yep the redirect is deliberate, its actually a site I only use in https. The server in question has directadmin control panel, which configures the vhosts via templates. I added the protocols line at the start of the vhost so it is right at the start of the vhost container above servername etc. although I did try to move it below servername with no success. The event workers is used php is fpm athough freebsd-admin.com homepage is just a basic html page no php. So as to how configured. I did intially follow your instructions, but the loadmodule line was not needed, as it is compiled in statically. I have the LogLevel http2:debug in the main httpd.conf file. Protocols h2c http/1.1 in the http vhost container and Protocols h2 http/1.1 in the https vhost container Its as if the Protocols line is not been processed and is been ignored. e.g. I tried Protocols g2 (without the http1.1) yet http 1.1 was still working. On 16 October 2015 at 10:48, Stefan Eissing <stefan.eissing@xxxxxxxxxxxxx> wrote: > > Chris, > > http://freebsd-admin.com does a 302 redirect to https://freebsd-admin.com > > There is no connection upgrade happening on that. Can be argued that it should. > > On the https side, I see: > * Connected to freebsd-admin.com (78.46.185.201) port 443 (#0) > * ALPN, offering h2 > * ALPN, offering http/1.1 > * Cipher selection: = > ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > * TLSv1.2 (OUT), TLS header, Certificate Status (22): > * TLSv1.2 (OUT), TLS handshake, Client hello (1): > * TLSv1.2 (IN), TLS handshake, Server hello (2): > * TLSv1.2 (IN), TLS handshake, Certificate (11): > * TLSv1.2 (IN), TLS handshake, Server key exchange (12): > * TLSv1.2 (IN), TLS handshake, Server finished (14): > * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): > * TLSv1.2 (OUT), TLS change cipher, Client hello (1): > * TLSv1.2 (OUT), TLS handshake, Finished (20): > * TLSv1.2 (IN), TLS change cipher, Client hello (1): > * TLSv1.2 (IN), TLS handshake, Finished (20): > * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 > * ALPN, server accepted to use http/1.1 > > So ALPN is happening, but h2 is not selected. How did you configure this? > >> Anfang der weitergeleiteten Nachricht: >> =20 >> Von: Chris <chrcoluk@xxxxxxxxx> >> Datum: 16. Oktober 2015 um 11:22:57 MESZ >> An: dev@xxxxxxxxxxxxxxxx >> Betreff: Aw: mod_http2 protocols directive broken >> =20 >> Hi Stefan, here is the output of both checks. Note I will confirm also >> curl is compiled with http2 support and will also show curl -V output. >> =20 >> Curl -V >> "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d >> zlib/1.2.8 libidn/1.31 nghttp2/1.3.4 >> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s >> rtsp smb smbs smtp smtps telnet tftp >> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP >> HTTP2 UnixSockets " >> =20 >> Curl http2 test >> "# curl -v --http2 -v http://freebsd-admin.com/ >> * Trying 2a01:4f8:201:5465::4... >> * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0) >>> GET / HTTP/1.1 >>> Host: freebsd-admin.com >>> User-Agent: curl/7.45.0 >>> Accept: */* >>> Connection: Upgrade, HTTP2-Settings >>> Upgrade: h2c >>> HTTP2-Settings: AAMAAABkAAQAAP__ >>> =20 >> < HTTP/1.1 302 Found >> < Date: Fri, 16 Oct 2015 09:19:56 GMT >> < Server: Apache >> < X-Frame-Options: SAMEORIGIN >> < X-Xss-Protection: 1; mode=3Dblock >> < X-Content-Type-Options: nosniff >> < Content-Security-Policy: default-src 'self'; script-src 'self' >> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >> 'self' https://*.freebsd-admin.com; img-src 'self' >> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >> https://*.freebsd-admin.com; block-all-mixed-content; >> < X-Content-Security-Policy: default-src 'self'; script-src 'self' >> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >> 'self' https://*.freebsd-admin.com; img-src 'self' >> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >> https://*.freebsd-admin.com; block-all-mixed-content; >> < Location: https://freebsd-admin.com/ >> < Content-Length: 210 >> < Content-Type: text/html; charset=3Diso-8859-1 >> < >> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >> <html><head> >> <title>302 Found</title> >> </head><body> >> <h1>Found</h1> >> <p>The document has moved <a = > href=3D"https://freebsd-admin.com/";>here</a>.