HTTP2 in EA4 – Updated, cleaner process.

Rejoice! Cpanel has moved forward with http2 support and has made it available in their experimental repo, so this project has outlived its usefulness.

https://features.cpanel.net/topic/htt2-support

You ask: What have I done for you, lately?

Here’s the revised HTTP2 with EA4 procedure. Remember that HTTP2 is not compatible with MPM-ITK. See this post for WHMCS/Magento 2.0 HTTP2 issue fix.

OLD: IF YOU HAVE A PREVIOUS VERSION OF MY OPENSSL INSTALL. Do this, before starting:
rpm -e –nodeps openssl-1.0.2??? #depends on what you have installed.
edit /etc/ld.so.conf.d/openssl.conf and remove /opt/ssl/lib from it. The spec does that.

The new version installs along the CentOS OpenSSL without having to ram it in with force.

Now that I’ve done something for you, put out.

UPDATED: 8/26/16 – Separate prep and work sections to make future upgrades easier.
UPDATED: 12/22/16 – Cpanel now provides Bluehost patch and it’s on by default, but you need to enable it. See https://documentation.cpanel.net/display/EA4/Symlink+Race+Condition+Protection
Rack911 protection still can be enabled by editing ea-apache2. DO NOT ENABLE BOTH.
UPDATED 1/6/16 – Apache updated to 2.4.25, once I found the bug fix for HTTP2 crashing (thanks to Apache community).
UPDATE 4/4/16 – Looks like something changed in EA4, which use to work with this. Looks like you’ll need to make changes in yum.
On a side note, HTTP/2 packages have been added to the experimental WHM repo, so I’m not going to put any time into fixing it so EA4 likes my packages again.


#Prep work
mkdir /root/rpmbuild
cd /root/rpmbuild
yum -y install rpm-build
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

#openssl depend
yum -y install perl-WWW-Curl
#apache depend
yum -y install xmlto lua-devel ea-apr-devel ea-apr-util-devel

yum -y install createrepo
mkdir /root/repo

nano /etc/yum.repos.d/local.repo
[local]
name=CentOS-$releasever - local packages
baseurl=file:///root/repo
enabled=1
gpgcheck=0
protect=1
cost=20
priority=1

#Grab crap
cd /root/rpmbuild
mkdir poop
git clone https://github.com/Cacasapo/ea-apache2-http2.git poop
mv -n poop/SOURCES/find.pl /usr/lib64/perl5
\cp -R poop/SPECS/* SPECS/
\cp -R poop/SOURCES/* SOURCES/
rm -fr poop

#OpenSSL
rpmbuild -ba SPECS/openssl.spec
\cp RPMS/x86_64/openssl-parallel* ../repo
createrepo /root/repo
yum clean expire-cache
yum -y install openssl-parallel

#Do nghttp2
rpmbuild -ba SPECS/nghttp2.spec
\cp RPMS/x86_64/libng* ../repo
\cp RPMS/x86_64/nghttp* ../repo
createrepo /root/repo
yum clean expire-cache
yum -y install libnghttp2-devel

#Do apache
rpmbuild -ba SPECS/ea-apache24.spec
\cp RPMS/x86_64/ea-apache24* ../repo
createrepo /root/repo
yum clean expire-cache
#Enables HTTP/2 for you lazy fucks
cp -n SOURCES/042_mod_http2.conf /etc/apache2/conf.modules.d/042_mod_http2.conf
yum -y install ea-apache24

#Suhosin spec is in there. You know what needs done, by now.
# Remember to create the ini in the php56 config dir.

This entry was posted in Tech and tagged , , , , . Bookmark the permalink.

20 Responses to HTTP2 in EA4 – Updated, cleaner process.

  1. Max says:

    Hi, thanks for this awesomeness… got it working last week and its great =)

    I see that the github files have been updated… hoping that you can provide a little guidance re. updating my installation?

    I am thinking that I should do #grab crap and then #do apache sections again…

    One thing I’m not sure about is re the bluehost patch – I followed original directions to enable, now seems that this update changes things a bit…

    Hoping to understand the best way to do this update (and similar future updates).

    Any guidance on this will be very appreciated =)

    Thank You

    • BOFH says:

      Since Cpanel now supports the Bluehost patch natively, no action needs to be taken on this end to use it, but you need to make the changes specified in:
      https://documentation.cpanel.net/display/EA4/Symlink+Race+Condition+Protection

      Haven’t messed with it, myself. I decided to use the Rack911 patch after doing some reading in forums, but with no concrete data on performance.

      As far as updating, you can run through the whole thing without hurting anything. OpenSSL wasn’t updated, this time, so you can skip it.

  2. Max says:

    Awesomesauce!

    Looking at github files, I noticed that nghttp2 was updated as well…

    Ok, so… the update process is to just go through the whole thing again, optionally skipping section(s) for which there was no change. Super simple.

