Why no support for HTTP 2.0?

[Reado]

So far the only solution I have found that provides HTTP 2.0 support and sits within a cPanel environment is Lite Speed but there's an additional cost and I'm already paying for cPanel.

Please could you explain to me the reasons behind not supporting HTTP 2.0? Thanks.

 

[JacobPerkins]

HTTP2.0 requires an updated OpenSSL version that's not even provided upstream by CentOS yet. We'd have to statically compile things around, and that's not something we've done yet in EA4.

There's ways to get it done via EA3, and there's forum posts about it already.

 

[Reado]

By yet, does that mean you plan to do so? If so, do you have any idea when that may be?

I managed to get HTTP/2 support added to EA3 and it works amazingly - so much faster. It would be nice to see this added to EA4, especially for use alongside PHP 7.

 

[JacobPerkins]

We have plans to do it, but we have no time frames on getting this done yet.

 

[Reado]

That's fine, I look forward to that support being added. Thank you.

 

[Otnihs]

I have tried to impliment http2 with ea3 but couldn't. Would you mind to share, how did you implimented it in EA3 ? It would be helpful.

 

[Reado]

This is the tutorial I followed:

vpsineu.com/blog/how-to-setup-http2-in-cpanelwhm-linux-vps-using-easyapache3/

You also need to make sure your website is always SSL enabled, otherwise it won't work.

 

[NovemberRain]

I am always amazed at how cpanel acts like these kind of things are the unimportant, minor features whereas they spend most of their resources with relatively unimportant features or terrible design ideas and act like they have made a revolution.

http2 should be your number one priority. You should stop whatever you are doing now and work on this. No excuses!

 

[brt]

This can't come soon enough!

 

[RWH Tech]

Not supported by Cpanel, but I've been using this for a while. I keep OpenSSL/nghttp2 up to date, too.
HTTP/2 and WHM 58 with EA4

 

[WebDomain.com]

I also wonder why cPanel didn't make http2 standard into EA4. I've seen it was a problem with OpenSSL but I don't see the point blocking the discussion and ignore any further opinions there...Otherwise, what is the purpose of the features request panel?
I totally agree with @NovemberRain. Sometimes cPanel focuses on cosmetic details and totally ignore very important features.
I also would like to see http2 being implemented into cPanel as a Standard. Please, make this possible.

 

[cPanelMichael]

Hello @WEBDOMAIN.com,

I've reached out to our Community Manager to see if we can get comments opened back up on the following feature request:

EasyApache 4 HTTP2 Support

Thank you.

 

[cPanelUser-Inactive]

I also wonder why cPanel didn't make http2 standard into EA4. I've seen it was a problem with OpenSSL but I don't see the point blocking the discussion and ignore any further opinions there...Otherwise, what is the purpose of the features request panel?
I totally agree with @NovemberRain. Sometimes cPanel focuses on cosmetic details and totally ignore very important features.
I also would like to see http2 being implemented into cPanel as a Standard. Please, make this possible.

Hey there! In this case comments were locked for a couple reasons, but mostly because the feedback we were getting wasn't actionable feedback. I've opened up comments on the feature again, but definitely make sure to review the guidelines before commenting. My goal with the comments there is not so much discussion as it is making sure we understand all of the perspectives of our clients needs on the request.

 

[Rvanlaak]

Is there a timeframe when CentOS will move to OpenSSL 1.0.2? And based on that event, how long would it take for cPanel to release HTTP/2 with EA4?

Basically the module itself states that you only need Apache 2.4.23, which our EA4 installation actually already makes use of: github.com/icing/mod_h2

 

[cPanelMichael]

There's no specific time frame to offer at this time. Feel free to subscribe to EasyApache 4 HTTP2 Support to ensure you are updated, as we will change the status of the feature request once work begins or a decision has been made.

Thank you.

 

[DomineauX]

Hey there! In this case comments were locked for a couple reasons, but mostly because the feedback we were getting wasn't actionable feedback. I've opened up comments on the feature again, but definitely make sure to review the guidelines before commenting. My goal with the comments there is not so much discussion as it is making sure we understand all of the perspectives of our clients needs on the request.

Comments are closed (again or still).

I'm sorry if it is considered to not be "actionable feedback", but the truth is that the web stack makes up the core point of a web hosting control panel, and cPanel has been letting us down for years by not maintaining a modern web stack. We frequently have to move clients to bare CentOS to accomplish what they need for a high performance web stack, including Nginx, PHP-FPM, HTTP2, and PCI compliant SSL/TLS.

If outdated OpenSSL versions from "enterprise" linux versions are holding so much progress back, it must be time for cPanel to provide a modern version as part of the web stack when the OS doesn't provide it. We are already using a custom installation of OpenSSL 1.0.1 on many servers specifically for Apache/PHP, so doing so within EA4 automatically should not be such an impossible task.

 

[cPanelUser-Inactive]

If outdated OpenSSL versions from "enterprise" linux versions are holding so much progress back, it must be time for cPanel to provide a modern version as part of the web stack when the OS doesn't provide it. We are already using a custom installation of OpenSSL 1.0.1 on many servers specifically for Apache/PHP, so doing so within EA4 automatically should not be such an impossible task.

Feedback is always welcome, and I sincerely appreciate your willingness to add it here! We completely agree that the lack of update from the OS providers is frustrating. Even CentOS 7 doesn't have HTTP/2 support right now, which is incredibly limiting. You're right that building an RPM with updated OpenSSL and distributing it is pretty straight forward. The hold-up is making sure that we're ready and able to take on the responsibility of keeping it patched and released in a timely basis.

We're definitely still discussing internally how best to handle this, and as soon as there's anything more to share I will.

 

[DomineauX]

You're right that building an RPM with updated OpenSSL and distributing it is pretty straight forward. The hold-up is making sure that we're ready and able to take on the responsibility of keeping it patched and released in a timely basis.

We're definitely still discussing internally how best to handle this, and as soon as there's anything more to share I will.

Glad to hear it.
Until cPanel feels comfortable maintaining a modern version of OpenSSL as part of the web stack, it would be great if we can use a source installation (like /opt/openssl) that EA4 can utilize.

 

[Pietro_Aretino]

Well it is January 4th 2017, what is the update on HTTP2 implementation on CPanel? Is this still being worked on? Is it on the back-burner, is it never going to happen, or has it already happened and I missed the update information?

 

[Reado]

I am always amazed at how cpanel acts like these kind of things are the unimportant, minor features whereas they spend most of their resources with relatively unimportant features or terrible design ideas and act like they have made a revolution.

http2 should be your number one priority. You should stop whatever you are doing now and work on this. No excuses!

Since I asked the initial question 6 months ago, I have been running HTTP2 support on our servers using the method above with absolutely no issues whatsoever. I found that OpenSSL 1.0.2 (this is the LTS version) was the only version that worked and was last updated in September 2016, so you don't need to worry about keeping it up to date.

I am running OpenSSL from /opt/openssl with the system OpenSSL left intact. Apache and PHP has been configured using the rawopt files only and both see nghttp2 and OpenSSL 1.0.2. No other dependencies or configuration is required. It's easy to implement.

I agree with @NovemberRain and I don't know why cPanel struggle to implement features that are useful to customers. HTTP2 support is really simple to implement, yet you speak of it as though it's a massive undertaking when it really isn't.