Results 1 to 6 of 6
  1. #1
    Join Date
    Feb 2015
    Posts
    78
    Points
    1,804
    Level
    17

    CloudFlare, SPDY protocol

    So, I've got a customer who's using CloudFlare. He's now having issues because CloudFlare apparently insists on having access to SPDY on the server.

    Recommendations and/or best practices? I've tried installing the thing and it seems to be not quite working as intended. After the install, the httpd simply dies with the SPDY module enabled, so I've currently left it disabled for now and came here to ask about resolving this because I'm sure others will eventually google for this issue and come here.

    So, that said!

    CentOS 7, 5.6 for PHP. Everything else is default as usual for InterWorx. Running v5.1.41 at this time.
    ★ Ramon Reyes @ EidolonHost
    ★ Shared, Reseller, VPS and Dedicated Servers.
    ★ Need more stuff? Ask us about custom configurations!
    ★ Authorized Blesta and InterWorx License Reseller! See Web Host Licenses

  2. #2
    Join Date
    Apr 2012
    Posts
    1,962
    Points
    17,402
    Level
    57
    Hi Kerio
    I have not noticed any issues with cloudflare and CF help shows the order of precedence used http2 over spdy, spdy over http1.
    Your already using http2, so spdy I do not think would be used by CF
    Many thanks
    John
    https://support.cloudflare.com/hc/en...for-my-website-
    When a client makes a connection to your website both the web browser and server will automatically use the highest protocol available. This means that HTTP/2 takes precedence over SPDY, and SPDY takes precedence over HTTP/1.x.
    How CloudFlare HTTP/2 Works
    To determine what protocol is used for your connection you can visit [yourdomain.com]/cdn-cgi/trace (replacing [yourdomain.com] with your domain name). You should see information similar to the example below:
    fl=21f63
    h=www.cloudflare.com
    ip=108.61.197.168
    ts=1420194924.494
    visit_scheme=http
    uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
    colo=SJC
    http=h2
    loc=US
    The line http=h2 in the above example indicates that HTTP/2 is being used. Other possible values are http=spdy/3.1 for SPDY/3.1 and http=http/1.x for HTTP/1.x.
    https://support.cloudflare.com/hc/en...Y-protocols-do-
    SPDY is an open networking protocol developed primarily at Google for transporting web content to help make web pages load faster and reduce latency. HTTP/2 is based on SPDY and is the second major revision of the Hypertext Transfer Protocol, the application protocol for the Word Wide Web. While SPDY is enabled by default for all customers using SSL on their site through Cloudflare, HTTP/2 is only enabled by default for customers of the Free and Pro plan and needs to be enabled under the "Network" application for all other customers.

  3. #3
    Join Date
    Apr 2012
    Posts
    1,962
    Points
    17,402
    Level
    57
    Hi Kerio

    I thought I would try anyway for spdy, and below is how I installed spdy onto a test server, runing centos 6.8 64 bit, all default setup, including all latest updates, on IW 5.1.47, and some pictures showing it installed and working, with a quick test from qualys, showing spdy been used
    SSH into server, and run as root or sudo
    yum install at
    Use the correct version for your server
    64 bit
    cd /opt
    wget https://dl-ssl.google.com/dl/linux/d...ent_x86_64.rpm
    32 bit
    cd /opt
    wget https://dl-ssl.google.com/dl/linux/d...rrent_i386.rpm
    rpm -U mod-spdy-*.rpm
    service httpd stop
    service httpd start
    You can view the spdy.conf as follows: but as spdy runs straight out of the box, there is little you can tweak, but I have shown the conf as below
    cat /etc/httpd/conf.d/spdy.conf
    LoadModule spdy_module /usr/lib64/httpd/modules/mod_spdy.so
    <IfModule spdy_module>
    # Turn on mod_spdy. To completely disable mod_spdy, you can set
    # this to "off".
    SpdyEnabled on
    # In order to support concurrent multiplexing of requests over a
    # single connection, mod_spdy maintains its own thread pool in
    # each Apache child process for processing requests. The default
    # size of this thread pool is very conservative; you can override
    # it with a larger value (as below) to increase concurrency, at
    # the possible cost of increased memory usage.
    #
    #SpdyMaxThreadsPerProcess 30
    # Memory usage can also be affected by the maximum number of
    # simultaneously open SPDY streams permitted for each client
    # connection. Ideally, this limit should be set as high as
    # possible, but you can tweak it as necessary to limit memory
    # consumption.
    #
    #SpdyMaxStreamsPerConnection 100
    </IfModule>
    I hope that helps a little
    Many thanks
    John
    Attached Images Attached Images   

