Well I am left scratching my head, the first vhost now works ok on https using curl as a tester, nghttp seems ok as well, although my output isnt the same as your document. I think you was right that the 302 redirect was breaking it on the http vhost as that still doesnt work but both http and https work on a vhost with no 302. This 3rd party checker still fails tho. https://www.h2check.org/ However I think that checker is duff because it is listed in chrome://net-internals/#http2:) Thanks for your time stefan. Also thanks for your work on getting this into apache. On 16 October 2015 at 11:34, Chris <chrcoluk@xxxxxxxxx> wrote: > Ok stefan I have some good news, it is working on another vhost on > both http and https, this is odd as the server config is the same and > vhost templates match, will post more if I find out why the first > vhost fails. > > Thanks > > On 16 October 2015 at 11:23, Chris <chrcoluk@xxxxxxxxx> wrote: >> some more configure info >> >> # httpd -V >> Server version: Apache/2.4.17 (Unix) >> Server built: Oct 16 2015 08:46:36 >> Server's Module Magic Number: 20120211:51 >> Server loaded: APR 1.5.2, APR-UTIL 1.5.4 >> Compiled using: APR 1.5.2, APR-UTIL 1.5.4 >> Architecture: 64-bit >> Server MPM: event >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled) >> -D APR_USE_FLOCK_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=256 >> -D HTTPD_ROOT="/etc/httpd" >> -D SUEXEC_BIN="/usr/sbin/suexec" >> -D DEFAULT_PIDLOG="/var/logs/httpd.pid" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> >> # httpd -M >> Loaded Modules: >> core_module (static) >> authn_file_module (static) >> authn_dbm_module (static) >> authn_anon_module (static) >> authn_dbd_module (static) >> authn_socache_module (static) >> authn_core_module (static) >> authz_host_module (static) >> authz_groupfile_module (static) >> authz_user_module (static) >> authz_dbm_module (static) >> authz_owner_module (static) >> authz_dbd_module (static) >> authz_core_module (static) >> access_compat_module (static) >> auth_basic_module (static) >> auth_form_module (static) >> auth_digest_module (static) >> allowmethods_module (static) >> file_cache_module (static) >> cache_module (static) >> cache_disk_module (static) >> cache_socache_module (static) >> socache_shmcb_module (static) >> socache_dbm_module (static) >> socache_memcache_module (static) >> so_module (static) >> macro_module (static) >> dbd_module (static) >> dumpio_module (static) >> buffer_module (static) >> ratelimit_module (static) >> reqtimeout_module (static) >> ext_filter_module (static) >> request_module (static) >> include_module (static) >> filter_module (static) >> substitute_module (static) >> sed_module (static) >> deflate_module (static) >> http_module (static) >> mime_module (static) >> http2_module (static) >> log_config_module (static) >> log_debug_module (static) >> logio_module (static) >> env_module (static) >> expires_module (static) >> headers_module (static) >> unique_id_module (static) >> setenvif_module (static) >> version_module (static) >> remoteip_module (static) >> proxy_module (static) >> proxy_connect_module (static) >> proxy_ftp_module (static) >> proxy_http_module (static) >> proxy_fcgi_module (static) >> proxy_scgi_module (static) >> proxy_wstunnel_module (static) >> proxy_ajp_module (static) >> proxy_balancer_module (static) >> proxy_express_module (static) >> session_module (static) >> session_cookie_module (static) >> session_dbd_module (static) >> slotmem_shm_module (static) >> ssl_module (static) >> lbmethod_byrequests_module (static) >> lbmethod_bytraffic_module (static) >> lbmethod_bybusyness_module (static) >> lbmethod_heartbeat_module (static) >> unixd_module (static) >> dav_module (static) >> status_module (static) >> autoindex_module (static) >> info_module (static) >> suexec_module (static) >> cgi_module (static) >> dav_fs_module (static) >> dav_lock_module (static) >> vhost_alias_module (static) >> negotiation_module (static) >> dir_module (static) >> actions_module (static) >> speling_module (static) >> userdir_module (static) >> alias_module (static) >> rewrite_module (static) >> htscanner_module (shared) >> mpm_event_module (shared) >> >> >> >> On 16 October 2015 at 11:07, Chris <chrcoluk@xxxxxxxxx> wrote: >>> Sorry I meant I tried using Protocols h2 not g2 that was a typo. >>> >>> On 16 October 2015 at 10:48, Stefan Eissing >>> <stefan.eissing@xxxxxxxxxxxxx> wrote: >>>> >>>> Chris, >>>> >>>> http://freebsd-admin.com does a 302 redirect to https://freebsd-admin.com >>>> >>>> There is no connection upgrade happening on that. Can be argued that it should. >>>> >>>> On the https side, I see: >>>> * Connected to freebsd-admin.com (78.46.185.201) port 443 (#0) >>>> * ALPN, offering h2 >>>> * ALPN, offering http/1.1 >>>> * Cipher selection: = >>>> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH >>>> * TLSv1.2 (OUT), TLS header, Certificate Status (22): >>>> * TLSv1.2 (OUT), TLS handshake, Client hello (1): >>>> * TLSv1.2 (IN), TLS handshake, Server hello (2): >>>> * TLSv1.2 (IN), TLS handshake, Certificate (11): >>>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12): >>>> * TLSv1.2 (IN), TLS handshake, Server finished (14): >>>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): >>>> * TLSv1.2 (OUT), TLS change cipher, Client hello (1): >>>> * TLSv1.2 (OUT), TLS handshake, Finished (20): >>>> * TLSv1.2 (IN), TLS change cipher, Client hello (1): >>>> * TLSv1.2 (IN), TLS handshake, Finished (20): >>>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 >>>> * ALPN, server accepted to use http/1.1 >>>> >>>> So ALPN is happening, but h2 is not selected. How did you configure this? >>>> >>>>> Anfang der weitergeleiteten Nachricht: >>>>> =20 >>>>> Von: Chris <chrcoluk@xxxxxxxxx> >>>>> Datum: 16. Oktober 2015 um 11:22:57 MESZ >>>>> An: dev@xxxxxxxxxxxxxxxx >>>>> Betreff: Aw: mod_http2 protocols directive broken >>>>> =20 >>>>> Hi Stefan, here is the output of both checks. Note I will confirm also >>>>> curl is compiled with http2 support and will also show curl -V output. >>>>> =20 >>>>> Curl -V >>>>> "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d >>>>> zlib/1.2.8 libidn/1.31 nghttp2/1.3.4 >>>>> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s >>>>> rtsp smb smbs smtp smtps telnet tftp >>>>> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP >>>>> HTTP2 UnixSockets " >>>>> =20 >>>>> Curl http2 test >>>>> "# curl -v --http2 -v http://freebsd-admin.com/ >>>>> * Trying 2a01:4f8:201:5465::4... >>>>> * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0) >>>>>> GET / HTTP/1.1 >>>>>> Host: freebsd-admin.com >>>>>> User-Agent: curl/7.45.0 >>>>>> Accept: */* >>>>>> Connection: Upgrade, HTTP2-Settings >>>>>> Upgrade: h2c >>>>>> HTTP2-Settings: AAMAAABkAAQAAP__ >>>>>> =20 >>>>> < HTTP/1.1 302 Found >>>>> < Date: Fri, 16 Oct 2015 09:19:56 GMT >>>>> < Server: Apache >>>>> < X-Frame-Options: SAMEORIGIN >>>>> < X-Xss-Protection: 1; mode=3Dblock >>>>> < X-Content-Type-Options: nosniff >>>>> < Content-Security-Policy: default-src 'self'; script-src 'self' >>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >>>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>>> < X-Content-Security-Policy: default-src 'self'; script-src 'self' >>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >>>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>>> < Location: https://freebsd-admin.com/ >>>>> < Content-Length: 210 >>>>> < Content-Type: text/html; charset=3Diso-8859-1 >>>>> < >>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>>>> <html><head> >>>>> <title>302 Found</title> >>>>> </head><body> >>>>> <h1>Found</h1> >>>>> <p>The document has moved <a = >>>> href=3D"https://freebsd-admin.com/";>here</a>.</p> >>>>> </body></html> >>>>> * Connection #0 to host freebsd-admin.com left intact" >>>>> =20 >>>>> nghttp2 test >>>>> "# nghttp -uv http://freebsd-admin.com/ >>>>> [ 0.000] Connected >>>>> [ 0.000] HTTP Upgrade request >>>>> GET / HTTP/1.1 >>>>> Host: freebsd-admin.com >>>>> Connection: Upgrade, HTTP2-Settings >>>>> Upgrade: h2c >>>>> HTTP2-Settings: AAMAAABkAAQAAP__ >>>>> Accept: */* >>>>> User-Agent: nghttp2/1.3.4 >>>>> =20 >>>>> =20 >>>>> [ 0.001] HTTP Upgrade response >>>>> HTTP/1.1 302 Found >>>>> Date: Fri, 16 Oct 2015 09:21:42 GMT >>>>> Server: Apache >>>>> X-Frame-Options: SAMEORIGIN >>>>> X-Xss-Protection: 1; mode=3Dblock >>>>> X-Content-Type-Options: nosniff >>>>> Content-Security-Policy: default-src 'self'; script-src 'self' >>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >>>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>>> X-Content-Security-Policy: default-src 'self'; script-src 'self' >>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >>>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>>> Location: https://freebsd-admin.com/ >>>>> Content-Length: 210 >>>>> Content-Type: text/html; charset=3Diso-8859-1 >>>>> =20 >>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>>>> <html><head> >>>>> <title>302 Found</title> >>>>> </head><body> >>>>> <h1>Found</h1> >>>>> <p>The document has moved <a = >>>> href=3D"https://freebsd-admin.com/";>here</a>.</p> >>>>> </body></html> >>>>> =20 >>>>> [ERROR] HTTP Upgrade failed >>>>> Some requests were not processed. total=3D1, processed=3D0" >>>>> =20 >>>>> Finally I also set logging to http2:debug but I dont see anything that >>>>> indicates an error. >>>>> =20 >>>>> "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid >>>>> 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing... >>>>> [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid >>>>> 34410099712] h2_h2.c(72): h2_h2, child_init >>>>> [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid >>>>> 34410099712] h2_switch.c(54): h2_switch init >>>>> [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid >>>>> 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor >>>>> [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid >>>>> 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured >>>>> -- resuming normal operations >>>>> [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid >>>>> 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL' >>>>> [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid >>>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = >>>> mthrpchild=3D32, >>>>> thr_limit=3D64 >>>>> [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid >>>>> 34410099712] h2_workers.c(227): h2_workers: starting >>>>> [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid >>>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = >>>> mthrpchild=3D32, >>>>> thr_limit=3D64 >>>>> [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid >>>>> 34410099712] h2_workers.c(227): h2_workers: starting" >>>>> =20 >>>>> Hope this helps. >>>>> =20 >>>>> On 16 October 2015 at 10:14, Stefan Eissing >>>>> <stefan.eissing@xxxxxxxxxxxxx> wrote: >>>>>> Chris, >>>>>> =20 >>>>>> I wrote some advice at https://icing.github.io/mod_h2/howto.html = >>>> already. >>>>>> =20 >>>>>> There are several checks described. Which one fails for you and how? = >>>> I need >>>>>> the output of the step that differs from the advice. Just a verbal = >>>> description >>>>>> is not enough. Thx. >>>>>> =20 >>>>>> //Stefan >>>>>> =20 >>>>>>> Am 16.10.2015 um 11:00 schrieb Chris <chrcoluk@xxxxxxxxx>: >>>>>>> =20 >>>>>>> Hi guys. >>>>>>> =20 >>>>>>> Was excited to see the module got added to 2.4.17 but I cannot get = >>>> it >>>>>>> to work in my testing following information from this url. >>>>>>> https://icing.github.io/mod_h2/howto.html#http >>>>>>> =20 >>>>>>> So what is confirmed working? >>>>>>> =20 >>>>>>> I compiled apache with the appropriate configure flag. >>>>>>> =20 >>>>>>> I can confirm in the error log the module loads. >>>>>>> =20 >>>>>>> However the protocols directive seems to be ignored, testing with = >>>> both >>>>>>> curl and nghttp2, confirm only http 1.1. is used. I have tried = >>>> using >>>>>>> invalid syntax on the protocols directive to cause an error but the >>>>>>> server starts anyway without error as if it ignores the value, I = >>>> have >>>>>>> tried the value in both the server config and vhost which has no >>>>>>> affect. >>>>>>> =20 >>>>>>> Any ideas? >>>>>>> =20 >>>>>>> I have been testing on both http and https and both stuck on http = >>>> 1.1. >>>>>>> =20 >>>>>>> Chris >>>>>> =20 >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|