The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HTTP2 issues with Mod_Ruid2

Discussion in 'EasyApache' started by Leslie de Groot, Jul 13, 2017.

Tags:
  1. Leslie de Groot

    Joined:
    Jul 13, 2017
    Messages:
    14
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    Greetings,

    I've enabled HTTP2 today through EasyApache 4.
    I've noticed that many sites on the server are defaced with it enabled.
    When i disable HTTP2 they are normally displayed.

    Somehow only Google Chrome is displaying them correctly. Safari and Firefox for example not.

    See the screenshot i've uploaded for the idea of what is going wrong.
     

    Attached Files:

  2. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    599
    Likes Received:
    90
    Trophy Points:
    103
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    Try viewing the site w/Chrome's developer tools, and see what's not being received properly.
     
  3. Leslie de Groot

    Joined:
    Jul 13, 2017
    Messages:
    14
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    I've tried that and noticed that some resources are getting a 403 status code (Forbidden). With HTTP2 disabled it works just fine.
     

    Attached Files:

    • Dev.PNG
      Dev.PNG
      File size:
      174.4 KB
      Views:
      10
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,285
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you notice any output to /var/log/apache2/error_log when you encounter the 403 error code?

    Thank you.
     
  5. Leslie de Groot

    Joined:
    Jul 13, 2017
    Messages:
    14
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    Yes, I'm getting output like: mod_ruid2 domain.nl GET /wp-content/themes/petsandvets-child/style.css?ver=4.8 HTTP/2.0 chdir to /home/virtfs/USER failed

    I don't understand that this only happens with HTTP2 enabled.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,285
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Internal case EA-6541 is open to address an issue where using the "EXPERIMENTAL: Jail Apache Virtual Hosts" option in "WHM >> Tweak Settings" combined with Mod_Ruid2 and Mod_HTTP2 can result in failed requests when attempting to open a secure URL in a HTTP/2 enabled web browser. This corresponds to an entry like this in /var/log/apache2/error_log:

    Code:
    HTTP/2.0 chdir to /home/virtfs/cptest failed
    The only available workaround at this time is to disable Mod_HTTP2, or to disable the "EXPERIMENTAL: Jail Apache Virtual Hosts" option in "WHM >> Tweak Settings" (note this affects your server's security).

    I'll monitor this case and update this thread with more information as it becomes available.

    Thank you.
     
  7. Leslie de Groot

    Joined:
    Jul 13, 2017
    Messages:
    14
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    I've tested this.

    Updating “EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell.” from “On” to “Off”.
    “EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell.” was updated.

    The problem is resolved this way. However I'm open for feedback whenever this case is resolved.
     
    cPanelMichael likes this.
  8. rekabis

    rekabis Active Member

    Joined:
    Sep 19, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I also need to know when it will be possible to run mod_ruid2 *and* mod_http2 on the same server.

    Right now under EasyApache4, if I install mod_http2, mod_mpm_event and mod_cgid get installed and mod_ruid2, mod_mpm_prefork and mod_cgi get uninstalled. If I then try to install mod_ruid2, the opposite happens.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,285
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The DSO handler for PHP (that's used in combination with Ruid2) requires the MPM Prefork Apache module. However, the Prefork MPM is not recommended for use with mod_http2. Thus, there's no recommended setup where both mod_ruid2 and mod_http2 are enabled on the server. This is discussed in more detail on the following thread:

    Prefork and HTTP2

    Thank you.
     
    linux4me2 likes this.
  10. rekabis

    rekabis Active Member

    Joined:
    Sep 19, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    So… it comes down to a choice between a modern server and a secure server? Sweet.

    Any chance when this might be rectified?
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,285
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The Prefork MPM isn't recommended for use mod_http2, not because of a bug, but because the two technologies are not compatible with one another. This described in more detail by an Apache developer in the following comment:

    mod_http2(v1.10.6) causes segmentation fault · Issue #142 · icing/mod_h2 · GitHub

    Do you require Mod_Ruid2 for protection against symlink race conditions? If so, the following document lists alternatives to using Ruid2:

    Symlink Race Condition Protection - EasyApache 4 - cPanel Documentation

    Thank you.
     
    linux4me2 likes this.
  12. davorg

    davorg Member

    Joined:
    May 13, 2013
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    So If I understand: If I want to use - mod_http2, apache jail with mod_ruid2 - best solution is to use CloudLinux with CageFS and EA4 with Worker MPM and mod_http2? Will this work without any problems?
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,285
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You won't be able to use Mod_Ruid2 with Mod_Http2. However, with CloudLinux and CageFS, you do not need to use Ruid2 to receive protection from symlink race conditions. Here's a CloudLinux document on CageFS explaining how it works:

    CloudLinux Documentation

    Thank you.
     
Loading...

Share This Page