Jump to content
Froxlor Forum
  • 0
nisamudeen97

Enabling HTTP/2 support in froxlor

Question

Hi,

We wish to enable HTTP/2 support in our forxlor server which is currently running apache server version "Server version: Apache/2.4.10 (Debian)".    Debian GNU/Linux 8 \n \l

https://http2.pro/doc/Apache

Has any one tried to enable the same in forxlor ?  We are running shared hosting.  Look forward to have detailed update.

 

Share this post


Link to post
Share on other sites

20 answers to this question

Recommended Posts

  • 0

Sure you have to update, how else would you be able to use a newer version? Yes, froxlor will tell you that a newer version has been installed and will guide you through a update process when logged in as admin.

Procedure:

- backup froxlor/lib/userdata.inc.php

- download https://github.com/Froxlor/Froxlor/archive/master.zip

- extract content of Froxlor-master/* to your current installation directory

- put back the backed up userdata.inc.php to froxlor/lib/userdata.inc.php

- chown either with webserver user (mod_php) or the used local user (e.g. froxlorlocal) when using fcgid/php-fpm

- open froxlor panel in browser and login as admin

Share this post


Link to post
Share on other sites
  • 0

Hi,

Thx for the update.  I have enabled  http2 in forxlor as updated in the above steps.  See the screen shots.   I can also see "OCSP stapling" and "HSTS" .  Cool.

But upon testing I could see the below error in apache.

AH00526: Syntax error on line 12 of /etc/apache2/sites-enabled/35_froxlor_ssl_vhost_dumdum.conf:
Invalid command 'Protocols', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.

 

https://www.shivering-isles.com/http-2-getting-ready-on-debian-with-apache2/

I have then followed the above doc and enabled http2 in apache.  As i was using "Apache 2.4.10",  I have to update it to "Apache/2.4.29"  which is still in latest test release of Debian..

But unfortunately I cannot still see http2 enabled On header testing.

 

curl --http2 -I domain.com


HTTP/1.1 200 OK
Date: Thu, 02 Nov 2017 04:44:53 GMT
Server: Apache/2.4.29 (Debian)
Last-Modified: Thu, 02 Nov 2017 03:32:23 GMT
ETag: "e-55cf7a2e85d40"
Accept-Ranges: bytes
Content-Length: 14
Content-Type: text/html

Can you please help me to fix this ?

 

froxlor update.png

new support.png

Share this post


Link to post
Share on other sites
  • 0

root@w03:/etc/apache2/sites-enabled# cat 35_froxlor_ssl_vhost_nisa.kaikaito.de.conf
# 35_froxlor_ssl_vhost_nisa.kaikaito.de.conf
# Created 06.11.2017 11:46
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

# Domain ID: 45 (SSL) - CustomerID: 13 - CustomerLogin: kaikaito
<VirtualHost 192.168.73.56:443>
  ServerName nisa.kaikaito.de
  ServerAlias *.nisa.kaikaito.de
  ServerAdmin np@kaikaito.it
  SSLEngine On
  SSLProtocol -ALL +TLSv1 +TLSv1.2
 Protocols h2 http/1.1
  SSLCompression Off
  SSLHonorCipherOrder On
  SSLCipherSuite ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128
  SSLVerifyDepth 10
  SSLCertificateFile /etc/ssl/froxlor-custom/nisa.kaikaito.de.crt
  SSLCertificateKeyFile /etc/ssl/froxlor-custom/nisa.kaikaito.de.key
  SSLCertificateChainFile /etc/ssl/froxlor-custom/nisa.kaikaito.de_chain.pem
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31535995"
  </IfModule>
  DocumentRoot "/var/customers/webs/kaikaito/nisa/"
  FcgidIdleTimeout 30
  SuexecUserGroup "kaikaito" "kaikaito"
  <Directory "/var/customers/webs/kaikaito/nisa/">
    <FilesMatch "\.(php)$">
      SetHandler fcgid-script
      FcgidWrapper /var/www/php-fcgi-scripts/kaikaito/nisa.kaikaito.de/php-fcgi-starter .php
      Options +ExecCGI
    </FilesMatch>
    Require all granted
    AllowOverride All
  </Directory>
  Alias /webalizer "/var/customers/webs/kaikaito/webalizer"
  ErrorLog "/var/customers/logs/kaikaito-error.log"
  CustomLog "/var/customers/logs/kaikaito-access.log" combined
</VirtualHost>

 

Share this post


Link to post
Share on other sites
  • 0
# openssl version
Quote

 If OpenSSL is the library you use, you need at least version 1.0.2.

 

Share this post


Link to post
Share on other sites
  • 0

Hi,

I have also rebooted the server to make sure updated things loads good.  Still it is not working.   What you think is the cause ?  Bugs ??

 

root@:~# uname -a
Linux  3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64 GNU/Linux
root@:~# cat /etc/issue
Debian GNU/Linux 9 \n \l

 

Share this post


Link to post
Share on other sites
  • 0

Same problem nisamudeen97.

I managed to install it on Ubuntu. I found it strange you have to activate http/2 on the vhost to be able to activate it on other domains.

I posted an issue in case it helps: https://github.com/Froxlor/Froxlor/issues/575

 

That said, I finally installed it. 

apache2ctl -M | grep "http2"
 http2_module (shared)

apachectl -V
Server version: Apache/2.4.34 (Ubuntu)

openssl version
OpenSSL 1.1.0h  27 Mar 2018

 

But curl --http2 -I https://xxxx.com
curl: (1) Unsupported protocol

(chrome inspector shows protocol http/1.1).

 

Did you solve it?

 

Thanks

Share this post


Link to post
Share on other sites
  • 0

Ok, I have this in the logs:

[Wed Sep 26 11:40:15.116715 2018] [http2:warn] [pid 30078] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.

I'm using FCGID.

Any ideas?

Share this post


Link to post
Share on other sites
  • 0

The error message literally tells you what the problem is. Mpm_prefork does not work together with http2

Share this post


Link to post
Share on other sites
  • 0
31 minutes ago, lanbo said:

Ok, I have this in the logs:


[Wed Sep 26 11:40:15.116715 2018] [http2:warn] [pid 30078] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.

I'm using FCGID.

Any ideas?

I have the same problem , until yesterday everything was ok. Any solution what to do ?

Share this post


Link to post
Share on other sites
  • 0
On 9/26/2018 at 12:08 PM, d00p said:

The error message literally tells you what the problem is. Mpm_prefork does not work together with http2

Yeah, it's tricky.

 

sudo a2dismod mpm_prefork
sudo a2enmod mpm_event
service apache2 restart
 * Restarting Apache httpd web server apache2 [fail] *
      The apache2 configtest failed.
        Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.  You need to recompile PHP.

I'm using FCGID. Is PHP-FPM thread-safe?

 

UPDATE:

 

I managed to make it work with php-fpm, extrausers and:

 

a2dismod mpm_prefork
a2enmod mpm_event
a2enmod proxy_fcgi
a2enmod http2
 

Remember to activate in the settings that you are using php-fpm, proxy_fcgi and http/2.

It's specially important to remember to activate you are uding php-fpm also for the froxlor vhost or otherwise you won't be able to access Froxlor again. I missed that step and it was a mess fixing it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By nisamudeen97
      Hi,
      Our froxlor server is behiend NAT and it uses the local IP  192.168.73.40.  We have enabled letsencrypt module in froxlor and tried validating SSL for a domain in the server.  SSL generation is getting failed with 403 error.  See the debug log information.      Replaced domain name and main IP.    Can any one help me regarding the issue.
       
      [information] Updating Let's Encrypt certificates [information] Updating domain-name.com [information] Adding SAN entry: domain-name.com [information] Adding SAN entry: www.domain-name.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order [information] letsencrypt-v2 Requesting challenge for domain-name.com [information] letsencrypt-v2 Got challenge token for domain-name.com [information] letsencrypt-v2 Token for domain-name.com saved at /var/www/froxlor/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k and should be available at http://domain-name.com/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [information] letsencrypt-v2 Sending request to challenge [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/803008408/k46kFQ [information] letsencrypt-v2 Verification pending, sleeping 1s [information] letsencrypt-v2 Verification pending, sleeping 1s [error] Could not get Let's Encrypt certificate for domain-name.com: Verification ended with error: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [212.224.xxx.xxx]: \"<!DOCTYPE html>\\n<html lang=\\\"en-CA\\\" class=\\\"html_stretched responsive av-preloader-active av-preloader-enabled av-default-lightbox\"","status":403},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/803008408\/k46kFQ","token":"vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","validationRecord":[{"url":"http:\/\/www.domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"www.domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"},{"url":"http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"}]} [information] Let's Encrypt certificates have been updated  
    • By Jason Szymanski
      Hallo,
       
