1

I have a Debian 10 (had the exact same issue with Debian 9) running an Apache 2.4.38 web server. Apache modules mpm_event and http2 are installed and the websites are served through HTTPS.

I have added the http2 line in every Apache virtualhost conf file for each of my websites, like :

<VirtualHost *:12080>
    # HTTP2
    Protocols h2 h2c http/1.1
    ...

EDIT: When I tested with web-based online tools, I got the answer "HTTP/2 protocol is not supported / ALPN extension is not supported".

When I curl one of my website (curl -I -k https://mywebsite.com), I have the following response, obviously still in HTTP/1.1:

HTTP/1.1 200 OK
Date: Tue, 30 Jul 2019 03:14:37 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: PHPSESSID=7ulo4hj17ukek6s15g99fc2812; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set-Cookie: C00=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/

Did I forget something to have HTTP/2?

In case, here is also the content of my /etc/apache2/mods-enabled/http2.conf file:

<IfModule !mpm_prefork>
    Protocols h2 h2c http/1.1
</IfModule>

EDIT: ALPN seems to be NOT enabled (don't know if that can be an explanation) and my OpenSSL version is 1.1.1c.

bolino
  • 273
  • 3
  • 12
  • Looks like you forgot the port number? – Michael Hampton Jul 30 '19 at 07:54
  • Can you elaborate? (sites are successfully served through HTTPS / HTTP/1.1) – bolino Jul 30 '19 at 07:59
  • 1
    Your `` specifies the non-default port 12080, but your curl command did not. – Michael Hampton Jul 30 '19 at 08:00
  • Non standard port 12080 is used for SSL redirect but from the outside it doesn't change anything, doesn't it? Websites are successfully served without specifying the port number, but I can read HTTP/1.1 wether it is in curl response, keycdn.com's HTTP/2 web-based testing tool, or Google Chrome console when examining HTTP headers. – bolino Jul 30 '19 at 08:05
  • What do you mean by "SSL redirect but from the outside it doesn't change anything"? – Michael Hampton Jul 30 '19 at 08:06
  • Sorry, I'm a little confused since I didn't configured that part myself, but I guess it was done for SSL reasons, and it is redirected to standard 80 port. I will have a closer look though. – bolino Jul 30 '19 at 08:10

3 Answers3

2

The server header : Upgrade: h2,h2c shows that the HTTP/2 protocol is available server-side ...

The problem is your curl command line and the fact that http/2 is usually negotiated and not always used immediately

See https://curl.haxx.se/docs/http2.html

curl offers the --http2 command line option to enable use of HTTP/2.

curl offers the --http2-prior-knowledge command line option to enable use of HTTP/2 without HTTP/1.1 Upgrade.

Community
  • 1
HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • Do you mean, the `curl` command on the client side? I checked with `--http2` option, it's the same. Also, I should have said that I also tried web-based tools, not only curl, to test the HTTP/2, but it always says HTTP/2 is not available (I will edit my question to include that fact). Thanks to your answer I now tried `--http2-prior-knowledge` curl option, but I got this answer: `curl: (16) Error in the HTTP2 framing layer`. I think this is still a problem server-side. I suspect something with ALPN/TLS. – bolino Jul 30 '19 at 06:26
  • https://serverfault.com/a/953900/37681 may be of interest – HBruijn Jul 30 '19 at 06:32
  • Thanks. I read something similar, but I'm actually running event MPM, so this shouldn't be an issue. – bolino Jul 30 '19 at 06:38
0

Make sure whether the module is enabled on your server.

#cat /etc/apache2/mods-enabled/http2.load

Make sure the following line is there: 

LoadModule http2_module /usr/lib/apache2/modules/mod_http2.so

# apache2ctl -M | grep http2 - If enabled, the Output similar to the following: http2_module (shared)

HBruijn
  • 72,524
  • 21
  • 127
  • 192
Ryan
  • 107
  • 4
-1

Did you enable the http2 Apache module and restart the Apache service?

sudo a2enmod http2 sudo systemctl restart apache2

reference: https://www.howtoforge.com/how-to-enable-http-2-in-apache/

8ctopus
  • 241
  • 2
  • 8