How to setup HTTP2 in cPanel/WHM Linux VPS using EasyApache3

How to setup HTTP2 in cPanel/WHM Linux VPS using EasyApache3

In today’s tutorial we’ll show you how to setup HTTP2 in cPanel/WHM Linux VPS using EasyApache3. Although this feature is still in BETA (as of writing this article), it’s been well tested by the team at VPSinEU.com and it works perfectly fine.

What is HTTP/2?

It is a major revision of the HTTP network protocol used by the World Wide Web. It was developed from the earlier experimental SPDY protocol, originally developed by Google. In other words, the main differences between HTTP/2 and HTTP/1 are the following:

  • HTTP/2 is binary, instead of textual
  • HTTP/2 is fully multiplexed, instead of ordered and blocking
  • HTTP/2 can therefore use one connection for parallelism
  • HTTP/2 uses header compression to reduce overhead
  • HTTP/2 allows servers to ‘push’ responses proactively into client caches


0. SSH TO YOUR CPANEL LINUX VPS

First thing to do is to login to your cPanel/WHM virtual server via SSH and optionally fire up a screen/tmux session. For example:

ssh YOUR_VPS_IP -p YOUR_VPS_SSH_PORT
screen -U -S cpanel-screen

1. INSTALL THE LATEST OPENSSL

Next, navigate to https://www.openssl.org/source/ and grab the latest OpenSSL source code. Upload it on your cPanel/WHM VPS hosting or use the following command to get it directly on your VPS:
(make sure to adjust the source url with the latest one)

cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz

once the source is downloaded, extract it in /usr/loca/src and change to the newly extracted OpenSSL directory:

wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz
tar zxf openssl-1.0.2h.tar.gz 
cd openssl-1.0.2h

now, configure the OpenSSL sources using the command below:

./config shared -fPIC --prefix=/opt/ssl --openssldir=/etc/pki/tls

and proceed with making/compiling and installing the sources using:

make
make depend
make install

ok, if everything went fine, add /opt/ssl/lib to /etc/ld.so.conf.d/openssl102.conf and reload the libraries via ldconfig

echo '/opt/ssl/lib' >> /etc/ld.so.conf.d/openssl102.conf
ldconfig

2. INSTALL THE LATEST NGHTTP2

Download the latest nghttp2 source from https://github.com/nghttp2/nghttp2/releases and place it in /usr/local/src. For example:

cd /usr/local/src
wget https://github.com/nghttp2/nghttp2/releases/download/v1.13.0/nghttp2-1.13.0.tar.gz
tar zxf nghttp2-1.13.0.tar.gz 
cd nghttp2-1.13.0

Next, configure the sources using:

./configure --prefix=/opt/nghttp2 OPENSSL_LIBS=/opt/ssl

and compile and install it by running:

make
make install

after everything is setup and installed, add /opt/nghttp2/lib to /etc/ld.so.conf.d/nghttp2.conf and update the libraries using:

echo '/opt/nghttp2/lib' > /etc/ld.so.conf.d/nghttp2.conf
ldconfig

3. RE-COMPILE APACHE WITH HTTP/2 SUPPORT

You need to recompile/reinstall your Apache webserver using some additional raw options in order to get HTTP/2 support enabled. To achieve this, add the following to /var/cpanel/easy/apache/rawopts/Apache2_4

vim /var/cpanel/easy/apache/rawopts/Apache2_4

--enable-http2=static
--with-nghttp2=/opt/nghttp2
--with-ssl=/opt/ssl
LDFLAGS=-L/opt/ssl/lib
CPPFLAGS=-I/opt/ssl/include

save and close the file. Next, setup the following option in /usr/local/apache/conf/includes/pre_main_global.conf

vim /usr/local/apache/conf/includes/pre_main_global.conf 

Protocols h2 h2c http/1.1

and REBUILD your Apache webserver using the EasyApache3 installer either via your WHM/cPanel web interface or via command line.

Once the Apache webserver has been recompiled, restart it using:

service httpd restart

and check whether HTTP/2 has been compiled in it by running the following command:

httpd -M | grep htt

4. INSTALL LATEST CURL FOR TESTING PURPOSES

To test if HTTP/2 is supported on the server, you can use a simple tool like curl or some online tool such as https://tools.keycdn.com/http2-test . Keep in mind though, that HTTP/2 is only supported in newer curl versions, so it’s best to compile the latest version from https://curl.haxx.se/download/ using:

cd /usr/local/src 
wget https://curl.haxx.se/download/curl-7.50.0.tar.gz
tar zxf curl-7.50.0.tar.gz 
cd curl-7.50.0

./configure --prefix=/opt/curl-ssl --with-ssl=/opt/ssl --enable-http --enable-ftp LDFLAGS=-L/opt/ssl/lib CPPFLAGS=-I/opt/ssl/include --with-nghttp2=/opt/nghttp2
make
make install

Now test whether your webserver supports HTTP/2 via:

/opt/curl-ssl/bin/curl -k -v --http2 http://yourdomain.com | less

If you’re one of our Linux VPS Hosting customers we can help you setup HTTP2 on your cPanel/WHM VPS hosting free of charge. Just contact us and some of our experts will complete your request immediately.

