I want to run my site over HTTP2 protocols. To that end, I enabled http2 module from Webmin > Servers > Apache Servers > Global Configuration > Configure Apache Modules. Also switched from mpm_prefork to mpm_event.
The site is using SSL certificate acquired from Letsencrypt.
Next I made sure the PHP is running in FPM mode and added the following in the config for SSL website (443)
Protocols h2 http1.1
But I can see the protocol used in Chrom Devtools is still http1.1. What am I missing?
Make sure to restart apache2 after the changes. Did you directly added the line into the vhost file?
Is your apache2 version at least 2.4.17 or higher? The openssl version should be at least 1.0.2 too.
Not sure about this one, but from what I remember you need to run at least TLS 1.2 (with modern ciphers) or higher.
HTTP/2 protocol is not supported.
ALPN extension is not supported.
I have restarted apache several times now.
I placed the code through Virtualmin: Services > Configure SSL Website at the top line. It says the file being edited is /etc/apache2/sites-available/mywebsite.com.conf
Hmm, that should be good actually.
You can try to add command into the general apache2 config (at the bottom is just fine). Don’t forget to restart apache after that.
Can you check in webmin -> servers -> apache -> global configuration -> configure modules .
If http2 is marked and enabled and same goes for ssl.
Are you sure you disabled mod_php and mpm_prefork? And did you restart php after the changes?
That looks good too. Are you sure about the php changes like I asked?
Which php version are shown if you re-check the virtualmin configuration:
Controllpanel / Dashboard -> virtualmin tab -> server configuration/settings -> re-check configuration .
Not sure about the exact names right now, but that should be it.
Please do tell us the php versions and which are enabled and used (please be specific if possible).
I have restarted php and apache several times. Here are the relevant results from Re-check configuration
Your system has 7.78 GiB of memory, which is at or above the Virtualmin recommended minimum of 256 MiB.
Mail server Postfix is installed and configured.
Postfix can support per-domain outgoing IP addresses, but is not currently configured to do so. This can be setup in the [Postfix Mailserver](https://glowingstonewebsites.com:10000/postfix/dependent.cgi) module.
Apache is installed.
The following PHP versions are available : 7.2.24 (/usr/bin/php-cgi7.2), 7.2 (mod_php)
The following PHP execution modes are available : mod_php cgi fcgid fpm
The following PHP-FPM versions are available on this system : 7.2.3 (php7.2-fpm)
Apache is configured to host SSL websites.
You should just remove mod_php. It’s not very good in terms of performance and stability.
Does the website in question is actually using fpm or is it still using mod_php?
In your main Apache config, what do the lines for SSLProtocol and SSLCipherSuite look like? If you have a stew of ciphers that are too loose, too strict or just don’t blend well together, TLS could indeed be a problem. See if Mozilla’s SSL Configuration Generator agrees with your setup.
You seem to have all the right ingredients so I’m short on advice except for what @DrCarsonBeckett has already suggested, which is pretty much how http/2 works for me running Apache 2.4.37 and OpenSSL 1.1.1 on CentOS…
With mod_http2 loaded, mod_php disabled, the prefork MPM replaced by worker or event, and PHP-FPM running server-wide – a single Protocols h2 h2c http/1.1 statement at the bottom of Apache’s main config file (rather than wrapped in every <VirtualHost>) is all that was needed.
Oh my god it worked. After disabling mod_php. It was a mind numbing task switching all domains on the server to php-fpm but it was worth it. Thank you @DrCarsonBeckett
Thanks for pointing out the ciphers thing as well. They need to be updated as well.
