Activate HTTP/2 on Ubuntu 18.04+Apache

HTTP is the protocol that is used by your web browser to retrieve web pages. The most common version is HTTP 1.1. This protocol was published in 1997, so it's pretty old. This isn't necessarily a bad thing, but there were a lot of possibilities to upgrade performance and security. So the new HTTP 2 protocol was published in 2015, which is a lot more advanced than HTTP 1.1.

Why is the new version better? Two of the improvements over HTTP 1.1 are that the server can push extra resources the web browser did not request (for example CSS or JS files) and that it can send multiple resources parallel in one connection. If you want more technical details, check Wikipedia, where you can find more information.

If you want to use HTTP 2, both the server and the client (web browser) need to support and enable the protocol. Most modern browsers do support HTTP 2.

How to enable

Enabling HTTP/2 on Ubuntu 18.04 consists of adding the protocol to the configuration, enabling the module and restarting Apache. It's very easy, just use the following commands (useย sudo if you're not root):

echo "Protocols h2 http/1.1" > /etc/apache2/mods-available/http2.conf
a2enmod http2
systemctl restart apache2

How to check if it's really enabled

The first option is to use an online HTTP 2 test tool, for example:ย https://tools.keycdn.com/http2-test

The second option is to use the Developer Console in your web browser (for example F12 in Google Chrome), go to the Network tab (make sure the Protocol column is enabled) and visit a website on your web server. It will show something like this, the h2 is HTTP 2:

If it's not working

There are many reasons why connections are still made over HTTP 1.1. For example:

  • You need SSL. Although it could work over a normal TCP connection (specify the h2c protocol next to h2), most browsers don't support this, so it's not really useful.
  • Some specific SSL Cipher Suite settings can make browsers device to fall back to HTTP 1.1.
  • You should use the event MPM, it's not working correctly with prefork.
  • If you're running a virus scanner on a Windows system that is scanning all traffic, sometimes it sits between your web browser and the real web server (and doing some fake SSL stuff). If the virus scanner does not support HTTP 2, it will use an HTTP 1.1 connection.

The first thing to try is to make your Apache (and Virtual Host) configuration as simple as possible, but with SSL enabled and a certificate installed. Put comment signs in front of any non-standard SSL settings (such as Cipher Suites). Also, if you have tried enabling HTTP 2 before, check if there are no other Protocols definitions in other places in the configuration. In the example above the configuration is performed globally, but if you also specify Protocols in your Virtual Host, this will override the global configuration.

Questions?

Feel free to ask them in the comments below!

Leave a Reply