Apache HTTP Server: Difference between revisions
m →HTTP/2 Support: Updated what is needed to support HTTP/2, spell checked |
m →openSUSE 15.4 specific: Added => to title |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
* We need to copy the certificates and keys into the correct places. Type the following commands: | * We need to copy the certificates and keys into the correct places. Type the following commands: | ||
cp key.pem /etc/apache2/ssl.key | cp key.pem /etc/apache2/ssl.key/key.pem | ||
cp cert.pem /etc/apache2/ssl.crt | cp cert.pem /etc/apache2/ssl.crt/cert.pem | ||
* Close the terminal | * Close the terminal | ||
| Line 34: | Line 33: | ||
service apache2 restart | service apache2 restart | ||
* Test your site | * Test your site using https:// | ||
* Remember that your browser will throw an error, it is safe to ignore it and add an exception. This will stop future re-occurrence. | * Remember that your browser will throw an error, it is safe to ignore it and add an exception. This will stop future re-occurrence. | ||
=== openSUSE =>15.4 specific === | |||
The following line needs editing as follows to allow TLS to function in <code>/etc/sysconfig/apache2</code>: | |||
APACHE_SERVER_FLAGS="SSL HTTP2" | |||
== HTTP/2 Support == | == HTTP/2 Support == | ||
Normal websites use HTTP 1.1 which was released in 1999, | Normal websites use HTTP 1.1 which was released in 1999, which is over 2 decades old now; the web has changed a lot since then. Based on Google's SPDY protocol, HTTP/2 allows, amongst other things, native compression, security, concurrent connections and prioritization. This makes the connection much more robust than before. | ||
HTTP/2 is supported with Apache 2.4.12 with the addition of the mod_http2 module. It is natively supported with Apache >2.4.17 | HTTP/2 is supported with Apache 2.4.12 with the manual addition of the mod_http2 module. It is natively supported with Apache =>2.4.17 with the mod_http2 module available natively. In this article, we will focus on the latter. | ||
There are a few prerequisites that are required for HTTP/2 to work: | There are a few prerequisites that are required for HTTP/2 to work: | ||
* You must have a valid TLS certificate setup and working correctly. | * You must have a valid TLS certificate setup and working correctly. | ||
* | * You cannot use the prefork method of loading modules into Apache. Consider tabooing the <code>apache-prefork</code> package. The alternatives are worker and event. We are using event. Consequently: | ||
* You cannot use the prefork <code>mod-php7</code> package to load PHP into Apache. PHP-FPM must be configured and used instead. Trying to use it will disable HTTP/2. | |||
To enable HTTP/2: | To enable HTTP/2: | ||
* In the software manager in YaST, you will need to make sure that <code>libnghttp2-14</code> shared library is installed. | * In the software manager in YaST, you will need to make sure that <code>libnghttp2-14</code> shared library is installed (Later versions of openSUSE have this installed already so just check). | ||
* Open a terminal window | * Open a terminal window | ||
* Type <code>sudo a2enmod http2</code>. This will enable the built in module in Apache. | * Type <code>sudo a2enmod http2</code>. This will enable the built in module in Apache. | ||
'''As of at least openSUSE 15.4, the following is already done by default''' | |||
* Open kwrite and open the file <code>/etc/apache2/httpd.conf</code> | * Open kwrite and open the file <code>/etc/apache2/httpd.conf</code> | ||
* At the end of the file add the following line: | * At the end of the file add the following line: | ||