[FFe] mod_http2 is not available in Apache

@Nish - you have the apache2 merge assigned this cycle - what do you think?

The merge from Debian will be ok, because Debian already offers the mod HTTP/2.

Just make sure not to remove HTTP/2, when merging from Debian.

I'm updating our 17.04 merge right now, I think this makes sense.

apache2 is now stuck in proposed. This is becuase nghttp2 (src package) is in universe, and so is libnghttp2-14 which apache2 depends on when enabling http2. We would need a MIR to promote nghttp2 and given where we are in the cycle, that seems unlikely to be approved. Additionally, regardless of Debian, upstream apache still considers it experimental: https://httpd.apache.org/docs/2.4/mod/mod_http2.html.

Given all that, I'm much more comfortable aiming for HTTP2 support in 17.10, as anticipatory of 18.04 and will pursue the MIR and needed first thing in that cycle.

This bug was fixed in the package apache2 - 2.4.25-3ubuntu2

---------------
apache2 (2.4.25-3ubuntu2) zesty; urgency=medium

  * Undrop (LP 1658469):
    - Don't build experimental http2 module for LTS:
      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
      + debian/config-dir/mods-available/http2.load: removed.
      + debian/rules: removed proxy_http2 from configure.
      + debian/apache2.maintscript: remove http2 conffile.

 -- Nishanth Aravamudan <email address hidden> Fri, 10 Feb 2017 08:53:43 -0800

I am uploading the http2-enabled apache2 to a-p, but will need to process the MIR for nghttp2.

Just an FYI here, back in Xenial, nghttp2 was NACK'd by the Security Team, and that's why http2 was *disabled* in Xenial+ Apache2.

Before we go uploading HTTP/2 enabled things to Proposed like this, we should probably check if the MIR clears.

18:13 <rbasak> nacc: not sure about bug 1658469
18:13 <ubottu> bug 1658469 in apache2 (Ubuntu) "mod_http2 is not available under Apache 2.4.23 / Ubuntu 17.04 xenial" [Low,Fix committed] https://launchpad.net/bugs/1658469
18:13 <rbasak> nacc: to my knowledge we've never added and then removed things to avoid putting things in an LTS.
18:13 <teward> rbasak: refer to -hardened and my mention about nghttp2
18:13 <rbasak> Yeah I saw that, but nacc wasn't in that channel.
18:14 <teward> yep.
18:14 <teward> nacc: IIRC, the Security team had NACK'd http2 back in Xenial
18:14 <teward> at least nghttp2
18:14 <rbasak> nacc: if it's not good enough for an LTS, it's not good enough for a non-LTS release.
18:14 <teward> (NGINX rolls their own implementation separate from nghttp2)
18:15 -!- knoxy has joined #ubuntu-server

Changes with Apache 2.4.26 : HTTP/2 support no longer tagged as "experimental" but is instead considered fully production ready.
=> http://www.apache.org/dist/httpd/CHANGES_2.4.26

Yes, after discussing with others, this (nghttp2) will need to be reviewed for MIR (bug # 1687454) but has been uploaded for Artful.

It will probably not be backported to 16.04 or other releases without further review (as the version declaring HTTP/2 stability is 2.4.26 which is not the version in 16.04, etc.)

This bug was fixed in the package apache2 - 2.4.27-2ubuntu2

---------------
apache2 (2.4.27-2ubuntu2) artful; urgency=medium

  * Undrop (LP 1658469):
    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
      + debian/config-dir/mods-available/http2.load: removed.
      + debian/rules: removed proxy_http2 from configure.

 -- Marc Deslauriers <email address hidden> Wed, 02 Aug 2017 13:04:45 -0400

Status changed to 'Confirmed' because the bug affects multiple users.

Is it possible to affect the bug for Ubuntu 17.10 Artful Aardvark ?

I think it is possible to close the bug for Ubuntu 17.04 Zesty Zapus and Ubuntu 16.04 Xenial Xerus who do not have apache 2.4.27

Hello i am new to ubuntu curently i am running ubuntu 17.04 and i have been trying to install apache2 and php 5.6 mysql server and phpmyadmin and i have been finding it dificult to install

Failed to restart apache2.service: Unit apache2.service is masked.
is what i get anaytime i try to start my apache2

Hi Adedayo this seems to be an unrelated case, please open a new bug and add some more info on your setup - consider using apport to do so semi-automatically.

MIR in 1687454 ongoing (just got an security ack) but we might be too late into the feature freeze now?
@Nacc/Marc what is your plan of action on this 17.10/18.04 ?

Keeping Development open (waiting for statements on 17.10/18.04) but denying the Xenial/Zesty tasks according to c#10

From a feature freeze POV, it's fine for mod_http2 to be made available as a (not enabled by default) additional feature.

The MIR process needs to be completed before this can be considered "accepted", however. Right now LP: #1687454 has security team sign-off but not MIR sign-off.

Bionic includes the /etc/apache2/mods-available/proxy_http2.load file, but the module mod_proxy_http2.so has been removed.

Is it a mistake?

Suite: Ubuntu 18.04 (bionic)
https://packages.ubuntu.com/bionic/amd64/apache2/filelist
https://packages.ubuntu.com/bionic/amd64/apache2-bin/filelist

@Mathias: mod_proxy_http2.so is now in /usr/lib/apache2/modules/mod_proxy_http2.so

This is now enabled in bionic.

On Wed, Nov 22, 2017 at 5:20 AM, Mathias <email address hidden> wrote:
> Bionic includes the /etc/apache2/mods-available/proxy_http2.load file,
> but the module mod_proxy_http2.so has been removed.
>
> Is it a mistake?
>
> Suite: Ubuntu 18.04 (bionic)
> https://packages.ubuntu.com/bionic/amd64/apache2/filelist
> https://packages.ubuntu.com/bionic/amd64/apache2-bin/filelist

To be clear provided by apache2-bin.

Note that providing links to URLs whose content changes based upon
when they are viewed is not a particularly useful practice, IMO. In
the future, show the contents, or a grep or something that indicates
what the problem is, as otherwise I'd assume it's PEBKAC.