HTTP/2 is finally officially adopted, and it brings significant improvements regarding server<-> client communication, making worth to try be amongst the first to have the service up.

This is a relatively new tecnology, and as far as I can tell at this moment Apache doesn’t support with binary packages, at least not for CentOS, so this is how I precompiled it to have it support h2.

This has been a rocky road (and still is), as things are not completely clear, but I’ll give you the short story as always, supposing that if you really wanted to know more, you’d just read the documentation and do it your way.

I did this both on Centos 6 and 7 and it works. First, you’ll need the development tools, so if you don’t have it, install it:

yum groupinstall "Development Tools" 
yum install pcre-devel python-devel lua-devel zlib-devel libxml2-devel

Now we can start to download, compile and install the dependencies. The time I am doing this, the links are as follows:

cd /usr/src
wget http://www.apache.org/dist/apr/apr-1.7.0.tar.gz
wget http://www.apache.org/dist/apr/apr-util-1.6.1.tar.gz
git clone https://github.com/nghttp2/nghttp2
wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz
wget https://downloads.apache.org/httpd/httpd-2.4.51.tar.gz


tar xvf apr-1.7.0.tar.gz
cd /usr/src/apr-1.7.0
./configure
make
make install

cd /usr/src
tar xvf openssl-1.1.1l.tar.gz
cd /usr/src/openssl-1.1.1l
./config shared --prefix=/opt/openssl-1.1.1l --openssldir=/opt/openssl-1.1.1l
make
make install

cd /usr/src
tar xvf apr-util-1.6.1.tar.gz
cd /usr/src/apr-util-1.6.1
./configure --with-apr=/usr/local/apr/ --with-crypto --with-openssl=/opt/openssl-1.1.1l/
make 
make install

cd /usr/src/nghttp2
git submodule update --init
autoreconf -i
automake
autoconf
./configure
make
make install

Now we have all the dependencies we need, let’s get the Apache sources and compile. Before that let me give you a suggestion and do a ./configure –help to see if there are any more modules you need of that I have selected to compile, or just simply compile them all (the make process doesn’t last long).

(note: in some cases you might need to yum install zlib-devel libxml2-devel before moving on, in case the packages are not already present)

cd /usr/src
tar xvf httpd-2.4.51.tar.gz
cd /usr/src/httpd-2.4.51
make clean
make distclean

./configure --enable-ssl --enable-so --enable-cache --enable-socache-memcache --enable-watchdog --enable-deflate --enable-proxy-html --enable-http --enable-http2 --enable-log-debug --enable-log-forensic --enable-mime-magic --enable-expires --enable-remoteip --enable-proxy --enable-proxy-fcgi --enable-dav-fs --enable-vhost-alias --with-nghttp2=/usr/local/lib --enable-log-config --with-ssl=/opt/openssl-1.1.1l/ --enable-file-cache --enable-cache-disk --enable-unique-id --enable-ident --enable-session-cookie --enable-session --enable-info --enable-rewrite --enable-slotmem-shm --enable-slotmem-plain --enable-lua --enable-luajit --enable-buffer --enable-cgid --enable-cgi

make
make install

This does the basic installation, and voila – you have a working http2 server.
You can start it with /usr/local/apache2/bin/apachectl start

I usually make a symlink to /bin so I don’t have to type the path every time.
You might also need the ngttp2 and openssl 1.0.2 libraries in apache’s lib directory, so if it throws you an error when you enable the mod_http2 module, create a symlink for them too:

mkdir /usr/local/apache2/lib
ln -s /usr/local/ssl/lib/libcrypto.so.1.0.0 /usr/local/apache2/lib/
ln -s /usr/local/ssl/lib/libssl.so.1.0.0 /usr/local/apache2/lib/
ln -s /usr/local/lib/libnghttp2.so.14 /usr/local/apache2/lib/

Voila. This is very basic, but good for a start if you’re willing to go on from here.
You’ll still have to read about how to configure Apache to actually use http/2, and once more – things are still fuzzy with client side support (well, to be honest, in practice, even server side), and you might sumble a lot on it.

There are plugins for Chrome and Firefox that show you if you’re visiting a http/2 (apart from the subject, spdy too) capable page or not.

Showing http2 enabled, with the plugin
Stay tuned, I’ll be changing and adding to this article a lot in the days to come.

Changelog:
– revised the document,  with corrected typos and adapted for Apache 2.4.18
– May 7th, 2016. adapted for Apache 2.4.20, OpenSSL v.1.02f and linked git repo for the nghttp2 project rather than a static link for newer versions, solved missing pcre-devel and python-devel dependencies for some scenarios, corrected typos and probably made new ones
– May 11th 2016. added a few more modules to the ./configure for better functionality
– July 13th 2016. updated package versions and teste
– July 21th 2016 updated to compile apr with crypto libs, so it’s possibble to compile mod_security now for this build, out of the box, also added zlib-devel and libxml2-devel packages as former missing dependencies
– March 3rd 2017 revised the whole document again and updated for the newset tehcnology, with Apache 2.4.25
– Jun 19th 2017 revised the whole document and update to the newest modules with Apache 2.4.26
– Sept 9th 2018 corrected minor typos and updated the arcticle for newsest module versions
– Nov 6th 2018 another update
– Oct 8th 2019 updated to the newest suites – apache v2.4.41 with apr v1.7, nghttpd v1.4
– Nov 25th 2021 updatet do the newest suites once more – apache v2.4.51 and nghttpd v1.47. Also MAJOR config update to support new openssl and TLSv1.3. Plans to do http3 support if possibble

15 thoughts on “Apache with http/2 support on CentOS with TLSv1.3

  1. Hi Pityu,

    Hows it going and loved this tutorial. However I got a bit stuck on one bit and its not working! I wget httpd-2.4.18 from http://www.eu.apache.org/dist//httpd/ then followed your steps here…

    cd /usr/src
    tar xvf httpd-2.4.18.tar.gz
    cd httpd-2.4.18.tar.gz
    cd /usr/stc/httpd-2.4.18.tar.gz
    make clean
    make distclean

    ./configure –enable-ssl –enable-so –enable-cache –enable-socache-memcache –enable-watchdog –enable-deflate –enable-proxy-html –enable-http –enable-http2 –disable-log-config –enable-log-debug –enable-log-forensic –enable-mime-magic –enable-expires –enable-remoteip –enable-proxy –enable-proxy-fcgi –enable-dav-fs –enable-vhost-alias –with-nghttp2=/usr/local/lib –enable-log-config –with-ssl=/usr/local/ssl/

    make
    make install

    which did not work do I did this instead…

    cd /usr/src
    tar xvf httpd-2.4.18
    cd httpd-2.4.18
    cd /usr/stc/httpd-2.4.18
    make clean
    make distclean

    ./configure –enable-ssl –enable-so –enable-cache –enable-socache-memcache –enable-watchdog –enable-deflate –enable-proxy-html –enable-http –enable-http2 –disable-log-config –enable-log-debug –enable-log-forensic –enable-mime-magic –enable-expires –enable-remoteip –enable-proxy –enable-proxy-fcgi –enable-dav-fs –enable-vhost-alias –with-nghttp2=/usr/local/lib –enable-log-config –with-ssl=/usr/local/ssl/

    make
    make install

    which again did not work! So in putty I can cd into httpd-2.4.18 as usual but when I get to make clean I get this……

    make: **** No targets specified and no makefile found. Stop.

    Where do I go from here buddy? Many thanks.
    – Phillip Dews

    1. Sry, this seems to be a typo (which apparently I have a lot and will revise the whole document these days).
      Namely in your case the problem is the “stc”:
      cd /usr/stc/httpd-2.4.18
      try cd /usr/src/httpd-2.4.18

    2. I have revised the document, and corrected some errors (there were also some missing development packages needed to be added before starting making the httpd-2.4.xx)
      As I’ve tested, it seems 100% correct now.

      1. On CentOS7
        I have a problem at
        cd /usr/src
        tar xvf httpd-2.4.20.tar.gz
        cd httpd-2.4.20
        make clean
        make: *** No rule to make target `clean’. Stop.
        make distclean
        make: *** No rule to make target `distclean’. Stop.

        The mentioned packages are installed
        yum install zlib-devel libxml2-devel
        Package zlib-devel-1.2.7-15.el7.x86_64 already installed and latest version
        Package libxml2-devel-2.9.1-6.el7_2.2.x86_64 already installed and latest version
        Nothing to do

        Any suggestions?

        PS: spilt the command yum groupinstall “Development Tools” pcre-devel python-devel lua-devel
        because of the following error
        Warning: group pcre-devel does not exist.
        Warning: group python-devel does not exist.
        Warning: group lua-devel does not exist.

      2. make clean && make distclean are there “just in case” you already have a config file created from before. In a first case scenario, that is the normal behavior, so just carry on.
        Thanks for the tip, I’ll split those packages from grouinstall 🙂

  2. Hi,
    I have following error:
    [root@vps apr-util-1.5.4]# ./configure –with-apr=/usr/local/apr/
    checking build system type… x86_64-unknown-linux-gnu
    checking host system type… x86_64-unknown-linux-gnu
    checking target system type… x86_64-unknown-linux-gnu
    checking for a BSD-compatible install… /usr/bin/install -c
    checking for working mkdir -p… yes
    APR-util Version: 1.5.4
    checking for chosen layout… apr-util
    checking for gcc… gcc
    checking whether the C compiler works… yes
    checking for C compiler default output file name… a.out
    checking for suffix of executables…
    checking whether we are cross compiling… no
    checking for suffix of object files… o
    checking whether we are using the GNU C compiler… yes
    checking whether gcc accepts -g… yes
    checking for gcc option to accept ISO C89… none needed
    Applying apr-util hints file rules for x86_64-unknown-linux-gnu
    checking for APR… configure: error: the –with-apr parameter is incorrect. It must specify an install prefix, a build directory, or an apr-config file.

    1. Hey,

      you have to install APR first (you seem to have skipped one step before this, or installed APR in a different directory)

  3. My brother suggested I might like this web site. He was entirely right. This post truly made my day. You can not imagine just how much time I had spent for this info! Thanks!|

  4. Hello, I think your website might be having browser compatibility issues.
    When I look at your website in Firefox,
    it looks fine but when opening in Internet Explorer,
    it has some overlapping. I just wanted to give you a quick heads up!

    Other then that, terrific blog!

  5. The problem would probably be IE, and not the web site. As long as compliant with W3C, there will be no problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.