To whomever it may concern, I have a question concerning the httpd24 provided by SCL. I am quite new to system administration, package managing, repositories etc., so please try to bear with me.
Some background first: ######################################### I work as a Software Developer at CERN and I am developing an application that is running on apache server in the CERN intranet. I found myself in a situation in which the six simultaneous connections per domain (restricted by the browser) was not sufficient to achieve what I wanted, so the natural solution would be to update the server to support HTTP/2 protocol. The current version of the underlying OS on the server computer is CentOS 7.4. However, the official CentOS repos' version of Apache (2.4.6) does not support HTTP/2 (supported since version 2.4.18) but the OS has recent enough version of OpenSSL (1.0.2k > 1.0.2 (required)). My actual problem: ######################################### The apache of httpd24 provided by SCL is recent enough to support HTTP/2. But when I installed the package and configured it, I could not get the communication in h2 protocol to work. First of all, there was an error message when loading the mod_http2: > httpd: Syntax error on line 56 of > /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf: Syntax error on line > 40 of /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-base.conf: > Cannot load modules/mod_http2.so into server: libnghttp2- > httpd24.so.14: cannot open shared object file: No such file or > directory Which I got rid of by loading the file myself before loading the module: > LoadFile /opt/rh/httpd24/root/usr/lib64/libnghttp2-httpd24.so.14 However, this was not the cause for the http2 not to work. The actual cause was that the SSL module provided by SCL (httpd24-mod_ssl) seems to be built against OpenSSL version 1.0.1e which is older than the version required (1.0.2) to support ALPN (i.e. to have http/2 communication with the all the major browsers). I verified this with a mod_ssl that was built against Apache 2.4.25 and openSSL 1.0.2j. So, I have got a working solution. The problem is that the system managers are not too happy about having to download modules from yet another external repositories or to have to store a binary somewhere to be copied each time they do an installation. The Actual Question: ######################################### Would it be possible to update the httpd24-mod_ssl in SCL so that it was built against more recent version of OpenSSL? If not for some reason (e.g., compatibility issues with CentOS 7.X), could it be possible to provide it as another packet (for example httpd24-mod_ssl_1.0.2k, if it was build against OpenSSL 1.0.2k) now that CentOS 7.4 is out? Note: ######################################### I know that there are programmatic solutions (Web Sockets, EventSource etc.) that would solve my problem, and that I am not asking for a solution to my problem. ######################################### Thank you for your interest in my issue. Sincerely, Joni Herttuainen _______________________________________________ SCLorg mailing list SCLorg@redhat.com https://www.redhat.com/mailman/listinfo/sclorg