      ich habe leider ein Problem mit Froxlor.
      Zu meiner Situation: Froxlor läuft auf der Subdomain web01.meinedomain.net
      Jetzt möchte ich die Domain aber auch noch weiter Nutzen und habe mich daher als Kunde angelegt und die Domain meineDomain.net als Domain hinzugefügt.
      Dort kann ich auch weitere Subdomains hinzufügen. Das scheint soweit auch zu klappen ich sehe das er VHosts anlegt und auch die Verzeichnisse im FTP anlegt.
      Wenn ich jetzt allerdings versuche auf meinedomain.net oder eine andere Subdomain unter dieser Domain zuzugreifen leitet er mich auf web01.meinedomain.net
      Ich habe mich schon in den Einstellungen umgeschaut konnte aber keine entsprechende Einstellung finden an der das liegen könnte.
      Wie verhindere ich also das er mich auf Froxlor umleitet?
       
      Mit Freundlichen Grüßen
      Jason Szymanski
    • By nisamudeen97
      Hi,
      Wile doing migration of email accounts from one froxlor server to another I have noting some thing.   Expecting some clarification on this.  As we all know emails are normally stored in the location "/var/customers/mail/user/domain.com/user/Maildir/" .   I create email accounts via froxlor panel and copy the email files directly via scp or rsync from old server to new.  The strange thing I have noticed is it is not coping custom folders and its emails like we have in source.  
      The solution I have found for this is to use imapsync between old and new.  imapsync is preserving custom folders like as it is in source.    Does it mean custom folder settings are stored somewhere else?  How we can preserve it and copy emails manually?
    • By irisdina
      Warning, this is not an official guide!!!
      1.
      sudo mv /etc/apt/source.list /etc/apt/source.list.bak 1a. Create new Source.list
      sudo nano /etc/apt/source.list 1b.  insert (for Debian Stretch)
      1.2B (for Ubuntu Cosmic)
       
      1c. 
      sudo apt update && sudo apt dist-upgrade && sudo apt autoclean && sudo apt autoremove 1d. 
      sudo apt install curl wget apt-transport-https dirmngr git software-properties-common Now you can start setting up your server
      2. MariaDB install
      Warning use sudo command für this install!
      sudo apt install mariadb-server mariadb-client 2a. MariaDB 10.3 Workround (Optional)
      3. nginx install
      sudo apt install nginx 3a. 
      mkdir /etc/nginx/sites-available mkdir /etc/nginx/sites-enabled 3b. nano /etc/nginx/nginx.conf
      4. PHP install
      sudo apt-get -y install php7.3-fpm php7.3-mysql php7.3-curl php7.3-gd php7.3-intl php-pear php-imagick php7.3-imap php-memcache php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl php7.3-mbstring php-gettext php7.3-mysql php7.3-curl php7.3-gd php7.3-intl php-pear php-imagick php7.3-imap php-memcache php7.3-memcached php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl php7.3-mbstring php-gettext php7.3-fpm php7.3-cli php7.3-cgi php-bcmath php-zip php7.3-fpm php7.3-curl php7.3-gd php7.3-mysql php7.3-mbstring php7.3-zip php7.3-bcmath zip unzip 4a. 
      sudo service nginx restart sudo service php7.3-fpm restart Froxlor install
      There are two ways to get Froxlor. Stable (wget) and Beta Build (git / Master)
      Stable Version
      1. 
      cd /var/www/html/ 1a. 
      sudo https://files.froxlor.org/releases/froxlor-latest.tar.gz && sudo tar xzfv froxlor-latest.tar.gz or
      Git Version (Beta Version)
      sudo git clone https://github.com/Froxlor/Froxlor.git && sudo chown -HR www-data:www-data Froxlor/ sudo apt install composer  su - www-data -s /bin/bash cd /var/www/html/Froxlor/ 1a(2). Composer install in your Froxlor directory
      composer install --no-dev 1b. 
      sudo chown -R www-data:www-data Froxlor/ Set up Froxlor
      2. Open Your Browser
      2a.
      http://your IP or Hostname/Froxlor
       

      Install Froxlor finish
       3d. Move userdata (Optional) 
      sudo mv /tmp/userdata.inc.php /var/www/html/Froxlor/lib/ 2c. 
      sudo rm /etc/nginx/site-enable/default don't restart nginx!
      Froxlor Settings
      1. Cronjob
      sudo nano /etc/cron.d/froxlor insert 
      # # Set PATH, otherwise restart-scripts won't find start-stop-daemon # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # # Regular cron jobs for the froxlor package # # Please check that all following paths are correct # */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/html/Froxlor/scripts/froxlor_master_cronjob.php sudo chmod 0640 "/etc/cron.d/froxlor" sudo chown root:0 "/etc/cron.d/froxlor" sudo service cron restart 2. Nginx PHP Backend
      Settings > Webserver settings > Nginx PHP backend
      from 127.0.0.1:8888 to unix:/run/php/php7.3-fpm.sock
      3. 
      sudo mkdir -p /var/customers/webs/ sudo mkdir -p /var/customers/logs/ sudo mkdir -p /var/customers/tmp sudo chmod 1777 /var/customers/tmp sudo service nginx restart 4. IPs and Ports > Add IP/Port

