some more configure info # httpd -V Server version: Apache/2.4.17 (Unix) Server built: Oct 16 2015 08:46:36 Server's Module Magic Number: 20120211:51 Server loaded: APR 1.5.2, APR-UTIL 1.5.4 Compiled using: APR 1.5.2, APR-UTIL 1.5.4 Architecture: 64-bit Server MPM: event threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled) -D APR_USE_FLOCK_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="/var/logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" # httpd -M Loaded Modules: core_module (static) authn_file_module (static) authn_dbm_module (static) authn_anon_module (static) authn_dbd_module (static) authn_socache_module (static) authn_core_module (static) authz_host_module (static) authz_groupfile_module (static) authz_user_module (static) authz_dbm_module (static) authz_owner_module (static) authz_dbd_module (static) authz_core_module (static) access_compat_module (static) auth_basic_module (static) auth_form_module (static) auth_digest_module (static) allowmethods_module (static) file_cache_module (static) cache_module (static) cache_disk_module (static) cache_socache_module (static) socache_shmcb_module (static) socache_dbm_module (static) socache_memcache_module (static) so_module (static) macro_module (static) dbd_module (static) dumpio_module (static) buffer_module (static) ratelimit_module (static) reqtimeout_module (static) ext_filter_module (static) request_module (static) include_module (static) filter_module (static) substitute_module (static) sed_module (static) deflate_module (static) http_module (static) mime_module (static) http2_module (static) log_config_module (static) log_debug_module (static) logio_module (static) env_module (static) expires_module (static) headers_module (static) unique_id_module (static) setenvif_module (static) version_module (static) remoteip_module (static) proxy_module (static) proxy_connect_module (static) proxy_ftp_module (static) proxy_http_module (static) proxy_fcgi_module (static) proxy_scgi_module (static) proxy_wstunnel_module (static) proxy_ajp_module (static) proxy_balancer_module (static) proxy_express_module (static) session_module (static) session_cookie_module (static) session_dbd_module (static) slotmem_shm_module (static) ssl_module (static) lbmethod_byrequests_module (static) lbmethod_bytraffic_module (static) lbmethod_bybusyness_module (static) lbmethod_heartbeat_module (static) unixd_module (static) dav_module (static) status_module (static) autoindex_module (static) info_module (static) suexec_module (static) cgi_module (static) dav_fs_module (static) dav_lock_module (static) vhost_alias_module (static) negotiation_module (static) dir_module (static) actions_module (static) speling_module (static) userdir_module (static) alias_module (static) rewrite_module (static) htscanner_module (shared) mpm_event_module (shared) On 16 October 2015 at 11:07, Chris <chrcoluk@xxxxxxxxx> wrote: > Sorry I meant I tried using Protocols h2 not g2 that was a typo. > > On 16 October 2015 at 10:48, Stefan Eissing > <stefan.eissing@xxxxxxxxxxxxx> wrote: >> >> Chris, >> >> http://freebsd-admin.com does a 302 redirect to https://freebsd-admin.com >> >> There is no connection upgrade happening on that. Can be argued that it should. >> >> On the https side, I see: >> * Connected to freebsd-admin.com (78.46.185.201) port 443 (#0) >> * ALPN, offering h2 >> * ALPN, offering http/1.1 >> * Cipher selection: = >> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH >> * TLSv1.2 (OUT), TLS header, Certificate Status (22): >> * TLSv1.2 (OUT), TLS handshake, Client hello (1): >> * TLSv1.2 (IN), TLS handshake, Server hello (2): >> * TLSv1.2 (IN), TLS handshake, Certificate (11): >> * TLSv1.2 (IN), TLS handshake, Server key exchange (12): >> * TLSv1.2 (IN), TLS handshake, Server finished (14): >> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): >> * TLSv1.2 (OUT), TLS change cipher, Client hello (1): >> * TLSv1.2 (OUT), TLS handshake, Finished (20): >> * TLSv1.2 (IN), TLS change cipher, Client hello (1): >> * TLSv1.2 (IN), TLS handshake, Finished (20): >> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 >> * ALPN, server accepted to use http/1.1 >> >> So ALPN is happening, but h2 is not selected. How did you configure this? >> >>> Anfang der weitergeleiteten Nachricht: >>> =20 >>> Von: Chris <chrcoluk@xxxxxxxxx> >>> Datum: 16. Oktober 2015 um 11:22:57 MESZ >>> An: dev@xxxxxxxxxxxxxxxx >>> Betreff: Aw: mod_http2 protocols directive broken >>> =20 >>> Hi Stefan, here is the output of both checks. Note I will confirm also >>> curl is compiled with http2 support and will also show curl -V output. >>> =20 >>> Curl -V >>> "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d >>> zlib/1.2.8 libidn/1.31 nghttp2/1.3.4 >>> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s >>> rtsp smb smbs smtp smtps telnet tftp >>> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP >>> HTTP2 UnixSockets " >>> =20 >>> Curl http2 test >>> "# curl -v --http2 -v http://freebsd-admin.com/ >>> * Trying 2a01:4f8:201:5465::4... >>> * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0) >>>> GET / HTTP/1.1 >>>> Host: freebsd-admin.com >>>> User-Agent: curl/7.45.0 >>>> Accept: */* >>>> Connection: Upgrade, HTTP2-Settings >>>> Upgrade: h2c >>>> HTTP2-Settings: AAMAAABkAAQAAP__ >>>> =20 >>> < HTTP/1.1 302 Found >>> < Date: Fri, 16 Oct 2015 09:19:56 GMT >>> < Server: Apache >>> < X-Frame-Options: SAMEORIGIN >>> < X-Xss-Protection: 1; mode=3Dblock >>> < X-Content-Type-Options: nosniff >>> < Content-Security-Policy: default-src 