Comments (9)
Solution:
+ <IfModule mod_http2.c>
Protocols h2 http/1.1
+ </IfModule>
π
By the way in Debian and Ubuntu, the version_module (mod_version.c)
is a static module and therefore compiled into Apache. It cannot be en/dismodded. Those can be seen by apachectl -M | grep static
.
from server-configs-apache.
Solution:
+ <IfModule mod_http2.c> Protocols h2 http/1.1 + </IfModule>
π
This is what I proposed originally and what I ended up adding to my config.
Understood @LeoColomb
In an ideal world everyone would be using the latest version of Apache. In reality, there are old web servers running old websites that sit running for years for clients that have no interest in paying for maintenance or updates. Having a generic config that I can use across the fleet of old and new with Ansible is super handy. Of course, that moves the burden of maintaining old versions on this repo.
However, besides Protocols
I'm not sure why h5bp requires 2.4.17+. I'm successfully using it on 2.4.6 (albeit not in its entirety) and can work around Protocols
support trivially by only including the declaration when the http2 module is available π€·π»
from server-configs-apache.
Just a few thoughts:
From https://httpd.apache.org/docs/2.4/howto/http2.html
The protocols you configure are not checked for correctness or spelling. You can mention protocols that do not exist, so there is no need to guard
Protocols
with any<IfModule>
checks.
Also, I guess it could be discussed whether or not to add the h2c
protocol as well?
The server can be configured to allow the client to choose what it prefers via ProtocolsHonorOrder
.
Maybe a seperate issue/discussion?
from server-configs-apache.
Just a few thoughts:
From https://httpd.apache.org/docs/2.4/howto/http2.html
The protocols you configure are not checked for correctness or spelling. You can mention protocols that do not exist, so there is no need to guard
Protocols
with any<IfModule>
checks.Also, I guess it could be discussed whether or not to add the
h2c
protocol as well?The server can be configured to allow the client to choose what it prefers via
ProtocolsHonorOrder
.Maybe a seperate issue/discussion?
Apache will fail to start if it finds the Protocols
declaration at all in <2.4.17 (the claimed supported version of h5bp is 2.4.10).
Having the check for h2
support means we're 2.4.17+, which is when the module and the Protocols
declaration came in.
Off-topic but I don't see why you would offer h2c
(HTTP/2 over a non-TLS connection), mainly because no browsers support it.
from server-configs-apache.
I see.
It could be solved by <IfVersion >= 2.4.17>
.
Apache 2.4.10 was released in 2014. In my opinion it's a shame if we can't benefit from all the development that's happened in Apache since then. A lot of new features could probably go into this project if the maintainers would go down that route :-)
EDIT: I misunderstood your post, like in that h2c
support required 2.4.17. Protocols
are already here in the code of course :-)
EDIT2: ProtocolsHonorOrder
requires 2.4.17, so it was wrong of me to suggest it.
from server-configs-apache.
Thanks for opening this issue, @jamieburchell.
I believe it is safe to bump H5BP requirement to 2.4.17.
from server-configs-apache.
I have CentOS 7 VMs which are still supported, with stock Apache 2.4.6 which is still receiving backported fixes. For me the check is useful so that I can continue using this script even on older versions. The use of the Protocols
declaration is what prevents me from doing so. Checking for the HTTP/2 module before setting up the HTTP/2 protocol makes sense to me.
I didn't know about <IfVersion>
that's even better; it means you can support old and new.
from server-configs-apache.
While I understand your position, I'm going to reject it:
<IfVersion>
could be handy to use indeed, but require another module to be loaded (mod_version
), which implies:- Add the module at loading time
- Make sure the module is available before using the block (with a
<IfModule>
formod_http2
) - Take the risk to disable http2 usage for server without
mod_version
even ifmod_http2
is available.
- Segregating versions inevitably makes the maintenance harder, as the configuration behavior could change depending on the version. We don't have the bandwidth for this.
CentOS 7 is in its last year(-ish) of support, and Apache http server 2.4.6 is very very old, I'm not sure enabling their usage with H5BP is something I'd like to do.
I hope you see my point! π
from server-configs-apache.
I created a pull request. I think it's a no-brainer to merge it π
from server-configs-apache.
Related Issues (20)
- Feature request: video/mov in .htaccess? HOT 4
- SSL auto renewal blocked by www redirect HOT 2
- Missing version in custom `.htaccess` builds HOT 8
- `DirectoryIndex` comment if pre-compressed content is enabled HOT 4
- Question: mpm_winnt_module HOT 3
- Remove `image/avif-sequence` MIME type HOT 6
- Variable evaluation in build script HOT 2
- Add build parameter to generate `.htaccess` without comments HOT 2
- `ServerTokens Prod` missing HOT 2
- Missing `<IfModule mod_authz_core.c>` block HOT 1
- Remove `<IfModule>` from `Options -Indexes` HOT 1
- Add note about `RewriteOptions Inherit` HOT 3
- `Permissions-Policy` header for Google βTopics APIβ HOT 1
- Add `Document Policy` to security section HOT 2
- Add `Shared Brotli` and `Shared Zstandard` (zstd) HOT 2
- Error with `Permissions-Policy` header: Unrecognized feature: `'document-domain'` HOT 1
- Format `Content-Security-Policy` header directives HOT 4
- Add `ExpiresByType` for `audio/mp4` with `"access plus 1 year"` HOT 3
- Fallback with ExpiresDefault does not seem to include images HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server-configs-apache.