Activate http/2 or http/3 with apache webserver not working

exaveal · July 2, 2024, 10:03am

Nextcloud version (eg, 29.0.5): Nextcloud Hub 8 (29.0.3)
Operating system and version (eg, Ubuntu 29.04): Ubuntu 22.04.4 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.52 (Ubuntu)
PHP version (eg, 8.3): 8.1.2-1ubuntu2.18 (cli)

The issue you are facing:
I am not able to activate HTTP/2 or HTTP/3.

I did everything from the documentation and apache2 how-tos but only http/1.1 is recognized.

This is the apache file:

cat /etc/apache2/sites-available/01-cloud.konzeptgeil.com-ssl.conf 
<VirtualHost *:80>
	ServerName cloud.konzeptgeil.com
	ServerAdmin webmaster@konzeptgeil.com

	DocumentRoot /var/www/nextcloud/

	Redirect permanent / https://cloud.konzeptgeil.com/

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	RewriteEngine on
	RewriteCond %{SERVER_NAME} =cloud.konzeptgeil.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
	<VirtualHost *:443>
                Protocols h2 h2c http/1.1
                H2Push on
                H2PushPriority * after
                H2PushPriority text/css before
                H2PushPriority image/jpg after 32
                H2PushPriority image/jpeg after 32
                H2PushPriority image/png after 32
                H2PushPriority application/javascript interleaved

		ServerName cloud.konzeptgeil.com
		ServerAdmin webmaster@konzeptgeil.com
		
		DocumentRoot /var/www/nextcloud/

		<Directory "/var/www/nextcloud/">
			Require all granted
			AllowOverride All
			Options FollowSymLinks MultiViews

			<IfModule mod_dav.c>
				Dav off
			</IfModule>
		</Directory>

		<IfModule mod_headers.c>
			Header always set Strict-Transport-Security "max-age=15552000; preload"
		</IfModule>

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

#ProxyPass Einstellung bspw. für Jellyfin unter subpath cloud.konzeptgeil.com/jellyfin
                ProxyPass "/sabnzbd" "http://localhost:8080/sabnzbd"
                ProxyPassReverse "/sabnzbd" "http://localhost:8080/sabnzbd"


		#   SSL Engine Switch:
		#   Enable/Disable SSL for this virtual host.
		SSLEngine on

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>

		SSLCertificateFile /etc/letsencrypt/live/cloud.konzeptgeil.com/fullchain.pem
		SSLCertificateKeyFile /etc/letsencrypt/live/cloud.konzeptgeil.com/privkey.pem
		Include /etc/letsencrypt/options-ssl-apache.conf
	</VirtualHost>
</IfModule>

wolf@frida:/var/www/nextcloud$ cat /etc/apache2/conf-available/http2.conf
<IfModule http2_module>
    Protocols h2 h2c http/1.1
    H2Direct on
    H2StreamMaxMemSize 5120000000
</IfModule>
wolf@frida:/var/www/nextcloud$ sudo a2enconf http2
Conf http2 already enabled

j-ed · July 2, 2024, 11:01am

Are you sure you’ve loaded the http2 module?

See HTTP/2 guide - Apache HTTP Server Version 2.4

Fred-Internet.com · July 2, 2024, 1:20pm

Check out Caddy webserver http/2 enabled by default, installs SSL certs automatic for every domain configured.

ernolf · July 2, 2024, 1:43pm

Hi @exaveal

This line:

Protocols h2 h2c http/1.1

is already per default in the file
/etc/apache2/mods-available/http2.conf

Simply run:

a2enmod http2
systemctl restart apache2

and that should be enough.

Although I know that the Protocols directive can be placed in VirtualHost context, but the way it is preinstalled works best.

Much and good luck,
ernolf

ernolf · July 2, 2024, 2:02pm

Could you please check the output of

apachectl -M 2>/dev/null|grep mpm|awk '{print $1}'

If that is mpm_prefork_module, then you must change the php SAPI

SAPI stands for “Server API” (API stands for “Application Programming Interface”). It is the mechanism that controls the interaction between the “outside world” and the PHP/Zend engine.

These are the most important SAPIs:

Command Line Interface

term - cli
package - php<VER>-cli
description:
cli is used by PHP scripts that are called from the command line. i.e. all processes that were explicitly NOT called by the web server (cron jobs, occ commands, etc.)

Apache2 module

term - apache2
package - libapache2-mod-php<VER>
description:
the apache2 module is the default SAPI for apache2. The downside is that it’s not particularly scalable and doesn’t support http2.
libapache2-mod-php relies on the old but stable Multi-Processing Module (MPM) “mpm-prefork”.

Fast Process Manager

term - fpm
package - php<VER>-fpm
description:
On apache2 php-fpm relies on the more scalable threaded MPM “mpm-event” which supports http2. Additionally it needs the apache2-modules “proxy_fcgi” and “setenvif”.

from → php-updater --help ←

I hope this was helpfull.

Much and good luck,
ernolf

exaveal · July 3, 2024, 7:41pm

http2 is already enabled.

wolf@frida:~$ a2enmod http2
Module http2 already enabled

But its the “default” API …

root@frida:~# apachectl -M 2>/dev/null|grep mpm|awk '{print $1}'
mpm_prefork_module

So which SAPIs would you recommend? and is there any howto, to change it?

ernolf · July 3, 2024, 8:20pm

For Apache2 you only have the alternative to use php-fpm.

Based on your installation (Ubuntu 22.04) and your php Version (8.1) I would advise you to simply install php8.1-fpm:

sudo apt-get install php8.1-fpm

Then install the → php-updater script ← and simply run it.
It will detect unnecessary packages and make an offer to clean them up. It will detect, that you have both SAPI’s installed and ask, if you want to change from libapache2-mod-php8.1 to php8.1-fpm. Let the script change the SAPI.

After that, if everything works correctly, you can easily use the script to update to a newer PHP version (8.2) if you want.

Much and good luck,
ernolf