Enabling HTTP/2 protocol in Apache HTTP server on Ubuntu 20.04

apache-http2-ubuntu-20.04.md

Enabling HTTP/2 protocol in Apache HTTP server on Ubuntu 20.04

It looks like you're trying to enable HTTP/2 on your Apache server and switch from mod_php to php-fpm. Here's a refined and improved version of your commands, incorporating best practices and explanations:

1. Check Apache Version:

apache2 -v

Ensure the version is 2.4.26 or higher. Ubuntu 20.04 usually comes with a compatible version.

2. Enable HTTP/2 Module:

sudo a2enmod http2

3. Configure Virtual Host:

sudo nano /etc/apache2/sites-enabled/your-site-le-ssl.conf 

• Replace your-site-le-ssl.conf with the actual filename.
• Add Protocols h2 http/1.1 after <VirtualHost *:443>.

4. Switch to PHP-FPM:

• Disable mod_php:

  sudo a2dismod php8.2 

• Disable prefork MPM:

  sudo a2dismod mpm_prefork

• Enable event MPM and necessary modules:

  sudo a2enmod mpm_event proxy_fcgi setenvif

• Install PHP-FPM:

  sudo apt install php8.2-fpm

• Enable and start PHP-FPM:

  sudo systemctl enable php8.2-fpm
  sudo systemctl start php8.2-fpm 

• Configure Apache to use PHP-FPM:

  sudo a2enconf php8.2-fpm

5. Restart Apache:

sudo systemctl restart apache2

Explanation of Changes:

• Combined module enabling: Instead of separate commands for proxy_fcgi and setenvif, they are enabled together for efficiency.
• PHP-FPM start order: PHP-FPM is started after enabling it to ensure it starts correctly with the right configuration.
• Removed redundant restarts: Some restart commands were unnecessary and have been removed.

Important Notes:

• Backup: Always back up your configuration files before making changes.
• Testing: Thoroughly test your website after making these changes to ensure everything works as expected.
• Troubleshooting: If you encounter issues, check the Apache error logs (/var/log/apache2/error.log) for clues.

This revised sequence should help you enable HTTP/2 and switch to PHP-FPM more effectively. Remember to replace placeholders like your-site-le-ssl.conf and php8.2 with your actual file names and PHP version.

Enabling HTTP/2 protocol in Apache server on Ubuntu 20.04

#!/bin/bash

# Check if the script is being run with sudo
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root. Please re-run with 'sudo'."
   exit 1
fi

# Detect PHP version
PHP_VERSION=$(php -v | head -n 1 | awk '{print $2}' | cut -d"." -f1,2)
PHP_FPM="php${PHP_VERSION}-fpm"
echo "Detected PHP version: $PHP_VERSION"

# Ensure Apache version is compatible (>= 2.4.26)
APACHE_VERSION=$(apache2 -v | grep -oP 'Apache/\K[0-9]+\.[0-9]+\.[0-9]+')
REQUIRED_VERSION="2.4.26"
echo "Detected Apache version: $APACHE_VERSION"

if [[ "$(printf '%s\n' "$REQUIRED_VERSION" "$APACHE_VERSION" | sort -V | head -n1)" != "$REQUIRED_VERSION" ]]; then
    echo "Apache version must be 2.4.26 or higher. Current version: $APACHE_VERSION"
    exit 1
fi

# Check if HTTP/2 is already enabled
if apache2ctl -M | grep -q "http2_module"; then
    echo "HTTP/2 is already enabled in Apache. Skipping HTTP/2 configuration."
else
    echo "HTTP/2 is not enabled. Proceeding with configuration."
fi

# List available SSL config files in /etc/apache2/sites-enabled/
CONFIG_FILES=($(ls /etc/apache2/sites-enabled/*.conf))
NUM_FILES=${#CONFIG_FILES[@]}

echo "Available SSL config files in /etc/apache2/sites-enabled/:"
for i in "${!CONFIG_FILES[@]}"; do
    echo "$((i + 1)). ${CONFIG_FILES[$i]}"
done
echo "$((NUM_FILES + 1)). Enter a custom path"

# Prompt user to select an option
read -p "Select an option (1-$NUM_FILES, or $((NUM_FILES + 1)) for custom path): " CHOICE

if [[ "$CHOICE" -gt 0 && "$CHOICE" -le "$NUM_FILES" ]]; then
    CONF_FILE="${CONFIG_FILES[$((CHOICE-1))]}"
elif [[ "$CHOICE" -eq "$((NUM_FILES + 1))" ]]; then
    read -p "Enter the full path to your SSL config file: " CONF_FILE
else
    echo "Invalid option, exiting."
    exit 1
fi

echo "Selected SSL config file: $CONF_FILE"

# Check if the selected file has a <VirtualHost *:443> block
if ! grep -q "<VirtualHost *:443>" "$CONF_FILE"; then
    echo "Error: The selected file ($CONF_FILE) does not contain a <VirtualHost *:443> directive."
    echo "Please select a valid SSL configuration file with a <VirtualHost *:443> directive."
    exit 1
fi

# Enable HTTP/2 Module if not already enabled
if ! apache2ctl -M | grep -q "http2_module"; then
    echo "Enabling HTTP/2 module..."
    a2enmod http2

    # Configure Virtual Host to support HTTP/2
    if grep -q "Protocols h2 http/1.1" "$CONF_FILE"; then
        echo "HTTP/2 is already enabled in $CONF_FILE"
    else
        echo "Enabling HTTP/2 in $CONF_FILE"
        sed -i '/<VirtualHost \*:443>/a \ \ Protocols h2 http/1.1' "$CONF_FILE"
    fi
else
    echo "HTTP/2 module was already enabled globally."
fi

# Disable mod_php and prefork MPM
echo "Disabling mod_php and mpm_prefork..."
a2dismod php"${PHP_VERSION}"
a2dismod mpm_prefork

# Enable event MPM and required modules for PHP-FPM
echo "Enabling mpm_event and required modules for PHP-FPM..."
a2enmod mpm_event proxy_fcgi setenvif

# Install PHP-FPM if not already installed
if ! dpkg -l | grep -q "$PHP_FPM"; then
    echo "PHP-FPM for PHP $PHP_VERSION is not installed. Installing now..."
    apt install -y "$PHP_FPM"
else
    echo "PHP-FPM for PHP $PHP_VERSION is already installed."
fi

# Enable and start PHP-FPM
echo "Enabling and starting PHP-FPM..."
systemctl enable "$PHP_FPM"
systemctl start "$PHP_FPM"

# Configure Apache to use PHP-FPM
echo "Configuring Apache to use PHP-FPM..."
a2enconf "$PHP_FPM"

# Restart Apache
echo "Restarting Apache to apply changes..."
systemctl restart apache2

echo "Apache has been configured with HTTP/2 and switched to PHP-FPM for PHP $PHP_VERSION."

This bash script automates the configuration of Apache to support HTTP/2 and PHP-FPM on Ubuntu. It ensures Apache and PHP versions are compatible, checks if HTTP/2 is already enabled, and switches to PHP-FPM if not already in use. The script also lists available SSL configuration files in /etc/apache2/sites-enabled/, allowing you to select one or enter a custom path. It includes safeguards to verify the configuration file has a <VirtualHost *:443> block before proceeding.

Usage: Save this as configure_apache_http2.sh, make it executable (chmod +x configure_apache_http2.sh), and run with sudo ./configure_apache_http2.sh.