Ok stefan I have some good news, it is working on another vhost on both http and https, this is odd as the server config is the same and vhost templates match, will post more if I find out why the first vhost fails. Thanks On 16 October 2015 at 11:23, Chris <chrcoluk@xxxxxxxxx> wrote: > some more configure info > > # httpd -V > Server version: Apache/2.4.17 (Unix) > Server built: Oct 16 2015 08:46:36 > Server's Module Magic Number: 20120211:51 > Server loaded: APR 1.5.2, APR-UTIL 1.5.4 > Compiled using: APR 1.5.2, APR-UTIL 1.5.4 > Architecture: 64-bit > Server MPM: event > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled) > -D APR_USE_FLOCK_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=256 > -D HTTPD_ROOT="/etc/httpd" > -D SUEXEC_BIN="/usr/sbin/suexec" > -D DEFAULT_PIDLOG="/var/logs/httpd.pid" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > > # httpd -M > Loaded Modules: > core_module (static) > authn_file_module (static) > authn_dbm_module (static) > authn_anon_module (static) > authn_dbd_module (static) > authn_socache_module (static) > authn_core_module (static) > authz_host_module (static) > authz_groupfile_module (static) > authz_user_module (static) > authz_dbm_module (static) > authz_owner_module (static) > authz_dbd_module (static) > authz_core_module (static) > access_compat_module (static) > auth_basic_module (static) > auth_form_module (static) > auth_digest_module (static) > allowmethods_module (static) > file_cache_module (static) > cache_module (static) > cache_disk_module (static) > cache_socache_module (static) > socache_shmcb_module (static) > socache_dbm_module (static) > socache_memcache_module (static) > so_module (static) > macro_module (static) > dbd_module (static) > dumpio_module (static) > buffer_module (static) > ratelimit_module (static) > reqtimeout_module (static) > ext_filter_module (static) > request_module (static) > include_module (static) > filter_module (static) > substitute_module (static) > sed_module (static) > deflate_module (static) > http_module (static) > mime_module (static) > http2_module (static) > log_config_module (static) > log_debug_module (static) > logio_module (static) > env_module (static) > expires_module (static) > headers_module (static) > unique_id_module (static) > setenvif_module (static) > version_module (static) > remoteip_module (static) > proxy_module (static) > proxy_connect_module (static) > proxy_ftp_module (static) > proxy_http_module (static) > proxy_fcgi_module (static) > proxy_scgi_module (static) > proxy_wstunnel_module (static) > proxy_ajp_module (static) > proxy_balancer_module (static) > proxy_express_module (static) > session_module (static) > session_cookie_module (static) > session_dbd_module (static) > slotmem_shm_module (static) > ssl_module (static) > lbmethod_byrequests_module (static) > lbmethod_bytraffic_module (static) > lbmethod_bybusyness_module (static) > lbmethod_heartbeat_module (static) > unixd_module (static) > dav_module (static) > status_module (static) > autoindex_module (static) > info_module (static) > suexec_module (static) > cgi_module (static) > dav_fs_module (static) > dav_lock_module (static) > vhost_alias_module (static) > negotiation_module (static) > dir_module (static) > actions_module (static) > speling_module (static) > userdir_module (static) > alias_module (static) > rewrite_module (static) > htscanner_module (shared) > mpm_event_module (shared) > > > > On 16 October 2015 at 11:07, Chris <chrcoluk@xxxxxxxxx> wrote: >> Sorry I meant I tried using Protocols h2 not g2 that was a typo. >> >> On 16 October 2015 at 10:48, Stefan Eissing >> <stefan.eissing@xxxxxxxxxxxxx> wrote: >>> >>> Chris, >>> >>> http://freebsd-admin.com does a 302 redirect to https://freebsd-admin.com >>> >>> There is no connection upgrade happening on that. Can be argued that it should. >>> >>> On the https side, I see: >>> * Connected to freebsd-admin.com (78.46.185.201) port 443 (#0) >>> * ALPN, offering h2 >>> * ALPN, offering http/1.1 >>> * Cipher selection: = >>> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH >>> * TLSv1.2 (OUT), TLS header, Certificate Status (22): >>> * TLSv1.2 (OUT), TLS handshake, Client hello (1): >>> * TLSv1.2 (IN), TLS handshake, Server hello (2): >>> * TLSv1.2 (IN), TLS handshake, Certificate (11): >>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12): >>> * TLSv1.2 (IN), TLS handshake, Server finished (14): >>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): >>> * TLSv1.2 (OUT), TLS change cipher, Client hello (1): >>> * TLSv1.2 (OUT), TLS handshake, Finished (20): >>> * TLSv1.2 (IN), TLS change cipher, Client hello (1): >>> * TLSv1.2 (IN), TLS handshake, Finished (20): >>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 >>> * ALPN, server accepted to use http/1.1 >>> >>> So ALPN is happening, but h2 is not selected. How did you configure this? >>> >>>> Anfang der weitergeleiteten Nachricht: >>>> =20 >>>> Von: Chris <chrcoluk@xxxxxxxxx> >>>> Datum: 16. Oktober 2015 um 11:22:57 MESZ >>>> An: dev@xxxxxxxxxxxxxxxx >>>> Betreff: Aw: mod_http2 protocols directive broken >>>> =20 >>>> Hi Stefan, here is the output of both checks. Note I will confirm also >>>> curl is compiled with http2 support and will also show curl -V output. >>>> =20 >>>> Curl -V >>>> "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d >>>> zlib/1.2.8 libidn/1.31 nghttp2/1.3.4 >>>> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s >>>> rtsp smb smbs smtp smtps telnet tftp >>>> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP >>>> HTTP2 UnixSockets " >>>> =20 >>>> Curl http2 test >>>> "# curl -v --http2 -v http://freebsd-admin.com/ >>>> * Trying 2a01:4f8:201:5465::4... >>>> * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0) >>>>> GET / HTTP/1.1 >>>>> Host: freebsd-admin.com >>>>> User-Agent: curl/7.45.0 >>>>> Accept: */* >>>>> Connection: Upgrade, HTTP2-Settings >>>>> Upgrade: h2c >>>>> HTTP2-Settings: AAMAAABkAAQAAP__ >>>>> =20 >>>> < HTTP/1.1 302 Found >>>> < Date: Fri, 16 Oct 2015 09:19:56 GMT >>>> < Server: Apache >>>> < X-Frame-Options: SAMEORIGIN >>>> < X-Xss-Protection: 1; mode=3Dblock >>>> < X-Content-Type-Options: nosniff >>>> < Content-Security-Policy: default-src 'self'; script-src 'self' >>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>> < X-Content-Security-Policy: default-src 'self'; script-src 'self' >>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>> < Location: https://freebsd-admin.com/ >>>> < Content-Length: 210 >>>> < Content-Type: text/html; charset=3Diso-8859-1 >>>> < >>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>>> <html><head> >>>> <title>302 Found</title> >>>> </head><body> >>>> <h1>Found</h1> >>>> <p>The document has moved <a = >>> href=3D"https://freebsd-admin.com/";>here</a>.</p> >>>> </body></html> >>>> * Connection #0 to host freebsd-admin.com left intact" >>>> =20 >>>> nghttp2 test >>>> "# nghttp -uv http://freebsd-admin.com/ >>>> [ 0.000] Connected >>>> [ 0.000] HTTP Upgrade request >>>> GET / HTTP/1.1 >>>> Host: freebsd-admin.com >>>> Connection: Upgrade, HTTP2-Settings >>>> Upgrade: h2c >>>> HTTP2-Settings: AAMAAABkAAQAAP__ >>>> Accept: */* >>>> User-Agent: nghttp2/1.3.4 >>>> =20 >>>> =20 >>>> [ 0.001] HTTP Upgrade response >>>> HTTP/1.1 302 Found >>>> Date: Fri, 16 Oct 2015 09:21:42 GMT >>>> Server: Apache >>>> X-Frame-Options: SAMEORIGIN >>>> X-Xss-Protection: 1; mode=3Dblock >>>> X-Content-Type-Options: nosniff >>>> Content-Security-Policy: default-src 'self'; script-src 'self' >>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>> X-Content-Security-Policy: default-src 'self'; script-src 'self' >>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>> Location: https://freebsd-admin.com/ >>>> Content-Length: 210 >>>> Content-Type: text/html; charset=3Diso-8859-1 >>>> =20 >>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>>> <html><head> >>>> <title>302 Found</title> >>>> </head><body> >>>> <h1>Found</h1> >>>> <p>The document has moved <a = >>> href=3D"https://freebsd-admin.com/";>here</a>.</p> >>>> </body></html> >>>> =20 >>>> [ERROR] HTTP Upgrade failed >>>> Some requests were not processed. total=3D1, processed=3D0" >>>> =20 >>>> Finally I also set logging to http2:debug but I dont see anything that >>>> indicates an error. >>>> =20 >>>> "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid >>>> 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing... >>>> [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid >>>> 34410099712] h2_h2.c(72): h2_h2, child_init >>>> [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid >>>> 34410099712] h2_switch.c(54): h2_switch init >>>> [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid >>>> 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor >>>> [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid >>>> 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured >>>> -- resuming normal operations >>>> [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid >>>> 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL' >>>> [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid >>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = >>> mthrpchild=3D32, >>>> thr_limit=3D64 >>>> [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid >>>> 34410099712] h2_workers.c(227): h2_workers: starting >>>> [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid >>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = >>> mthrpchild=3D32, >>>> thr_limit=3D64 >>>> [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid >>>> 34410099712] h2_workers.c(227): h2_workers: starting" >>>> =20 >>>> Hope this helps. >>>> =20 >>>> On 16 October 2015 at 10:14, Stefan Eissing >>>> <stefan.eissing@xxxxxxxxxxxxx> wrote: >>>>> Chris, >>>>> =20 >>>>> I wrote some advice at https://icing.github.io/mod_h2/howto.html = >>> already. >>>>> =20 >>>>> There are several checks described. Which one fails for you and how? = >>> I need >>>>> the output of the step that differs from the advice. Just a verbal = >>> description >>>>> is not enough. Thx. >>>>> =20 >>>>> //Stefan >>>>> =20 >>>>>> Am 16.10.2015 um 11:00 schrieb Chris <chrcoluk@xxxxxxxxx>: >>>>>> =20 >>>>>> Hi guys. >>>>>> =20 >>>>>> Was excited to see the module got added to 2.4.17 but I cannot get = >>> it >>>>>> to work in my testing following information from this url. >>>>>> https://icing.github.io/mod_h2/howto.html#http >>>>>> =20 >>>>>> So what is confirmed working? >>>>>> =20 >>>>>> I compiled apache with the appropriate configure flag. >>>>>> =20 >>>>>> I can confirm in the error log the module loads. >>>>>> =20 >>>>>> However the protocols directive seems to be ignored, testing with = >>> both >>>>>> curl and nghttp2, confirm only http 1.1. is used. I have tried = >>> using >>>>>> invalid syntax on the protocols directive to cause an error but the >>>>>> server starts anyway without error as if it ignores the value, I = >>> have >>>>>> tried the value in both the server config and vhost which has no >>>>>> affect. >>>>>> =20 >>>>>> Any ideas? >>>>>> =20 >>>>>> I have been testing on both http and https and both stuck on http = >>> 1.1. >>>>>> =20 >>>>>> Chris >>>>> =20 >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|