HTTP/2 disabled in Apache httpd

Bug #1531864 reported by Robie Basak on 2016-01-07
This bug report is a duplicate of:  Bug #1687454: [MIR] nghttp2. Edit Remove
72
This bug affects 13 people
Affects Status Importance Assigned to Milestone
Release Notes for Ubuntu
Undecided
Unassigned
apache2 (Ubuntu)
Undecided
Unassigned

Bug Description

Partly a dupe of 1503051 and partly separate. I think we should consider reporting on HTTP/2 support as a separate item that covers Apache.

This is a draft for the Xenial Xerus release notes.

"""
HTTP/2 support in Apache httpd

HTTP/2 support is considered an experimental feature by the Apache httpd upstream project, and so we do not consider it suitable or maintainable for the 5 year supported period of this LTS release. Therefore HTTP/2 support is not available in our builds of Apache httpd.

We expect to issue stable release updates enabling HTTP/2 support after the Apache httpd upstream considers this support to be non-experimental, although this will depend on our assessment of the risk of regression to existing Xenial users at that time.

[insert instructions for what users can do to get it instead here]
"""

Robie Basak (racb) on 2016-01-07
description: updated
summary: - HTTP/2 disabled in Apache and nginx
+ HTTP/2 disabled in Apache httpd and nginx
description: updated
description: updated

nginx-related release notes bug that should be tracked as a related item to this one: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1503051

Thomas Ward (teward) wrote :

NGINX HTTP/2 support was OK'd for activation by the Security team; nginx is no longer relevant to this release note item.

Thomas Ward (teward) wrote :

Revised the draft in the description since HTTP/2 support landed in Xenial yesterday as part of 1.9.14.

summary: - HTTP/2 disabled in Apache httpd and nginx
+ HTTP/2 disabled in Apache httpd
description: updated
Robie Basak (racb) wrote :

Marking this Won't Fix for Ubuntu (apache2) to make it clear that this is deliberate (see dupes). When http2 support is non-experimental upstream and the security team are happy, we can change this or create another bug (I don't particular mind which) to track progress.

Changed in apache2 (Ubuntu):
status: New → Won't Fix

/etc/apache2/mods-available/http2.load is still in the apache2 package, but /usr/lib/apache2/modules/mod_http2.so is missing in apache2-bin

Ryan Harper (raharper) wrote :

After the 2.4.18-1 release with http2 support in Debian, the ubuntu package has been modified to remove the http2 library object, and the configuration file http2.load. While the library has been removed, the conf file has not.

I've applied dpkg-mainscript-helper rm_conffile to remove this configuration file.

I've confirmed that in Xenial, installing 2.4.18-2ubuntu2 and then upgrading to a package with this debdiff applied, we successfully remove the conf file.

Ryan Harper (raharper) wrote :

It was pointed out that we can use debian/apache2.maintscript for simpler handling.

Robie Basak (racb) wrote :

18:12 <rharper> it's out of the way

18:12 <rharper> unless someone is explicitly doing a2enmod http2

18:13 <rbasak> That would always break at some point, right?

18:13 <rbasak> Either in the a2enmod command, or with this bug on apache2 restart.

18:13 <rharper> right

18:13 <rbasak> So they shouldn't be doing it and expect it to work presumably :)

18:13 <rbasak> Then I think a 0-day is fine.

Robie Basak (racb) wrote :

Added to release notes.

Changed in ubuntu-release-notes:
status: New → Fix Released
Oskar M (0zzie) wrote :

Come on guys we need http2 soon or everyone will start dropping apache and use Ngix instead. Http2 is like the greatest thing that has happened in web for performance in the latest 10 years..

https://httpd.apache.org/docs/2.4/mod/mod_http2.html does **not** say "experimental" any more so please look into if it could be used.

Starting to become hard to explain to clients why we don't have http2...

rz (rzo1) wrote :

Guys, we are in 2018. As CPUs dropped performance, we need to enable intelligent protocolls widely ;)

Are there any real reason for not adding http2 in Ubuntu?

Apache tells us, that the http2 feature is **not** experimental any more. We do not want to rely on some 3rd party PPAs or building apache2 from scratch or perform some wired workaround with module copying.

Any plans for adding this in the near future?

You are right, which is why I have done so on 2017-12-09 by bug 1687454.
I'll dup this bug onto the other one.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers