-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat JBoss Core Services
Chapter 5. Enabling HTTP/2 for the JBoss Core Services HTTP Server
The Hypertext Transfer Protocols are standard methods of transmitting data between applications (such as servers and browsers) over the internet. HTTP/2 improves on HTTP/1.1 by providing enhancements such as:
- header compression - reducing the size of the header transmitted by omitting implied information, and
- multiple requests and responses over a single connection - using binary framing to break down response messages, as opposed to textual framing.
Using HTTP/2 with the Red Hat JBoss Core Services Apache HTTP Server:
-
is supported for encrypted connections using Transport Layer Security (TLS) (
SSLEnabled="true"
), indicated by theh2
keyword when enabled. -
is not supported for unencrypted connections using the Transmission Control Protocol (TCP) indicated by the
h2c
keyword when enabled.
HTTP/2 is not available for web servers using the Multi-Processing Module prefork modules/mod_mpm_prefork.so
Prerequisites
- Root user access (Red Hat Enterprise Linux and Solaris systems)
- Administrative access (Windows Server)
- Red Hat JBoss Core Services Apache HTTP Server 2.4.23 or higher
Modules required:
-
ssl_module
modules/mod_ssl.so
-
http2_module
modules/mod_http2.so
-
ssl_module
Procedure
Enable HTTP/2 for a Apache HTTP Server:
Add the http2_module to
HTTP_HOME/conf.modules.d/00-base.conf
:... LoadModule http2_module modules/mod_http2.so
Add the
h2
protocol inHTTP_HOME/conf/httpd.conf
.-
To enable HTTP/2 support for a virtual host, add the
h2
protocol to the virtual host configuration, To enable HTTP/2 support for all server connections, add the
h2
protocol to the 'Main' server configuration section ofhttpd.conf
.For example:
<IfModule http2_module> Protocols h2 http/1.1 ProtocolsHonorOrder on </IfModule>
-
To enable HTTP/2 support for a virtual host, add the
Update the Secure Socket Layer (SSL) configuration in
HTTP_HOME/conf.d/ssl.conf
.Ensure the
SSLEngine
directive is set to enabled (the SSL Engine is enabled by default):SSLEngine on
Update the
SSLProtocol
directive to disable theSSLv2
andSSLv3
protocols, forcing connections to use the Transport Layer Security (TLS) Protocols:SSLProtocol all -SSLv2 -SSLv3
Update the
SSLCipherSuite
directive to specify which SSL ciphers can with the Apache HTTP Server.For example:
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
NoteFor information on the SSL module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.
Restart the Red Hat JBoss Core Services Apache HTTP Server as the root user, to apply the changed configuration.
For SysV (Red Hat Enterprise Linux 6) users:
# service jbcs-httpd24-httpd restart
For systemd (Red Hat Enterprise Linux 7) users:
# systemctl restart jbcs-httpd24-httpd.service
For Red Hat Enterprise Linux users running Red Hat JBoss Core Services using apachectl:
# HTTP_HOME/sbin/apachectl restart
For Solaris users:
# HTTP_HOME/sbin/apachectl restart
For Windows Server users:
# net restart Apache2.4
Next Steps
Verify that HTTP/2 is enabled by reviewing the Apache HTTP Server logs or by using the curl
command:
Access the server from a browser or using
curl
, then check the SSL/TLS access or request logs (HTTP_HOME/logs/ssl_access_log
orHTTP_HOME/logs/ssl_access_log
) to verify that the connection is configured to support HTTP/2:$ grep 'HTTP/2' HTTP_HOME/logs/ssl_request_log [26/Apr/2018:06:44:45 +0000] 172.17.0.1 TLSv1.2 AES128-SHA "HEAD /html-single/index.html HTTP/2" - $ grep 'HTTP/2' HTTP_HOME/logs/ssl_access_log 172.17.0.1 - - [26/Apr/2018:06:44:45 +0000] "HEAD /html-single/index.html HTTP/2" 200 -
Or verify using
curl
(for versions ofcurl
that supportHTTP2
):NoteThe
curl
package provided with Red Hat Enterprise Linux 7 or earlier does not support HTTP/2. To checkcurl
for HTTP/2 support:$ curl -V curl 7.55.1 (x86_64-redhat-linux-gnu) ... Release-Date: 2017-08-14 Protocols: dict file ftp ftps gopher http https ... Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink PSL
For example, when the HTTP/2 protocol is inactive:
$ curl -I http://<JBCS_httpd_server>:80/<test.html> HTTP/1.1 200 ...
But if the HTTP/2 protocol is active,
curl
returns:$ curl -I https://<JBCS_httpd_server>:443/<test.html> HTTP/2 200 ...
Where:
-
<JBCS_httpd_server> is the URI of the server (such as
example.com
), - the port number is dependent on your configuration,
- <test.html> is any html page for testing the configuration (not provided), and
-
<JBCS_httpd_server> is the URI of the server (such as
Additional Resources
- For additional information on using HTTP/2, see: Apache HTTP Server Documentation Version 2.4 - How-To / Tutorials: HTTP/2 guide.
- For information on SSL configuration, see: Apache HTTP Server Documentation Version 2.4 - SSL/TLS Strong Encryption: How-To.
- For information on the HTTP/2 module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_http2.
- For information on the SSL module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.
- The proposed internet standard for HTTP/2: IETF: RFC 7540 - Hypertext Transfer Protocol Version 2 (HTTP/2).