Last updated: 15 Feb 2018
HTTP/2 with Apache If you haven’t already converted your webserver to support HTTP2, it’s about time to get this process done. Enabling support for HTTP2 on your website and webserver is a very easy process. It shouldn’t take more than a few minutes and cause almost no down-time.
Apache version 2.4.17 introduced HTTP/2 support. If your server is running Apache version below this version, you need to upgrade Apache to the latest version first.
- Enable HTTP/2 support with Apache NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks.
- Summary This module provides HTTP/2 (RFC 7540) support for the Apache HTTP Server. This module relies on libnghttp2 to provide the core http/2 engine. You must enable HTTP/2 via Protocols in order to use the functionality described in this document.
Please note that the
mod_http2 module is rather new, but is finally marked stable. There have been multiple reported security vulnerabilities in 2016 and 2017. 1. mod_http2 module that comes with Apache versions prior to 2.4.26 are insecure. Please make sure to use Apache version 2.4.26 or later.Upgrade Apache
Depending on the server operating system, you may be able to download the compiled latest version.
Windows
You can either compile Apache yourself, or download compiled Windows binaries. We recommend Apache Lounge builds.
Ubuntu / Debain
Apache web server distributed in default software repositories of Ubuntu and Debian do not include mod_http2 needed to enable HTTP/2 functionality. You will need to add a third-party package source with latest Apache version that also inludes mod_http2.
apachectl -vcommand will reveal your upgraded Apache version. This will be 2.4.29 or later.CentOS / RHEL
Both CentOS and RHEL default repositories come with Apache versions around2.4.6. Apache official web sitehas information about building the latest Apache server.Enable HTTP/2 module
Apache's HTTP/2 support comes from themod_http2 module. Enable it from:If above commands do not work in your system (which is likely the case in CentOS/RHEL), use LoadModuledirective in httpd configuration directory to enable http2 module.Add HTTP/2 Support
We highly recommend you enable HTTPS support for your web site first. Most web browser simply do not support HTTP/2 overplain text. Besides, there are no excuses to not use HTTPS anymore.HTTP/2 can be enabled site-by-site basis. Locate your web site's Apache virtual host configuration file, and add the followingright after the opening<VirtualHost> tag:Overall, your configuration file should look something like this:After the changes, don't forget to reload/restart Apache.Push resources
Apache supports HTTP/2 Push feature as well. After enabling Apache HTTP/2, you can add push support simply by settingHTTPLink headers. You can emit them from either/both the Apache configuration file, or from your application.Above is an example header that would trigger Apache to push the /assets/styles.css and/assets/scripts.scc
files. Refer to your application code on how to emit HTTP headers.If you would like to make Apache add these headers, you can do so like this, using the mod_headers
module.Above example demonstrates Apache configuration that sets 2 
Link headers (you can have as many as you need).Supported browsers will decide to preload these resources if necessary.Troubleshooting
Apache 2.4.27, HTTP/2 not supported in prefork
Starting from Apache 2.4.27, the Apache MPM (Multi-Processing Module)prefork no longer supports HTTP/2. This will be indicated in your Apache error log as follows: AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
To fix this, select a different MPM:
event or worker. We highly recommend you to use the event prefork.If you are using PHP, it is likely that PHP is integrated to Apache via the
mod_php module, which requires the prefork MPM. If you switch out from preform MPM, you will need to use PHP as FastCGI. To switch to php-fpmHttp2 Apache Ubuntu 20.04
, you can do as folllwing. Please note that this assumes you have PHP installed from ondrej/php repository on Ubuntu. The PHP package names could be different in other repositories. Change package name andapt-get
commands to match your PHP vendor and package manager.HTTP/2 not enabled on older TLS versions
Mozilla Firefox (among other browsers) does not enable HTTP/2 protocol unless the connection is made over TLS 1.2 andusing modern cipher suits. This is not a technical limitation, but rather a safety precaution. Make sure your that yoursite supports TLS 1.2, and modern cipher suits with AES/CHACHA20 with forward-secrecy key exchanges. In turn, Apachedoes not try to establish an HTTP/2 connection with connections over older cipher configurations either. you can forceApache attempt HTTP/2 upgrade with the following directive, but it will not be as effective because browsers do notsupport HTTP/2 from their end anyway.HTTP 421: Misdirected Request errors
HTTP/2 is designed to make parralel requests to the server over the same session. If two connections use same TLScertificate and remote IP address, browsers will attempt to reuse an existing connection. Apache can correctly servesuch requests even if those requests belong to different Virtual Hosts. However, if you have different TLS configuration(protocol, client verification, or cipher suits), Apache will reject such requests with an HTTP 421: Misdirected Request error.To prevent this, make sure you keep same TLS settings for all Virtual Hosts that you serve a particular site in.Foot notes
Http2 Apache Debian
Reported mod_http2-related security vulnerabilities are as follows.