Thanks! Yeah, h2check.org is not working properly, it has not been updated for some time. I'll add a line about 302 h2c upgrades not working in the howto... > Am 16.10.2015 um 13:02 schrieb Chris <chrcoluk@xxxxxxxxx>: > > Well I am left scratching my head, the first vhost now works ok on > https using curl as a tester, nghttp seems ok as well, although my > output isnt the same as your document. > > I think you was right that the 302 redirect was breaking it on the > http vhost as that still doesnt work but both http and https work on a > vhost with no 302. > > This 3rd party checker still fails tho. > > https://www.h2check.org/ > > However I think that checker is duff because it is listed in > chrome://net-internals/#http2:) > > Thanks for your time stefan. Also thanks for your work on getting > this into apache. > > On 16 October 2015 at 11:34, Chris <chrcoluk@xxxxxxxxx> wrote: >> Ok stefan I have some good news, it is working on another vhost on >> both http and https, this is odd as the server config is the same and >> vhost templates match, will post more if I find out why the first >> vhost fails. >> >> Thanks >> >> On 16 October 2015 at 11:23, Chris <chrcoluk@xxxxxxxxx> wrote: >>> some more configure info >>> >>> # httpd -V >>> Server version: Apache/2.4.17 (Unix) >>> Server built: Oct 16 2015 08:46:36 >>> Server's Module Magic Number: 20120211:51 >>> Server loaded: APR 1.5.2, APR-UTIL 1.5.4 >>> Compiled using: APR 1.5.2, APR-UTIL 1.5.4 >>> Architecture: 64-bit >>> Server MPM: event >>> threaded: yes (fixed thread count) >>> forked: yes (variable process count) >>> Server compiled with.... >>> -D APR_HAS_SENDFILE >>> -D APR_HAS_MMAP >>> -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled) >>> -D APR_USE_FLOCK_SERIALIZE >>> -D APR_USE_PTHREAD_SERIALIZE >>> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >>> -D APR_HAS_OTHER_CHILD >>> -D AP_HAVE_RELIABLE_PIPED_LOGS >>> -D DYNAMIC_MODULE_LIMIT=256 >>> -D HTTPD_ROOT="/etc/httpd" >>> -D SUEXEC_BIN="/usr/sbin/suexec" >>> -D DEFAULT_PIDLOG="/var/logs/httpd.pid" >>> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >>> -D DEFAULT_ERRORLOG="logs/error_log" >>> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >>> -D SERVER_CONFIG_FILE="conf/httpd.conf" >>> >>> # httpd -M >>> Loaded Modules: >>> core_module (static) >>> authn_file_module (static) >>> authn_dbm_module (static) >>> authn_anon_module (static) >>> authn_dbd_module (static) >>> authn_socache_module (static) >>> authn_core_module (static) >>> authz_host_module (static) >>> authz_groupfile_module (static) >>> authz_user_module (static) >>> authz_dbm_module (static) >>> authz_owner_module (static) >>> authz_dbd_module (static) >>> authz_core_module (static) >>> access_compat_module (static) >>> auth_basic_module (static) >>> auth_form_module (static) >>> auth_digest_module (static) >>> allowmethods_module (static) >>> file_cache_module (static) >>> cache_module (static) >>> cache_disk_module (static) >>> cache_socache_module (static) >>> socache_shmcb_module (static) >>> socache_dbm_module (static) >>> socache_memcache_module (static) >>> so_module (static) >>> macro_module (static) >>> dbd_module (static) >>> dumpio_module (static) >>> buffer_module (static) >>> ratelimit_module (static) >>> reqtimeout_module (static) >>> ext_filter_module (static) >>> request_module (static) >>> include_module (static) >>> filter_module (static) >>> substitute_module (static) >>> sed_module (static) >>> deflate_module (static) >>> http_module (static) >>> mime_module (static) >>> http2_module (static) >>> log_config_module (static) >>> log_debug_module (static) >>> logio_module (static) >>> env_module (static) >>> expires_module (static) >>> headers_module (static) >>> unique_id_module (static) >>> setenvif_module (static) >>> version_module (static) >>> remoteip_module (static) >>> proxy_module (static) >>> proxy_connect_module (static) >>> proxy_ftp_module (static) >>> proxy_http_module (static) >>> proxy_fcgi_module (static) >>> proxy_scgi_module (static) >>> proxy_wstunnel_module (static) >>> proxy_ajp_module (static) >>> proxy_balancer_module (static) >>> proxy_express_module (static) >>> session_module (static) >>> session_cookie_module (static) >>> session_dbd_module (static) >>> slotmem_shm_module (static) >>> ssl_module (static) >>> lbmethod_byrequests_module (static) >>> lbmethod_bytraffic_module (static) >>> lbmethod_bybusyness_module (static) >>> lbmethod_heartbeat_module (static) >>> unixd_module (static) >>> dav_module (static) >>> status_module (static) >>> autoindex_module (static) >>> info_module (static) >>> suexec_module (static) >>> cgi_module (static) >>> dav_fs_module (static) >>> dav_lock_module (static) >>> vhost_alias_module (static) >>> negotiation_module (static) >>> dir_module (static) >>> actions_module (static) >>> speling_module (static) >>> userdir_module (static) >>> alias_module (static) >>> rewrite_module (static) >>> htscanner_module (shared) >>> mpm_event_module (shared) >>> >>> >>> >>> On 16 October 2015 at 11:07, Chris <chrcoluk@xxxxxxxxx> wrote: >>>> Sorry I meant I tried using Protocols h2 not g2 that was a typo. >>>> >>>> On 16 October 2015 at 10:48, Stefan Eissing >>>> <stefan.eissing@xxxxxxxxxxxxx> wrote: >>>>> >>>>> Chris, >>>>> >>>>> http://freebsd-admin.com does a 302 redirect to https://freebsd-admin.com >>>>> >>>>> There is no connection upgrade happening on that. Can be argued that it should. >>>>> >>>>> On the https side, I see: >>>>> * Connected to freebsd-admin.com (78.46.185.201) port 443 (#0) >>>>> * ALPN, offering h2 >>>>> * ALPN, offering http/1.1 >>>>> * Cipher selection: = >>>>> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH >>>>> * TLSv1.2 (OUT), TLS header, Certificate Status (22): >>>>> * TLSv1.2 (OUT), TLS handshake, Client hello (1): >>>>> * TLSv1.2 (IN), TLS handshake, Server hello (2): >>>>> * TLSv1.2 (IN), TLS handshake, Certificate (11): >>>>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12): >>>>> * TLSv1.2 (IN), TLS handshake, Server finished (14): >>>>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): >>>>> * TLSv1.2 (OUT), TLS change cipher, Client hello (1): >>>>> * TLSv1.2 (OUT), TLS handshake, Finished (20): >>>>> * TLSv1.2 (IN), TLS change cipher, Client hello (1): >>>>> * TLSv1.2 (IN), TLS handshake, Finished (20): >>>>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 >>>>> * ALPN, server accepted to use http/1.1 >>>>> >>>>> So ALPN is happening, but h2 is not selected. How did you configure this? >>>>> >>>>>> Anfang der weitergeleiteten Nachricht: >>>>>> =20 >>>>>> Von: Chris <chrcoluk@xxxxxxxxx> >>>>>> Datum: 16. Oktober 2015 um 11:22:57 MESZ >>>>>> An: dev@xxxxxxxxxxxxxxxx >>>>>> Betreff: Aw: mod_http2 protocols directive broken >>>>>> =20 >>>>>> Hi Stefan, here is the output of both checks. Note I will confirm also >>>>>> curl is compiled with http2 support and will also show curl -V output. >>>>>> =20 >>>>>> Curl -V >>>>>> "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d >>>>>> zlib/1.2.8 libidn/1.31 nghttp2/1.3.4 >>>>>> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s >>>>>> rtsp smb smbs smtp smtps telnet tftp >>>>>> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP >>>>>> HTTP2 UnixSockets " >>>>>> =20 >>>>>> Curl http2 test >>>>>> "# curl -v --http2 -v http://freebsd-admin.com/ >>>>>> * Trying 2a01:4f8:201:5465::4... >>>>>> * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0) >>>>>>> GET / HTTP/1.1 >>>>>>> Host: freebsd-admin.com >>>>>>> User-Agent: curl/7.45.0 >>>>>>> Accept: */* >>>>>>> Connection: Upgrade, HTTP2-Settings >>>>>>> Upgrade: h2c >>>>>>> HTTP2-Settings: AAMAAABkAAQAAP__ >>>>>>> =20 >>>>>> < HTTP/1.1 302 Found >>>>>> < Date: Fri, 16 Oct 2015 09:19:56 GMT >>>>>> < Server: Apache >>>>>> < X-Frame-Options: SAMEORIGIN >>>>>> < X-Xss-Protection: 1; mode=3Dblock >>>>>> < X-Content-Type-Options: nosniff >>>>>> < Content-Security-Policy: default-src 'self'; script-src 'self' >>>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >>>>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>>>> < X-Content-Security-Policy: default-src 'self'; script-src 'self' >>>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >>>>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>>>> < Location: https://freebsd-admin.com/ >>>>>> < Content-Length: 210 >>>>>> < Content-Type: text/html; charset=3Diso-8859-1 >>>>>> < >>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>>>>> <html><head> >>>>>> <title>302 Found</title> >>>>>> </head><body> >>>>>> <h1>Found</h1> >>>>>> <p>The document has moved <a = >>>>> href=3D"https://freebsd-admin.com/";>here</a>.