From bardot.jerome at gmail.com Wed Oct 3 12:36:54 2018 From: bardot.jerome at gmail.com (=?UTF-8?B?QmFyZG90IErDqXLDtG1l?=) Date: Wed, 3 Oct 2018 14:36:54 +0200 Subject: [mpm-itk] mpm itk and http2 Message-ID: Hello, Im new with itk, i try to read some documentation for find if it’s the best choice for my need : Want to secure the execution of several web app, mostly php for the moment. I put one application in one dedicate home (ie : /home/app1/public_html & /home/app2/public_html  ) I read here (https://documentation.cpanel.net/display/EA4/Apache+Module%3A+MPM+ITK) there is some compatibilities issues, i quote : Compatibility The MPM ITK module is *not* compatible with the following functions: * /mod_http2/ * /mod_ruid2/ * /mod_userdir/ * /EAccelerator/ * /Mod suPHP/ * CloudLinux's™ PHP Selector feature * cPanel's/Leech Protection / feature (/cPanel >> Home >> Security >> Leech Protection/) My question is itk is really not compatible with http2 ? can it be solve, how and why ? There is a good alternative ? Thx  J. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x053A41EF03878A98.asc Type: application/pgp-keys Size: 3098 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 899 bytes Desc: OpenPGP digital signature URL: From ssmeenk at freshdot.net Wed Oct 3 12:54:07 2018 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Wed, 3 Oct 2018 14:54:07 +0200 Subject: [mpm-itk] mpm itk and http2 In-Reply-To: References: Message-ID: <20181003125407.GB23306@dot.freshdot.net> Quoting Bardot Jérôme (bardot.jerome at gmail.com): > My question is itk is really not compatible with http2 ? Yes. Please read this thread: https://lists.err.no/pipermail/mpm-itk/2018-June/001133.html -- | It’s hard to explain puns to kleptomaniacs | because they always take things literally. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From admin at dyn.su Wed Oct 3 13:10:21 2018 From: admin at dyn.su (Raven) Date: Wed, 3 Oct 2018 19:10:21 +0600 Subject: [mpm-itk] mpm itk and http2 In-Reply-To: References: Message-ID: <75b0fa58-da18-97a3-6c7e-504bd843e1d2@dyn.su> My solution is nginx at front of the httpd+itk. It serves http2 requests and proxies them to apache by http 1.1. Also it offloads apache by serving static content. 03.10.2018 18:36, Bardot Jérôme пишет: > > Hello, > > > Im new with itk, i try to read some documentation for find if it’s the > best choice for my need : > > Want to secure the execution of several web app, mostly php for the > moment. > > I put one application in one dedicate home (ie : > /home/app1/public_html & /home/app2/public_html  ) > > I read here > (https://documentation.cpanel.net/display/EA4/Apache+Module%3A+MPM+ITK) > there is some compatibilities issues, i quote : > > > Compatibility > > The MPM ITK module is *not* compatible with the following functions: > > * /mod_http2/ > * /mod_ruid2/ > * /mod_userdir/ > * /EAccelerator/ > * /Mod suPHP/ > * CloudLinux's™ PHP Selector > feature > * cPanel's/Leech Protection > > / feature (/cPanel >> Home >> Security >> Leech Protection/) > > > My question is itk is really not compatible with http2 ? can it be > solve, how and why ? > > There is a good alternative ? > > > Thx > > J. > > > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk -------------- next part -------------- An HTML attachment was scrubbed... URL: From gianluca at thirdeye.it Wed Oct 3 14:47:03 2018 From: gianluca at thirdeye.it (Gianluca Zamagni) Date: Wed, 3 Oct 2018 16:47:03 +0200 Subject: [mpm-itk] mpm itk and http2 In-Reply-To: <75b0fa58-da18-97a3-6c7e-504bd843e1d2@dyn.su> References: <75b0fa58-da18-97a3-6c7e-504bd843e1d2@dyn.su> Message-ID: <01F19122-D70F-43A8-967E-14B363D41103@thirdeye.it> > Il giorno 03 ott 2018, alle ore 15:10, Raven ha scritto: > > My solution is nginx at front of the httpd+itk. It serves http2 requests and proxies them to apache by http 1.1. Also it offloads apache by serving static content. I use the same solution, flawless. Gianluca From azurit at pobox.sk Wed Oct 3 15:02:53 2018 From: azurit at pobox.sk (azurit at pobox.sk) Date: Wed, 03 Oct 2018 17:02:53 +0200 Subject: [mpm-itk] mpm itk and http2 In-Reply-To: <01F19122-D70F-43A8-967E-14B363D41103@thirdeye.it> References: <75b0fa58-da18-97a3-6c7e-504bd843e1d2@dyn.su> <01F19122-D70F-43A8-967E-14B363D41103@thirdeye.it> Message-ID: <20181003170253.Horde.8E1JyaDOhkds6D4GSVGAO8f@webmail.inetadmin.eu> Guys, this solution is a non-sense, think about it a little (it's free). It will give you almost no speed up and can be used only as some kind of cheating if your customers requires http/2. Citát Gianluca Zamagni : >> Il giorno 03 ott 2018, alle ore 15:10, Raven ha scritto: >> >> My solution is nginx at front of the httpd+itk. It serves http2 >> requests and proxies them to apache by http 1.1. Also it offloads >> apache by serving static content. > > I use the same solution, flawless. > > Gianluca > > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk From sgunderson at bigfoot.com Wed Oct 3 16:37:15 2018 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Wed, 3 Oct 2018 18:37:15 +0200 Subject: [mpm-itk] mpm itk and http2 In-Reply-To: <20181003170253.Horde.8E1JyaDOhkds6D4GSVGAO8f@webmail.inetadmin.eu> References: <75b0fa58-da18-97a3-6c7e-504bd843e1d2@dyn.su> <01F19122-D70F-43A8-967E-14B363D41103@thirdeye.it> <20181003170253.Horde.8E1JyaDOhkds6D4GSVGAO8f@webmail.inetadmin.eu> Message-ID: <20181003163715.k35you4nvl5o2azi@sesse.net> On Wed, Oct 03, 2018 at 05:02:53PM +0200, azurit at pobox.sk wrote: > this solution is a non-sense, think about it a little (it's free). It will > give you almost no speed up and can be used only as some kind of cheating if > your customers requires http/2. Why? You obviously get header compression, multiplexing benefits, push (just set a header to mark what you want to push, which is the way you commonly communicate with a HTTP/2 proxy anyway) and the solutions for head-of-line blocking. What's left that you can't do in a proxy? It's of course unfortunate that mod_http2 has chosen an architecture that's incompatible with MPM-ITK (as I understand it -- I never went into the details myself), but such is life. /* Steinar */ -- Homepage: https://www.sesse.net/ From azurit at pobox.sk Wed Oct 3 16:56:51 2018 From: azurit at pobox.sk (azurit at pobox.sk) Date: Wed, 03 Oct 2018 18:56:51 +0200 Subject: [mpm-itk] mpm itk and http2 In-Reply-To: <20181003163715.k35you4nvl5o2azi@sesse.net> References: <75b0fa58-da18-97a3-6c7e-504bd843e1d2@dyn.su> <01F19122-D70F-43A8-967E-14B363D41103@thirdeye.it> <20181003170253.Horde.8E1JyaDOhkds6D4GSVGAO8f@webmail.inetadmin.eu> <20181003163715.k35you4nvl5o2azi@sesse.net> Message-ID: <20181003185651.Horde.cVdxYlG7__ffttNT5mq_rBz@webmail.inetadmin.eu> Citát "Steinar H. Gunderson" : > On Wed, Oct 03, 2018 at 05:02:53PM +0200, azurit at pobox.sk wrote: >> this solution is a non-sense, think about it a little (it's free). It will >> give you almost no speed up and can be used only as some kind of cheating if >> your customers requires http/2. > > Why? Because you are doing http/1 anyway, no matter if client can get http/2 benefits from proxy, if proxy cannot get it from server. Everything might be even slower cos you add http/2 communication into everything without getting rid of http/1 communication. It's like taking a plane which is transported on the road by a truck. From sgunderson at bigfoot.com Wed Oct 3 17:04:02 2018 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Wed, 3 Oct 2018 19:04:02 +0200 Subject: [mpm-itk] mpm itk and http2 In-Reply-To: <20181003185651.Horde.cVdxYlG7__ffttNT5mq_rBz@webmail.inetadmin.eu> References: <75b0fa58-da18-97a3-6c7e-504bd843e1d2@dyn.su> <01F19122-D70F-43A8-967E-14B363D41103@thirdeye.it> <20181003170253.Horde.8E1JyaDOhkds6D4GSVGAO8f@webmail.inetadmin.eu> <20181003163715.k35you4nvl5o2azi@sesse.net> <20181003185651.Horde.cVdxYlG7__ffttNT5mq_rBz@webmail.inetadmin.eu> Message-ID: <20181003170402.bahf3mqa7loow5d7@sesse.net> On Wed, Oct 03, 2018 at 06:56:51PM +0200, azurit at pobox.sk wrote: > Because you are doing http/1 anyway, no matter if client can get http/2 > benefits from proxy, if proxy cannot get it from server. Yes, it certainly matters. All the benefits of HTTP/2 has to do with getting the data over a lower-bandwidth, higher-latency link from the server to the client. Those advantages are irrelevant over localhost. Of course, if you put the HTTP/2 proxy _at the client_ and had it talk HTTP/1.1 to the remote server, what you said would be right. But that's not what people are talking about here. /* Steinar */ -- Homepage: https://www.sesse.net/