How to Enable HTTP/2 in Apache Web Server

Hypertext Transfer Protocol Version 2 (HTTP/2) is the latest version of the HTTP protocol, published as an IETF standard in RFC 7540 in 2015. The focus of the protocol is on performance; specifically, end-user perceived latency, network and server resource usage. One major goal is to allow the use of a single connection from browsers to a Web site. The protocol is backward compatible, so HTTP methods, status codes, and semantics are the same as for previous versions of the protocol. Apache has HTTP/2 support since version 2.4.17.  In this tutorial, I'm going to assume that you already have a working TLS configuration, and that you have required Apache version installed on your Linux distribution of choice, and that you know how to use Let's Encrypt, or you know how to issue a self-signed certificate.

Prerequisites

To enable HTTP/2 in Apache you will need to fulfill the following requirements:

  • First, you need to enable HTTPS on your server. All major browsers allow using of HTTP/2 only over HTTPS. AlsoTLS protocol version >= 1.2 with modern cipher suites is required.
  • Next, ensure that you are running Apache 2.4.17 or above because HTTP/2 is supported from this version and upwards.
  • Also, ensure that your client/browser actually supports HTTP/2.

Enable HTTP/2 support in Apache

To get HTTP/2 working on Apache you need to enable and load SSL and HTTP/2 modules. To do so, you may run the following in your terminal:

sudo a2enmod ssl

and then

sudo a2enmod http2

To activate these new modules, you need to run:

sudo systemctl restart apache2

After enabling and loading necessary Apache modules, navigate to your Apache configuration directory and edit Apache configuration.

To enable HTTP/2 on your Apache web server add one of the following to your global Apache configuration or inside of a particular virtual host.

Protocols h2 http/1.1

Here is the minimal virtual server configuration that can be used to enable HTTP/2 in some virtual host:

<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/public_html/example.com
SSLEngine on
SSLCertificateKeyFile /path/to/private.pem
SSLCertificateFile /path/to/cert.pem
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
Protocols h2 http/1.1
</
VirtualHost>

To check if your server supports HTTP/2, you can use your browser dev tools. The below are screenshots from Google Chrome and Apple Safari browsers that show HTTP/2 in action on https://example.com domain.

Chrome

HTTP/2 in Chrome Browser

Safari

HTTP/2 in Safari Browser

Share this page:

Suggested articles

4 Comment(s)

Add comment

Comments

By: Daniel at: 2018-12-27 18:34:47

Important information missing. The default MPM prefork module is not sufficient and will lead to error message:

"AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do."

One needs to install an MPM like mpm_event that is multithreaded. And this again causes mod_php to not work safely anymore, as it is not thread-safe. So if you run PHP, and most people will do, you need to run PHP through php-fpm and that means having another additinal daemon running on the server.

All of this is no big issue, but needs to be mentioned or people will be misled.

By: Onion Geex at: 2019-01-02 08:43:44

This is exactly what i am facing! Great Work Daniel!

By: Onion Geex at: 2019-01-02 19:53:20

I finally found definitve solution. (refer https://http2.pro/doc/Apache )

Here is direct Ctrl+C and Ctrl+V | I am lazy ;) |

Apache 2.4.27, HTTP/2 not supported in prefork

Starting from Apache 2.4.27, the Apache MPM (Multi-Processing Module) prefork no longer supports HTTP/2. This will be indicated in your Apache error log as follows:

AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.

To fix this, select a different MPM: event or worker. We highly recommend you to use the event prefork. If you are using PHP, it is likely that PHP is integrated to Apache via the mod_php module, which requires the prefork MPM. If you switch out from preform MPM, you will need to use PHP as FastCGI. To switch to php-fpm, you can do as folllwing. Please note that this assumes you have PHP installed from ondrej/php repository on Ubuntu. The PHP package names could be different in other repositories. Change package name and apt-get commands to match your PHP vendor and package manager. 

apachectl stop apt-get install php7.1-fpm # Install the php-fpm from your PHP repository. This package name depends on the vendor. a2enmod proxy_fcgi setenvif a2enconf php7.1-fpm # Again, this depends on your PHP vendor. a2dismod php7.1 # This disables mod_php. a2dismod mpm_prefork # This disables the prefork MPM. Only one MPM can run at a time. a2enmod mpm_event # Enable event MPM. You could also enable mpm_worker. apachectl start HTTP/2 not enabled on older TLS versions

Mozilla Firefox (among other browsers) does not enable HTTP/2 protocol unless the connection is made over TLS 1.2 and using modern cipher suits. This is not a technical limitation, but rather a safety precaution. Make sure your that your site supports TLS 1.2, and modern cipher suits with AES/CHACHA20 with forward-secrecy key exchanges. In turn, Apache does not try to establish an HTTP/2 connection with connections over older cipher configurations either. you can force Apache attempt HTTP/2 upgrade with the following directive, but it will not be as effective because browsers do not support HTTP/2 from their end anyway.

H2ModernTLSOnly off

By: Jamseer at: 2019-09-04 11:17:53

Could not change  HTTP/1.1  to HTTP/2.0