      2a(1), SSL Port



      Wait 5min for Autimatic Start Froxlor's cronjob or start the cronjob manually
      sudo php /var/www/html/Froxlor/scripts/froxlor_master_cronjob.php --force --debug Optional
      PHP-FPM activate
      1. User/Group add
      sudo adduser froxlorlocal --disabled-password --no-create-home && sudo usermod -a -G www-data froxlorlocal 2. libnss-extrausers install 
      sudo apt install nscd libnss-extrausers sudo mkdir -p /var/lib/extrausers sudo touch /var/lib/extrausers/{passwd,group,shadow} sudo mv "/etc/nsswitch.conf" "/etc/nsswitch.conf.frx.bak" sudo nano /etc/nsswitch.conf # Make sure that `passwd`, `group` and `shadow` have mysql in their lines # You should place mysql at the end, so that it is queried after the other mechanisams # passwd: compat extrausers group: compat extrausers shadow: compat extrausers hosts: files dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files sudo service nscd restart sudo nscd --invalidate=group 2a. Settings > System settings > Activate > Use libnss-extrausers instead of libnss-mysql

      3. Settings > PHP-FPM > Activated:
      Change from NO to YES
      3a. PHP-FPM versions
      Change > php-fpm restart command:
      service php7.3-fpm restart and
      Configuration directory of php-fpm: > to 
      /etc/php/7.3/fpm/pool.d/ 3b. Settings > Froxlor VirtualHost settings > Activate > Enable PHP-FPM for the Froxlor vHost

      3c. 
      sudo chown -HR froxlorlocal:froxlorlocal /var/www/html/Froxlor SSL / Let's Encrypt activate
      1.
      sudo apt install certbot 1a. 
      sudo mkdir /etc/nginx/ssl && cd /etc/nginx/ssl 1b. Create SSL File
      sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt 1c. 
      sudo nano /etc/nginx/acme.conf insert
      location /.well-known/acme-challenge { alias /var/www/html/Froxlor/.well-known/acme-challenge; location ~ /.well-known/acme-challenge/(.*) { default_type text/plain; } }  
      2. Open your  Froxlor Panel
      Settings> SSL > Activated:
      Change from NO to YES
      2a. Settings > SSL > Settings
      Change your path from your certificate / Keyfile
      Path to the SSL certificate
      insert
      /etc/nginx/ssl/nginx.crt Path to the SSL Keyfile
      insert
      /etc/nginx/ssl/nginx.key 2b. Settings > SSL > Settings
      Activate > Enable Let's Encrypt

      Change Path to the acme.conf snippet to > 
      /etc/nginx/acme.conf 2c. Activate on Settings > Froxlor VirtualHost settings
      - Enable Let's Encrypt for the froxlor vhost
      - Enable SSL-redirect for the froxlor vhost
      - HTTP Strict Transport Security (HSTS)
      - Include HSTS for any subdomain






      2d. Activated HTTP2 Support on > Settings > Nginx
       
    • By nisamudeen97
      Hi,
       
      I need to enable access log for froxlor.   In froxlor vhost config I cannot see access log enabled.  If I edit manually it is getting overwritten.  Below is my vhost config for froxlor.  let me know how to enable access log and error log for foxlor.
       
      <VirtualHost 192.168.73.40:443>
      DocumentRoot "/var/www/froxlor/"
      ServerName hostname.cm
      SSLEngine On
      SSLProtocol -ALL +TLSv1 +TLSv1.2
      SSLCompression Off
      SSLHonorCipherOrder On
      SSLCipherSuite ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128
      SSLVerifyDepth 10
      SSLCertificateFile /etc/apache2/ssl/*********.crt
      SSLCertificateKeyFile /etc/apache2/ssl/******.key
      SSLCACertificateFile /etc/apache2/ssl/*******CA.crt
      SSLCertificateChainFile /etc/apache2/ssl/******.crt
      </VirtualHost>
       




×
×
  • Create New...