Posted June 7, 20231 yr comment_39 In this tutorial I’ll guide you how you can enable TLSv1.3 in CWP-httpd/Apache (when only Apache webserver installed) I’ve tested this and it seems to be working fine. HTTPS performance has been made faster and safer for every user and every device after you enable the tls 1.3 you’ll notice faster website loading. Transportation Layer Security (TLS) 1.3 protocol provides unparalleled privacy and performance compared to previous versions of TLS and non-secure HTTP. Performance has a major impact on user experience. TLS 1.3 represents a pivotal turning point for HTTPS performance. Modern mobile networks will routinely add over 100ms of latency to each request. TLS 1.3 makes page load times significantly faster for mobile devices, improving the user experience for your visitors. This tutorial will enable HTTP/2 and TLSv1.3 automatically if you’re using nginx as proxy or nginx + php-fpm follow this tutorial too : Step 1 Installing few Dependencies needed for the Apache build : Installing Autoconf : cd /usr/local/src rm -rf autoconf-* wget https://ftp.gnu.org/gnu/autoconf/autoconf-latest.tar.gz tar zxvf autoconf-latest.tar.gz cd autoconf-*/ ./configure --prefix=/usr make && make install Installing Openssl : cd /usr/local/src rm -rf openssl* wget https://www.openssl.org/source/openssl-3.0.9.tar.gz -O openssl.tar.gz tar -xf openssl.tar.gz rm -rf openssl.tar.gz mv openssl-* openssl cd openssl ./config --prefix=/usr/local/opensslso --openssldir=/usr/local/opensslso zlib shared make && make install *Building openssl will take some time Installing Nghttp2 : cd /usr/local/src rm -rf Python-* wget https://www.python.org/ftp/python/3.8.12/Python-3.8.12.tgz tar xvf Python-3.8.12.tgz cd Python-3.8*/ ./configure --enable-optimizations make altinstall cd /usr/local/src rm -rf nghttp2-* yum install libtool -y wget https://github.com/nghttp2/nghttp2/releases/download/v1.47.0/nghttp2-1.47.0.tar.gz tar zxvf nghttp2-1.47.0.tar.gz cd nghttp2-*/ ./configure --prefix=/usr PKG_CONFIG_PATH=/usr/local/opensslso/lib/pkgconfig make && make install Step 2 : Building Apache (latest) el7/Centos7 : cd /usr/local/src rm -rf /usr/local/src/apache* wget --no-cache https://www.alphagnu.com/upload/apache-rebuild-new7.sh yum install uuid uuid-devel libuuid-devel pcre-devel -y chmod 755 apache-rebuild-new7.sh sh apache-rebuild-new7.sh Run this commands to disable cwp-httpd update so your config shouldn’t get lost when there is an update : cat /etc/yum.conf |grep "^exclude="|grep httpd 1> /dev/null 2> /dev/null || echo 'exclude=httpd*' >> /etc/yum.conf cat /etc/yum.conf |grep "^exclude="|grep cwp-httpd 1> /dev/null 2> /dev/null || echo 'exclude=cwp-httpd' >> /etc/yum.conf Building Apache (latest) el8/Centos8 : cd /usr/local/src rm -rf /usr/local/src/apache* wget --no-cache https://www.alphagnu.com/upload/apache-rebuild-new8.sh dnf install uuid uuid-devel libuuid-devel pcre-devel -y chmod 755 apache-rebuild-new8.sh sh apache-rebuild-new8.sh Run this commands to disable cwp-httpd update so your config shouldn’t get lost when there is an update : dnf module disable httpd cat /etc/yum.conf |grep "^exclude="|grep httpd 1> /dev/null 2> /dev/null || echo 'exclude=httpd*' >> /etc/yum.conf cat /etc/yum.conf |grep "^exclude="|grep cwp-httpd 1> /dev/null 2> /dev/null || echo 'exclude=cwp-httpd' >> /etc/yum.conf **This Apache script will enable HTTP/2 and TLSv1.3 automatically and installs latest version of apache. Troubleshoot : if you rebuilt webserver and TLS 1.3 is stopped working run this two commands to get the TLS 1.3 back again (when using apache only webserver) sed -i 's/All -SSLv2 -SSLv3/-All +TLSv1.2 +TLSv1.3 /g' /usr/local/apache/conf.d/ssl.conf systemctl restart httpd Checking TLSv1.3: That's it you’re done to check TLSv1.3 is working or not check this via the online checker, ensure you’ve ssl installed for the domain you’re checking : GO to this link and enter the url to check TSL 1.3 protocol : https://www.cdn77.com/tls-test
