[HOW TO] Check that http/2 support is enabled for domain?

Refers to:

  • Plesk 12.5 for Linux

Created:

2016-11-16 13:10:50 UTC

Modified:

2017-01-24 05:41:12 UTC

0

Was this article helpful?


Have more questions?

Submit a request

[HOW TO] Check that http/2 support is enabled for domain?

Question

http/2 support was enabled using article #213395969 .

How to check that website supports it?

Answer

You can check it using online services, like https://tools.keycdn.com/http2-test or from command line:

# openssl s_client -connect example.com:443 -nextprotoneg ''
CONNECTED(00000003)
Protocols advertised by server: h2, http/1.1

If http/2 support was enabled, but website shows only http/1.x protocol follow the steps below to troubleshoot this behavior.

Troubleshooting

  1. Make sure that ssl support is enabled for website in Plesk > Domains > example.com > Hosting Settings .
    http/2 is supported for SSL sites only, so non-SSL sites will continue to work under http/1.x . That's a restriction of nginx web server and web browsers.

  2. Check that nginx is enabled:

    # /usr/local/psa/admin/bin/nginxmng -s

    Enable it if necessary:

    # /usr/local/psa/admin/bin/nginxmng -e
  3. Check that openssl package has version 1.0.1 or higher:

    # rpm -qa | grep openssl
    openssl-1.0.1e-42.el6_7.4.x86_64

    openssl 1.0.1 or higher is required to work with modern ciphers necessary for http/2. For several older Operating Systems (such as CentOS-5 and RHEL-5), earlier openssl version is provided by the OS vendor.
    HTTP/2 support on such OSes may be unavailable.

  4. Check that there is no custom configuration template in /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
    Remove it if any and re-create configuration files:

    # /usr/local/psa/admin/bin/httpdmng --reconfigure-all

    Note: If you do not want to remove your customizations you can modify the file /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php like below:
    Find row similar to

    ($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') ?>;

    And replace it with 2 rows:

    ($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') .
    ($OPT['ssl'] && $VAR->domain->physicalHosting->proxySettings['nginxHttp2'] ? ' http2' : '') ?>;

    After that run:

    # /usr/local/psa/bin/http2_pref enable
  5. Check that file /usr/local/psa/admin/conf/panel.ini has the following section:

    [webserver]
    nginxHttp2 = true
  6. Make sure that there is no incorrect entries in /usr/local/psa/admin/conf/panel.ini file.
    Fix them if any.
    If you are not sure about them, backup /usr/local/psa/admin/conf/panel.ini and restore the original file from /usr/local/psa/admin/conf/panel.ini.sample .
    Re-create configuration files:

    # /usr/local/psa/admin/bin/httpdmng --reconfigure-all
  7. In case of ssl connection problems with http/2 enabled, ensure that ssl_ciphers directive in /etc/nginx/conf.d/ssl.conf or in customised nginxDomainVirtualHost.php have the following value:

    ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES;

If all steps above did not help contact Plesk technical support .

Have more questions? Submit a request
Please sign in to leave a comment.