HTTP/2 在 Apache (Ubuntu 14.04) 上不起作用
HTTP/2 on Apache (Ubuntu 14.04) does not work
我试过很多教程如何在 apache 服务器上启用 http2;例如:
- http://pixelinc.co/ubuntu-14-04-3-apache-http-2-web-server-setup/
- https://www.gatherdigital.co.uk/community/post/how-to-setup-http-2-support/41
- https://icing.github.io/mod_h2/howto.html
- https://www.youtube.com/watch?v=8OM_eqRAsMM
- 等...
但是没有成功。
这是我的配置:
$ apache2 -v
Server version: Apache/2.4.23 (Ubuntu)
$ apachectl -M
Loaded Modules:
...
http2_module (shared)
...
ssl_module (shared)
...
这是我的 /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin info@example.net
DocumentRoot /var/www/html
ServerName example.net
ServerAlias www.example.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/html/
Protocols h2 http/1.1
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
当我尝试在 chrome 中加载我的页面 (https://example.net) 时,我可以看到此响应 header:
HTTP/1.1 200 OK
Date: Tue, 09 Aug 2016 12:05:08 GMT
Server: Apache/2.4.23 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 30 Jun 2016 14:22:30 GMT
ETag: "b18-5367f99a49580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 538
Keep-Alive: timeout=5, max=100
Content-Type: text/html
我错过了什么吗?你能给我一些提示吗?
定义 "doesn't work"。我看到升级版 header,我觉得不错。
我怀疑 HTTPS 设置有问题。
您使用的是 openssl 1.0.1 并使用 Chrome (which requires openssl 1.0.2 for ALPN support)。在 Firefox 或 Opera 中检查以确认。
或者 2 您使用的是 blacklisted under http/2 的旧密码。添加以下配置以在可能的情况下强制使用合适的 HTTPS 配置:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+AES128:EECDH+AES256:+SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RSA+3DES:!DSS"
更新 Ubuntu 14.04 到 16.04 成功了!
您是否已将 Protocols h2 h2c http/1.1 添加到 /etc/apache2/apache2.conf?
这对我有用。
之前它只在 sites-enabled conf.
我试过很多教程如何在 apache 服务器上启用 http2;例如:
- http://pixelinc.co/ubuntu-14-04-3-apache-http-2-web-server-setup/
- https://www.gatherdigital.co.uk/community/post/how-to-setup-http-2-support/41
- https://icing.github.io/mod_h2/howto.html
- https://www.youtube.com/watch?v=8OM_eqRAsMM
- 等...
但是没有成功。
这是我的配置:
$ apache2 -v
Server version: Apache/2.4.23 (Ubuntu)
$ apachectl -M
Loaded Modules:
...
http2_module (shared)
...
ssl_module (shared)
...
这是我的 /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin info@example.net
DocumentRoot /var/www/html
ServerName example.net
ServerAlias www.example.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/html/
Protocols h2 http/1.1
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
当我尝试在 chrome 中加载我的页面 (https://example.net) 时,我可以看到此响应 header:
HTTP/1.1 200 OK
Date: Tue, 09 Aug 2016 12:05:08 GMT
Server: Apache/2.4.23 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 30 Jun 2016 14:22:30 GMT
ETag: "b18-5367f99a49580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 538
Keep-Alive: timeout=5, max=100
Content-Type: text/html
我错过了什么吗?你能给我一些提示吗?
定义 "doesn't work"。我看到升级版 header,我觉得不错。
我怀疑 HTTPS 设置有问题。
您使用的是 openssl 1.0.1 并使用 Chrome (which requires openssl 1.0.2 for ALPN support)。在 Firefox 或 Opera 中检查以确认。
或者 2 您使用的是 blacklisted under http/2 的旧密码。添加以下配置以在可能的情况下强制使用合适的 HTTPS 配置:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+AES128:EECDH+AES256:+SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RSA+3DES:!DSS"
更新 Ubuntu 14.04 到 16.04 成功了!
您是否已将 Protocols h2 h2c http/1.1 添加到 /etc/apache2/apache2.conf?
这对我有用。
之前它只在 sites-enabled conf.