0

I would like to enable h2c mode on apache, so I can use HTTP2.0 protocol. In my virtual host configuration I have included the line:

Protocols h2c http/1.1

I have also followed the advise to disable prefork but it doesn't work as expected.

Currently I'm using apache 2.4.29 on Ubuntu.

Case 1) curl requesting http2 upgrade

$ curl -vs --http2 http://domain1.com
* Rebuilt URL to: http://domain1.com/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to domain1.com (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: domain1.com
> User-Agent: curl/7.58.0
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA
> 
< HTTP/1.1 101 Switching Protocols
< Upgrade: h2c
< Connection: Upgrade
* Received 101
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=28
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< date: Sun, 00 Jan 1900 00:00:00 GMT
< server: Apache/2.4.29 (Ubuntu)
< last-modified: Fri, 29 Mar 2019 13:52:29 GMT
< etag: W/"2aa6-5853bfb4c71ac"
< accept-ranges: bytes
< content-length: 10918
< vary: Accept-Encoding
< content-type: text/html
< 
.... [snip website code] ....

Case 2) curl directly using http2

$ curl -vs --http2-prior-knowledge http://domain1.com
* Rebuilt URL to: http://domain1.com/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to domain1.com (127.0.0.1) port 80 (#0)
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5604f1cb1580)
> GET / HTTP/2
> Host: domain1.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
* http2 error: Remote peer returned unexpected data while we expected SETTINGS frame.  Perhaps, peer does not support HTTP/2 properly.

As you can see Case 1 is working as expected, but Case 2 is not returning the site. Why is this happening? Is it because Apache is restricting direct use of HTTP2.0 without security?

Hope you can give me an answer as I don't know why things are not working now.

jlanza
  • 113
  • 1
  • 2
  • 7
  • Curl doesn’t support this. See here: https://stackoverflow.com/questions/45011378/http-2-behaviors-with-http-and-https – Barry Pollard Feb 21 '20 at 19:31
  • It supported from version 7.49 or something similar. I have tested on another environment and it is working. Actully in man the option is shown. The link you provide is frrom 3 years ago and it has evolved ;) – jlanza Feb 21 '20 at 19:58
  • Oops you’re right! Hadn’t noticed they’d added that. I presume you haven’t changed the H2Direct setting? https://httpd.apache.org/docs/2.4/mod/mod_http2.html#h2direct – Barry Pollard Feb 21 '20 at 20:26

1 Answers1

0

I think I have found the answer, and I think it is a bug in the lastest Apache versions. If I only enable h2c in a virtual host the error persist, but if I enable it on the default virtual host (000-default.conf) everything seems to be working fine.

Another potential solution I have tested and that is working is to enable the protocols h2 and h2c in every virtual host by modifying the mods-enabled/http2.load file:

LoadModule http2_module /usr/lib/apache2/modules/mod_http2.so

<IfModule http2_module>
   Protocols h2 h2c http/1.1
</IfModule>

Any of the above mentioned options seems to make the system works as expected both with protocol negotiation and with prior knowledge.

jlanza
  • 113
  • 1
  • 2
  • 7