HTTP2 in EA4

Updated procedure here.

This is being used on a lightly loaded server with WordPress, Magento, WHMCS sites. YMMV. 

EDIT: 8/16 – I’ve updated the git and it now has both symlink patches, but defaults to none. See readme in git. I recommend using the files from the git over anything here, though the steps here still apply.

CentOS 7 and WHM 58, clean install.

 

UPDATE: I’ve created a git for this here. You can pull all the specs and the ea-apache24 SOURCE files at once.  The git version has the symlink patch in it, so you will need to compile the modified apr. See git page for more info.
I know this isn’t pretty, but I don’t care about pretty, at the moment.
I may or may not fix some of the funky stuff, especially  with openssl, or even try using mock. Not now.
Many thanks to Jperkster for the hardened patch for apache and apr.

 

Here are the modified spec files: ea-apache24 nghttp2 openssl

Switch to no PHP in EA4 and remove the apache package

ea_install_profile --install /etc/cpanel/ea4/profiles/cpanel/nophp.json
yum -y remove ea-apache24

mkdir /root/rpmbuild
yum -y install rpm-build
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

dump the spec files into SPECS, then continue

cd rpmbuild/SOURCES
wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz
wget http://ftp.unicamp.br/pub/apache//httpd/httpd-2.4.23.tar.gz
wget https://github.com/nghttp2/nghttp2/releases/download/v1.12.0/nghttp2-1.12.0.tar.gz

dump this into find.pl and save the file somewhere like /usr/lib64/perl5

warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";

# This library is deprecated and unmaintained. It is included for
# compatibility with Perl 4 scripts which may use it, but it will be
# removed in a future version of Perl. Please use the File::Find module
# instead.

# Usage:
# require “find.pl”;
#
# &find(‘/foo’,’/bar’);
#
# sub wanted { … }
# where wanted does whatever you want. $dir contains the
# current directory name, and $_ the current filename within
# that directory. $name contains “$dir/$_”. You are cd’ed
# to $dir when the function is called. The function may
# set $prune to prune the tree.
#
# For example,
#
# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
#
# corresponds to this
#
# sub wanted {
# /^\.nfs.*$/ &&
# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
# int(-M _) > 7 &&
# unlink($_)
# ||
# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
# $dev < 0 &&
# ($prune = 1);
# }
#
# Set the variable $dont_use_nlink if you’re using AFS, since AFS cheats.

use File::Find ();

*name = *File::Find::name;
*prune = *File::Find::prune;
*dir = *File::Find::dir;
*topdir = *File::Find::topdir;
*topdev = *File::Find::topdev;
*topino = *File::Find::topino;
*topmode = *File::Find::topmode;
*topnlink = *File::Find::topnlink;

sub find {
&File::Find::find(\&wanted, @_);
}

1;

Build openssl
cd ..
rpmbuild -ba SPECS/openssl.spec

Hammer it in
rpm -i --force --nodeps RPMS/x86_64/openssl-1.0.2h-1.x86_64.rpm
echo /opt/ssl/lib >> /etc/ld.so.conf.d/openssl.conf
ldconfig

Build nghttp2
rpmbuild -ba SPECS/nghttp2.spec

Create a repo
yum -y install createrepo
nano /etc/yum.repos.d/local.repo

[local]
name=CentOS-$releasever - local packages
baseurl=file:///root/repo
enabled=1
gpgcheck=0
protect=1
cost=20
priority=1

mkdir ../repo
\cp RPMS/x86_64/* ../repo
createrepo /root/repo

Install it.
yum -y install libnghttp2-devel

Build Apache

git clone https://github.com/CpanelInc/ea-apache2.git temp
cp -R temp/SOURCES/* SOURCES/
yum -y install ea-apr-util-devel ea-apr-devel lua-devel xmlto
rpmbuild -ba SPECS/ea-apache24.spec
\cp RPMS/x86_64/* ../repo
createrepo /root/repo

echo "Protocols h2 h2c http/1.1" >> /usr/local/apache/conf/includes/pre_main_global.conf

If you didn’t fuck anything up, this will list your package.
yum clean all
yum install ea-apache24

Run EA4 and apply a profile.

This entry was posted in Tech and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.