|
Packit |
90a5c9 |
The http2 module adds support for the HTTP/2 protocol to the server.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Specifically, it supports the protocols "h2" (HTTP2 over TLS) and "h2c"
|
|
Packit |
90a5c9 |
(HTTP2 over plain HTTP connections via Upgrade). Additionally it offers
|
|
Packit |
90a5c9 |
the "direct" mode for both encrypted and unencrypted connections.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
You may enable it for the whole server or specific virtual hosts only.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
BUILD
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
If you have libnghttp2 (https://nghttp2.org) installed on your system, simply
|
|
Packit |
90a5c9 |
add
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
--enable-http2
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
to your httpd ./configure invocation. Should libnghttp2 reside in a unusual
|
|
Packit |
90a5c9 |
location, add
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
--with-nghttp2=<path>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
to ./configure. <path> is expected to be the installation prefix, so there
|
|
Packit |
90a5c9 |
should be a <path>/lib/libnghttp2.*. If your system support pkg-config,
|
|
Packit |
90a5c9 |
<path>/lib/pkgconfig/libnghttp2.pc will be inspected.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
If you want to link nghttp2 statically into the mod_http2 module, you may
|
|
Packit |
90a5c9 |
similarly to mod_ssl add
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
--enable-nghttp2-staticlib-deps
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
For this, the lib directory should only contain the libnghttp2.a, not its
|
|
Packit |
90a5c9 |
shared cousins.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
CONFIGURATION
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
If mod_http2 is enabled for a site or not depends on the new "Protocols"
|
|
Packit |
90a5c9 |
directive. This directive list all protocols enabled for a server or
|
|
Packit |
90a5c9 |
virtual host.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
If you do not specify "Protocols" all available protocols are enabled. For
|
|
Packit |
90a5c9 |
sites using TLS, the protocol supported by mod_http2 is "h2". For cleartext
|
|
Packit |
90a5c9 |
http:, the offered protocol is "h2c".
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The following is an example of a server that only supports http/1.1 in
|
|
Packit |
90a5c9 |
general and offers h2 for a specific virtual host.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
...
|
|
Packit |
90a5c9 |
Protocols http/1.1
|
|
Packit |
90a5c9 |
<virtualhost *:443>
|
|
Packit |
90a5c9 |
Protocols h2 http/1.1
|
|
Packit |
90a5c9 |
...
|
|
Packit |
90a5c9 |
</virtualhost>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Please see the documentation of mod_http2 for a complete list and explanation
|
|
Packit |
90a5c9 |
of all options.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
TLS CONFIGURATION
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
If you want to use HTTP/2 with a browser, most modern browsers will support
|
|
Packit |
90a5c9 |
it without further configuration. However, browsers so far only support
|
|
Packit |
90a5c9 |
HTTP/2 over TLS and are especially picky about the certificate and
|
|
Packit |
90a5c9 |
encryption ciphers used.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Server admins may look for up-to-date information about "modern" TLS
|
|
Packit |
90a5c9 |
compatibility under:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
|
|
Packit |
90a5c9 |
|