Apache httpd 2.4.49 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1l with http2, mod_http2 1.15.24 and ALPN for Red Hat Enterprise Linux 7 and CentOS 7

Apache httpd 2.4.49-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl 1.15.24 is built dynamically against OpenSSL 1.1.1l.

Links:

Please note that RedHat multiproxy patch cannot be applied to this version due to massive SSL rework and was removed.

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Since 2.4.43-4 release we built OpenSSL as a separate package that installs to the separate directory (/opt/codeit/openssl111) and does not affects system libraries. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27. If you need http2 module, please disable prefork mpm and enable evemt mpm in /etc/httpd/conf.modules.d/00-mpm.conf. We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file. We already included a minimum required SELinux policy into the package. Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release

17 thoughts on “Apache httpd 2.4.49 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1l with http2, mod_http2 1.15.24 and ALPN for Red Hat Enterprise Linux 7 and CentOS 7”

  1. Hi

    We have had problems on all of our servers updatering to httpd 2.4.49.

    Unfortunately Apache could no longer connect to PHP-FPM .sock

    We reverted the update and are now up again.

    What have happend?

    Thank you.

    1. We found the problem:
      mod_proxy has been optimized in the new version, and apparently we have always been using
      SetHandler proxy:unix:///var/www/…
      but must new be the correct
      SetHandler proxy:unix:/var/www/…

      From HTTPD error.log after update to 2.4.49:
      [Sat Sep 18 08:21:41.258908 2021] [proxy:error] [pid ***:tid ***] [client ***:***] AH10292: Invalid proxy UDS filename (proxy:unix:///var/www/***domain***/php-fpm.sock|fcgi://127.0.0.1:9000/var/www/***/www/…/index.php)

      So just forget this – not your falt.

      We appreciate your work!

  2. Hello

    We also had a problem with apache after the update. Specifically this error:

    Sep 18 09:31:13 systemd[1]: Starting The Apache HTTP Server…
    Sep 18 09:31:13 httpd[22349]: httpd: Syntax error on line 56 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.modules.d/10-h2.conf: Cannot load modules/mod_http2.so into server: /etc…l: EVP_MD_CTX_new
    Sep 18 09:31:14 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Sep 18 09:31:14 systemd[1]: Failed to start The Apache HTTP Server.
    Sep 18 09:31:14 systemd[1]: Unit httpd.service entered failed state.

    We have had to revert back to 2.4.48 which works fine

    I also noticed that mod_http2.so last modified date was September 10 but all the other modules were September 17. Our openssl version is 1.0.2k and upgrading to 1.1.1l did not make a difference.

    Hope this helps identify the problem.

    1. We have this problem on one of our servers: the issue was in missing mod_ssl. Please be sure to install it and load before mod_http2 (as we do it by default: 00-ssl.conf loads mod_ssl, 10-h2.conf loads mod_http2)

  3. Hi,
    After updating to 2.4.49, Apache began to hang silently after a few hours with no meaningful records in the error log. Is it just me?

        1. Just a heads up – I’m having dependency issues with mod_http2 the 2.4.50 build on centos 7.9 but 2.4.49 works fine:

          Cannot load modules/mod_http2.so into server: /etc/httpd/modules/mod_http2.so: undefined symbol: EVP_MD_CTX_new

  4. Dear Friends

    Thank you for your great work, everything works like a charm.

    I have updated from Remi 7.4.24 to Remi PHP 8.0.11, but I have problem to use it with CodeIT 2.4.49. I have in my configuration /etc/httpd/conf.d/test-domain.conf below line:

    Should I change it to: …

    Thank you in advance for your help and support.

    Sincerely

        1. Dear Alexander

          Thank you for your fast reply.

          …but if I would like to use the old way with mod_php, I should change mod_php7.c to just mod_php.c?

          Sincerely

Leave a Reply

Your email address will not be published. Required fields are marked *