Apache HTTP Server: Difference between revisions

(10 intermediate revisions by the same user not shown)

Line 16:

* We need to copy the certificates and keys into the correct places. Type the following commands:

cp key.pem /etc/apache2/ssl.key

cp key.pem /etc/apache2/ssl.key/key.pem

cp cert.pem /etc/apache2/ssl.crt

cp cert.pem /etc/apache2/ssl.crt/cert.pem

~~cp csr~~.pem ~~/etc/apache2/ssl.csr~~

* Close the terminal

Line 34:

Line 33:

service apache2 restart

* Test your site ~~by going to~~ https://~~localhost~~

* Test your site using https://

* Remember that your browser will throw an error, it is safe to ignore it and add an exception. This will stop future re-occurrence.

=== openSUSE =>15.4 specific ===

The following line needs editing as follows to allow TLS to function in <code>/etc/sysconfig/apache2</code>:

APACHE_SERVER_FLAGS="SSL HTTP2"

== HTTP/2 Support ==

Normal websites use HTTP 1.1 which was released in 1999, ~~17 years ago and~~ the web has changed a lot since then. Based on Google's SPDY protocol, HTTP/2 allows, amongst other things, native compression, security ~~(when implemented with TLS)~~, concurrent connections and ~~prioitization~~. This makes the connection much more robust than before.

Normal websites use HTTP 1.1 which was released in 1999, which is over 2 decades old now; the web has changed a lot since then. Based on Google's SPDY protocol, HTTP/2 allows, amongst other things, native compression, security, concurrent connections and prioritization. This makes the connection much more robust than before.

HTTP/2 is supported with Apache 2.4.12 with the manual addition of the mod_http2 module. It is natively supported with Apache =>2.4.17 with the mod_http2 module available natively. In this article, we will focus on the latter.

There are a few prerequisites that are required for HTTP/2 to work:

* You must have a valid TLS certificate setup and working correctly.

* You cannot use the prefork method of loading modules into Apache. Consider tabooing the <code>apache-prefork</code> package. The alternatives are worker and event. We are using event. Consequently:

* You cannot use the prefork <code>mod-php7</code> package to load PHP into Apache. PHP-FPM must be configured and used instead. Trying to use it will disable HTTP/2.

HTTP/2 ~~is support with Apache 2.4.12 with the addition of the mod_http2 module and is natively supported from Apache 2.4.17 without mod_http2 module. In this article, we will focus on the latter.~~

To enable HTTP/2:

* In the software manager in YaST, you will need to make sure that <code>~~nghttp2~~</code> is installed.

* In the software manager in YaST, you will need to make sure that <code>libnghttp2-14</code> shared library is installed (Later versions of openSUSE have this installed already so just check).

* Open a terminal window

* Type <code>sudo a2enmod http2</code>. This will enable the built in module in Apache.

'''As of at least openSUSE 15.4, the following is already done by default'''

* Open kwrite and open the file <code>/etc/apache2/httpd.conf</code>

* At the end of the file add the following ~~lines~~:

* At the end of the file add the following line:

Protocols h2 http/1.1

~~Protocols h2c http/1.1~~

* The first line adds support for HTTP/2 over a HTTPS connection and must be used in conjunction with a TLS certificate. This is the default use case. The second line adds support for HTTP/2 over an unencrypted HTTP connection. Not many browsers support this option if at all as it is defined that HTTP/2 is to be used with HTTPS. You may use either or both lines to suit your use case. On this server, only the first line has been enabled.

* Save the configuration file once you have added your appropriate lines

* Restart Apache by typing <code>sudo service apache2 restart</code>. If you are returned to the command prompt, you have successfully enabled it. You will get an error message and Apache will refuse to start if there is a configuration problem.

@@ Line 16: / Line 16: @@
 * We need to copy the certificates and keys into the correct places. Type the following commands:
-   cp key.pem /etc/apache2/ssl.key
+   cp key.pem /etc/apache2/ssl.key/key.pem
-   cp cert.pem /etc/apache2/ssl.crt
+   cp cert.pem /etc/apache2/ssl.crt/cert.pem
-  cp csr.pem /etc/apache2/ssl.csr
 * Close the terminal
@@ Line 34: / Line 33: @@
    service apache2 restart
-* Test your site by going to https://localhost
+* Test your site using https://
 * Remember that your browser will throw an error, it is safe to ignore it and add an exception. This will stop future re-occurrence.
+=== openSUSE =>15.4 specific ===
+The following line needs editing as follows to allow TLS to function in <code>/etc/sysconfig/apache2</code>:
+ APACHE_SERVER_FLAGS="SSL HTTP2"
 == HTTP/2 Support ==
-Normal websites use HTTP 1.1 which was released in 1999, 17 years ago and the web has changed a lot since then. Based on Google's SPDY protocol, HTTP/2 allows, amongst other things, native compression, security (when implemented with TLS), concurrent connections and prioitization. This makes the connection much more robust than before.
+Normal websites use HTTP 1.1 which was released in 1999, which is over 2 decades old now; the web has changed a lot since then. Based on Google's SPDY protocol, HTTP/2 allows, amongst other things, native compression, security, concurrent connections and prioritization. This makes the connection much more robust than before.
+HTTP/2 is supported with Apache 2.4.12 with the manual addition of the mod_http2 module. It is natively supported with Apache =>2.4.17 with the mod_http2 module available natively. In this article, we will focus on the latter.
+There are a few prerequisites that are required for HTTP/2 to work:
+* You must have a valid TLS certificate setup and working correctly.
+* You cannot use the prefork method of loading modules into Apache. Consider tabooing the <code>apache-prefork</code> package. The alternatives are worker and event. We are using event. Consequently:
+* You cannot use the prefork <code>mod-php7</code> package to load PHP into Apache. PHP-FPM must be configured and used instead. Trying to use it will disable HTTP/2.
-HTTP/2 is support with Apache 2.4.12 with the addition of the mod_http2 module and is natively supported from Apache 2.4.17 without mod_http2 module. In this article, we will focus on the latter.
+To enable HTTP/2:
-* In the software manager in YaST, you will need to make sure that <code>nghttp2</code> is installed.
+* In the software manager in YaST, you will need to make sure that <code>libnghttp2-14</code> shared library is installed (Later versions of openSUSE have this installed already so just check).
 * Open a terminal window
 * Type <code>sudo a2enmod http2</code>. This will enable the built in module in Apache.
+'''As of at least openSUSE 15.4, the following is already done by default'''
 * Open kwrite and open the file <code>/etc/apache2/httpd.conf</code>
-* At the end of the file add the following lines:
+* At the end of the file add the following line:
   Protocols h2 http/1.1
- Protocols h2c http/1.1
-* The first line adds support for HTTP/2 over a HTTPS connection and must be used in conjunction with a TLS certificate. This is the default use case. The second line adds support for HTTP/2 over an unencrypted HTTP connection. Not many browsers support this option if at all as it is defined that HTTP/2 is to be used with HTTPS. You may use either or both lines to suit your use case. On this server, only the first line has been enabled.
 * Save the configuration file once you have added your appropriate lines
 * Restart Apache by typing <code>sudo service apache2 restart</code>. If you are returned to the command prompt, you have successfully enabled it. You will get an error message and Apache will refuse to start if there is a configuration problem.