How to start using mod_spdy with Apache 2.4 on Ubuntu 14.04. This previous post explains how to build mod_spdy.
Getting mod_spdy
mod_spdy is not available for Apache 2.4.7 on Ubuntu 14.04. You can compile it yourself using this post. Or you can download the compiled files here.
Stopping apache2
Before we start moving files and reconfiguring apache2, we stop it.
$ sudo service apache2 restart
Moving files
Let’s start by unpacking the mod_spdy.tar.gz file.
$ tar zxf mod_spdy.tar.gz $ find mod-spdy/ mod-spdy/ mod-spdy/mod-spdy mod-spdy/mod-spdy/src mod-spdy/mod-spdy/src/out mod-spdy/mod-spdy/src/out/Release mod-spdy/mod-spdy/src/out/Release/libmod_spdy.so mod-spdy/mod-spdy/src/mod_ssl.so $
And move the files to the right location.
$ cd /usr/lib/apache2/modules $ sudo mv ~/mod-spdy/mod-spdy/src/mod_ssl.so . $ sudo mv ~/mod-spdy/mod-spdy/src/out/Release/libmod_spdy.so mod_spdy.so
Enabling mod_spdy
Issue the following commands to create the config files and enable them afterwards.
$ echo "LoadModule spdy_module /usr/lib/apache2/modules/mod_spdy.so" | sudo tee /etc/apache2/mods-available/spdy.load $ echo "SpdyEnabled on" | sudo tee /etc/apache2/mods-available/spdy.conf $ sudo a2enmod spdy
And start apache2 again. Don’t forget to look for errors.
$ sudo service apache2 start
Now it’s time to browse to your webserver and check if everything is still working fine.
Seg fault?
After completing the above steps, my website was not available anymore and this error was all over my error logfile ( /var/log/apache2/error.log )
[Wed Mar 11 16:37:28.384523 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8024 exit signal Segmentation fault (11) [Wed Mar 11 16:37:31.387805 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 7993 exit signal Segmentation fault (11) [Wed Mar 11 16:38:04.424004 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8023 exit signal Segmentation fault (11) [Wed Mar 11 16:38:41.465409 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8141 exit signal Segmentation fault (11) [Wed Mar 11 16:38:43.467976 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8110 exit signal Segmentation fault (11) [Wed Mar 11 16:38:47.472724 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8171 exit signal Segmentation fault (11) [Wed Mar 11 16:38:54.480691 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8201 exit signal Segmentation fault (11) [Wed Mar 11 16:38:57.484262 2015] [core:notice] [pid 7842:tid 140724740487040] AH00052: child pid 8231 exit signal Segmentation fault (11)
Luckily this is a known problem that occurs in combination with mpm_event. Therefore, I switched to mpm_prefork.
$ sudo a2dismod mpm_event $ sudo a2enmod mpm_prefork $ sudo service apache2 restart
After a few seconds, my website was available again and the error didn’t came back anymore.
Check
How to check if SPDY is really enabled? You can do this a number of ways, but I used Qualys SSL Labs to scan my webserver. You have to look for the following.
Note that I wrote other posts that explain how to enable OCSP stapling and Strict Transport Security.
Pingback: Build mod_spdy with Apache 2.4 on Ubuntu 14.04 - Thomas Elsen Security Blog
Thanks for your two howto articles. I just wanted to note that I was using mpm_worker and spdy seemed to run fine (at least there were no errors in the logs). But SSL Server Test couldn’t detect spdy (except the generic NPN=yes i got even when disabling spdy). When I switched to mpm_prefork the detection of spdy works perfectly as seen on your screenshot. It seems spdy only works (flawlessly) when using prefork, but that’s just a wild guess at the moment.