HTTP2 with Apache

Discussion in 'ISPConfig 3 Priority Support' started by BobGeorge, Jan 29, 2018.

  1. BobGeorge

    BobGeorge Member HowtoForge Supporter

    I've upgraded Apache2 to a version that includes mod_http2. I've done "a2enmod http2" to enable it. I've added "Protocols h2 h2c http/1.1" to the Apache configuration.

    But Chromium still reports "http/1.1" as the protocol with the site I'm testing with, which does use HTTPS (though, as this is just me testing things before I go live, it's just a self-signed certificate, as I don't want to mess with any live domains only for testing - does that matter?).

    I'd like to get HTTP2 working server-wide but following the instructions I found online, it's just not working.

    (I have seen a thread where it's mentioned that ISPConfig's out-of-the-box support is scheduled for 3.2, which is good to know, but how does one do this the manual way, until that version lands?)
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Have you tried to add the protocols line in a https vhost file of a website manually and then restart apache? If that is working, then you can adjust the vhost master template and add it there.
  3. BobGeorge

    BobGeorge Member HowtoForge Supporter

    I think the problem lies with trying to do it with a self-signed certificate on my laptop, as I can see the "Upgrade: h2,h2c" headers are being sent by the server, but the browser is not honouring it on its end - likely because I've had the security warning on the self-signed certificate and waived it away. The browser refuses HTTP/2 on that which it regards as "insecure".

    I guess I'll come back to this puzzle later, once I've got it on the server properly with the real certificate to keep the browsers happy that everything's legit. But it's a bit of a pain that browsers do it this way, as I'd like to test - locally - that everything's 100% before putting anything live on the server.

    It's not vital to do it right now - I just wanted to see how HTTP/2 would affect the performance of the site I'm working on. I'll come back to this later (and if my suspicions are correct then simply using a real trusted certificate should fix it anyway).

Share This Page