Knowledgebase

H2O is a new generation HTTP server that has a great, fully featured HTTP/2 implementations of all the current web servers in use. With H2O as your web server, you can take advantage of the new features of the HTTP/2 specification, like latency optimization, server-push and server-side prioritization that can take advantage of modern browser features that are seldom talked about.

In this detailed tutorial, I will show you step by step how to get H2O running on your CentOS 7 x64 instance.

Prerequisites

• A CentOS 7 x64 server instance.
• A sudo user.
• An SSL certificate (optional)

Step 1: Update the system

Log in via SSH with the credentials found under your instance and update the system as follows.

sudo yum install epel-release -y
sudo yum clean all && sudo yum update -y

Step 2: Install H2O

In order to install H2O on CentOS 7, you must add the Bintray RPM repository to install the prebuilt H2O binaries. Use the Nano editor to create a custom repo.

sudo nano /etc/yum.repos.d/bintray-h2o-rpm.repo

Copy and paste the text below into the repo file.

[bintray-h2o-rpm]
name=bintray-h2o-rpm
baseurl=https://dl.bintray.com/tatsushid/h2o-rpm/centos/$releasever/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1

Next, install H2O.

sudo yum install h2o -y

Now that H2O is installed, but before you enable and start the service, a proper configuration is required and we need to create a specific user and group for H2O to run under. Create a group and user for H2O to run under named h2o.

sudo groupadd -g 101 h2o
sudo useradd -d /etc/h2o -g 101 -M -s /sbin/nologin -u 101 h2o

Step 3: Configuring The H2O Web Server

The following steps will give examples of configuration setups for various unencrypted, encrypted, static and dynamic server setups; as well as a combination of all four.

---

Redirect http://www.example.com To http://example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/example.com
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://example.com/"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a default index.html using the template in /var/www/html to the directory option file.dir listed above in /var/www/example.com.

sudo cp -var /var/www/html /var/www/example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Execute the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.

---

Welcome to H2O - an optimized HTTP server

It works!

---

Redirect http://example.com To http://www.example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the following text into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://www.example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/www.example.com
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a default index.html file using the template in /var/www/html to the directory option file.dir listed above in /var/www/www.example.com.

sudo cp -var /var/www/html /var/www/www.example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.

---

Welcome to H2O - an optimized HTTP server

It works!

---

Redirect http://www.example.com To http://example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the following text into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/example.com
        redirect:
          internal: YES
          status: 307
          url: /index.php
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://example.com/"
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-5.6.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm 
sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com To http://www.example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://www.example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/www.example.com
        redirect:
          internal: YES
          status: 307
          url: /index.php
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-5.6.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm 
sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/www.example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://www.example.com To http://example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/example.com
        redirect:
          internal: YES
          status: 307
          url: /index.php
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://example.com/"
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-7.1.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the following text into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/var/opt/remi/php71/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm 
sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com To http://www.example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://www.example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/www.example.com
        redirect:
          internal: YES
          status: 307
          url: /index.php
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-7.1.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/var/opt/remi/php71/lib/php/session"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm 
sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://example.com/"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the following text into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text into the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a default index.html using the template in /var/www/html to the directory option file.dir listed above in /var/www/example.com.

sudo cp -var /var/www/html /var/www/example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.

---

Welcome to H2O - an optimized HTTP server

It works!

---

Redirect http://example.com, http://www.example.com, and https://example.com to https://www.example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://www.example.com/"
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/www.example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the following text into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a default index.html using the template in /var/www/html to the directory option file.dir listed above in /var/www/www.example.com.

sudo cp -var /var/www/html /var/www/www.example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.

---

Welcome to H2O - an optimized HTTP server

It works!

---

Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          internal: YES
          status: 307
          url: /index.php
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://example.com/"
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-5.6.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the following text into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm 
sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com, http://www.example.com, and https://example.com to https://www.example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://www.example.com/"
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/www.example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          internal: YES
          status: 307
          url: /index.php
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-5.6.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm 
sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/www.example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          internal: YES
          status: 307
          url: /index.php
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://example.com/"
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-7.1.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

                    

            
Was this answer helpful?
            


                
                

                    
                        
                        Yes
                    
                    
                        
                        No