H2O is a new generation HTTP server that has a great, fully featured HTTP/2 implementations of all the current web servers in use. With H2O as your web server, you can take advantage of the new features of the HTTP/2 specification, like latency optimization, server-push and server-side prioritization that can take advantage of modern browser features that are seldom talked about.
In this detailed tutorial, I will show you step by step how to get H2O running on your CentOS 7 x64 instance.
Prerequisites
- A CentOS 7 x64 server instance.
- A sudo user.
- An SSL certificate (optional)
Step 1: Update the system
Log in via SSH with the credentials found under your instance and update the system as follows.
sudo yum install epel-release -y
sudo yum clean all && sudo yum update -y
Step 2: Install H2O
In order to install H2O on CentOS 7, you must add the Bintray RPM repository to install the prebuilt H2O binaries. Use the Nano editor to create a custom repo.
sudo nano /etc/yum.repos.d/bintray-h2o-rpm.repo
Copy and paste the text below into the repo file.
[bintray-h2o-rpm]
name=bintray-h2o-rpm
baseurl=https://dl.bintray.com/tatsushid/h2o-rpm/centos/$releasever/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1
Next, install H2O.
sudo yum install h2o -y
Now that H2O is installed, but before you enable and start the service, a proper configuration is required and we need to create a specific user and group for H2O to run under. Create a group and user for H2O to run under named h2o
.
sudo groupadd -g 101 h2o
sudo useradd -d /etc/h2o -g 101 -M -s /sbin/nologin -u 101 h2o
Step 3: Configuring The H2O Web Server
The following steps will give examples of configuration setups for various unencrypted
, encrypted
, static
and dynamic
server setups; as well as a combination of all four.
Redirect http://www.example.com
To http://example.com
(Static HTML Pages, No PHP) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
file.dir: /var/www/example.com
"www.example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "http://example.com/"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a default index.html
using the template in /var/www/html
to the directory option file.dir
listed above in /var/www/example.com
.
sudo cp -var /var/www/html /var/www/example.com
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Execute the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get this message.
Welcome to H2O - an optimized HTTP server
It works!
Redirect http://example.com
To http://www.example.com
(Static HTML Pages, No PHP) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the following text into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "http://www.example.com/"
"www.example.com:80":
listen:
port: 80
paths:
"/":
file.dir: /var/www/www.example.com
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a default index.html
file using the template in /var/www/html
to the directory option file.dir
listed above in /var/www/www.example.com
.
sudo cp -var /var/www/html /var/www/www.example.com
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get this message.
Welcome to H2O - an optimized HTTP server
It works!
Redirect http://www.example.com
To http://example.com
(Dynamic Page, PHP-FPM 5.6.x) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the following text into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
file.dir: /var/www/example.com
redirect:
internal: YES
status: 307
url: /index.php
"www.example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "http://example.com/"
file.custom-handler:
extension: .php
fastcgi.connect:
port: /run/php-fpm-5.6.sock
type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Install PHP version 5.6.x.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y
Navigate to the /opt/remi/php56/root/etc/
directory.
cd /opt/remi/php56/root/etc/
Rename the default php-fpm.conf
to php-fpm.conf.original
.
sudo mv php-fpm.conf php-fpm.conf.original
Create a new php-fpm.conf
file.
sudo nano php-fpm.conf
Copy and paste the text below into the php-fpm.conf
file.
include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s
Rename the default www.conf
file in the php-fpm.d
directory.
sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original
Create a new www.conf
file.
sudo nano php-fpm.d/www.conf
Copy and paste the text below into the www.conf
file. Change your pm.max\_children
to match the number of CPUs in accordance with your VPS instance.
[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o
Rename the default php.ini
file.
sudo mv php.ini php.ini.original
Create a new php.ini
file.
sudo nano php.ini
Copy and paste the text below into the new php.ini file
. Change the memory\_limit
, post\_max\_size
, upload\_max\_filesize
and date.timezone
in accordance with your VPS instance.
[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/
directory from the apache
group to the h2o
group.
sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/
Create a directory where the PHP-FPM server logs will reside.
sudo mkdir /var/log/php-fpm/
Enable and start the PHP-FPM server.
sudo systemctl enable php56-php-fpm
sudo systemctl start php56-php-fpm
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a directory where the default index.php
will reside listed by the directory option file.dir
above in /var/www/example.com
.
sudo mkdir /var/www/example.com
Create a default index.php
using the phpinfo
command to test PHP.
sudo nano /var/www/example.com/index.php
Copy and paste the text below in the new index.php
file.
