HTTP/2 is the newest version of the HTTP protocol and has a lot of improvements including binary headers. I’m currently thrilled by “state of the art”-web-applications, but still running an apache2 web server. Most people agree that nginx is more “state of the art” than apache2 and may be right. But.
The point is: As my server is running Debian stable I can’t enable HTTP/2 because in Debian jessie the apache2 version is 2.4.10. But HTTP/2 was added in version 2.4.17. Argh.
Now you have three choices:
- Compile apache2 yourself which is really annoying and keep it up-to-date. - Much work, less effort. Nothing for me.
- Install apache2 and openssl from an “untrusted” repository like in this tutorial. - An untrusted repository? Nothing for me!
- Do it like me and install the apache2 package from Debian testing
First of all check that your apache2 configuration is correctly for 2.4.10:
sudo apachectl -t
So if your configuration is correct you can continue with adding testing to your
sources.list and updating your package list.
sudo su -c 'echo "deb http://http.debian.net/debian testing main" > /etc/apt/sources.list.d/testing.list' sudo apt-get update
apt-get upgrade NOW!
Check the priority of the testing repository:
apt-cache policy apache2
This should result something like this:
apache2: Installed: 2.4.10-10+deb8u4 Candidate: 2.4.18-2 Version table: 2.4.18-2 0 500 http://http.debian.net/debian/ testing/main amd64 Packages 100 /var/lib/dpkg/status *** 2.4.10-10+deb8u4 0 500 http://http.debian.net/debian/ jessie/main amd64 Packages 500 http://ftp.de.debian.org/debian/ stable/main amd64 Packages 2.4.10-10+deb8u1 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 500 http://security.debian.org/ stable/updates/main amd64 Packages
The important information is the number at the beginning of each repository line like in this case the 500 in
500 http://security.debian.org/ jessie/updates/main amd64 Packages. This is the repository priority. The highest number for a package matches and will be installed. Because you don’t want to upgrade your whole server to testing you should lower this priority of 500 for the testing repository.
This is done by adding a preference for the repository:
sudo bash -c 'cat >/etc/apt/preferences.d/testing' <<EOF Package: * Pin: release a=testing Pin-Priority: 300 EOF
Now recheck the priority:
apt-cache policy apache2
Your apache2 version should stay the same right now.
apache2: Installed: 2.4.10-10+deb8u4 Candidate: 2.4.10-10+deb8u4 Version table: 2.4.18-2 0 300 http://http.debian.net/debian/ testing/main amd64 Packages 100 /var/lib/dpkg/status *** 2.4.10-10+deb8u4 0 500 http://http.debian.net/debian/ jessie/main amd64 Packages 500 http://ftp.de.debian.org/debian/ stable/main amd64 Packages 2.4.10-10+deb8u1 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 500 http://security.debian.org/ stable/updates/main amd64 Packages
Now your other packages should stay on stable. You can check that by using the command again for another package.
Install apache2 with HTTP/2
After adding the testing repository in a secure way it is time to update apache2. To install the newer apache2 version use the following statement:
sudo apt-get install -y -t testing apache2
Now apache2 from the testing repository is installed. In other words version 2.4.18, which supports HTTP/2.
Configure Apache to use HTTP/2
With the new apache2 version installed you need to enable HTTP/2.
sudo a2enmod http2 sudo apachectl -t && sudo systemctl restart apache2
Now the HTTP2 module is loaded but you still won’t be able to connect using HTTP/2.
If you want to enable HTTP/2 only for ‘some’ virtual hosts you can use the same options in the
<VirtualHost>-tag. The following shows how to enable it globally.
This creates the
/etc/apache2/conf-available/http2.conf file. Important here is the
Protocols option which enables HTTP/2 in general. To use HTTP/2 the
SSLCipherSuite is also important because HTTP/2 requires TLS1.2 in some browsers.
To improve the load speed of your pages the usage of
H2Push is really useful.
Now you can add
Link-options to your HTTP header to push content to your clients.
Now all your webpages should be HTTP/2 ready.
Check it with your web browser using the developer tools.
If you check your server with HTTP2-Check you’ll still get the message:
HTTP/2 not supported
It’s not completely true. The problem is, that those tests only check the first request and all servers which doesn’t support NPN or ALPN will automatically fallback to HTTP/1.1 But it will add an upgrade header option so every further connect uses HTTP/2.
I’m still searching for a solution to fix that protocol advertisement issue.
A correct check can be found at https://tools.keycdn.com/http2-test
Enabling HTTP/2 on Debian stable using apache2 isn’t as simple as it should be.
By using the Debian testing package however it is possible in a secure and trusted way without much effort.
Hopefully this will help you bringing your web servers to HTTP/2. And don’t forget to use HTTPS where ever you are!
If you like this article or want to share your thoughts feel free to use the comment section down below or message and follow me on Mastodon.
Further links for HTTP/2: