Chapter 5. Enabling HTTP/2 for the JBoss Core Services Apache HTTP Server
The Hypertext Transfer Protocols (HTTP) are standard methods of transmitting data between applications, such as servers and browsers, over the internet. The Apache HTTP Server supports the use of HTTP/2 for encrypted connections that are using Transport Layer Security (TLS), which is indicated by the h2 keyword when enabled.
HTTP/2 improves on HTTP/1.1 by providing the following enhancements:
- Header compression omits implied information to reduce the size of the header that is transmitted.
- Multiple requests and responses over a single connection use binary framing rather than textual framing to break down response messages.
The Apache HTTP Server does not support the use of HTTP/2 for unencrypted connections that are using the Transmission Control Protocol (TCP), which is indicated by the h2c keyword when enabled.
HTTP/2 is not available for web servers that are using the Multi-Processing Module (MPM) pre-fork (modules/mod_mpm_prefork.so).
5.1. Prerequisites
- You have root user access on Red Hat Enterprise Linux.
- You have administrative access on Windows Server.
- You have installed Red Hat JBoss Core Services Apache HTTP Server 2.4.23 or later.
You have installed the SSL module (
modules/mod_ssl.so).If you need to install the SSL module, enter the following command:
yum install mod_ssl
You have installed the HTTP/2 module (
modules/mod_http2.so).If you need to install the HTTP/2 module, enter the following command:
yum install mod_http2
Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.
5.2. Enabling HTTP/2 for the Apache HTTP Server
You can enable HTTP/2 for the Apache HTTP Server by updating configuration file settings in the HTTP_HOME directory.
Procedure
To add the
http2_moduleto the configuration:-
Open the
HTTP_HOME/conf.modules.d/00-base.conffile. Enter the following line:
... LoadModule http2_module modules/mod_http2.so
-
Open the
To add the
h2protocol to the configuration:-
Open the
HTTP_HOME/conf/httpd.conffile. If you want to enable HTTP/2 support for a virtual host, add the
h2protocol to the virtual host configuration.Alternatively, if you want to enable HTTP/2 support for all server connections, add the
h2protocol to the main server configuration section.For example:
<IfModule http2_module> Protocols h2 http/1.1 ProtocolsHonorOrder on </IfModule>
-
Open the
To update the Secure Socket Layer (SSL) configuration:
-
Open the
HTTP_HOME/conf.d/ssl.conffile: Ensure the
SSLEnginedirective is set to enabled. The SSL Engine is enabled by default.SSLEngine on
Update the
SSLProtocoldirective to disable theSSLv2andSSLv3protocols. This forces connections to use the Transport Layer Security (TLS) Protocols.SSLProtocol all -SSLv2 -SSLv3
Update the
SSLCipherSuitedirective to specify which SSL ciphers can be used with the Apache HTTP Server.For example:
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSKNoteFor more information about the SSL module and the supported directives, see Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.
-
Open the
To restart the Red Hat JBoss Core Services Apache HTTP Server, and apply the changed configuration, perform one of the following steps as the root user:
If you want to use
systemdto start the Apache HTTP Server on Red Hat Enterprise Linux, enter the following command:# systemctl restart jbcs-httpd24-httpd.service
If you want to use
apachectlto start Red Hat JBoss Core Services on Red Hat Enterprise Linux, enter the following command:# HTTP_HOME/sbin/apachectl restartIf you want to start the Apache HTTP Server on Windows Server, enter the following command:
# net restart Apache2.4
Additional resources
- For more information about the HTTP/2 module and the supported directives, see Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_http2.
- For more information about the SSL module and the supported directives, see Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.
5.3. Viewing Apache HTTP Server logs to verify that HTTP/2 is enabled
You can view the Apache HTTP Server access log or request log to verify that HTTP/2 is enabled.
Prerequisites
- You have enabled HTTP/2.
Procedure
-
Access the server from a browser or by using the
curlcommand-line tool. To check the SSL/TLS request log, enter the following command:
$ grep 'HTTP/2' HTTP_HOME/logs/ssl_request_logTo check the SSL/TLS access log, enter the following command:
$ grep 'HTTP/2' HTTP_HOME/logs/ssl_access_log
Verification
If HTTP/2 is enabled, the
grep 'HTTP/2' HTTP_HOME/logs/ssl_request_logcommand produces the following type of output:[26/Apr/2018:06:44:45 +0000] 172.17.0.1 TLSv1.2 AES128-SHA "HEAD /html-single/index.html HTTP/2" -If HTTP/2 is enabled, the
grep 'HTTP/2' HTTP_HOME/logs/ssl_access_logcommand produces the following type of output:172.17.0.1 - - [26/Apr/2018:06:44:45 +0000] "HEAD /html-single/index.html HTTP/2" 200 -
5.4. Using the curl command to verify that HTTP/2 is enabled
You can use the curl command-line tool to verify that HTTP/2 is enabled.
The curl package that is provided with Red Hat Enterprise Linux 7 or earlier does not support HTTP/2.
Prerequisites
- You have enabled HTTP/2.
You are using a version of
curlthat supportsHTTP2.To check that you are using a version of
curlthat supports HTTP/2, enter the following command:$ curl -VThis command produces the following type of output:
curl 7.55.1 (x86_64-redhat-linux-gnu) ... Release-Date: 2017-08-14 Protocols: dict file ftp ftps gopher http https ... Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink PSL
Procedure
To check that the HTTP/2 protocol is active, enter the following command:
$ curl -I http://<JBCS_httpd_server>:<port>/<test.html>
NoteIn the preceding example, replace
<JBCS_httpd_server>with the URI of the server, such asexample.com, and replace<test.html>with any HTML file that you want to use to test the configuration. An example HTML test page is not provided. The port number is dependent on your configuration.
Verification
If the HTTP/2 protocol is active, the
curlcommand produces the following output:HTTP/2 200
Otherwise, if the HTTP/2 protocol is inactive, the
curlcommand produces the following output:HTTP/1.1 200
5.5. Additional resources (or Next steps)
- For more information about using HTTP/2, see Apache HTTP Server Documentation Version 2.4 - How-To / Tutorials: HTTP/2 guide.
- For information about SSL configuration, see Apache HTTP Server Documentation Version 2.4 - SSL/TLS Strong Encryption: How-To.
- For more information about the proposed internet standard for HTTP/2, see IETF: RFC 7540 - Hypertext Transfer Protocol Version 2 (HTTP/2).
Revised on 2023-01-04 15:04:40 UTC