<?php
phpinfo();
?>
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get the standard PHP info page.
Redirect http://example.com
To http://www.example.com
(Dynamic Page, PHP-FPM 5.6.x) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "http://www.example.com/"
"www.example.com:80":
listen:
port: 80
paths:
"/":
file.dir: /var/www/www.example.com
redirect:
internal: YES
status: 307
url: /index.php
file.custom-handler:
extension: .php
fastcgi.connect:
port: /run/php-fpm-5.6.sock
type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y
Navigate to the /opt/remi/php56/root/etc/
directory.
cd /opt/remi/php56/root/etc/
Rename the default php-fpm.conf
to php-fpm.conf.original
.
sudo mv php-fpm.conf php-fpm.conf.original
Create a new php-fpm.conf
file.
sudo nano php-fpm.conf
Copy and paste the text below into the php-fpm.conf
file.
include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s
Rename the default www.conf
file in the php-fpm.d
directory.
sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original
Create a new www.conf
file.
sudo nano php-fpm.d/www.conf
Copy and paste the following text into the www.conf
file. Change your pm.max\_children
to match the number of CPUs in accordance with your VPS instance.
[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o
Rename the default php.ini
file.
sudo mv php.ini php.ini.original
Create a new php.ini
file.
sudo nano php.ini
Copy and paste the following text below into the new php.ini file
. Change the memory\_limit
, post\_max\_size
, upload\_max\_filesize
and date.timezone
in accordance with your VPS instance.
[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/
directory from the apache
group to the h2o
group.
sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/
Create a directory where the PHP-FPM server logs will reside.
sudo mkdir /var/log/php-fpm/
Enable and start the PHP-FPM server.
sudo systemctl enable php56-php-fpm
sudo systemctl start php56-php-fpm
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a directory where the default index.php
will reside listed by the directory option file.dir
above in /var/www/www.example.com
.
sudo mkdir /var/www/www.example.com
Create a default index.php
using the phpinfo
command to test PHP.
sudo nano /var/www/www.example.com/index.php
Copy and paste the text below in the new index.php
file.
<?php
phpinfo();
?>
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get the standard PHP info page.
Redirect http://www.example.com
To http://example.com
(Dynamic Page, PHP-FPM 7.1.x) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
file.dir: /var/www/example.com
redirect:
internal: YES
status: 307
url: /index.php
"www.example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "http://example.com/"
file.custom-handler:
extension: .php
fastcgi.connect:
port: /run/php-fpm-7.1.sock
type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y
Navigate to the /etc/opt/remi/php71/
directory.
cd /etc/opt/remi/php71/
Rename the default php-fpm.conf
to php-fpm.conf.original
.
sudo mv php-fpm.conf php-fpm.conf.original
Create a new php-fpm.conf
file.
sudo nano php-fpm.conf
Copy and paste the following text into the php-fpm.conf
file.
include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s
Rename the default www.conf
file in the php-fpm.d
directory.
sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original
Create a new www.conf
file.
sudo nano php-fpm.d/www.conf
Copy and paste the text below into the www.conf
file. Change your pm.max\_children
to match the number of CPUs in accordance with your VPS instance.
[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o
Rename the default php.ini
file.
sudo mv php.ini php.ini.original
Create a new php.ini
file.
sudo nano php.ini
Copy and paste the text below into the new php.ini file
. Change the memory\_limit
, post\_max\_size
, upload\_max\_filesize
and date.timezone
in accordance with your VPS instance.
[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/var/opt/remi/php71/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
Change the group ownership for the /var/opt/remi/php71/lib/php/session/
directory from the apache
group to the h2o
group.
sudo chown root.h2o /var/opt/remi/php71/lib/php/session/
Create a directory where the PHP-FPM server logs will reside.
sudo mkdir /var/log/php-fpm/
Enable and start the PHP-FPM server.
sudo systemctl enable php71-php-fpm
sudo systemctl start php71-php-fpm
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a directory where the default index.php
will reside listed by the directory option file.dir
above in /var/www/example.com
.
sudo mkdir /var/www/example.com
Create a default index.php
using the phpinfo
command to test PHP.
sudo nano /var/www/example.com/index.php
Copy and paste the text below in the new index.php
file.
<?php
phpinfo();
?>
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get the standard PHP info page.