  4. #4
    Join Date
    Feb 2015
    Posts
    78
    Points
    1,804
    Level
    17
    Hi,

    Interesting, because I tried the exact same thing and even with mod_spdy.so where it is as you describe, I get this:

    -- Unit httpd.service has begun starting up.
    Mar 19 23:22:49 helmsgate.eidolonhost.com httpd[20183]: [Sun Mar 19 23:22:49.071095 2017] [so:warn] [pid 20183] AH01574: module ssl_module is already loaded, skipping
    Mar 19 23:22:49 helmsgate.eidolonhost.com httpd[20183]: httpd: Syntax error on line 518 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.d/spdy.conf: Cannot load /usr/lib64/httpd/modules/mod_spdy.so into server: /us
    Mar 19 23:22:49 helmsgate.eidolonhost.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Mar 19 23:22:49 helmsgate.eidolonhost.com kill[20185]: kill: cannot find process ""
    Mar 19 23:22:49 helmsgate.eidolonhost.com systemd[1]: httpd.service: control process exited, code=exited status=1
    Mar 19 23:22:49 helmsgate.eidolonhost.com systemd[1]: Failed to start The Apache HTTP Server.
    -- Subject: Unit httpd.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman.../systemd-devel
    --
    -- Unit httpd.service has failed.
    --
    -- The result is failed.

    And line 518 of httpd.conf:

    # Supplemental configuration
    #
    # Load config files in the "/etc/httpd/conf.d" directory, if any.
    IncludeOptional conf.d/*.conf

    Which obviously throws an error because of spdy.conf
    ★ Ramon Reyes @ EidolonHost
    ★ Shared, Reseller, VPS and Dedicated Servers.
    ★ Need more stuff? Ask us about custom configurations!
    ★ Authorized Blesta and InterWorx License Reseller! See Web Host Licenses

  5. #5
    Join Date
    Apr 2012
    Posts
    1,962
    Points
    17,402
    Level
    57
    Hi Kerio
    Many thanks
    From what I have read, mod_spdy is only for Apache 2.2 and not 2.4. Google gave Apache mod_spdy code base to include in Apache 2.4, but with HTTP/2, spdy is defunct.
    However, that said, a few people have tried to install mod_spdy and make it work with Apache 2.4, with varied results, but Interworx also uses Apache for itself, so you are at risk of breaking Interworx if you change APache
    I hope that helps
    Many thanks
    John
    https://code.google.com/archive/p/mod-spdy/issues/64
    http://www.spinics.net/lists/apache-...msg111529.html
    https://developers.googleblog.com/20...e-project.html

  6. #6
    Join Date
    Feb 2015
    Posts
    78
    Points
    1,804
    Level
    17
    Hi,

    Looks like our best way forward is to enable HTTP2 instead of trying to get mod_spdy to work.

    Looking into this at this time...

    https://mypastebin.com/cdn-cgi/trace if you'd like to check a customer domain out.

    Interestingly, if HTTPS is used, http2 works properly. Methinks I need to get the customer to write a .htaccess rule...

    Unfortunately, downloads still do not work as intended.
    Last edited by Keiro; 03-20-2017 at 07:20 AM.
    ★ Ramon Reyes @ EidolonHost
    ★ Shared, Reseller, VPS and Dedicated Servers.
    ★ Need more stuff? Ask us about custom configurations!
    ★ Authorized Blesta and InterWorx License Reseller! See Web Host Licenses

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •