此内容没有您所选择的语言版本。
Apache HTTP Server Installation Guide
For use with Red Hat JBoss middleware products.
Abstract
Chapter 1. Introduction
1.1. About Red Hat JBoss Core Services
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
1.2. About JBoss Core Services Apache HTTP Server
Apache HTTP Server is used in multiple Red Hat JBoss middleware products, and previously Apache HTTP Server was distributed with each JBoss product. Starting from the following product versions, each product will instead use the JBoss Core Services distribution of Apache HTTP Server:
- Red Hat JBoss Core Services (Apache HTTP Server) 7.0 and onwards.
The Apache HTTP Server distribution included as part of Red Hat Enterprise Linux is completely separate from the JBoss Core Services distribution of Apache HTTP Server.
1.3. Supported Operating Systems and Configurations
For information on supported operating systems and configurations for JBoss Core Services Apache HTTP Server, see https://access.redhat.com/articles/2258971.
1.4. Installation Methods
JBoss Core Services Apache HTTP Server can be installed on supported Red Hat Enterprise Linux, Microsoft Windows, and Solaris systems using ZIP installation files available for each platform. JBoss Core Services Apache HTTP Server can also be installed on supported Red Hat Enterprise Linux systems using RPM packages.
1.5. Upgrading to the Red Hat JBoss Core Services Apache HTTP Server 2.4.23
Where a Red Hat JBoss Core Services Apache HTTP Server 2.4.6 or earlier was installed from RPMs packages using yum
, the Apache HTTP Server can be upgraded with yum upgrade
.
For systems where an earlier version of the Red Hat JBoss Core Services Apache HTTP Server was installed from a .zip archive, upgrading to the Apache HTTP Server 2.4.23 requires:
- Installing the Apache HTTP Server 2.4.23.
- Setting up the Apache HTTP Server 2.4.23.
- Removing the earlier version of Apache HTTP Server.
Prerequisites
- Root user access (Red Hat Enterprise Linux and Solaris systems)
- Administrative access (Windows Server)
- A system where the Red Hat JBoss Core Services Apache HTTP Server 2.4.6 or earlier was installed from a .zip archive.
Procedure
For systems using the Red Hat JBoss Core Services Apache HTTP Server 2.4.6, the recommended procedure for upgrading to the Apache HTTP Server 2.4.23 is:
- Shutdown any running instances of Red Hat JBoss Core Services Apache HTTP Server 2.4.6.
- Backup the Red Hat JBoss Core Services Apache HTTP Server 2.4.6 installation and configuration files.
- Install the Red Hat JBoss Core Services Apache HTTP Server 2.4.23 using the .zip installation method for the current system (see Additional Resources below).
Migrate your configuration from the Red Hat JBoss Core Services Apache HTTP Server version 2.4.6 to version 2.4.23.
NoteThe Apache HTTP Server configuration files may have changed since the Apache HTTP Server 2.4.6 release. It is recommended that you update the 2.4.23 version configuration files, rather than overwrite them with the configuration files from a different version (such as Apache HTTP Server 2.4.6).
- Remove the Red Hat JBoss Core Services Apache HTTP Server 2.4.6 root directory.
Additional Resources
For installation instructions for Red Hat Enterprise Linux systems, see:
- For installation instructions for Microsoft Windows systems, see: Installing JBoss Core Services Apache HTTP Server on Microsoft Windows.
- For installation instructions for Solaris systems, see: Installing Apache HTTP Server on Solaris.
Chapter 2. Installing JBoss Core Services Apache HTTP Server on Red Hat Enterprise Linux
2.1. ZIP Installation
2.1.1. Prerequisites
The following packages are required to run Red Hat JBoss Core Services Apache HTTP Server 2.4.23 on Red Hat Enterprise Linux:
- apr
- apr-devel
- apr-util
- apr-util-devel
- apr-util-ldap
- elinks
- krb5-workstation
- mailcap
To install these prerequisites on Red Hat Enterprise Linux, issue the following command as the root user:
# yum install apr apr-devel apr-util apr-util-devel apr-util-ldap elinks krb5-workstation mailcap
2.1.2. Download and Extract Apache HTTP Server
To install Apache HTTP Server, download and extract the installation ZIP files. Installation can be performed by non-root users if the user account has write access to the intended installation directory.
- Open a browser and log in to the Red Hat Customer Portal JBoss Software Downloads page.
- Select Apache HTTP Server in the Product drop-down menu.
- Select the correct JBoss Core Services version from the Version drop-down menu.
- Find Red Hat JBoss Core Services Apache HTTP Server in the list, ensuring that you select the correct platform and architecture for your system, and click the Download link.
Extract the downloaded ZIP file to your installation directory.
NoteWe recommend that you install Apache HTTP Server in the
/opt/
directory.
The jbcs-httpd24-2.4/httpd
directory created by extracting the ZIP archive is the top-level directory for Apache HTTP Server. This is referred to in this documentation as HTTPD_HOME
.
2.1.3. Configuring the Apache HTTP Server Installation
Some configuration is required before running JBoss Core Services Apache HTTP Server. This section includes the following configuration procedures:
Creating an Apache User
Follow this procedure to create the apache
user and its parent group:
As the root user:
-
On a command line, change directory to
HTTPD_HOME
. Run the following command to create the
apache
user group:# groupadd -g 48 -r apache
Run the following command to create the
apache
user in theapache
user group:# useradd -c "Apache" -u 48 -g apache -s /bin/sh -r apache
From
HTTPD_HOME
, issue the following command to assign the ownership of the Apache directories to theapache
user to allow the user to run Apache HTTP Server:# chown -R apache:apache *
You can use
ls -l
to verify that theapache
user is the owner of the directory.
Disabling/Enabling SSL Support
Apache HTTP Server supports SSL by default, but it can be disabled. Follow this procedure to disable or re-enable SSL support.
Go to the
HTTPD_HOME/conf.d/
directory and rename the SSL configuration file:-
To disable SSL, rename
ssl.conf
tossl.conf.disabled
. -
To re-enable SSL, rename
ssl.conf.disabled
tossl.conf
.
-
To disable SSL, rename
Running the Apache HTTP Server Post-Installation Script
-
On a command line, change to the
HTTPD_HOME
directory (root user access not required). Issue the following command:
./.postinstall
2.1.4. Starting Apache HTTP Server
To start Apache HTTP Server, on a command line as root user, change to HTTPD_HOME/sbin/
and issue the following command:
./apachectl start
2.1.5. Stopping Apache HTTP Server
To stop Apache HTTP Server, on a command line as root user, change to HTTPD_HOME/sbin/
, and issue the following command:
./apachectl stop
2.1.6. Running Apache HTTP Server without root access on Red Hat Enterprise Linux (ZIP installation)
To run Apache HTTP Server as a non-root user, such as the apache
user:
Stop all instances of Apache HTTP Server:
pkill httpd
Set the
http
listen port to higher than 1024 inHTTPD_HOME/conf/httpd.conf
:Listen 2080 ServerName <hostname>:2080
Set the
https
listen port to higher than 1024 inHTTPD_HOME/conf.d/ssl.conf
:Listen 2443
Change the ownership of the
logs
directory:chown -R apache:apache HTTPD_HOME/logs/
Change the ownership of the
run
directory:chown -R apache:apache HTTPD_HOME/var/run/
Verify that
httpd
is only running under theapache
user, not theroot
andapache
users:$ ps -eo euser,egroup,comm | grep httpd apache apache httpd apache apache httpd apache apache httpd ...
ImportantTo prevent unauthorized access or modification of files and directories by website users and to prevent unwanted changes to Apache HTTP Server configuration files, limit the file permissions of the
apache
user and enable SELinux .
2.2. RPM Installation
Installing JBoss Core Services Apache HTTP Server from RPM packages installs Apache HTTP Server as a service. The RPM installation option is only available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
2.2.1. Installing the Apache HTTP Server from RPM Packages
Before downloading and installing the RPM packages, you must register your system with Red Hat Subscription Management and subscribe to the respective Content Delivery Network (CDN) repositories.
For information on registering Red Hat Enterprise Linux, see Configuring the Subscription Service for Red Hat Enterprise Linux 6 or The Subscription Manager for Red Hat Enterprise Linux 7.
Attaching subscriptions to Red Hat Enterprise Linux (if required)
If the system does not have a subscription attached that provides the Apache HTTP Server:
- Log in to the Red Hat Subscription Manager.
- Click on the Systems tab.
-
Click on the
Name
of the system to add the subscription to. -
Change from the Details tab to the Subscriptions tab, then click
Attach Subscriptions
. -
Select the check box beside the subscription to attach, then click
Attach Subscriptions
.
To verify that a subscription provides the required CDN repositories:
- Log in to: https://access.redhat.com/management/subscriptions.
-
Click the
Subscription Name
. Under Products Provided, you require:
- Red Hat JBoss Core Services.
Installing the Apache HTTP Server from RPM packages using YUM
On a command line, subscribe to the Apache HTTP Server CDN repositories for your operating system version using
subscription-manager
:# subscription-manager repos --enable <repository>
For Red Hat Enterprise Linux 6:
- jb-coreservices-1-for-rhel-6-server-rpms
For Red Hat Enterprise Linux 7:
- jb-coreservices-1-for-rhel-7-server-rpms
Run the following command as the root user to install the Apache HTTP Server:
# yum groupinstall jbcs-httpd24
2.2.2. Configuring the Apache HTTP Server Installation (RPM Installation)
Before starting an RPM installation of JBoss Core Services Apache HTTP Server, there are some optional configurations you can perform. This section includes the following configuration procedures:
Removing SSL Support
Apache HTTP Server supports SSL by default, but it can be removed. To remove SSL support, remove the mod_ssl package.
At a shell prompt, run the following command as the root user:
# yum remove jbcs-httpd24-mod_ssl
2.2.3. Starting Apache HTTP Server
In a shell prompt as the root user, start the Apache HTTP Server service:
For Red Hat Enterprise Linux 6:
# service jbcs-httpd24-httpd start
For Red Hat Enterprise Linux 7:
# systemctl start jbcs-httpd24-httpd.service
2.2.4. Stopping Apache HTTP Server
In a shell prompt as the root user, stop the Apache HTTP Server service:
For Red Hat Enterprise Linux 6:
# service jbcs-httpd24-httpd stop
For Red Hat Enterprise Linux 7:
# systemctl stop jbcs-httpd24-httpd.service
2.2.5. Configuring Apache HTTP Server to Start at Boot
Use the following command to enable the Apache HTTP Server service to start at boot.
For Red Hat Enterprise Linux 6:
# chkconfig jbcs-httpd24-httpd on
For Red Hat Enterprise Linux 7:
# systemctl enable jbcs-httpd24-httpd.service
2.3. SELinux Policies
2.3.1. SELinux Policy Information
The Security-Enhanced Linux (SELinux) security model is enforced by the kernel and ensures applications have limited access to resources such as file system locations and ports. This helps ensure that the errant processes (either compromised or poorly configured) are restricted and in some cases prevented from running.
The following table contains information about the SELinux policies provided in the jbcs-httpd2.4-httpd-selinux
packages.
Name | Port Information | Policy Information |
---|---|---|
mod_cluster |
Two ports ( |
A post installation script configures the context mapping for |
For more information about using SELinux and other Red Hat Enterprise Linux security information, see the Red Hat Enterprise Linux Security Guide.
2.3.2. SELinux Policies for an RPM Installation
SELinux policies for Apache HTTP Server are provided by the jbcs-httpd2.4-httpd-selinux
package available in the jb-coreservices-1-for-rhel-7-server-rpms
and jb-coreservices-1-for-rhel-6-server-rpms
Content Delivery Network (CDN) repositories.
To enable SELinux policies on Apache HTTP Server, install the jbcs-httpd2.4-httpd-selinux
package for the version of Red Hat Enterprise Linux in use.
2.3.3. SELinux Policies for a ZIP Installation
By default, the SELinux policy provided is not active and the Apache HTTP Server processes run in the unconfined_t
domain. This domain does not confine the processes, and if you chose not to enable the SELinux policy provided, it is recommended that you restrict file access for the apache
user to the files and directories required by the Apache HTTP Server runtime.
For this release, SELinux policies are provided in the ZIP packages. The .postinstall.selinux
file is included in root Apache HTTP Server folder. If required, you can run the .postinstall.selinux
script.
To install the SELinux policies for ZIP installations:
Install the
selinux-policy-devel
package:yum install -y selinux-policy-devel
Execute the
.postinstall.selinux
script:cd <httpd_home> sh .postinstall.selinux
Make and install the SELinux module:
cd <httpd_home>/selinux/ make -f /usr/share/selinux/devel/Makefile semodule -i jbcs-httpd24-httpd.pp
Apply the SELinux contexts for Apache HTTP Server:
restorecon -r <httpd_home>
Add access permissions to the required ports for Apache HTTP Server:
semanage port -a -t http_port_t -p tcp 6666 semanage port -a -t http_port_t -p udp 23364
Start the Apache HTTP Server service:
<httpd_home>/sbin/apachectl start
Check the context of the running process expecting
httpd_t
:$ ps -eZ | grep httpd | head -n1 unconfined_u:unconfined_r:httpd_t:s0-s0:c0.c1023 2864 ? 00:00:00 httpd
To verify the contexts of the httpd directories, for example:
ls -lZ <httpd_home>/logs/
Chapter 3. Installing JBoss Core Services Apache HTTP Server on Microsoft Windows
3.1. Download and Extract Apache HTTP Server
To install Apache HTTP Server, download and extract the installation ZIP files. Installation can be performed by non-root users if the user account has write access to the intended installation directory.
- Open a browser and log in to the Red Hat Customer Portal JBoss Software Downloads page.
- Select Apache HTTP Server in the Product drop-down menu.
- Select the correct JBoss Core Services version from the Version drop-down menu.
- Find Red Hat JBoss Core Services Apache HTTP Server in the list, ensuring that you select the correct platform and architecture for your system, and click the Download link.
Extract the downloaded ZIP file to your installation directory.
NoteWe recommend that you install Apache HTTP Server in the
C:\Program Files
directory.
The jbcs-httpd24-2.4
directory created by extracting the ZIP archive is the top-level directory for Apache HTTP Server. This is referred to in this documentation as HTTPD_HOME
.
3.2. Configuring the Apache HTTP Server Installation
Some configuration is required before running JBoss Core Services Apache HTTP Server. This section includes the following configuration procedures:
Running the Apache HTTP Server Post-Installation Script
-
At the Command Prompt as an administrative user, change to the
HTTPD_HOME\etc
directory. Run the following command:
call postinstall.httpd.bat
Installing the Apache HTTP Server Service
By default, Apache HTTP Server is configured to use port 80. If you have Microsoft IIS installed, ensure that you disable or reconfigure it to avoid port conflicts:
-
Stop the
World Wide Web…
service, and change theStartup Type
toManual
. - Configure IIS to use different ports.
Alternatively, you can edit httpd.conf
before installing the Apache HTTP Server service and change Listen
to a port that does not conflict with the IIS ports.
-
At the Command Prompt as an administrative user, change to the
HTTPD_HOME\bin
directory. Install the Apache HTTP Server service with the following command:
httpd -k install
A Firewall security dialog prompt may appear asking for networking access for Apache HTTP Server. Click Allow to access this service from the network.
