Add `<IfModule http2_module>` for h2 protocol support about server-configs-apache HOT 9 CLOSED

Solution:

+ <IfModule mod_http2.c>
    Protocols h2 http/1.1
+ </IfModule>

😃

By the way in Debian and Ubuntu, the version_module (mod_version.c) is a static module and therefore compiled into Apache. It cannot be en/dismodded. Those can be seen by apachectl -M | grep static.

from server-configs-apache.

Solution:

+ <IfModule mod_http2.c>
    Protocols h2 http/1.1
+ </IfModule>

😃

This is what I proposed originally and what I ended up adding to my config.

Understood @LeoColomb

In an ideal world everyone would be using the latest version of Apache. In reality, there are old web servers running old websites that sit running for years for clients that have no interest in paying for maintenance or updates. Having a generic config that I can use across the fleet of old and new with Ansible is super handy. Of course, that moves the burden of maintaining old versions on this repo.

However, besides Protocols I'm not sure why h5bp requires 2.4.17+. I'm successfully using it on 2.4.6 (albeit not in its entirety) and can work around Protocols support trivially by only including the declaration when the http2 module is available 🤷🏻

from server-configs-apache.

Just a few thoughts:

From https://httpd.apache.org/docs/2.4/howto/http2.html

The protocols you configure are not checked for correctness or spelling. You can mention protocols that do not exist, so there is no need to guard Protocols with any <IfModule> checks.

Also, I guess it could be discussed whether or not to add the h2c protocol as well?

The server can be configured to allow the client to choose what it prefers via ProtocolsHonorOrder.

Maybe a seperate issue/discussion?

from server-configs-apache.

Just a few thoughts:

From https://httpd.apache.org/docs/2.4/howto/http2.html

The protocols you configure are not checked for correctness or spelling. You can mention protocols that do not exist, so there is no need to guard Protocols with any <IfModule> checks.

Also, I guess it could be discussed whether or not to add the h2c protocol as well?

The server can be configured to allow the client to choose what it prefers via ProtocolsHonorOrder.

Maybe a seperate issue/discussion?

Apache will fail to start if it finds the Protocols declaration at all in <2.4.17 (the claimed supported version of h5bp is 2.4.10).

Having the check for h2 support means we're 2.4.17+, which is when the module and the Protocols declaration came in.

Off-topic but I don't see why you would offer h2c (HTTP/2 over a non-TLS connection), mainly because no browsers support it.

from server-configs-apache.

I see.

It could be solved by <IfVersion >= 2.4.17>.

Apache 2.4.10 was released in 2014. In my opinion it's a shame if we can't benefit from all the development that's happened in Apache since then. A lot of new features could probably go into this project if the maintainers would go down that route :-)

EDIT: I misunderstood your post, like in that h2c support required 2.4.17. Protocols are already here in the code of course :-)

EDIT2: ProtocolsHonorOrder requires 2.4.17, so it was wrong of me to suggest it.

from server-configs-apache.

Thanks for opening this issue, @jamieburchell.
I believe it is safe to bump H5BP requirement to 2.4.17.

from server-configs-apache.

I have CentOS 7 VMs which are still supported, with stock Apache 2.4.6 which is still receiving backported fixes. For me the check is useful so that I can continue using this script even on older versions. The use of the Protocols declaration is what prevents me from doing so. Checking for the HTTP/2 module before setting up the HTTP/2 protocol makes sense to me.

I didn't know about <IfVersion> that's even better; it means you can support old and new.

from server-configs-apache.

While I understand your position, I'm going to reject it:

• <IfVersion> could be handy to use indeed, but require another module to be loaded (mod_version), which implies:
  • Add the module at loading time
  • Make sure the module is available before using the block (with a <IfModule> for mod_http2)
  • Take the risk to disable http2 usage for server without mod_version even if mod_http2 is available.
• Segregating versions inevitably makes the maintenance harder, as the configuration behavior could change depending on the version. We don't have the bandwidth for this.

CentOS 7 is in its last year(-ish) of support, and Apache http server 2.4.6 is very very old, I'm not sure enabling their usage with H5BP is something I'd like to do.

I hope you see my point! 😊

from server-configs-apache.

I created a pull request. I think it's a no-brainer to merge it 😄

from server-configs-apache.