'self'; script-src 'self' >>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>> 'self' https://*.freebsd-admin.com; img-src 'self' >>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >>> https://*.freebsd-admin.com; block-all-mixed-content; >>> < X-Content-Security-Policy: default-src 'self'; script-src 'self' >>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>> 'self' https://*.freebsd-admin.com; img-src 'self' >>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >>> https://*.freebsd-admin.com; block-all-mixed-content; >>> < Location: https://freebsd-admin.com/ >>> < Content-Length: 210 >>> < Content-Type: text/html; charset=3Diso-8859-1 >>> < >>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>> <html><head> >>> <title>302 Found</title> >>> </head><body> >>> <h1>Found</h1> >>> <p>The document has moved <a = >> href=3D"https://freebsd-admin.com/">here</a>.</p> >>> </body></html> >>> * Connection #0 to host freebsd-admin.com left intact" >>> =20 >>> nghttp2 test >>> "# nghttp -uv http://freebsd-admin.com/ >>> [ 0.000] Connected >>> [ 0.000] HTTP Upgrade request >>> GET / HTTP/1.1 >>> Host: freebsd-admin.com >>> Connection: Upgrade, HTTP2-Settings >>> Upgrade: h2c >>> HTTP2-Settings: AAMAAABkAAQAAP__ >>> Accept: */* >>> User-Agent: nghttp2/1.3.4 >>> =20 >>> =20 >>> [ 0.001] HTTP Upgrade response >>> HTTP/1.1 302 Found >>> Date: Fri, 16 Oct 2015 09:21:42 GMT >>> Server: Apache >>> X-Frame-Options: SAMEORIGIN >>> X-Xss-Protection: 1; mode=3Dblock >>> X-Content-Type-Options: nosniff >>> Content-Security-Policy: default-src 'self'; script-src 'self' >>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>> 'self' https://*.freebsd-admin.com; img-src 'self' >>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >>> https://*.freebsd-admin.com; block-all-mixed-content; >>> X-Content-Security-Policy: default-src 'self'; script-src 'self' >>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>> 'self' https://*.freebsd-admin.com; img-src 'self' >>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >>> https://*.freebsd-admin.com; block-all-mixed-content; >>> Location: https://freebsd-admin.com/ >>> Content-Length: 210 >>> Content-Type: text/html; charset=3Diso-8859-1 >>> =20 >>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>> <html><head> >>> <title>302 Found</title> >>> </head><body> >>> <h1>Found</h1> >>> <p>The document has moved <a = >> href=3D"https://freebsd-admin.com/">here</a>.</p> >>> </body></html> >>> =20 >>> [ERROR] HTTP Upgrade failed >>> Some requests were not processed. total=3D1, processed=3D0" >>> =20 >>> Finally I also set logging to http2:debug but I dont see anything that >>> indicates an error. >>> =20 >>> "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid >>> 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing... >>> [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid >>> 34410099712] h2_h2.c(72): h2_h2, child_init >>> [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid >>> 34410099712] h2_switch.c(54): h2_switch init >>> [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid >>> 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor >>> [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid >>> 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured >>> -- resuming normal operations >>> [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid >>> 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL' >>> [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid >>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = >> mthrpchild=3D32, >>> thr_limit=3D64 >>> [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid >>> 34410099712] h2_workers.c(227): h2_workers: starting >>> [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid >>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = >> mthrpchild=3D32, >>> thr_limit=3D64 >>> [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid >>> 34410099712] h2_workers.c(227): h2_workers: starting" >>> =20 >>> Hope this helps. >>> =20 >>> On 16 October 2015 at 10:14, Stefan Eissing >>> <stefan.eissing@xxxxxxxxxxxxx> wrote: >>>> Chris, >>>> =20 >>>> I wrote some advice at https://icing.github.io/mod_h2/howto.html = >> already. >>>> =20 >>>> There are several checks described. Which one fails for you and how? = >> I need >>>> the output of the step that differs from the advice. Just a verbal = >> description >>>> is not enough. Thx. >>>> =20 >>>> //Stefan >>>> =20 >>>>> Am 16.10.2015 um 11:00 schrieb Chris <chrcoluk@xxxxxxxxx>: >>>>> =20 >>>>> Hi guys. >>>>> =20 >>>>> Was excited to see the module got added to 2.4.17 but I cannot get = >> it >>>>> to work in my testing following information from this url. >>>>> https://icing.github.io/mod_h2/howto.html#http >>>>> =20 >>>>> So what is confirmed working? >>>>> =20 >>>>> I compiled apache with the appropriate configure flag. >>>>> =20 >>>>> I can confirm in the error log the module loads. >>>>> =20 >>>>> However the protocols directive seems to be ignored, testing with = >> both >>>>> curl and nghttp2, confirm only http 1.1. is used. I have tried = >> using >>>>> invalid syntax on the protocols directive to cause an error but the >>>>> server starts anyway without error as if it ignores the value, I = >> have >>>>> tried the value in both the server config and vhost which has no >>>>> affect. >>>>> =20 >>>>> Any ideas? >>>>> =20 >>>>> I have been testing on both http and https and both stuck on http = >> 1.1. >>>>> =20 >>>>> Chris >>>> =20 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx