Understanding HTTP2
HTTP2 is supported by most of the most popular websites and is considered the current standard. It dramatically improves speed and latency due to optimizations in how data is transmitted. However, most of the changes are internal, and users do not have to make any adjustments. HTTP2 still uses the same fields, format, and status codes, and serves the same function as the original HTTP service. It continues to use Transmission Control Protocol (TCP) for the transport layer and supports all contemporary browsers, web servers, and proxies. A negotiation mechanism helps the client and server elect whether to use HTTP2 or fall back to HTTP/1.1. Most clients require data encryption whenever HTTP2 is used. This means HTTPS is the de facto standard in HTTP2.
A Summary of the HTTP2 on Apache Configuration Process
The following high-level steps are involved in configuring HTTP2 on Apache. The commands in this guide work on Ubuntu systems but are generally applicable to all Linux distributions.
Install Apache – Please click this link to see how to install Apache2.
Note
HTTP2 support requires Apache version 2.4.17 or higher.
Configure Apache to Support HTTP2
To enable HTTP2 support, enable some additional modules and configure the virtual server to allow the protocol.
- Disable the mpm_prefork module, which is not compatible with HTTP2. This module might already be disabled.
sudo a2dismod mpm_prefork
- Enable the mpm_event module.
sudo a2enmod mpm_event
- Enable the ssl module.
sudo a2enmod ssl
- Enable the http2 module to activate HTTP2 support.
sudo a2enmod http2
- Restart Apache to apply all the changes.
Sudo systemctl restart apache2
- Verify Apache is still active using the systemctl status command.
systemctl status apache2
Note
Earlier versions of Apache have a different file and directory structure. The main Apache .conf file might be located at /etc/httpd/httpd.conf, /etc/httpd/conf/httpd.conf, or /usr/local/apache2/apache2.conf.
- Edit this file and add the h2 and h2c protocols to the “Protocols” definition. Apache tries to negotiate the protocols in the order they are listed. Placing h2 first prioritizes HTTP2 over HTTP/1.1.
Add below line:
# To enable HTTP2 support
Protocols h2 h2c http/1.1
Verify HTTP2 Support is Enabled on Apache
To confirm Apache is using HTTP2, visit the website using any browser, and use the developer tools to inspect the incoming packets. The following instructions demonstrate this technique on Firefox. Each browser has its own method of inspecting incoming packets. Consult the browser’s documentation for more details.
- Visit the domain using Firefox.
- Open the Firefox Developer Tools. Select Tools followed by Browser Tools and then Web Developer Tools. This opens a new panel at the bottom of the browser.
- Select the Network tab, and reload the page again.
- This displays a list of several rows. Click on the row corresponding to the base domain. This reveals a new panel on the bottom right. The Headers tab appears by default.
2nd method to run curl command:
root@linux-server:/etc/apache2#
curl -vvk --http2 https://172.16.20.143
* Trying 172.16.20.143:443…
* Connected to 172.16.20.143 (172.16.20.143) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=IN; ST=Maharastra; L=Pune; O=Sanchitgurukul; OU=IT; CN=sanchitgurukul.com
* start date: Jan 14 13:01:05 2023 GMT
* expire date: Jan 14 13:01:05 2024 GMT
* issuer: C=IN; ST=Maharastra; L=Pune; O=Sanchitgurukul; OU=IT; CN=sanchitgurukul.com
* SSL certificate verify result: self-signed certificate (18), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x558adb9cb960)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: 172.16.20.143
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< last-modified: Sat, 14 Jan 2023 12:38:30 GMT
< etag: “ba-5f238a0a29de1”
< accept-ranges: bytes
< content-length: 186
< vary: Accept-Encoding
< content-type: text/html
< date: Sat, 14 Jan 2023 13:39:14 GMT
< server: Apache/2.4.52 (Ubuntu)
<
<!DOCTYPE html>
<html>
<body style=”background-color:MediumSeaGreen”>
<h1 style=”font-size:55px;”>Welcome to SanchitGurukul</h1>
<table style=”background-color:#33475b”>
</body>
</html>
* Connection #0 to host 172.16.20.143 left intact
root@linux-server:/etc/apache2#
HTTP2 is working, the Status reads OK and the version is HTTP2.
Leave a Reply