在 CentOS 7、PHP 7.2.14 上运行 Apache/2.4.38 (Unix) OpenSSL/1.0.2k-fips,我已按照以下指南安装并启用了 http/2https://www.tunetheweb.com/performance/http2/。没有报告任何错误并且模块已加载但页面仍然通过 http/1.1 提供服务。
这不是由于使用 prefork mpm(使用了事件)。
这不是浏览器缓存问题(Chrome 开发工具已打开并且缓存已禁用;我也使用过https://tools.keycdn.com/http2-test)。
服务器已重启多次。
conf 文件在主体和 VirtualHost 部分多次包含以下指令:
Protocols h2 http/1.1
SSL 协议指令为:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
错误日志输出(设置为调试级别):
[Sun Feb 03 08:14:28.563204 2019] [ssl:warn] [pid 15944:tid 140617433143168] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Feb 03 08:14:28.563263 2019] [http2:info] [pid 15944:tid 140617433143168] AH03090: mod_http2 (v1.11.4, feats=CHPRIO+SHA256+INVHD+DWINS, nghttp2 1.36.0), initializing...
[Sun Feb 03 08:14:28.567088 2019] [mpm_event:notice] [pid 15944:tid 140617433143168] AH00489: Apache/2.4.38 (Unix) OpenSSL/1.0.2k-fips configured -- resuming normal operations
httpd -V 的输出:
Server version: Apache/2.4.38 (Unix)
Server built: Jan 31 2019 09:55:17
Server's Module Magic Number: 20120211:83
Server loaded: APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/usr/local/apache2"
-D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
apachectl -M 的输出:
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_event_module (static)
xsendfile_module (shared)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_core_module (shared)
authn_dbd_module (shared)
authn_dbm_module (shared)
authn_file_module (shared)
authn_socache_module (shared)
authz_core_module (shared)
authz_dbd_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_owner_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
data_module (shared)
dbd_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
echo_module (shared)
env_module (shared)
expires_module (shared)
ext_filter_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
info_module (shared)
log_config_module (shared)
logio_module (shared)
mime_magic_module (shared)
mime_module (shared)
negotiation_module (shared)
remoteip_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_plain_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_memcache_module (shared)
socache_shmcb_module (shared)
status_module (shared)
substitute_module (shared)
suexec_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
vhost_alias_module (shared)
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
http2_module (shared)
lua_module (shared)
proxy_module (shared)
lbmethod_bybusyness_module (shared)
lbmethod_byrequests_module (shared)
lbmethod_bytraffic_module (shared)
lbmethod_heartbeat_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared)
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_scgi_module (shared)
proxy_wstunnel_module (shared)
ssl_module (shared)
systemd_module (shared)
cgid_module (shared)
从 phpinfo() 中提取的屏幕截图:
如有任何想法我将不胜感激。
答案1
从 Apache 方面看,一切似乎都设置得很好,并且可以看到您在 HTTP 标头中返回了升级建议。我只能建议您在 Apache 前面放置其他东西(例如 LoadBalancer?),它执行 SSL 终止而不使用 ALPN,从而阻止 HTTP/2。
测试这个的最简单方法是从你的服务器运行以下命令:
openssl s_client -alpn h2 -connect 127.0.0.1:443 -status
并查看连接到本地主机时是否支持 ALPN。
如果是,请再次尝试使用您的域,看看连接到您的域时是否不支持 ALPN。这表明负载平衡器或类似设备位于您的 Apache 实例前面并终止 SSL,并且它不支持 ALPN。
答案2
谢谢巴里·波拉德让我走上正轨,这是一个 ALPN 问题。我们没有负载平衡器,但需要将 SSL 作为静态库(而不是共享模块)编译到 Apache 中才能支持 ALPN。重新编译 Apache 后,我现在有了 http/2