I have successfully set up http2 for my virtual host but when I try to access the url via curl it looks like server refuses connection over http2 and accepts http1. Can anyone explain why it may be? and how can I tell my server to use http2 in the first place.
Below is the curl output of the site I am trying to configure http2 for.
* Rebuilt URL to: https://example.com/
* Trying 172.24.112.31...
* TCP_NODELAY set
* Connected to example.com (172.24.112.31) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [221 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [112 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2426 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.example.com
* start date: Jun 9 09:24:31 2016 GMT
* expire date: Jun 10 09:24:31 2019 GMT
* subjectAltName: host "example.com" matched cert's "*.example.com"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Domain Validation CA - SHA256 - G2
* SSL certificate verify ok.
} [5 bytes data]
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.58.0
> Accept: */*
>
{ [5 bytes data]
< HTTP/1.1 302 Found
< Date: Thu, 08 Mar 2018 08:54:23 GMT
< Server: Apache/2.4.29 (Ubuntu)
< Location: https://example.com
< Content-Length: 315
< Content-Type: text/html; charset=iso-8859-1
<
{ [315 bytes data]
* Connection #0 to host example.com left intact
Below two lines are of my focus here,
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
even though http2 is available it is not used by server but http1.1 is used. Please help me to understand this and configure http2 the right way.
Thanks!
Due to strict origin rules in the protocol, one HTTP/2 connection cannot control the other across IP addresses and domain names.
Google Chrome offers a quick and easy way to check if HTTP/2 is supported on your SSL-enabled site. First, visit your site in Chrome over HTTPS. There you'll see your site listed with protocol h2, confirming your site works over HTTP/2.
HTTP/2 server push allows a server to provide content to clients without waiting for a request. This can improve the time to retrieve a resource, particularly for connections with a large bandwidth-delay product where the network round trip time comprises most of the time spent on a resource.
I found solution over Internet and I am updating this to help people who encounter the same problem. when I examined the apache errorlog file, I found a warning that goes like...
[http2:warn] [pid 8494] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
Then After an hour of googling, I came to know that this is an issue with the prefork module while configuring HTTP2.0 on apache. You can find more on this particular issue and a detailed steps to configure http2 at this location..
If you don't want to have any troubles while configuring http2 I hope this document will help you for sure.
I followed those steps and my problem was solved.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With