</p> >> </body></html> >> * Connection #0 to host freebsd-admin.com left intact" >> =20 >> nghttp2 test >> "# nghttp -uv http://freebsd-admin.com/ >> [ 0.000] Connected >> [ 0.000] HTTP Upgrade request >> GET / HTTP/1.1 >> Host: freebsd-admin.com >> Connection: Upgrade, HTTP2-Settings >> Upgrade: h2c >> HTTP2-Settings: AAMAAABkAAQAAP__ >> Accept: */* >> User-Agent: nghttp2/1.3.4 >> =20 >> =20 >> [ 0.001] HTTP Upgrade response >> HTTP/1.1 302 Found >> Date: Fri, 16 Oct 2015 09:21:42 GMT >> Server: Apache >> X-Frame-Options: SAMEORIGIN >> X-Xss-Protection: 1; mode=3Dblock >> X-Content-Type-Options: nosniff >> Content-Security-Policy: default-src 'self'; script-src 'self' >> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >> 'self' https://*.freebsd-admin.com; img-src 'self' >> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >> https://*.freebsd-admin.com; block-all-mixed-content; >> X-Content-Security-Policy: default-src 'self'; script-src 'self' >> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >> 'self' https://*.freebsd-admin.com; img-src 'self' >> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >> https://*.freebsd-admin.com; block-all-mixed-content; >> Location: https://freebsd-admin.com/ >> Content-Length: 210 >> Content-Type: text/html; charset=3Diso-8859-1 >> =20 >> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >> <html><head> >> <title>302 Found</title> >> </head><body> >> <h1>Found</h1> >> <p>The document has moved <a = > href=3D"https://freebsd-admin.com/";>here</a>.</p> >> </body></html> >> =20 >> [ERROR] HTTP Upgrade failed >> Some requests were not processed. total=3D1, processed=3D0" >> =20 >> Finally I also set logging to http2:debug but I dont see anything that >> indicates an error. >> =20 >> "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid >> 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing... >> [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid >> 34410099712] h2_h2.c(72): h2_h2, child_init >> [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid >> 34410099712] h2_switch.c(54): h2_switch init >> [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid >> 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor >> [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid >> 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured >> -- resuming normal operations >> [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid >> 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL' >> [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid >> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = > mthrpchild=3D32, >> thr_limit=3D64 >> [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid >> 34410099712] h2_workers.c(227): h2_workers: starting >> [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid >> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = > mthrpchild=3D32, >> thr_limit=3D64 >> [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid >> 34410099712] h2_workers.c(227): h2_workers: starting" >> =20 >> Hope this helps. >> =20 >> On 16 October 2015 at 10:14, Stefan Eissing >> <stefan.eissing@xxxxxxxxxxxxx> wrote: >>> Chris, >>> =20 >>> I wrote some advice at https://icing.github.io/mod_h2/howto.html = > already. >>> =20 >>> There are several checks described. Which one fails for you and how? = > I need >>> the output of the step that differs from the advice. Just a verbal = > description >>> is not enough. Thx. >>> =20 >>> //Stefan >>> =20 >>>> Am 16.10.2015 um 11:00 schrieb Chris <chrcoluk@xxxxxxxxx>: >>>> =20 >>>> Hi guys. >>>> =20 >>>> Was excited to see the module got added to 2.4.17 but I cannot get = > it >>>> to work in my testing following information from this url. >>>> https://icing.github.io/mod_h2/howto.html#http >>>> =20 >>>> So what is confirmed working? >>>> =20 >>>> I compiled apache with the appropriate configure flag. >>>> =20 >>>> I can confirm in the error log the module loads. >>>> =20 >>>> However the protocols directive seems to be ignored, testing with = > both >>>> curl and nghttp2, confirm only http 1.1. is used. I have tried = > using >>>> invalid syntax on the protocols directive to cause an error but the >>>> server starts anyway without error as if it ignores the value, I = > have >>>> tried the value in both the server config and vhost which has no >>>> affect. >>>> =20 >>>> Any ideas? >>>> =20 >>>> I have been testing on both http and https and both stuck on http = > 1.1. >>>> =20 >>>> Chris >>> =20 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|