19 thoughts on “How to setup HTTP2 in cPanel/WHM Linux VPS using EasyApache3

  1. Thank you for this article! However I got stuck on step 3. EasyApache got failed with following error. Looks like something is need to be corrected in “/var/cpanel/easy/apache/rawopts/Apache2_4”?

    —————————-
    configure: error: Crypto was requested but no crypto library could be enabled; specify the location of a crypto library using –with-openssl, –with-nss, etc.
    configure failed for srclib/apr-util
    !! ‘./configure –disable-v4-mapped –enable-access-compat=static –enable-actions=static –enable-alias=static –enable-asis=static –enable-auth_basic=static –enable-authn_core=static –enable-authn_file=static –enable-authz_core=static –enable-authz_groupfile=static –enable-authz_host=static –enable-authz_user=static –enable-autoindex=static –enable-cgi=static –enable-deflate=static –enable-dir=static –enable-env=static –enable-expires=static –enable-filter=static –enable-headers=static –enable-http2=static –enable-include=static –enable-log_config=static –enable-logio=static –enable-mime=static –enable-modules=none –enable-negotiation=static –enable-proxy=static –enable-proxy-connect=static –enable-proxy-http=static –enable-rewrite=static –enable-setenvif=static –enable-slotmem_shm=static –enable-socache_dbm=static –enable-socache_shmcb=static –enable-ssl=static –enable-status=static –enable-suexec=static –enable-unique-id=static –enable-unixd=static –enable-userdir=static –enable-version=static –prefix=/usr/local/apache –with-crypto –with-included-apr –with-mpm=prefork –with-nghttp2=/opt/nghttp2 –with-pcre=/opt/pcre –with-ssl=/usr –with-ssl=/opt/ssl –with-suexec-caller=nobody –with-suexec-docroot=/ –with-suexec-gidmin=100 –with-suexec-logfile=/usr/local/apache/logs/suexec_log –with-suexec-uidmin=100 –with-suexec-userdir=public_html CPPFLAGS=-I/opt/ssl/include LDFLAGS=-L/opt/ssl/lib’ failed with exit code ‘256’ !!
    !! Restoring original working apache !!
    —————————-

    My current specs are:
    cPanel: 11.56.0.39
    Apache/2.4.18
    EasyApache 3.

  2. Sadly while everything works and the server even tests properly for http/2, none of the pages can be viewed. All of them report the following error:

    ERR_SPDY_PROTOCOL_ERROR

    It may have to do with the pre_main_globals.conf and adding this:

    Protocols h2 h2c http/1.1

    There are already existing entries in there which Cpanel uses to store the cipher and SSL protocols. If you add this line it causes the problem although http/2 shows as installed – but pages don’t work with the error. Perhaps you can explain what to deal with the suggested Cpanel info and Ciphers:

    SLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

  3. Hello guys,

    I am experiencing the ERR_SPDY_PROTOCOL_ERROR error. Initially the installation went just fine, however when we installed SSL certificate for one of the domains after the installation apache went unresponsive to requests made on port 443. The normal requests over 80 are working just fine, however on port 443 the error appears.

    We are using cPanel(tested with 60 and 62) + Let’s Encrypt for cPanel plugin.

  4. Hi, just wanted to say thanks – one tip in particular really really helped. I had the installation 99% there – but hadn’t rebuilt using EA4. None of the other dozens of tutorials I have seen seem to mention this! Cheers

  5. I am using cPanel with EasyApache3 and Let’s Encrypt for cPanel plugin so my sites are using HTTPS.

    I read that cPanel doesn’t support HTTP2 in EasyApache 3 so I migrated to EasyApache 4. Some of my sites weren’t working and couldn’t fix them so reverted back to EA3. I then followed this well-written guide and also get the ERR_SPDY_PROTOCOL_ERROR error. I’ve had to back out these changes and rebuild Apache.

    I’m not sure what to do given that Easy Apache 3 will soon be reaching End of Life.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>