Chapter 6. Enabling HTTP/2 for the Red Hat JBoss Web Server

The Hypertext Transfer Protocols (HTTP) are standard methods of transmitting data between applications, such as servers and browsers, over the internet. JBoss Web Server supports the use of HTTP/2 for encrypted connections that are using Transport Layer Security (TLS), which is indicated by the h2 keyword when enabled.

HTTP/2 improves on HTTP/1.1 by providing the following enhancements:

  • Header compression omits implied information to reduce the size of the header that is transmitted.
  • Multiple requests and responses over a single connection use binary framing rather than textual framing to break down response messages.
Note

JBoss Web Server does not support the use of HTTP/2 for unencrypted connections that are using the Transmission Control Protocol (TCP), which is indicated by the h2c keyword when enabled.

6.1. Prerequisites

  • You have root user access on Red Hat Enterprise Linux.
  • You have installed Red Hat JBoss Web Server 5.0 or later.
  • You have installed the openssl and apr packages that are provided with Red Hat Enterprise Linux. For more information about installing the openssl and apr packages, see Red Hat Enterprise Linux package requirements.

    Note

    These operating system native libraries are also provided by jws-5.7.0-application-server-<platform>-<architecture>.zip where available.

    If you want to run JSSE+OpenSSL or APR on Red Hat Enterprise Linux version 8 or 9, you must use Tomcat-Native to ensure successful operation. Tomcat-Native is located in the native archive directory.

  • You have configured a connector that supports the HTTP/2 protocol with SSL enabled. For JBoss Web Server 5.7, the following connectors support the HTTP/2 protocol:

    • The APR Native connector (APR)
    • The NIO connector with JSSE + OpenSSL (JSSE)
    • The NIO2 connector with JSSE + OpenSSL (JSSE)

6.2. Enabling HTTP/2 for a connector

You can enable HTTP/2 for a connector by updating settings in the server.xml configuration file.

Procedure

  1. Open the JWS_HOME/tomcat/conf/server.xml configuration file.
  2. In the server.xml file, add the HTTP/2 upgrade protocol to the connector.

    For example:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="/KeyStore.jks"
                         certificateKeystorePassword="changeit"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

    The server.xml file contains an example connector definition for the APR protocol with the upgrade protocol set to HTTP/2.

    For example:

    <Connector port="8443"
               protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
  3. To apply the configuration updates, restart the Red Hat JBoss Web Server as the root user.

    • To restart JBoss Web Server on Red Hat Enterprise Linux by using systemd, enter the following command:

      # systemctl restart jws5-tomcat.service
    • To restart JBoss Web Server on Red Hat Enterprise Linux by using startup.sh, enter the following commands:

      # JWS_HOME/sbin/shudown.sh
      # JWS_HOME/sbin/startup.sh
    • To restart JBoss Web Server on Microsoft Windows, enter the following command:

      # net restart tomcat9
Important

Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.

6.3. Viewing JBoss Web Server logs to verify that HTTP/2 is enabled

You can view the JBoss Web Server console output log to verify that HTTP/2 is enabled.

Prerequisites

Procedure

  • To view the console output log, enter the following command:

    $ cat JWS_HOME/tomcat/logs/catalina.out | grep 'h2'
    Note

    In the preceding command, replace JWS_HOME with the top-level directory for your JBoss Web Server installation.

Verification

  • If HTTP/2 is enabled, the command produces the following type of output that indicates the connector has been configured to support negotiation to [h2]:

    06-Apr-2018 04:49:26.201 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-apr-8443"] connector has been configured to support negotiation to [h2] via ALPN

6.4. Using the curl command to verify that HTTP/2 is enabled

You can use the curl command-line tool to verify that HTTP/2 is enabled.

Prerequisites

  • You have enabled HTTP/2 for a connector.
  • You are using a version of curl that supports HTTP/2.

    To check that you are using a version of curl that supports HTTP/2, enter the following command:

    $ curl -V

    This command produces the following type of output:

    curl 7.55.1 (x86_64-redhat-linux-gnu) ...
    Release-Date: 2017-08-14
    Protocols: dict file ftp ftps gopher http https ...
    Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink PSL

Procedure

  1. To check that the HTTP/2 protocol is active, enter the following command:

    $ curl -I http://<JBoss_Web_Server>:8080/
    Note

    In the preceding example, replace <JBoss_Web_Server> with the URI of the modified connector, such as example.com. The port number is dependent on your configuration.

Verification

  • If the HTTP/2 protocol is active, the curl command produces the following output:

    HTTP/2 200

    Otherwise, if the HTTP/2 protocol is inactive, the curl command produces the following output:

    HTTP/1.1 200

6.5. Additional resources (or Next steps)