Redirect http://example.com
To http://www.example.com
(Dynamic Page, PHP-FPM 7.1.x) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "http://www.example.com/"
"www.example.com:80":
listen:
port: 80
paths:
"/":
file.dir: /var/www/www.example.com
redirect:
internal: YES
status: 307
url: /index.php
file.custom-handler:
extension: .php
fastcgi.connect:
port: /run/php-fpm-7.1.sock
type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y
Navigate to the /etc/opt/remi/php71/
directory.
cd /etc/opt/remi/php71/
Rename the default php-fpm.conf
to php-fpm.conf.original
.
sudo mv php-fpm.conf php-fpm.conf.original
Create a new php-fpm.conf
file.
sudo nano php-fpm.conf
Copy and paste the text below into the php-fpm.conf
file.
include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s
Rename the default www.conf
file in the php-fpm.d
directory.
sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original
Create a new www.conf
file.
sudo nano php-fpm.d/www.conf
Copy and paste the following text into the www.conf
file. Change your pm.max\_children
to match the number of CPUs in accordance with your VPS instance.
[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o
Rename the default php.ini
file.
sudo mv php.ini php.ini.original
Create a new php.ini
file.
sudo nano php.ini
Copy and paste the following text into the new php.ini file
. Change the memory\_limit
, post\_max\_size
, upload\_max\_filesize
and date.timezone
in accordance with your VPS instance.
[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/var/opt/remi/php71/lib/php/session"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
Change the group ownership for the /var/opt/remi/php71/lib/php/session/
directory from the apache
group to the h2o
group.
sudo chown root.h2o /var/opt/remi/php71/lib/php/session/
Create a directory where the PHP-FPM server logs will reside.
sudo mkdir /var/log/php-fpm/
Enable and start the PHP-FPM server.
sudo systemctl enable php71-php-fpm
sudo systemctl start php71-php-fpm
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a directory where the default index.php
will reside listed by the directory option file.dir
above in /var/www/example.com
.
sudo mkdir /var/www/www.example.com
Create a default index.php
using the phpinfo
command to test PHP.
sudo nano /var/www/www.example.com/index.php
Copy and paste the text below in the new index.php
file.
<?php
phpinfo();
?>
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get the standard PHP info page.
Redirect http://example.com
, http://www.example.com
, and https://www.example.com
to https://example.com
(Static HTML Pages, No PHP) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://example.com/"
"www.example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://www.example.com/"
"example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
file.dir: /var/www/example.com
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
"www.example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
redirect:
status: 301
url: "https://example.com/"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
Create a custom directory to store the default SSL options for all websites that use SSL.
sudo mkdir conf.d
Create a new ssl.conf
file.
sudo nano conf.d/ssl.conf
Copy and paste the following text into the ssl.conf
file.
cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem
Make a directory to store the dhparam_2048.pem
file that will be regenerated daily via a cronjob.
sudo mkdir /etc/ssl/h2o/
Create a new regenerate_dhparam
file.
sudo nano /etc/cron.daily/regenerate_dhparam
Copy and paste the following text into the regenerate_dhparam
file.
#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done
Make the bash file just created executable.
sudo chmod +x /etc/cron.daily/regenerate_dhparam
Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.
sudo /etc/cron.daily/regenerate_dhparam
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a default index.html
using the template in /var/www/html
to the directory option file.dir
listed above in /var/www/example.com
.
sudo cp -var /var/www/html /var/www/example.com
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get this message.
Welcome to H2O - an optimized HTTP server
It works!
Redirect http://example.com
, http://www.example.com
, and https://example.com
to https://www.example.com
(Static HTML Pages, No PHP) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://example.com/"
"www.example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://www.example.com/"
"example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
redirect:
status: 301
url: "https://www.example.com/"
"www.example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
file.dir: /var/www/www.example.com
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
Create a custom directory to store the default SSL options for all websites that use SSL.
sudo mkdir conf.d
Create a new ssl.conf
file.
sudo nano conf.d/ssl.conf
Copy and paste the following text into the ssl.conf
file.
cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem
Make a directory to store the dhparam_2048.pem
file that will be regenerated daily via a cronjob.
sudo mkdir /etc/ssl/h2o/
Create a new regenerate_dhparam
file.
sudo nano /etc/cron.daily/regenerate_dhparam
Copy and paste the following text inside of the regenerate_dhparam
file.
#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done
Make the bash file just created executable.
sudo chmod +x /etc/cron.daily/regenerate_dhparam
Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.
sudo /etc/cron.daily/regenerate_dhparam
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a default index.html
using the template in /var/www/html
to the directory option file.dir
listed above in /var/www/www.example.com
.
sudo cp -var /var/www/html /var/www/www.example.com
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get this message.
Welcome to H2O - an optimized HTTP server
It works!
Redirect http://example.com
, http://www.example.com
, and https://www.example.com
to https://example.com
(Dynamic Page, PHP-FPM 5.6.x) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://example.com/"
"www.example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://www.example.com/"
"example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
file.dir: /var/www/example.com
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
redirect:
internal: YES
status: 307
url: /index.php
"www.example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
redirect:
status: 301
url: "https://example.com/"
file.custom-handler:
extension: .php
fastcgi.connect:
port: /run/php-fpm-5.6.sock
type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
Create a custom directory to store the default SSL options for all websites that use SSL.
sudo mkdir conf.d
Create a new ssl.conf
file.
sudo nano conf.d/ssl.conf
Copy and paste the text below into the ssl.conf
file.
cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem
Make a directory to store the dhparam_2048.pem
file that will be regenerated daily via a cronjob.
sudo mkdir /etc/ssl/h2o/
Create a new regenerate_dhparam
file.
sudo nano /etc/cron.daily/regenerate_dhparam
Copy and paste the following text inside of the regenerate_dhparam
file.
#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done
Make the bash file just created executable.
sudo chmod +x /etc/cron.daily/regenerate_dhparam
Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.
sudo /etc/cron.daily/regenerate_dhparam
In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y
Navigate to the /opt/remi/php56/root/etc/
directory.
cd /opt/remi/php56/root/etc/
Rename the default php-fpm.conf
to php-fpm.conf.original
.
sudo mv php-fpm.conf php-fpm.conf.original
Create a new php-fpm.conf
file.
sudo nano php-fpm.conf
Copy and paste the following text into the php-fpm.conf
file.
include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s
Rename the default www.conf
file in the php-fpm.d
directory.
sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original
Create a new www.conf
file.
sudo nano php-fpm.d/www.conf
Copy and paste the text below into the www.conf
file. Change your pm.max\_children
to match the number of CPUs in accordance with your VPS instance.
[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o
Rename the default php.ini
file.
sudo mv php.ini php.ini.original
Create a new php.ini
file.
sudo nano php.ini
Copy and paste the text below into the new php.ini file
. Change the memory\_limit
, post\_max\_size
, upload\_max\_filesize
and date.timezone
in accordance with your VPS instance.
[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/
directory from the apache
group to the h2o
group.
sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/
Create a directory where the PHP-FPM server logs will reside.
sudo mkdir /var/log/php-fpm/
Enable and start the PHP-FPM server.
sudo systemctl enable php56-php-fpm
sudo systemctl start php56-php-fpm
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a directory where the default index.php
will reside listed by the directory option file.dir
above in /var/www/example.com
.
sudo mkdir /var/www/example.com
Create a default index.php
using the phpinfo
command to test PHP.
sudo nano /var/www/example.com/index.php
Copy and paste the text below in the new index.php
file.
<?php
phpinfo();
?>
Now, open your browser and enter the server domain name (example.com
or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get the standard PHP info page.
Redirect http://example.com
, http://www.example.com
, and https://example.com
to https://www.example.com
(Dynamic Page, PHP-FPM 5.6.x) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://example.com/"
"www.example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://www.example.com/"
"example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
redirect:
status: 301
url: "https://www.example.com/"
"www.example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
file.dir: /var/www/www.example.com
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
redirect:
internal: YES
status: 307
url: /index.php
file.custom-handler:
extension: .php
fastcgi.connect:
port: /run/php-fpm-5.6.sock
type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
Create a custom directory to store the default SSL options for all websites that use SSL.
sudo mkdir conf.d
Create a new ssl.conf
file.
sudo nano conf.d/ssl.conf
Copy and paste the text below into the ssl.conf
file.
cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem
Make a directory to store the dhparam_2048.pem
file that will be regenerated daily via a cronjob.
sudo mkdir /etc/ssl/h2o/
Create a new regenerate_dhparam
file.
sudo nano /etc/cron.daily/regenerate_dhparam
Copy and paste the following text inside of the regenerate_dhparam
file.
#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done
Make the bash file just created executable.
sudo chmod +x /etc/cron.daily/regenerate_dhparam
Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.
sudo /etc/cron.daily/regenerate_dhparam
In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y
Navigate to the /opt/remi/php56/root/etc/
directory.
cd /opt/remi/php56/root/etc/
Rename the default php-fpm.conf
to php-fpm.conf.original
.
sudo mv php-fpm.conf php-fpm.conf.original
Create a new php-fpm.conf
file.
sudo nano php-fpm.conf
Copy and paste the text below into the php-fpm.conf
file.
include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s
Rename the default www.conf
file in the php-fpm.d
directory.
sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original
Create a new www.conf
file.
sudo nano php-fpm.d/www.conf
Copy and paste the text below into the www.conf
file. Change your pm.max\_children
to match the number of CPUs in accordance with your VPS instance.
[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o
Rename the default php.ini
file.
sudo mv php.ini php.ini.original
Create a new php.ini
file.
sudo nano php.ini
Copy and paste the following text into the new php.ini file
. Change the memory\_limit
, post\_max\_size
, upload\_max\_filesize
and date.timezone
in accordance with your VPS instance.
[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/
directory from the apache
group to the h2o
group.
sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/
Create a directory where the PHP-FPM server logs will reside.
sudo mkdir /var/log/php-fpm/
Enable and start the PHP-FPM server.
sudo systemctl enable php56-php-fpm
sudo systemctl start php56-php-fpm
Enable and start the H2O server.
sudo systemctl enable h2o
sudo systemctl start h2o
Create a directory where the default index.php
will reside listed by the directory option file.dir
above in /var/www/www.example.com
.
sudo mkdir /var/www/www.example.com
Create a default index.php
using the phpinfo
command to test PHP.
sudo nano /var/www/www.example.com/index.php
Copy and paste the text below in the new index.php
file.
<?php
phpinfo();
?>
Now, open your browser and enter the server domain name (example.com or www.example.com
) for your instance. Are you getting an Unable to connect
or a This site can’t be reached
message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
Refresh the page in your browser (F5
) and you will get the standard PHP info page.
Redirect http://example.com
, http://www.example.com
, and https://www.example.com
to https://example.com
(Dynamic Page, PHP-FPM 7.1.x) Configuration
Navigate to the /etc/h2o/
directory.
cd /etc/h2o/
Rename the default h2o.conf
to h2o.conf.original
.
sudo mv h2o.conf h2o.conf.original
Create a new h2o.conf
file.
sudo nano h2o.conf
Copy and paste the text below into the h2o.conf
file.
access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
"example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://example.com/"
"www.example.com:80":
listen:
port: 80
paths:
"/":
redirect:
status: 301
url: "https://www.example.com/"
"example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
file.dir: /var/www/example.com
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
redirect:
internal: YES
status: 307
url: /index.php
"www.example.com:443":
listen:
port: 443
ssl:
<<: !file /etc/h2o/conf.d/ssl.conf
certificate-file: /location/of/certificate/file/fullchain.ext
key-file: /location/of/private/key/file/privkey.ext
paths:
"/":
header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
redirect:
status: 301
url: "https://example.com/"
file.custom-handler:
extension: .php
fastcgi.connect:
port: /run/php-fpm-7.1.sock
type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
HTTP_PROXY: ""
user: h2o
Create a custom directory to store the default SSL options for all websites that use SSL.
sudo mkdir conf.d
Create a new ssl.conf
file.
sudo nano conf.d/ssl.conf
Copy and paste the text below into the ssl.conf
file.
cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem
Make a directory to store the dhparam_2048.pem
file that will be regenerated daily via a cronjob.
sudo mkdir /etc/ssl/h2o/
Create a new regenerate_dhparam
file.
sudo nano /etc/cron.daily/regenerate_dhparam
Copy and paste the following text inside of the regenerate_dhparam
file.
#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done
Make the bash file just created executable.
sudo chmod +x /etc/cron.daily/regenerate_dhparam
Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.
sudo /etc/cron.daily/regenerate_dhparam
In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y
Navigate to the /etc/opt/remi/php71/
directory.
cd /etc/opt/remi/php71/
Rename the default php-fpm.conf
to php-fpm.conf.original
.
sudo mv php-fpm.conf php-fpm.conf.original
Create a new php-fpm.conf
file.
sudo nano php-fpm.conf
Copy and paste the text below into the php-fpm.conf
file.
include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s
Rename the default www.conf
file in the php-fpm.d
directory.
sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original
Create a new www.conf
file.
sudo nano php-fpm.d/www.conf
Copy and paste the following text into the www.conf
file. Change your pm.max\_children
to match the number of CPUs in accordance with your VPS instance.
[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o
Rename the default php.ini
file.
sudo mv php.ini php.ini.original
Create a new php.ini
file.
sudo nano php.ini
Copy and paste the following text below into the new php.ini file
. Change the memory\_limit
, post\_max\_size
, upload\_max\_filesize
and date.timezone
in accordance with your VPS instance.
Was this answer helpful?