- Based on https://gist.github.com/GAS85/990b46a3a9c2a16c0ece4e48ebce7300
- This totorial is for an older Ubuntu 18.04, for a Ubuntu 20.04 please read here --> https://gist.github.com/GAS85/38eb5954a27d64ae9ac17d01bfe9898c
- A self-managed VPS or dedicated server with Ubuntu 18.04 running Apache 2.4.xx.
- A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.
HTTP/2 was integrated with Apache 2.4.17 version by enabling modhttp2 module also Curl 7.43.0 added support for HTTP/2. Almost, all the web browser started supporting HTTP/2 such as Chrome, Opera, Firefox, Internet Explorer 11 & Safari. As of November 2015 2.3% of the top 10 million websites supported HTTP/2. The HTTP/2 protocol was created as a more advanced version of HTTP. It allows you to speed up the site and reduce the load on the web server and communication channel. All this leads to a reduction in costs and even an increase in the site’s position in search engines. To use HTTP/2, it’s necessary to switch from the default prefork implementation to the Apache event or worker MPM. The Gentoo Wiki provides additional details here. With nghttp2 installed, let’s switch to the Apache event MPM and add http2 to the list of Apache modules we want to build. Next up you need to enable HTTP/2. This involved adding the following line to your apache config: LoadModule http2module modules/modhttp2.so. You also might want to add some debug for this module: http2module LogLevel http2:info And finally, turn on the HTTP/2 protocol: #Enable HTTP/2 support Protocols h2 http/1.1. Apache - http/2 enabled but still using http/1.1. HTTP/2 not enabled on a configured Apache 2.4.38 web server. Unable to use http2 h2c on apache2.
Step 1: Install Apache2
Per default it will be apache2 version 2.4.29 what is enought for http2 support.
Step 2: Tell Apache to use PHP FastCGI
You want to make Apache use a compatible PHP implementation by changing mod_php to php-fpm (PHP FastCGI). If your website or app breaks on FastCGI, you can always revert back to mod_php until further troubleshooting.
Install PHP FastCGI module for PHP 7.2, it is default version for Ubuntu 18.04
Enable required modules, proxy_fcgi and setenvif:
Disable the mod_php module:
Step 3: Change MPM from 'prefork' to 'event'
Since the default 'prefork' MPM (Multi-Processing Module) is not fully compatible with HTTP/2, you’ll need to change Apache’s current MPM to 'event' (or 'worker'). This is shown by the error message in Apache versions greater than 2.4.27 as – AH10034: The mpm module (prefork.c) is not supported by mod_http2.
Keep in mind that your server requires more horsepower for HTTP/2 than for HTTP/1.1, due to the multiplexing feature and other factors. That said, smaller servers with low traffic may not see much difference in performance.
First, disable the 'prefork' MPM:
Enable the 'event' MPM:
Restart Apache2 and PHP 7.2:
Step 4: Add a line to your Virtual Host file
Add the following line to your site’s current Virtual Host config file. This can go anywhere between the ... tags. If you want to serve HTTP/2 for all your sites, add this to your global /etc/apache2/apache2.conf file instead of per each individual site’s Virtual Host file.
Explanation: h2 is TLS-encrypted HTTP/2, h2c is cleartext HTTP/2, and http/1.1 is ordinary HTTP/1.1.
Having http/1.1 at the end of the line provides a fallback to HTTP/1.1, while h2c is not strictly necessary.
Step 5: Enable the mod_http2 Apache module
Now you can enable the http2 module in Apache:
Check Apache2 config and if no errors, restart Apache:
Step 6 create http2.conf for entire Server HTTP2
Create a new http2.conf
and add all the following rows:
Enable the http2.conf by running
Check Apache2 config and if no errors, restart your Apache2
and enhance your ssl-vhost file (default-ssl.conf):
Amend in your configuration file:
P.S. All in one command (you still have to edit your VirtualHost and ssl config):
Last updated: 15 Feb 2018
2.4.17 introduced HTTP/2 support. If your server is running Apache version below this version, you need to upgrade Apache to the latest version first.
mod_http2module is rather new, but is finally marked stable. There have been multiple reported security vulnerabilities in 2016 and 2017. 1.
mod_http2module that comes with Apache versions prior to 2.4.26 are insecure. Please make sure to use Apache version 2.4.26 or later.
Depending on the server operating system, you may be able to download the compiled latest version.
You can either compile Apache yourself, or download compiled Windows binaries. We recommend Apache Lounge builds.
Ubuntu / Debain
Apache web server distributed in default software repositories of Ubuntu and Debian do not include
mod_http2 needed to enable HTTP/2 functionality. You will need to add a third-party package source with latest Apache version that also inludes
apachectl -vcommand will reveal your upgraded Apache version. This will be
CentOS / RHELBoth CentOS and RHEL default repositories come with Apache versions around
2.4.6. Apache official web sitehas information about building the latest Apache server.
Enable HTTP/2 moduleApache's HTTP/2 support comes from the
mod_http2module. Enable it from:If above commands do not work in your system (which is likely the case in CentOS/RHEL), use
httpdconfiguration directory to enable
Add HTTP/2 SupportWe highly recommend you enable HTTPS support for your web site first. Most web browser simply do not support HTTP/2 overplain text. Besides, there are no excuses to not use HTTPS anymore.HTTP/2 can be enabled site-by-site basis. Locate your web site's Apache virtual host configuration file, and add the followingright after the opening
<VirtualHost>tag:Overall, your configuration file should look something like this:After the changes, don't forget to reload/restart Apache.
Push resourcesApache supports HTTP/2 Push feature as well. After enabling Apache HTTP/2, you can add push support simply by settingHTTP
Linkheaders. You can emit them from either/both the Apache configuration file, or from your application.Above is an example header that would trigger Apache to push the
/assets/scripts.sccfiles. Refer to your application code on how to emit HTTP headers.If you would like to make Apache add these headers, you can do so like this, using the
mod_headersmodule.Above example demonstrates Apache configuration that sets 2
Linkheaders (you can have as many as you need).Supported browsers will decide to preload these resources if necessary.
Apache 2.4.27, HTTP/2 not supported in preforkStarting from Apache 2.4.27, the Apache MPM (Multi-Processing Module)
preforkno longer supports HTTP/2. This will be indicated in your Apache error log as follows:
Enable Https Apache2To fix this, select a different MPM:
Apache Http2 Serveror
worker. We highly recommend you to use the
If you are using PHP, it is likely that PHP is integrated to Apache via the
mod_phpmodule, which requires the
preforkMPM. If you switch out from
preformMPM, you will need to use PHP as
FastCGI. To switch to
php-fpm, you can do as folllwing. Please note that this assumes you have PHP installed from ondrej/php repository on Ubuntu. The PHP package names could be different in other repositories. Change package name and
apt-getcommands to match your PHP vendor and package manager.
HTTP/2 not enabled on older TLS versionsMozilla Firefox (among other browsers) does not enable HTTP/2 protocol unless the connection is made over TLS 1.2 andusing modern cipher suits. This is not a technical limitation, but rather a safety precaution. Make sure your that yoursite supports TLS 1.2, and modern cipher suits with AES/CHACHA20 with forward-secrecy key exchanges. In turn, Apachedoes not try to establish an HTTP/2 connection with connections over older cipher configurations either. you can forceApache attempt HTTP/2 upgrade with the following directive, but it will not be as effective because browsers do notsupport HTTP/2 from their end anyway.
HTTP 421: Misdirected Request errorsHTTP/2 is designed to make parralel requests to the server over the same session. If two connections use same TLScertificate and remote IP address, browsers will attempt to reuse an existing connection. Apache can correctly servesuch requests even if those requests belong to different Virtual Hosts. However, if you have different TLS configuration(protocol, client verification, or cipher suits), Apache will reject such requests with an HTTP 421: Misdirected Request error.To prevent this, make sure you keep same TLS settings for all Virtual Hosts that you serve a particular site in.
mod_http2-related security vulnerabilities are as follows.