June 9, 20231 yr comment_44 After performing the above, am now receiving: Modular dependency problem: Problem: module php:7.2:8030020210119114311:2c7ca891.x86_64 requires module(httpd:2.4), but none of the providers can be installed - conflicting requests - module httpd:2.4:8080020230516110524:9edba152.x86_64 is disabled - module httpd:2.4:8080020230517142624:9edba152.x86_64 is disabled
June 9, 20231 yr Author comment_45 5 hours ago, Starburst said: After performing the above, am now receiving: Modular dependency problem: Problem: module php:7.2:8030020210119114311:2c7ca891.x86_64 requires module(httpd:2.4), but none of the providers can be installed - conflicting requests - module httpd:2.4:8080020230516110524:9edba152.x86_64 is disabled - module httpd:2.4:8080020230517142624:9edba152.x86_64 is disabled Hi run this command dnf module disable php httpd nginx -y
June 14, 20231 yr Author comment_55 11 hours ago, Ling said: How to enable mod_brotli in this procedure hi tutorial is posted here :
June 14, 20231 yr comment_56 I mean brotli for Apache 2.4.57 with http2 and tls1.3 combined. This posts relates to an old apache rebuild.
June 14, 20231 yr Author comment_57 24 minutes ago, Ling said: I mean brotli for Apache 2.4.57 with http2 and tls1.3 combined. This posts relates to an old apache rebuild. the image can be for old apache, you can choose the latest version and edit the option for apache tls 1.3 + brotli + http2 install the brotli Installing Brotli on your server: yum install pcre-devel cmake -y cd /usr/local/src git clone https://github.com/google/brotli.git cd brotli git checkout v1.0 ./configure-cmake make && make install Adding path for brotli dependencies files (run this commands one by one): grep "/usr/local/lib/" /etc/ld.so.conf || echo "/usr/local/lib/" >> /etc/ld.so.conf ldconfig Then you need to edit the configure option after you downloaded the https://www.alphagnu.com/upload/apache-rebuild-new7.sh or https://www.alphagnu.com/upload/apache-rebuild-new8.sh i.e. edit the file and add this config flag at last of "./configure" line : --enable-brotli --with-brotli=/usr it will look like below ./configure --enable-so --prefix=/usr/local/apache --enable-unique-id --enable-ssl --with-ssl=/usr/local/opensslso --enable-ssl-staticlib-deps --enable-mods-static=ssl --enable-rewrite --enable-deflate --enable-suexec --with-suexec-docroot=/home --with-suexec-caller=nobody --with-suexec-logfile=/usr/local/apache/logs/suexec_log --enable-asis --enable-filter --with-pcre --with-apr=/usr/bin/apr-1-config --with-apr-util=/usr/bin/apu-1-config --enable-headers --enable-expires --enable-proxy --enable-rewrite --enable-userdir --enable-http2 --enable-brotli --with-brotli=/usr then run the bash script : chmod 755 apache-rebuild-new7.sh sh apache-rebuild-new7.sh or chmod 755 apache-rebuild-new8.sh sh apache-rebuild-new8.sh then follow the required configs listed here from After Apache is rebuilded create the config file
June 14, 20231 yr comment_59 Now I understand the logic, I will give it a try. The other runs like a charm man, thank you so far.
April 14, 2024Apr 14 comment_915 This looks to enable HTTP/2, but not ALPN. How can ALPN be enabled? Thanks
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now