Configuring Folder Permissions for the Apache HTTP Server Service
Follow this procedure to ensure that the account used to run the service has full control over the HTTPD_HOME
folder and all of its subfolders:
-
Right-click the
HTTPD_HOME
folder and click Properties. - Select the Security tab.
- Click the Edit button.
- Click the Add button.
-
In the text box, enter
LOCAL SERVICE
. -
Select the Full Control check box for the
LOCAL SERVICE
account. - Click OK.
- Click the Advanced button.
- Inside the Advanced Security Settings dialog, select LOCAL SERVICE and click Edit.
- Select the check box next to the Replace all existing inheritable permissions on all descendants with inheritable permissions from this object option.
- Click OK through all the open folder property windows to apply the settings.
Disabling/Enabling SSL Support
Apache HTTP Server supports SSL by default, but it can be disabled. Follow this procedure to disable or re-enable SSL support.
Go to the
HTTPD_HOME\conf.d\
directory and rename the SSL configuration file:-
To disable SSL, rename
ssl.conf
tossl.conf.disabled
. -
To re-enable SSL, rename
ssl.conf.disabled
tossl.conf
.
-
To disable SSL, rename
3.3. Starting Apache HTTP Server
You can start the Apache HTTP Server service from the Command Prompt, or with the Computer Management tool.
Starting Apache HTTP Server Using the Command Prompt
At the Command Prompt as an administrative user, start the Apache HTTP Server service with the following command:
net start Apache2.4
Starting Apache HTTP Server Using the Computer Management Tool
- Go to Start → Administrative Tools → Services.
-
In the Services list, right-click the
httpd
service and click Start.
3.4. Stopping Apache HTTP Server
You can stop the Apache HTTP Server service from the Command Prompt, or with the Computer Management tool.
Stopping Apache HTTP Server Using the Command Prompt
At the Command Prompt as an administrative user, stop the Apache HTTP Server service with the following command:
net stop Apache2.4
Stopping Apache HTTP Server Using the Computer Management Tool
- Go to Start → Administrative Tools → Services.
-
In the Services list, right-click the
httpd
service and click Stop.
Chapter 4. Installing Apache HTTP Server on Solaris
4.1. Download and Extract Apache HTTP Server
To install Apache HTTP Server, download and extract the installation ZIP files. Installation can be performed by non-root users if the user account has write access to the intended installation directory.
- Open a browser and log in to the Red Hat Customer Portal JBoss Software Downloads page.
- Select Apache HTTP Server in the Product drop-down menu.
- Select the correct JBoss Core Services version from the Version drop-down menu.
- Find Red Hat JBoss Core Services Apache HTTP Server in the list, ensuring that you select the correct platform and architecture for your system, and click the Download link.
Extract the downloaded ZIP file to your installation directory.
NoteWe recommend that you install Apache HTTP Server in the
/opt/
directory.
The jbcs-httpd24-2.4
directory created by extracting the ZIP archive is the top-level directory for Apache HTTP Server. This is referred to in this documentation as HTTPD_HOME
.
4.2. Configuring the Apache HTTP Server Installation
Some configuration is required before running JBoss Core Services Apache HTTP Server. This section includes the following configuration procedures:
Running the Apache HTTP Server Post-Installation Script
-
On a command line as the root user, change to the
HTTPD_HOME/etc
directory. Run the following command:
# sh .postinstall.httpd
The post-installation script creates the Apache user and group.
Disabling/Enabling SSL Support
Apache HTTP Server supports SSL by default, but it can be disabled. Follow this procedure to disable or re-enable SSL support.
Go to the
HTTPD_HOME/conf.d/
directory and rename the SSL configuration file:-
To disable SSL, rename
ssl.conf
tossl.conf.disabled
. -
To re-enable SSL, rename
ssl.conf.disabled
tossl.conf
.
-
To disable SSL, rename
4.3. Starting Apache HTTP Server
To start Apache HTTP Server, on a command line as root user, change to HTTPD_HOME/sbin/
and issue the following command:
./apachectl start
4.4. Stopping Apache HTTP Server
To stop Apache HTTP Server, on a command line as root user, change to HTTPD_HOME/sbin/
, and issue the following command:
./apachectl stop
4.5. Running Apache HTTP Server without root access on Solaris (ZIP installation)
To run Apache HTTP Server as a non-root user, such as the apache
user:
Stop all instances of Apache HTTP Server:
pkill httpd
Set the
http
listen port to higher than 1024 inHTTPD_HOME/conf/httpd.conf
:Listen 2080 ServerName <hostname>:2080
Set the
https
listen port to higher than 1024 inHTTPD_HOME/conf.d/ssl.conf
:Listen 2443
Change the ownership of the
logs
directory:chown -R apache:apache HTTPD_HOME/logs/
Change the ownership of the
run
directory:chown -R apache:apache HTTPD_HOME/var/run/
Verify that
httpd
is only running under theapache
user, not theroot
andapache
users:$ ps -eo euser,egroup,comm | grep httpd apache apache httpd apache apache httpd apache apache httpd ...
ImportantTo prevent unauthorized access or modification of files and directories by website users and to prevent unwanted changes to Apache HTTP Server configuration files, limit the file permissions of the
apache
user .
Chapter 5. Enabling HTTP/2 for the JBoss Core Services HTTP Server
The Hypertext Transfer Protocols are standard methods of transmitting data between applications (such as servers and browsers) over the internet. HTTP/2 improves on HTTP/1.1 by providing enhancements such as:
- header compression - reducing the size of the header transmitted by omitting implied information, and
- multiple requests and responses over a single connection - using binary framing to break down response messages, as opposed to textual framing.
Using HTTP/2 with the Red Hat JBoss Core Services Apache HTTP Server:
-
is supported for encrypted connections using Transport Layer Security (TLS) (
SSLEnabled="true"
), indicated by theh2
keyword when enabled. -
is not supported for unencrypted connections using the Transmission Control Protocol (TCP) indicated by the
h2c
keyword when enabled.
HTTP/2 is not available for web servers using the Multi-Processing Module prefork modules/mod_mpm_prefork.so
Prerequisites
- Root user access (Red Hat Enterprise Linux and Solaris systems)
- Administrative access (Windows Server)
- Red Hat JBoss Core Services Apache HTTP Server 2.4.23 or higher
Modules required:
-
ssl_module
modules/mod_ssl.so
-
http2_module
modules/mod_http2.so
-
ssl_module
Procedure
Enable HTTP/2 for a Apache HTTP Server:
Add the http2_module to
HTTP_HOME/conf.modules.d/00-base.conf
:... LoadModule http2_module modules/mod_http2.so
Add the
h2
protocol inHTTP_HOME/conf/httpd.conf
.-
To enable HTTP/2 support for a virtual host, add the
h2
protocol to the virtual host configuration, To enable HTTP/2 support for all server connections, add the
h2
protocol to the 'Main' server configuration section ofhttpd.conf
.For example:
<IfModule http2_module> Protocols h2 http/1.1 ProtocolsHonorOrder on </IfModule>
-
To enable HTTP/2 support for a virtual host, add the
Update the Secure Socket Layer (SSL) configuration in
HTTP_HOME/conf.d/ssl.conf
.Ensure the
SSLEngine
directive is set to enabled (the SSL Engine is enabled by default):SSLEngine on
Update the
SSLProtocol
directive to disable theSSLv2
andSSLv3
protocols, forcing connections to use the Transport Layer Security (TLS) Protocols:SSLProtocol all -SSLv2 -SSLv3
Update the
SSLCipherSuite
directive to specify which SSL ciphers can with the Apache HTTP Server.For example:
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
NoteFor information on the SSL module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.
Restart the Red Hat JBoss Core Services Apache HTTP Server as the root user, to apply the changed configuration.
