Installing Apache 2.4 on Centos 6 with HTTP2 support

Download, compile & install openssl 1.02 somewhere (eg /usr/local/openssl102)
IMPORTANT: config with -fPIC flag

./config --prefix=/usr/local/openssl102 -fPIC no-gost no-shared no-zlib && make && make install

Download compile & install nghttp2 (straightforward, I went for default path – to ensure it’s picked up by apache module create /etc/ with contents /usr/local/lib & run ldconfig unless this is already in your linker dirs).

Download and untar apache 2.4.17

Download and untar latest apr & apr-util,
unpack them into ./srclib/apr and ./srclib/apr-util inside apache distributrion (be sure the dir names
do not have version numbers; for example, the APR distribution must be under ./srclib/apr/)

Config & compile apache

# set prefix if you want, default will install to /usr/local/apache2
# add --with-lua if you have it installed for fun!
./configure --enable-http2 --enable-ssl --with-ssl=/usr/local/openssl102 --with-included-apr
make install

Configure apache to use http2.

To test your http2 server you might want a recent build of curl, download the latest and configure like so:

./configure --with-ssl=/usr/local/openss102 --prefix=/usr/local/curl --with-nghttp2=/usr/local

sqlpython 1.7.3

Customizable alternative to Oracle’s SQL*PLUS command-line interface

Source: sqlpython 1.7.3 : Python Package Index

Prerequisites to install:

  1. Ensure you have oracle client libraries & ORACLE_HOME set (run the environment script)
  2. Create /etc/ with contents of your lib directory (eg: /u01/app/oracle/product/11.2.0/xe/lib) and run ldconfig
  3. pip install cx-Oracle

Running ansible from a windows host

This is partly based on instructions from but uses a virtual environment and no checking out from Github / manually installing packages.

  1. Install Cygwin. Include following packages:
    • python
    • openssl / openssl-devel
    • python-crypto
    • python-openssl
    • openssh
  2. Install & configure pip, virtualenv & virtualenvwrapper as per
  3. Create a virtual environment for ansible with mkvirtualenv --system-site-packages ansi
  4. Install ansible inside your virtual environment with pip install ansible pyyaml jinja2

That’s it (remember to set ssh_args = -o ControlMaster=no  in ansible.cfg as cygwin doesn’t support it).

Improving Apache Clustered Performance

  1. Use Apache 2.4 (so if you use Centos / RHEL, use v7). This has lower memory requirements, stable Event MPM (see below) and far more functionality.
  2. If you terminate SSL at Apache, use a clustered cache to keep track of SSL sessions. Otherwise the SSL session establishment will have to be renegotiated every time you hop server (if you have sticky sessions at the load balancer, this may not be the case, but sticky sessions can be unreliable) and this is very expensive.
  3. Consider using nginx or the event MPM where you can (eg for static requests).
  4. Disable Etags (FileEtag None). As with SSL, you will get a new Etag every time you hop server (so sticky session caveat applies again) breaking the client side cacheing. Disabling Etags will drop back to Last-modified.


Blog spam from

Not sure why OVH allows one of its customers ( to blog spam

shell based SSL/TLS tester: is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some flaws. It’s designed to provide a clear output for a “is this good or bad” decision. It works for Linux and BSD out of the box – no need to install or configure something, no gems, CPAN, pip or the like.

If you use the Qualys online SSL checker a lot, you need to try this, it’s very fast if you are experimenting with SSL config options.

Source: shell based SSL/TLS tester: