HTTP/2 Troubleshooting

Created:

2016-11-16 13:10:50 UTC

Modified:

2017-08-16 16:27:01 UTC

4

Was this article helpful?


Have more questions?

Submit a request

HTTP/2 Troubleshooting

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk Onyx for Linux

General information

Instructions on how to enable HTTP/2 support are described in article #213395969 .

To check if HTTP/2 is enabled, online services like https://tools.keycdn.com/http2-test can be used. Or it can be done from CLI:

[root@server ~]# openssl s_client -connect example.com:443 -nextprotoneg ''
CONNECTED(00000003)
Protocols advertised by server: h2, http/1.1

If HTTP/2 support is enabled, but website shows only HTTP/1.x protocol follow the steps below to troubleshoot this behaviour.

Troubleshooting

  1. Make sure that SSL support is enabled for website in Plesk > Domains > example.com > Hosting Settings .
    HTTP/1.x is supported for SSL sites only, therefore, non-SSL sites will continue working under HTTP/1.x. This is a restriction of nginx web server and web browsers.

  2. Check if nginx is enabled:

    # /usr/local/psa/admin/bin/nginxmng -s

    Enable it, if necessary:

    # /usr/local/psa/admin/bin/nginxmng -e
  3. Ensure that openssl package has version 1.0.1 or higher:

    [root@server ~]# rpm -qa | grep openssl
    openssl-1.0.1e-42.el6_7.4.x86_64

    openssl 1.0.1 or higher is required to work with modern cyphers necessary for HTTP/2. For several older Operating Systems (such as CentOS-5 and RHEL-5), earlier OpenSSL version is provided by the OS vendor.
    HTTP/2 support on such OSes may be unavailable.

  4. Ensure that there is no custom configuration template in /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
    Remove it if any and re-create configuration files:

    # /usr/local/psa/admin/bin/httpdmng --reconfigure-all

    Note: If customizations should not be deleted, modify the file /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php like below:
    Find row similar to

    ($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') ?>;

    And replace it with 2 rows:

    ($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') .
    ($OPT['ssl'] && $VAR->domain->physicalHosting->proxySettings['nginxHttp2'] ? ' http2' : '') ?>;

    After that run:

    # /usr/local/psa/bin/http2_pref enable
  5. Check that file /usr/local/psa/admin/conf/panel.ini has the following section:

    [webserver]
    nginxHttp2 = true
  6. Make sure that there are no incorrect entries in /usr/local/psa/admin/conf/panel.ini file. Fix them if any. To completely ensure that it is correct, back up /usr/local/psa/admin/conf/panel.ini and restore the original file from /usr/local/psa/admin/conf/panel.ini.sample .
  7. Re-create configuration files:

    # /usr/local/psa/admin/bin/httpdmng --reconfigure-all
  8. In case of SSL connection problems with HTTP/2 enabled, ensure that ssl_ciphers directive in /etc/nginx/conf.d/ssl.conf or in customised nginxDomainVirtualHost.php have the following value:

    ssl_ciphers ECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES;
  9. Additionally, to perform deeper analysis of SSL configuration, use an SSL test tools. For example: https://www.ssllabs.com/ssltest/analyze.html

If all the above steps above did not help, please contact Plesk technical support .

Additional Information

Hypertext Transfer Protocol Version 2 specification

Have more questions? Submit a request
Please sign in to leave a comment.