Install the H2O Web Server on CentOS 7


H2O is a new generation HTTP server that has a great, fully featured HTTP/2 implementations of all the current web servers in use. With H2O as your web server, you can take advantage of the new features of the HTTP/2 specification, like latency optimization, server-push and server-side prioritization that can take advantage of modern browser features that are seldom talked about.

In this detailed tutorial, I will show you step by step how to get H2O running on your CentOS 7 x64 instance.

Prerequisites

  • A CentOS 7 x64 server instance.
  • A sudo user.
  • An SSL certificate (optional)

Step 1: Update the system

Log in via SSH with the credentials found under your instance and update the system as follows.

sudo yum install epel-release -ysudo yum clean all && sudo yum update -y

Step 2: Install H2O

In order to install H2O on CentOS 7, you must add the Bintray RPM repository to install the prebuilt H2O binaries. Use the Nano editor to create a custom repo.

sudo nano /etc/yum.repos.d/bintray-h2o-rpm.repo

Copy and paste the text below into the repo file.

[bintray-h2o-rpm]name=bintray-h2o-rpmbaseurl=https://dl.bintray.com/tatsushid/h2o-rpm/centos/$releasever/$basearch/gpgcheck=0repo_gpgcheck=0enabled=1

Next, install H2O.

sudo yum install h2o -y

Now that H2O is installed, but before you enable and start the service, a proper configuration is required and we need to create a specific user and group for H2O to run under. Create a group and user for H2O to run under named h2o.

sudo groupadd -g 101 h2osudo useradd -d /etc/h2o -g 101 -M -s /sbin/nologin -u 101 h2o

Step 3: Configuring The H2O Web Server

The following steps will give examples of configuration setups for various unencrypted, encrypted, static and dynamic server setups; as well as a combination of all four.


Redirect http://www.example.com To http://example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.html' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        file.dir: /var/www/example.com  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "http://example.com/"pid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a default index.html using the template in /var/www/html to the directory option file.dir listed above in /var/www/example.com.

sudo cp -var /var/www/html /var/www/example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Execute the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.


Welcome to H2O - an optimized HTTP serverIt works!

Redirect http://example.com To http://www.example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the following text into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.html' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "http://www.example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        file.dir: /var/www/www.example.compid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a default index.html file using the template in /var/www/html to the directory option file.dir listed above in /var/www/www.example.com.

sudo cp -var /var/www/html /var/www/www.example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.


Welcome to H2O - an optimized HTTP serverIt works!

Redirect http://www.example.com To http://example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the following text into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.php' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        file.dir: /var/www/example.com        redirect:          internal: YES          status: 307          url: /index.php  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "http://example.com/"file.custom-handler:  extension: .php  fastcgi.connect:    port: /run/php-fpm-5.6.sock    type: unixpid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -ysudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf[global]daemonize = yesemergency_restart_threshold = 2emergency_restart_interval = 1merror_log = /var/log/php-fpm/php-fpm-5.6-error.logpid = /var/run/php-fpm-5.6.pidprocess_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max/_children to match the number of CPUs in accordance with your VPS instance.

[www]group = h2olisten = /var/run/php-fpm-5.6.socklisten.backlog = 65536listen.owner = h2olisten.group = h2opm = staticpm.max_children = 2pm.max_requests = 10240user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory/_limit, post/_max/_size, upload/_max/_filesize and date.timezone in accordance with your VPS instance.

[PHP]allow_url_fopen = Onalways_populate_raw_post_data = -1display_errors = Offerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICTexpose_php = Offlog_errors = Onmemory_limit = 256Moutput_buffering = 4096post_max_size = 64Mregister_argc_argv = Offrequest_order = "GP"upload_max_filesize = 64Mvariables_order = "GPCS"[Date]date.timezone = America/New_York[Session]session.cache_limiter =session.gc_divisor = 1000session.hash_bits_per_character = 5session.save_handler = filessession.save_path = "/opt/remi/php56/root/var/lib/php/session/"url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?phpphpinfo();?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.


Redirect http://example.com To http://www.example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.php' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "http://www.example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        file.dir: /var/www/www.example.com        redirect:          internal: YES          status: 307          url: /index.phpfile.custom-handler:  extension: .php  fastcgi.connect:    port: /run/php-fpm-5.6.sock    type: unixpid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -ysudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf[global]daemonize = yesemergency_restart_threshold = 2emergency_restart_interval = 1merror_log = /var/log/php-fpm/php-fpm-5.6-error.logpid = /var/run/php-fpm-5.6.pidprocess_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max/_children to match the number of CPUs in accordance with your VPS instance.

[www]group = h2olisten = /var/run/php-fpm-5.6.socklisten.backlog = 65536listen.owner = h2olisten.group = h2opm = staticpm.max_children = 2pm.max_requests = 10240user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text below into the new php.ini file. Change the memory/_limit, post/_max/_size, upload/_max/_filesize and date.timezone in accordance with your VPS instance.

[PHP]allow_url_fopen = Onalways_populate_raw_post_data = -1display_errors = Offerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICTexpose_php = Offlog_errors = Onmemory_limit = 256Moutput_buffering = 4096post_max_size = 64Mregister_argc_argv = Offrequest_order = "GP"upload_max_filesize = 64Mvariables_order = "GPCS"[Date]date.timezone = America/New_York[Session]session.cache_limiter =session.gc_divisor = 1000session.hash_bits_per_character = 5session.save_handler = filessession.save_path = "/opt/remi/php56/root/var/lib/php/session/"url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/www.example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?phpphpinfo();?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.


Redirect http://www.example.com To http://example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.php' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        file.dir: /var/www/example.com        redirect:          internal: YES          status: 307          url: /index.php  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "http://example.com/"file.custom-handler:  extension: .php  fastcgi.connect:    port: /run/php-fpm-7.1.sock    type: unixpid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -ysudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the following text into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf[global]daemonize = yesemergency_restart_threshold = 2emergency_restart_interval = 1merror_log = /var/log/php-fpm/php-fpm-7.1-error.logpid = /var/run/php-fpm-7.1.pidprocess_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max/_children to match the number of CPUs in accordance with your VPS instance.

[www]group = h2olisten = /var/run/php-fpm-7.1.socklisten.backlog = 65536listen.owner = h2olisten.group = h2opm = staticpm.max_children = 2pm.max_requests = 10240user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory/_limit, post/_max/_size, upload/_max/_filesize and date.timezone in accordance with your VPS instance.

[PHP]allow_url_fopen = Onalways_populate_raw_post_data = -1display_errors = Offerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICTexpose_php = Offlog_errors = Onmemory_limit = 256Moutput_buffering = 4096post_max_size = 64Mregister_argc_argv = Offrequest_order = "GP"upload_max_filesize = 64Mvariables_order = "GPCS"[Date]date.timezone = America/New_York[Session]session.cache_limiter =session.gc_divisor = 1000session.hash_bits_per_character = 5session.save_handler = filessession.save_path = "/var/opt/remi/php71/lib/php/session/"url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?phpphpinfo();?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.


Redirect http://example.com To http://www.example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.php' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "http://www.example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        file.dir: /var/www/www.example.com        redirect:          internal: YES          status: 307          url: /index.phpfile.custom-handler:  extension: .php  fastcgi.connect:    port: /run/php-fpm-7.1.sock    type: unixpid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -ysudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf[global]daemonize = yesemergency_restart_threshold = 2emergency_restart_interval = 1merror_log = /var/log/php-fpm/php-fpm-7.1-error.logpid = /var/run/php-fpm-7.1.pidprocess_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max/_children to match the number of CPUs in accordance with your VPS instance.

[www]group = h2olisten = /var/run/php-fpm-7.1.socklisten.backlog = 65536listen.owner = h2olisten.group = h2opm = staticpm.max_children = 2pm.max_requests = 10240user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text into the new php.ini file. Change the memory/_limit, post/_max/_size, upload/_max/_filesize and date.timezone in accordance with your VPS instance.

[PHP]allow_url_fopen = Onalways_populate_raw_post_data = -1display_errors = Offerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICTexpose_php = Offlog_errors = Onmemory_limit = 256Moutput_buffering = 4096post_max_size = 64Mregister_argc_argv = Offrequest_order = "GP"upload_max_filesize = 64Mvariables_order = "GPCS"[Date]date.timezone = America/New_York[Session]session.cache_limiter =session.gc_divisor = 1000session.hash_bits_per_character = 5session.save_handler = filessession.save_path = "/var/opt/remi/php71/lib/php/session"url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?phpphpinfo();?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.


Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.html' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://www.example.com/"  "example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        file.dir: /var/www/example.com        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"  "www.example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          status: 301          url: "https://example.com/"pid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the following text into the ssl.conf file.

cipher-preference: servercipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text into the regenerate_dhparam file.

#!/bin/bashcd /etc/ssl/h2oumask 022for length in 2048doopenssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pemchmod 444 dhparam_$length.pemdone

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won’t start properly if it’s not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a default index.html using the template in /var/www/html to the directory option file.dir listed above in /var/www/example.com.

sudo cp -var /var/www/html /var/www/example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --permanent --zone=public --add-service=httpssudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.


Welcome to H2O - an optimized HTTP serverIt works!

Redirect http://example.com, http://www.example.com, and https://example.com to https://www.example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.html' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://www.example.com/"  "example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          status: 301          url: "https://www.example.com/"  "www.example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        file.dir: /var/www/www.example.com        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"pid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the following text into the ssl.conf file.

cipher-preference: servercipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bashcd /etc/ssl/h2oumask 022for length in 2048doopenssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pemchmod 444 dhparam_$length.pemdone

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won’t start properly if it’s not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a default index.html using the template in /var/www/html to the directory option file.dir listed above in /var/www/www.example.com.

sudo cp -var /var/www/html /var/www/www.example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --permanent --zone=public --add-service=httpssudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.


Welcome to H2O - an optimized HTTP serverIt works!

Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.php' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://www.example.com/"  "example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        file.dir: /var/www/example.com        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          internal: YES          status: 307          url: /index.php  "www.example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          status: 301          url: "https://example.com/"file.custom-handler:  extension: .php  fastcgi.connect:    port: /run/php-fpm-5.6.sock    type: unixpid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: servercipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bashcd /etc/ssl/h2oumask 022for length in 2048doopenssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pemchmod 444 dhparam_$length.pemdone

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won’t start properly if it’s not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -ysudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the following text into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf[global]daemonize = yesemergency_restart_threshold = 2emergency_restart_interval = 1merror_log = /var/log/php-fpm/php-fpm-5.6-error.logpid = /var/run/php-fpm-5.6.pidprocess_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max/_children to match the number of CPUs in accordance with your VPS instance.

[www]group = h2olisten = /var/run/php-fpm-5.6.socklisten.backlog = 65536listen.owner = h2olisten.group = h2opm = staticpm.max_children = 2pm.max_requests = 10240user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory/_limit, post/_max/_size, upload/_max/_filesize and date.timezone in accordance with your VPS instance.

[PHP]allow_url_fopen = Onalways_populate_raw_post_data = -1display_errors = Offerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICTexpose_php = Offlog_errors = Onmemory_limit = 256Moutput_buffering = 4096post_max_size = 64Mregister_argc_argv = Offrequest_order = "GP"upload_max_filesize = 64Mvariables_order = "GPCS"[Date]date.timezone = America/New_York[Session]session.cache_limiter =session.gc_divisor = 1000session.hash_bits_per_character = 5session.save_handler = filessession.save_path = "/opt/remi/php56/root/var/lib/php/session/"url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?phpphpinfo();?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --permanent --zone=public --add-service=httpssudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.


Redirect http://example.com, http://www.example.com, and https://example.com to https://www.example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.php' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://www.example.com/"  "example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          status: 301          url: "https://www.example.com/"  "www.example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        file.dir: /var/www/www.example.com        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          internal: YES          status: 307          url: /index.phpfile.custom-handler:  extension: .php  fastcgi.connect:    port: /run/php-fpm-5.6.sock    type: unixpid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: servercipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bashcd /etc/ssl/h2oumask 022for length in 2048doopenssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pemchmod 444 dhparam_$length.pemdone

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won’t start properly if it’s not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -ysudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf[global]daemonize = yesemergency_restart_threshold = 2emergency_restart_interval = 1merror_log = /var/log/php-fpm/php-fpm-5.6-error.logpid = /var/run/php-fpm-5.6.pidprocess_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max/_children to match the number of CPUs in accordance with your VPS instance.

[www]group = h2olisten = /var/run/php-fpm-5.6.socklisten.backlog = 65536listen.owner = h2olisten.group = h2opm = staticpm.max_children = 2pm.max_requests = 10240user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text into the new php.ini file. Change the memory/_limit, post/_max/_size, upload/_max/_filesize and date.timezone in accordance with your VPS instance.

[PHP]allow_url_fopen = Onalways_populate_raw_post_data = -1display_errors = Offerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICTexpose_php = Offlog_errors = Onmemory_limit = 256Moutput_buffering = 4096post_max_size = 64Mregister_argc_argv = Offrequest_order = "GP"upload_max_filesize = 64Mvariables_order = "GPCS"[Date]date.timezone = America/New_York[Session]session.cache_limiter =session.gc_divisor = 1000session.hash_bits_per_character = 5session.save_handler = filessession.save_path = "/opt/remi/php56/root/var/lib/php/session/"url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/www.example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?phpphpinfo();?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --permanent --zone=public --add-service=httpssudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.


Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.php' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://www.example.com/"  "example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        file.dir: /var/www/example.com        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          internal: YES          status: 307          url: /index.php  "www.example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          status: 301          url: "https://example.com/"file.custom-handler:  extension: .php  fastcgi.connect:    port: /run/php-fpm-7.1.sock    type: unixpid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: servercipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bashcd /etc/ssl/h2oumask 022for length in 2048doopenssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pemchmod 444 dhparam_$length.pemdone

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won’t start properly if it’s not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -ysudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf[global]daemonize = yesemergency_restart_threshold = 2emergency_restart_interval = 1merror_log = /var/log/php-fpm/php-fpm-7.1-error.logpid = /var/run/php-fpm-7.1.pidprocess_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max/_children to match the number of CPUs in accordance with your VPS instance.

[www]group = h2olisten = /var/run/php-fpm-7.1.socklisten.backlog = 65536listen.owner = h2olisten.group = h2opm = staticpm.max_children = 2pm.max_requests = 10240user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text below into the new php.ini file. Change the memory/_limit, post/_max/_size, upload/_max/_filesize and date.timezone in accordance with your VPS instance.

[PHP]allow_url_fopen = Onalways_populate_raw_post_data = -1display_errors = Offerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICTexpose_php = Offlog_errors = Onmemory_limit = 256Moutput_buffering = 4096post_max_size = 64Mregister_argc_argv = Offrequest_order = "GP"upload_max_filesize = 64Mvariables_order = "GPCS"[Date]date.timezone = America/New_York[Session]session.cache_limiter =session.gc_divisor = 1000session.hash_bits_per_character = 5session.save_handler = filessession.save_path = "/var/opt/remi/php71/lib/php/session/"url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?phpphpinfo();?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --permanent --zone=public --add-service=httpssudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.


Redirect http://example.com, http://www.example.com, and https://example.com to https://www.example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.logcompress: ONerror-log: /var/log/h2o/error.logexpires: 1 dayfile.index: [ 'index.php' ]hosts:  "example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://example.com/"  "www.example.com:80":    listen:      port: 80    paths:      "/":        redirect:          status: 301          url: "https://www.example.com/"  "example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          status: 301          url: "https://www.example.com/"  "www.example.com:443":    listen:      port: 443      ssl:        <<: !file /etc/h2o/conf.d/ssl.conf        certificate-file: /location/of/certificate/file/fullchain.ext        key-file: /location/of/private/key/file/privkey.ext    paths:      "/":        file.dir: /var/www/www.example.com        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"        redirect:          internal: YES          status: 307          url: /index.phpfile.custom-handler:  extension: .php  fastcgi.connect:    port: /run/php-fpm-7.1.sock    type: unixpid-file: /var/run/h2o/h2o.pidsend-server-name: OFFsetenv:  HTTP_PROXY: ""user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: servercipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bashcd /etc/ssl/h2oumask 022for length in 2048doopenssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pemchmod 444 dhparam_$length.pemdone

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won’t start properly if it’s not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -ysudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the following text into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf[global]daemonize = yesemergency_restart_threshold = 2emergency_restart_interval = 1merror_log = /var/log/php-fpm/php-fpm-7.1-error.logpid = /var/run/php-fpm-7.1.pidprocess_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max/_children to match the number of CPUs in accordance with your VPS instance.

[www]group = h2olisten = /var/run/php-fpm-7.1.socklisten.backlog = 65536listen.owner = h2olisten.group = h2opm = staticpm.max_children = 2pm.max_requests = 10240user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text below into the new php.ini file. Change the memory/_limit, post/_max/_size, upload/_max/_filesize and date.timezone in accordance with your VPS instance.

[PHP]allow_url_fopen = Onalways_populate_raw_post_data = -1display_errors = Offerror_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICTexpose_php = Offlog_errors = Onmemory_limit = 256Moutput_buffering = 4096post_max_size = 64Mregister_argc_argv = Offrequest_order = "GP"upload_max_filesize = 64Mvariables_order = "GPCS"[Date]date.timezone = America/New_York[Session]session.cache_limiter =session.gc_divisor = 1000session.hash_bits_per_character = 5session.save_handler = filessession.save_path = "/var/opt/remi/php71/lib/php/session"url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2osudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?phpphpinfo();?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS’s default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --permanent --zone=public --add-service=httpssudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.


This concludes my tutorial. Thanks for reading.

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article
Suggest an update
Request an article

No comments

Powered by Blogger.