30. Connection: Upgrade
33. [ 0.016] HTTP Upgrade success
34. [ 0.016] recv SETTINGS frame <length=6, flags=0x00, stream_id=0>
35. (niv=1)
36. [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
37. [ 0.016] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
38. (window_size_increment=2147418112)
39. [ 0.016] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
40. (niv=2)

Hi Jacob,

i really cannot understand how we can recompile with a custom configuration if apache is compiled by EA3. By shell? By httpd global include?

How?

Good morning!

This is done via rawopts. You can tell EA3 to use a custom openssl version, and pass the appropriate config options via rawopts to tell Apache to build http2. A user has posted some small instructions in this request a bit higher that should help get you started on this.

Thanks!

Jacob tried with rawopt and did not succeed.

If yuou say is so easy why don't you tell the steps ?

Good morning,

This is a highly advanced custom configuration that cPanel is not going to support. We will allow you to customize EA to make this happen, but we're not going to support these changes in any way, including directions on getting it working. This will only cause problems for users who are not familiar with customizing the web stack, and runs a high chance of problems. Thus, we won't be supporting this configuration, nor advising on getting it working.

This isn't to say that someone from the community can't share their steps. If someone would like to do that, throw a post on the forums and link it here!

I guess that decision was inevitable considering the dependencies. You'd actually need every distro to provide an ALPN-enabled OpenSSL in order to guarantee this will work. Failing that, CPanel would have to incorporate custom builds of OpenSSL from source into the mix. That would be highly irresponsible, because you could break existing https configs, and cut yourself off from security updates for months at a time. Then there's the Nghttp2 dependency as well.

If my instructions above are not sufficient, I will post more detailed step-by-step instructions, but only if someone can show that they have a TLS provider that does ALPN.

I understand there are a lot of technical hurdles, but you would think cPanel as a business would want to be one of the first platforms out there that would support HTTP/2. They could gain market share or at a very minimum make a big splash about their solutions. Everything I understand about HTTP/2, it will be a major advancement in speeding up websites along with other benefits that will help web developers. I wish they could fully understand the importance of this solution. Just my 2-cents.

Ohhhhhhhh... THESE IS TALKING!

We want cPanel to be the 1st panel that support natively HTTP/2.

Speeding up the web, consistently, making the world a better place for everyone! Directly and indirectly, people will smile!

Now isn't this something that will put joy in your heart, even if it were to be on "old" software and might take a few extra hours of work and maintenance? :D

Go cPanel! Be not only the best, but also the first :D

(also directed at the PHP7 requests)

Good morning!

While I understand the importance of http2 in the industry, you must understand that the underlying requirements for HTTP2 are not provided by Operating Systems supported by cPanel & WHM at this time. HTTP2 requires a very high version of OpenSSL that's not being provided by any OS. If we started providing / building our own OpenSSL, this would be a nightmare to cPanel customers and the suite of software as a whole.

Setting up, and even using HTTP2 is a very technical process. If not setup properly, it will cause problems with the web stack and a lot more things. We've already dealt with tickets with customers attempting to setup HTTP2 and failing, and not able to get their system back up and running. This is the type of problems we are trying to avoid. You must be very familiar with how Apache and the entire web stack works in order to set this up and maintain it. It's not for the novice user. This is one of the primary reasons we are not 'officially' supporting HTTP2 in EA3. We'll allow you to still build it, but we're not going to help get it setup, fix it, etc.

Hi Jacob,

Now I completely understand! Thanks for sharing the culprit :)

I noticed nghttp2 wasn't included with 3.32.9. Fair warning for others: so I tried to install it myself from Github, failed miserably, build crashed... removing the flags and restoring the previous EA3 build resolved it however :)

I'll wait for EA4 :) Thanks for your efforts!

Is there a release date in EA4 for this ?

To quote Jacob: "We want to get EA4 fully stable for 56+"

Maybe Jacob can also pin a "best answer" to this topic to keep the status up-to-date.