Why is Plesk using multiple protocols?

[Émerson Felinto]

This is the log for a site and it's really causing me a lot of confusion. Why did the same user (see ip) access site resources via HTTP /1.0, HTTP/1.1, and HTTP/2 ?
It makes no sense!
I've enabled forced redirection for HTTPS, so all requests should be via HTTP/2

 

[MarkM]

Based on your screenshot, it looks like Apache vs Nginx is the difference.

 

[Émerson Felinto]

From what I saw the solution would be to install HTTP2 on Apache.
Thank you!

 

[MarkM]

Yup!

How to enable HTTP2 for Apache in Plesk?

 

[Émerson Felinto]

I was following this tutorial but I encountered a problem. It only refers to the installation in Ubuntu / Debian being that I use CentOS 7.4.

Any idea what commands should I run so I can safely use it on my Plesk server?

 

[MarkM]

There's a bit more to it - I'll write it up shortly.

 

[MarkM]

Ok, I'm going to basically go over the basic process without going into detail, proceed at your own risk. You will break things.

The first issue you will have is with the version of Apache. CentOS and RHEL default repositories come with Apache versions around 2.4.6. HTTP/2 can be deployed in Apache HTTP 2.4.17 or newer.

So the first thing to do is use a third party repo to upgrade Apache. Again, you will break things. You will have Apache module errors out of the butt. Don't do this during prime hours. The following will show you the CodeIT repo which does provide a compatible Apache version;
How to Install The Latest Apache Server (httpd) on Centos 7 | CROSP's Blog

[root@plesk conf]# httpd -v
Server version: Apache/2.4.29 (codeit)
Server built: Nov 3 2017 14:01:58

[root@plesk ~]# cat /etc/*release* | grep PRETTY_NAME
PRETTY_NAME="CentOS Linux 7 (Core)"

# plesk repair web - will help you disable the broken modules and reconfigure web server configuration.

Here's a list of the Apache modules enabled;

Now that it's enabled in Apache, enable it on a domain by modifying the following file;

/var/www/vhosts/system/example.com/conf/vhost_ssl.conf

Add the following line;

Protocols h2 http/1.1

At this point, if you didn't screw up, you're done!

 

[Émerson Felinto]

Olá, obrigado pela ajuda!
Com base no risco que eu posso executar, eu prefiro manter o http2 desativado.

 

[MarkM]

If you want to reach out to me on Skype in the morning, we can do this together over a remote connection or something. My Skype username is mmuyskens

 

[Émerson Felinto]

Hello,

What makes me hesitant is not that it is possible to do a clean installation of the latest version of Apache but the impossibility of reversing the changes, since even with this new update there may be incompatibilities and bugs.

Could you comment on that? Is it possible to change back?

 

[MarkM]

sure remove the custom repo, remove apache, and then reinstall the old version from the old repo. Completely possible.

 

[Émerson Felinto]

Does any Plesk developer (sorry if I mention you incorrectly) can you tell me if Apache will be updated in CentOS 7.4?
@IgorG, @Peter Debik

 

[IgorG]

Does any Plesk developer (sorry if I mention you incorrectly) can you tell me if Apache will be updated in CentOS 7.4?
@IgorG, @Peter Debik

This question to CentOS but not to Plesk:

# plesk version
Product version: Plesk Onyx 17.5.3 Update #42
Update date: 2018/03/01 05:35
Build date: 2017/03/17 16:00
OS version: CentOS 7.2.1511

# rpm -qi httpd
Name : httpd
Version : 2.4.6
Release : 67.el7.centos.6
Architecture: x86_64
Install Date: Thu 01 Mar 2018 05:24:09 AM NOVT
Group : System Environment/Daemons
Size : 9827789
License : ASL 2.0
Signature : RSA/SHA256, Fri 20 Oct 2017 06:31:20 PM NOVT, Key ID 24c6a8a7f4a80eb5
Source RPM : httpd-2.4.6-67.el7.centos.6.src.rpm
Build Date : Fri 20 Oct 2017 02:41:19 AM NOVT
Build Host : c1bm.rdu2.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <My View - CentOS Bug Tracker>
Vendor : CentOS

 

[MarkM]

It seems solid. I wish I could say I use it in production but my production server doesn't actually use Plesk. I've tested it extensively and feel comfortable enough to recommend it. I wouldn't post it otherwise. Just let me know!

 

[Émerson Felinto]

Thanks Mark for your support!

I do not want to take your time, so I'll try to install it on my own based on the instructions you gave me. But I would be more comfortable if you are at my disposal to support me if at some point the update fails.

I'll talk to you via Skype, thank you!

 

[Bogdan1]

Hi,

First of all @Mark thanks of the tutorial.
Got 7 errors but plesk repair fixed everything so thats cool. I've created vhost_ssl.conf and enabled http2 then restarted apache.
Seems like http2 on apache still doesn't work.

If I check http2 online for example here HTTP/2 Test | A simple HTTP/2.0 test tool it shows that http2 is enabled, but I think for some reason it's triggering nginx.

 

[MarkM]

Try stopping Nginx for a second, that will throw Apache back onto port 80 and then see how that test performs. I did this on a test box that didn’t have Nginx so I know it worked right for me atleast

 

[Bogdan1]

Try stopping Nginx for a second, that will throw Apache back onto port 80 and then see how that test performs. I did this on a test box that didn’t have Nginx so I know it worked right for me atleast

After a while browser started to show error like "Website is down or has been moved". Had to remove Protocols h2 http/1.1 to make website work again. 0 errors(just some notices and warnings) in apache error_log :/

//Also tried to stop nginx

Found something in /var/www/vhosts/<domain_name>/logs/proxy_error_log but don't think this is the problem.

2018/03/07 05:45:08 [error] 10277#0: *606 connect() failed (111: Connection refused) while connecting to upstream, client: ***.***.***.***, server: domain.cz, request: "GET /z/url$


2018/03/07 06:05:34 [error] 10812#0: *724 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: ***.***.***.*** , server: domain.cz, request: "GET / HTTP/1.1",$

2018/03/07 06:23:16 [error] 28371#0: *69 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: ***.***.***.***, server: domain.cz, request: "GET /favicon.ico HTT$

2018/03/07 06:23:16 [error] 28371#0: *69 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: ***.***.***.***, server: domain.cz, request: "GET /favicon.ico HTT$

2018/03/07 06:23:16 [error] 28371#0: *69 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: ***.***.***.***, server: domain.cz, request: "GET /favicon.ico HTT$

 

[G J Piper]

My first question/observation after all this is — why isn't nginx serving all those static javascript and image files anyway?
(it does http2 better and faster than Apache, and Plesk supports it that way)

 

[StéphanS]

Custom repo's for base packages like Apache / httpd.
It all makes me shiver tbh

If you like to debug obscure bugs down the road, feel free though!
I would not recommend doing this on a large scale production server (say a shared hosting server for 300+ vhosts).

If you really _need_ http/2, migrate everything to Debian 9.
Debian also gives you the added benefit of version upgrades, upgrading from Debian 8 to Debian 9 is possible with Plesk 17.8