How to Enable HTTP/2 in Apache Web Server

Hypertext Transfer Protocol Version 2 (HTTP/2) is the latest version of the HTTP protocol, published as an IETF standard in RFC 7540 in 2015. The focus of the protocol is on performance; specifically, end-user perceived latency, network and server resource usage. One major goal is to allow the use of a single connection from browsers to a Web site. The protocol is backward compatible, so HTTP methods, status codes, and semantics are the same as for previous versions of the protocol. Apache has HTTP/2 support since version 2.4.17.  In this tutorial, I'm going to assume that you already have a working TLS configuration, and that you have required Apache version installed on your Linux distribution of choice, and that you know how to use Let's Encrypt, or you know how to issue a self-signed certificate.

This tutorial has been tested on Debian 9, Debian 10 and Ubuntu 18.04 LTS.

Prerequisites

To enable HTTP/2 in Apache you will need to fulfill the following requirements:

  • First, you need to enable HTTPS on your server. All major browsers allow using of HTTP/2 only over HTTPS. AlsoTLS protocol version >= 1.2 with modern cipher suites is required.
  • Next, ensure that you are running Apache 2.4.17 or above because HTTP/2 is supported from this version and upwards.
  • Also, ensure that your client/browser actually supports HTTP/2.

Disable the mod_php module

Before we can switch the Apache MPM module in the next step to mpm_event, we will have to disable the old mod_php mode and replace it with the more modern PHP-FPM mode. The commands differ for each Operating system version, please use the ones that match your installed system.

Debian 9

sudo apt-get install php7.0-fpm
sudo a2dismod php7.0
sudo a2enconf php7.0-fpm
sudo a2enmod proxy_fcgi

Debian 10

sudo apt-get install php7.3-fpm
sudo a2dismod php7.3
sudo a2enconf php7.3-fpm
sudo a2enmod proxy_fcgi

Ubuntu 18.04 LTS

sudo apt-get install php7.2-fpm
sudo a2dismod php7.2
sudo a2enconf php7.2-fpm
sudo a2enmod proxy_fcgi

Enable an Apache MPM that is compatible with HTTP/2

By default, Apache will use the prefork MPM. This MPM is not compatible with HTTP/2, so we will have to replace it with the more modern mpm_event module.

First, we disable mpm_prefork module:

sudo a2dismod mpm_prefork

Then we enable the mpm_event module:

sudo a2enmod mpm_event

Enable HTTP/2 support in Apache

To get HTTP/2 working on Apache you need to enable and load SSL and HTTP/2 modules. To do so, you may run the following in your terminal:

sudo a2enmod ssl

and then

sudo a2enmod http2

To activate these new modules, you need to run:

sudo systemctl restart apache2

After enabling and loading necessary Apache modules, navigate to your Apache configuration directory and edit Apache configuration.

To enable HTTP/2 on your Apache web server add one of the following to your global Apache configuration or inside of a particular virtual host.

Protocols h2 http/1.1

Here is the minimal virtual server configuration that can be used to enable HTTP/2 in some virtual host:

<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/public_html/example.com
SSLEngine on
SSLCertificateKeyFile /path/to/private.pem
SSLCertificateFile /path/to/cert.pem
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
Protocols h2 http/1.1
</
VirtualHost>

To check if your server supports HTTP/2, you can use your browser dev tools. The below are screenshots from Google Chrome and Apple Safari browsers that show HTTP/2 in action on https://example.com domain.

Chrome

HTTP/2 in Chrome Browser

Safari

HTTP/2 in Safari Browser

Share this page:

Suggested articles

7 Comment(s)

Add comment

Comments

By: Daniel at: 2018-12-27 18:34:47

Important information missing. The default MPM prefork module is not sufficient and will lead to error message:

"AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do."

One needs to install an MPM like mpm_event that is multithreaded. And this again causes mod_php to not work safely anymore, as it is not thread-safe. So if you run PHP, and most people will do, you need to run PHP through php-fpm and that means having another additinal daemon running on the server.

All of this is no big issue, but needs to be mentioned or people will be misled.

By: Onion Geex at: 2019-01-02 08:43:44

This is exactly what i am facing! Great Work Daniel!

By: Onion Geex at: 2019-01-02 19:53:20

I finally found definitve solution. (refer https://http2.pro/doc/Apache )

Here is direct Ctrl+C and Ctrl+V | I am lazy ;) |

Apache 2.4.27, HTTP/2 not supported in prefork

Starting from Apache 2.4.27, the Apache MPM (Multi-Processing Module) prefork no longer supports HTTP/2. This will be indicated in your Apache error log as follows:

AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.

To fix this, select a different MPM: event or worker. We highly recommend you to use the event prefork. If you are using PHP, it is likely that PHP is integrated to Apache via the mod_php module, which requires the prefork MPM. If you switch out from preform MPM, you will need to use PHP as FastCGI. To switch to php-fpm, you can do as folllwing. Please note that this assumes you have PHP installed from ondrej/php repository on Ubuntu. The PHP package names could be different in other repositories. Change package name and apt-get commands to match your PHP vendor and package manager. 

apachectl stop apt-get install php7.1-fpm # Install the php-fpm from your PHP repository. This package name depends on the vendor. a2enmod proxy_fcgi setenvif a2enconf php7.1-fpm # Again, this depends on your PHP vendor. a2dismod php7.1 # This disables mod_php. a2dismod mpm_prefork # This disables the prefork MPM. Only one MPM can run at a time. a2enmod mpm_event # Enable event MPM. You could also enable mpm_worker. apachectl start HTTP/2 not enabled on older TLS versions

Mozilla Firefox (among other browsers) does not enable HTTP/2 protocol unless the connection is made over TLS 1.2 and using modern cipher suits. This is not a technical limitation, but rather a safety precaution. Make sure your that your site supports TLS 1.2, and modern cipher suits with AES/CHACHA20 with forward-secrecy key exchanges. In turn, Apache does not try to establish an HTTP/2 connection with connections over older cipher configurations either. you can force Apache attempt HTTP/2 upgrade with the following directive, but it will not be as effective because browsers do not support HTTP/2 from their end anyway.

H2ModernTLSOnly off

By: Jamseer at: 2019-09-04 11:17:53

Could not change  HTTP/1.1  to HTTP/2.0 

By: ArsN at: 2020-03-29 21:44:11

Hello! I folowed this tutorial to enable http2 on my website , however if I check with online tools it still says I am not using http2 ? I restarted apache2 after configuring everything. Any ideas?

By: Antonio at: 2020-05-06 14:18:38

What happen if a browser force to get a http/1.1 request in a http/2 server? The webpage will not be display. What is the solution?

By: patfoo at: 2020-07-28 21:41:05

this tutorial worked for me on debian 10 using ispconfig control panel Version: 3.1.15p3.I did not edit the vhost file or other apache2 config file.I did enable spdy/http2 in the ispconfig admin panel unde Server Config>Web>SSL Makes SPDY/HTTP2 available check. And then enable in the website at the bottom of the ssl tab (in the client dashboard in my case).I rebooted the server and then it worked.