</p> >>>>>> </body></html> >>>>>> * Connection #0 to host freebsd-admin.com left intact" >>>>>> =20 >>>>>> nghttp2 test >>>>>> "# nghttp -uv http://freebsd-admin.com/ >>>>>> [ 0.000] Connected >>>>>> [ 0.000] HTTP Upgrade request >>>>>> GET / HTTP/1.1 >>>>>> Host: freebsd-admin.com >>>>>> Connection: Upgrade, HTTP2-Settings >>>>>> Upgrade: h2c >>>>>> HTTP2-Settings: AAMAAABkAAQAAP__ >>>>>> Accept: */* >>>>>> User-Agent: nghttp2/1.3.4 >>>>>> =20 >>>>>> =20 >>>>>> [ 0.001] HTTP Upgrade response >>>>>> HTTP/1.1 302 Found >>>>>> Date: Fri, 16 Oct 2015 09:21:42 GMT >>>>>> Server: Apache >>>>>> X-Frame-Options: SAMEORIGIN >>>>>> X-Xss-Protection: 1; mode=3Dblock >>>>>> X-Content-Type-Options: nosniff >>>>>> Content-Security-Policy: default-src 'self'; script-src 'self' >>>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' >>>>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>>>> X-Content-Security-Policy: default-src 'self'; script-src 'self' >>>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src >>>>>> 'self' https://*.freebsd-admin.com; img-src 'self' >>>>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' >>>>>> https://*.freebsd-admin.com; block-all-mixed-content; >>>>>> Location: https://freebsd-admin.com/ >>>>>> Content-Length: 210 >>>>>> Content-Type: text/html; charset=3Diso-8859-1 >>>>>> =20 >>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>>>>> <html><head> >>>>>> <title>302 Found</title> >>>>>> </head><body> >>>>>> <h1>Found</h1> >>>>>> <p>The document has moved <a = >>>>> href=3D"https://freebsd-admin.com/";>here</a>.</p> >>>>>> </body></html> >>>>>> =20 >>>>>> [ERROR] HTTP Upgrade failed >>>>>> Some requests were not processed. total=3D1, processed=3D0" >>>>>> =20 >>>>>> Finally I also set logging to http2:debug but I dont see anything that >>>>>> indicates an error. >>>>>> =20 >>>>>> "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid >>>>>> 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing... >>>>>> [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid >>>>>> 34410099712] h2_h2.c(72): h2_h2, child_init >>>>>> [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid >>>>>> 34410099712] h2_switch.c(54): h2_switch init >>>>>> [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid >>>>>> 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor >>>>>> [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid >>>>>> 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured >>>>>> -- resuming normal operations >>>>>> [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid >>>>>> 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL' >>>>>> [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid >>>>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = >>>>> mthrpchild=3D32, >>>>>> thr_limit=3D64 >>>>>> [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid >>>>>> 34410099712] h2_workers.c(227): h2_workers: starting >>>>>> [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid >>>>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, = >>>>> mthrpchild=3D32, >>>>>> thr_limit=3D64 >>>>>> [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid >>>>>> 34410099712] h2_workers.c(227): h2_workers: starting" >>>>>> =20 >>>>>> Hope this helps. >>>>>> =20 >>>>>> On 16 October 2015 at 10:14, Stefan Eissing >>>>>> <stefan.eissing@xxxxxxxxxxxxx> wrote: >>>>>>> Chris, >>>>>>> =20 >>>>>>> I wrote some advice at https://icing.github.io/mod_h2/howto.html = >>>>> already. >>>>>>> =20 >>>>>>> There are several checks described. Which one fails for you and how? = >>>>> I need >>>>>>> the output of the step that differs from the advice. Just a verbal = >>>>> description >>>>>>> is not enough. Thx. >>>>>>> =20 >>>>>>> //Stefan >>>>>>> =20 >>>>>>>> Am 16.10.2015 um 11:00 schrieb Chris <chrcoluk@xxxxxxxxx>: >>>>>>>> =20 >>>>>>>> Hi guys. >>>>>>>> =20 >>>>>>>> Was excited to see the module got added to 2.4.17 but I cannot get = >>>>> it >>>>>>>> to work in my testing following information from this url. >>>>>>>> https://icing.github.io/mod_h2/howto.html#http >>>>>>>> =20 >>>>>>>> So what is confirmed working? >>>>>>>> =20 >>>>>>>> I compiled apache with the appropriate configure flag. >>>>>>>> =20 >>>>>>>> I can confirm in the error log the module loads. >>>>>>>> =20 >>>>>>>> However the protocols directive seems to be ignored, testing with = >>>>> both >>>>>>>> curl and nghttp2, confirm only http 1.1. is used. I have tried = >>>>> using >>>>>>>> invalid syntax on the protocols directive to cause an error but the >>>>>>>> server starts anyway without error as if it ignores the value, I = >>>>> have >>>>>>>> tried the value in both the server config and vhost which has no >>>>>>>> affect. >>>>>>>> =20 >>>>>>>> Any ideas? >>>>>>>> =20 >>>>>>>> I have been testing on both http and https and both stuck on http = >>>>> 1.1. >>>>>>>> =20 >>>>>>>> Chris >>>>>>> =20 >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|