Issue Plesk Panel HTTP/2 Not Working

[PandoraT]

Operating System: Centos 6.5
Plesk Version: 17.8.11

Advisor also activates the HTTP/2 feature, but it does not work.

 

[learning_curve]

Enabling HTTP/2 in Advisor extension does not work on Plesk server

 

[zeeshan786]

1. Make sure that SSL support is enabled for the web site in the Hosting Settings section of the domain. HTTP/2 is supported for SSL sites only, so non-SSL sites will continue to work under HTTP /1.x. That is a restriction of nginx web server and web browsers.
2. Check that nginx is enabled:
   # plesk sbin nginxmng –s
   
   Enable it if necessary:
   
   # plesk sbin nginxmng -e
   
   
3. Check that OpenSSL package has the version 1.0.1 or higher:
   # rpm -qa | grep openssl
   
   openssl-1.0.1e-42.el6_7.4.x86_64.
   
   
4. Check that there is no custom configuration template in /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php. Remove it if it was found and re-create configuration files:
   # plesk sbin httpdmng --reconfigure-all
   
   Alternatively, if you do not want to remove your customizations, you can modify the file /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php like below.
   
   Find the row similar to
   
   ($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') ?>;
   
   And replace it with the two following rows:
   
   ($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') .
   
   ($OPT['ssl'] && $VAR->domain->physicalHosting->proxySettings['nginxHttp2'] ? ' http2' : '') ?>;
   
   After that run the command:
   
   # plesk bin http2_pref enable
   
   
5. In case of ssl connection problems with HTTP/2 enabled, ensure that the ssl_ciphers directive in /etc/nginx/conf.d/ssl.conf or in customised nginxDomainVirtualHost.php has the following value:
   ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES;
   
   
6. If you site does not work in some browsers after enabling HTTP/2, this may mean that you have no necessary ciphers and protocols for HTTP/2 support. Use the sslmng utility from Plesk to set up available protocols and TLS ciphers list after you have enabled HTTP/2. For example if you want to use exactly the same ciphers list as Plesk does, the command will be the following:
   #plesk sbin sslmng --services=nginx --custom --ciphers="EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20" --protocols="TLSv1 TLSv1.1 TLSv1.2"
   
   Configuration will be stored in the /etc/nginx/conf.d/ssl.conf file. We do not recommend to edit this file manually.
   
   
7. If no steps above helped, contact Plesk technical support.