For SysV (Red Hat Enterprise Linux 6) users:
# service jbcs-httpd24-httpd restart
For systemd (Red Hat Enterprise Linux 7) users:
# systemctl restart jbcs-httpd24-httpd.service
For Red Hat Enterprise Linux users running Red Hat JBoss Core Services using apachectl:
# HTTP_HOME/sbin/apachectl restart
For Solaris users:
# HTTP_HOME/sbin/apachectl restart
For Windows Server users:
# net restart Apache2.4
Next Steps
Verify that HTTP/2 is enabled by reviewing the Apache HTTP Server logs or by using the curl
command:
Access the server from a browser or using
curl
, then check the SSL/TLS access or request logs (HTTP_HOME/logs/ssl_access_log
orHTTP_HOME/logs/ssl_access_log
) to verify that the connection is configured to support HTTP/2:$ grep 'HTTP/2' HTTP_HOME/logs/ssl_request_log [26/Apr/2018:06:44:45 +0000] 172.17.0.1 TLSv1.2 AES128-SHA "HEAD /html-single/index.html HTTP/2" - $ grep 'HTTP/2' HTTP_HOME/logs/ssl_access_log 172.17.0.1 - - [26/Apr/2018:06:44:45 +0000] "HEAD /html-single/index.html HTTP/2" 200 -
Or verify using
curl
(for versions ofcurl
that supportHTTP2
):NoteThe
curl
package provided with Red Hat Enterprise Linux 7 or earlier does not support HTTP/2. To checkcurl
for HTTP/2 support:$ curl -V curl 7.55.1 (x86_64-redhat-linux-gnu) ... Release-Date: 2017-08-14 Protocols: dict file ftp ftps gopher http https ... Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink PSL
For example, when the HTTP/2 protocol is inactive:
$ curl -I http://<JBCS_httpd_server>:80/<test.html> HTTP/1.1 200 ...
But if the HTTP/2 protocol is active,
curl
returns:$ curl -I https://<JBCS_httpd_server>:443/<test.html> HTTP/2 200 ...
Where:
-
<JBCS_httpd_server> is the URI of the server (such as
example.com
), - the port number is dependent on your configuration,
- <test.html> is any html page for testing the configuration (not provided), and
-
<JBCS_httpd_server> is the URI of the server (such as
Additional Resources
- For additional information on using HTTP/2, see: Apache HTTP Server Documentation Version 2.4 - How-To / Tutorials: HTTP/2 guide.
- For information on SSL configuration, see: Apache HTTP Server Documentation Version 2.4 - SSL/TLS Strong Encryption: How-To.
- For information on the HTTP/2 module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_http2.
- For information on the SSL module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.
- The proposed internet standard for HTTP/2: IETF: RFC 7540 - Hypertext Transfer Protocol Version 2 (HTTP/2).
Chapter 6. Monitoring Apache HTTP Server with JBoss Operations Network (ON)
To allow JBoss ON to monitor JBoss Core Services Apache HTTP Server, you must enable the mod_bmx modules.
As the
apache
user, enable the mod_bmx modules by creatingHTTPD_HOME/conf.d/mod_bmx.conf
with the following contents:LoadModule bmx_module modules/mod_bmx.so LoadModule bmx_status_module modules/mod_bmx_status.so LoadModule bmx_vhost_module modules/mod_bmx_vhost.so
In
HTTPD_HOME/conf/httpd.conf
, add a handler for mod_bmx by appending your handler definition. For example:<Location /bmx> SetHandler bmx-handler </Location>
You may want to restrict access to this URL to a specific virtual host or use password authentication.
- Restart the Apache HTTP Server. You can access http://SERVER_ADDRESS:PORT/bmx in a web browser to verify that mod_bmx is working correctly.
Apache HTTP Server will now be discoverable for JBoss ON. In JBoss ON, you can import it from the Discovery Queue.
Consult the JBoss ON documentation for further details on monitoring and managing Apache HTTP Server.
Revised on 2018-06-07 21:57:01 EDT