    Errata: any experience with/thoughts on http://xtendweb.gnusys.net/ (formerly nDeploy) cPanel plugin? Looks cool, way more than I needed just for h2 support though…

    Thanks again for your efforts here, really appreciated!

    • BOFH says:

      I normally update when Apache has an update, OpenSSL has an update, or nghttp2 has an update that involves security. I went ahead and did this one because I wanted to get the official(thus supported) bluehost available to anyone using it and to catch up with the official production git.
      If you can’t spot what to skip just by looking, it won’t hurt to repeat. Keep in mind that Apache depends on nghttp2 AND openSSL, so even if it doesn’t change, you need to compile it when either is updated.

      No experience with nginx on cpanel, yet. I did some research a while back and decided to go with Engintron, once SSL support was implemented.

      This little project started out as just a thing for myself, where I needed reliable, repeatable results, then I figured I’d share. Things look pretty bulletproof, but the standard disclaimers apply!

  3. Max says:

    Thanks for the feedback. I had my host review this setup as well, they agree that it looks pretty solid – as long as things are kept updated…

    Also, perhaps you might add a donation/wishlist thingy here or at your github page – I’d love to offer some support for your work on this, perhaps others would as well :)

    Cheers!

    • BOFH says:

      Since I use this on my server, I keep an eye out for updates. It’s easy to get behind on nghttp2 because it moves so fast, so I usually only update it when there’s an OpenSSL or Apache update.

      As far as donations/wishlist/etc, it’d make the project seem official and like work, then I’d get crap like this going on.
      I’m easily annoyed, so “Fuck off”, along with other scathing text, would be my reply as an “open source developer” to demands.

      Happy New Year, dude!

      • BOFH says:

        Heads-up on update (OpenSSL/nghttp2).
        Apache has been updated to 2.4.25 by cpanel and I think some of the changes on their additional files screw up something, causing Apache to crash on graceful restarts. I’ll have to mess with it in between actual work.

  4. Max says:

    \m/ rock on, thanks for the heads-up.

    …being easily annoyed myself I totally dig your perspective re scathing responses to demands ;)

    Hope your 2017 is superlative!

    • BOFH says:

      Git updated: “Cpanel has updated Apache to .25 and this has caused an this setup. I’m working on this on my spare time and will update this project to 2.4.25 as soon as I find a solution.”
      Since 2.4.25 has security updates, so everyone’s system has updated to it and I’d not go back to .23. I suspect it will take me some serious time to figure out WTF is going on with Apache .25

    • BOFH says:

      Heads up on OpenSSL/nghttp2 updates. I presume you already updated to .25. I don’t typically notify anyone when I update things. bleh.

  5. madalin says:

    Hello,

    First of all let me tell you a huge Thank You. Your instructions and setup are great. I’ve been using them for a couple of weeks but i’m having a problem i don’t know how to debug.

    While i *DO* realise that HTTP2 sort of deprecates compression, my friends are still asking if they could have their sites compressed. The setup is basically SSL, but for some reason (even though the code exists) the sites don’t get any compression at all.

    Is there something i might have missed about this ? Do you have a suggestion and/or direction i could follow ?

    Thanks.

    • BOFH says:

      Compression adds a possible exploit vector to SSL, unless they’ve fixed that by now, but you should still get the speed benefit if the site is compressible.
      As far as enabling it, ensure you have mod_deflate in and proper htaccess entries.

  6. Max says:

    Hi, since Engintron 1.8 was released a few days ago with SSL and h/2 support I’m wondering how is the best way to remove this setup that you’ve (awesomely) provided…

    If all else fails I can just destroy and rebuild, hoping that you can offer some guidance on graceful removal so that the server is back to cPanel baseline prior to installing Engintron.

    (also, re SSL compression Q: what about brotli? Fwiw, I made a cPanel feature request for brotli support if anyone wants to chime in there… :)

    Kind Regards, Much Love, Etc.

  7. andy says:

    Sorry folks.. what do I need to do for the last 2 lines of comment ?

    #Suhosin spec is in there. You know what needs done, by now.
    # Remember to create the ini in the php56 config dir.

    :)

    • Max says:

      If you don’t need Suhosin then you don’t need to do anything. If you do need it then you likely should look at the spec and model the commands from the other examples…

  8. Timothysn says:

    There are certainly a lot of particulars like that to take into consideration. That could be a nice level to deliver up. I provide the ideas above as general inspiration however clearly there are questions just like the one you convey up where a very powerful thing will likely be working in honest good faith. I don?t know if best practices have emerged round things like that, however I am sure that your job is clearly recognized as a fair game. Both boys and girls really feel the affect of only a second’s pleasure, for the rest of their lives. http://hellowh983mm.com

Leave a Reply

Your email address will not be published.