DirectAdmin下apache启用HTTP2支持

DirectAdmin下apache启用HTTP2[ALPN]支持
http2是http1.1的升级版本,有效加快浏览速度

1核心组件

libressl编译安装,支持CHACHA20[推荐]

wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.5.tar.gz
tar zxvf libressl-2.4.5.tar.gz
cd libressl-2.4.5
./configure --prefix=/usr/local/libressl --exec-prefix=/usr/local/libressl
make && make install

OpenSSL编译安装[openssl1.1以上需要GCC4.8+]

wget ftp://ftp.openssl.org/source/openssl-1.0.2k.tar.gz
tar xzf openssl-1.0.2k.tar.gz
cd openssl-1.0.2k
./config --prefix=/usr/local/lib_http2 no-ssl2 no-ssl3 zlib-dynamic 
make && make install  

nghttp2用DirectAdmin安装[推荐]

cd /usr/local/directadmin/custombuild
./build update
./build nghttp2

nghttp2编译安装[备用]

wget  https://github.com/nghttp2/nghttp2/releases/download/v1.20.0/nghttp2-1.20.0.tar.gz
tar xzf nghttp2-1.20.0.tar.gz
cd nghttp2-1.20.0
./configure --prefix=/usr/local/nghttp2
make && make install

2准备编译apache,启用自定义Apache编译规则

cd /usr/local/directadmin/custombuild
mkdir -p custom/ap2
cp -p configure/ap2/configure.apache custom/ap2/configure.apache

修改修改 /usr/local/directadmin/custombuild/custom/ap2/configure.apache 文件
删除 "--with-ssl=/usr" \ ,会产生覆盖
在文件末尾最后一行上方添加(重要,注意编译顺序)

优先使用libressl

 "--enable-http2" \
 "--enable-ssl-staticlib-deps" \
 "--with-ssl=/usr/local/libressl" \
 "--with-crypto"  \
 "--enable-mpms-shared" \

下面是openssl的

    "--enable-http2" \
    "--enable-ssl-staticlib-deps" \
    "--with-ssl=/usr/local/lib_http2" \
    

"--with-nghttp2=/usr/local/lib/" \

开始编译Apache

./build apache

3最后编辑httpd文件加入http/2支持语句

echo 'ProtocolsHonorOrder On' >> /etc/httpd/conf/extra/httpd-includes.conf
echo 'Protocols h2 h2c http/1.1' >> /etc/httpd/conf/extra/httpd-includes.conf

更新SSL Ciphers[]

cd /usr/local/directadmin/custombuild
./build rewrite_confs

vi /etc/httpd/conf/extra/httpd-ssl.conf
添加

ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:

来源:
http://www.hostsoft.cn/blog/2015/11/15/directadmin-qi-yong-http-2-zhi-chi/

http://forum.directadmin.com/showthread.php?t=52590