Using mod_spdy with Apache 2.4 on Ubuntu 14.04

How to start using mod_spdy with Apache 2.4 on Ubuntu 14.04. This previous post explains how to build mod_spdy.

Getting mod_spdy

mod_spdy is not available for Apache 2.4.7 on Ubuntu 14.04. You can compile it yourself using this post. Or you can download the compiled files here.

Stopping apache2

Before we start moving files and reconfiguring apache2, we stop it.

 $ sudo service apache2 restart 

Moving files


Let’s start by unpacking the mod_spdy.tar.gz file.

 $ tar zxf mod_spdy.tar.gz 
$ find mod-spdy/
mod-spdy/
mod-spdy/mod-spdy
mod-spdy/mod-spdy/src
mod-spdy/mod-spdy/src/out
mod-spdy/mod-spdy/src/out/Release
mod-spdy/mod-spdy/src/out/Release/libmod_spdy.so
mod-spdy/mod-spdy/src/mod_ssl.so
$

And move the files to the right location.

$ cd /usr/lib/apache2/modules
$ sudo mv ~/mod-spdy/mod-spdy/src/mod_ssl.so .
$ sudo mv ~/mod-spdy/mod-spdy/src/out/Release/libmod_spdy.so mod_spdy.so

Enabling mod_spdy

Issue the following commands to create the config files and enable them afterwards.

$ echo "LoadModule spdy_module /usr/lib/apache2/modules/mod_spdy.so" | sudo tee /etc/apache2/mods-available/spdy.load
$ echo "SpdyEnabled on" | sudo tee /etc/apache2/mods-available/spdy.conf
$ sudo a2enmod spdy

And start apache2 again. Don’t forget to look for errors.

$ sudo service apache2 start 

Now it’s time to browse to your webserver and check if everything is still working fine.

Seg fault?

After completing the above steps, my website was not available anymore and this error was all over my error logfile ( /var/log/apache2/error.log )

[Wed Mar 11 16:37:28.384523 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8024 exit signal Segmentation fault (11)
[Wed Mar 11 16:37:31.387805 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 7993 exit signal Segmentation fault (11)
[Wed Mar 11 16:38:04.424004 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8023 exit signal Segmentation fault (11)
[Wed Mar 11 16:38:41.465409 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8141 exit signal Segmentation fault (11)
[Wed Mar 11 16:38:43.467976 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8110 exit signal Segmentation fault (11)
[Wed Mar 11 16:38:47.472724 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8171 exit signal Segmentation fault (11)
[Wed Mar 11 16:38:54.480691 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8201 exit signal Segmentation fault (11)
[Wed Mar 11 16:38:57.484262 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8231 exit signal Segmentation fault (11)

Luckily this is a known problem that occurs in combination with mpm_event. Therefore, I switched to mpm_prefork.

 $ sudo a2dismod mpm_event
 $ sudo a2enmod mpm_prefork
 $ sudo service apache2 restart

After a few seconds, my website was available again and the error didn’t came back anymore.

Check

How to check if SPDY is really enabled? You can do this a number of ways, but I used Qualys SSL Labs to scan my webserver. You have to look for the following.

Using mod_spdy on apache 2.4.7 on Ubuntu 14.04

Using mod_spdy on apache 2.4.7 on Ubuntu 14.04


Note that I wrote other posts that explain how to enable OCSP stapling and Strict Transport Security.

2 thoughts on “Using mod_spdy with Apache 2.4 on Ubuntu 14.04

  1. Pingback: Build mod_spdy with Apache 2.4 on Ubuntu 14.04 - Thomas Elsen Security Blog

  2. Norbert

    Thanks for your two howto articles. I just wanted to note that I was using mpm_worker and spdy seemed to run fine (at least there were no errors in the logs). But SSL Server Test couldn’t detect spdy (except the generic NPN=yes i got even when disabling spdy). When I switched to mpm_prefork the detection of spdy works perfectly as seen on your screenshot. It seems spdy only works (flawlessly) when using prefork, but that’s just a wild guess at the moment.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *