Shared Servers upgraded to Apache 2.4


#1

I’ve been told that some shared servers have been recently upgraded to Apache 2.4.

Is HTTP/2 support automatic with this upgrade or will that need to be added, and by whom?


#2

Indeed, my shared server was upgraded yesterday to Apache 2.4 (part of DreamHost’s Ubuntu 18 Bionic upgrade).

HTTP/2 is still not activated, but Apache is loading the http2_module, so in theory it could serve HTTP/2 (this is hinted at by the spurious "Upgrade: h2" HTTP header Apache produces). I couldn’t find a way to activate HTTP/2 with Apache config directives via .htaccess file.

So, we’ll probably still have to wait for DH to activate HTTP/2, or add a control-panel option for it.


#4

Is there a webpage that displays server version? How would I know if my server has been upgraded?


#5

Dreamhost sends out several emails before the upgrade (weeks, days, hours before hand). You can check the version from a shell with the apache2 command (patch level hidden to protect the innocent):

$ /usr/sbin/apache2 -v
Server version: Apache/2.4.* (Ubuntu)
Server built:   2019-*

Or look up the installed packages:

$ dpkg -list | grep apache
apache2   2.4.*   amd64        Apache HTTP Server
...

#7

Chuck, with Apache 2.4 if you use the WebDAV panel to manage usernames & passwords for a protected directory, is it necessary to add: require valid-user


#8

The DH Web Panel automatically sets up the necessary htaccess directives (example below) for password protection. The "require valid-user" is there for both Apache 2.2 and 2.4, so it’s forward/backward compatible. The Bionic upgrade guide mentions adding "required user", but I think that is only for manually setup password-protection.

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/user/example.com/.htpasswd
AuthName "Example Domain"
require valid-user
################################################

#9

Well the Htaccess/WebDAV panel utility does not display…

Which is why I asked. If it’s there at the admin level, then all is good.


#10

To clarify, when you setup password protection in the DH Web Panel, DH creates/modifies the .htaccess and .htpasswd files in the site’s web directory. Those files belong to your user (not administrator), so care must be taken not to delete or overwrite them when modifying the site.

Example file /home/user/example.com/.htaccess setup via DH Web Panel:

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/user/example.com/.htpasswd
AuthName "Example Domain"
require valid-user
################################################

#12

Another interesting tidbit about Apache 2.4: 404 (Not Found) errors are no longer logged to error.log as “File does not exist”. Of course, the 404’s are still logged in access.log, but the error log message is now only output when Apache’s LogLevel is set at/below info (I believe DH is set to LogLevel warn).

I’m of two minds about this change. It is definitely great that error.log is much quieter – 99% of the “File does not exist” errors were due to robots looking for common files (robots.txt, etc), and thus were ignorable noise. On the other hand, it was useful at times to catch problems when developing/deploying a new site.


#14

After the server upgrade, I noticed these two tokens were added to the response header:

Upgrade: h2
Connection: Upgrade

This is likely in preparation for an eventual support of HTTP/2, however HTTP/2 is currently not being supported on shared hosting accounts and these headers should not be sent to the client because some clients may behave badly or have problems with TLS handshake.

Also, support for HTTP/2 is advertised using ALPN. If the client does not advertise that it supports HTTP/2 with ALPN, then Apache httpd knows this and should not send these headers.

[Solution]
Adding these two directives in htaccess removes the incorrect tokens from the server response header:

Header unset Upgrade
Header set Connection “keep alive”


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.