Search

Chapter 7. Enabling HTTP/2 for the Red Hat JBoss Web Server

download PDF

The Hypertext Transfer Protocols are standard methods of transmitting data between applications (such as servers and browsers) over the internet. HTTP/2 improves on HTTP/1.1 by providing enhancements such as:

  • header compression - reducing the size of the header transmitted by omitting implied information, and
  • multiple requests and responses over a single connection - using binary framing to break down response messages, as opposed to textual framing.

Using HTTP/2 with the Red Hat JBoss Web Server:

  • is supported for encrypted connections over TLS (h2).
  • is not supported for unencrypted connections over TCP (h2c).

Prerequisites

  • Root user access (Red Hat Enterprise Linux and Solaris systems), or
  • Administrative access (Windows Server).
  • Red Hat JBoss Web Server 5.0 or higher
  • The following operating system native libraries (provided by jws-application-server-5.0.0-<platform>-<architecture>.zip where available).

    • Tomcat Native, for example:

      jws-5.0/tomcat/lib/libtcnative-1.so
    • Apache Portable Runtime (APR):

      jws-5.0/tomcat/lib/libapr-1.so.0.6.3

      Where the APR libraries are provided by jws-application-server-5.0.0-<platform>-<architecture>.zip for Red Hat Enterprise Linux, the libraries will be a symbolic link to:

      jws-5.0/jbcs-apr-1.6.3/lib64/libapr-1.so.0.6.3
    • OpenSSL, for example:

      jws-5.0/tomcat/lib/libcrypto.so.1.0.2n
      jws-5.0/tomcat/lib/libssl.so.1.0.2n

      Where the OpenSSL libraries are provided by jws-application-server-5.0.0-<platform>-<architecture>.zip for Red Hat Enterprise Linux, the libraries will be symbolic links to:

      jws-5.0/jbcs-openssl-1.0.2n/openssl/lib64/libcrypto.so.1.0.2n
      jws-5.0/jbcs-openssl-1.0.2n/openssl/lib64/libssl.so.1.0.2n
  • A connector that supports the HTTP/2 protocol with SSL enabled. For JBoss Web Server 5.0, the connectors with HTTP/2 protocol support are:

    • The APR Native connector (APR)
    • The NIO connector with JSSE + OpenSSL (JSSE)
    • The NIO2 connector with JSSE + OpenSSL (JSSE)

Procedure

Enable HTTP/2 for a connector:

  1. Add the HTTP/2 upgrade protocol (<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />) to the connector in the server configuration JWS_HOME/tomcat/conf/server.xml.

    For example:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="/KeyStore.jks"
                         certificateKeystorePassword="changeit"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

    server.xml contains an example connector definition for the APR protocol with the upgrade protocol to HTTP/2:

    <Connector port="8443"
               protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
  2. Restart the Red Hat JBoss Web Server as the root user, to apply the changed configuration.

    1. For SysV (Red Hat Enterprise Linux 6) users:

      # service jws5-tomcat restart
    2. For systemd (Red Hat Enterprise Linux 7) users:

      # systemctl restart jws5-tomcat.service
    3. For Red Hat Enterprise Linux users running Red Hat JBoss Web Server using startup.sh:

      # JWS_HOME/sbin/shudown.sh
      # JWS_HOME/sbin/startup.sh
    4. For Solaris users:

      # sh JWS_HOME/tomcat/bin/daemon.sh stop
      # sh JWS_HOME/tomcat/bin/daemon.sh start
    5. For Windows Server users:

      # net restart tomcat9

Next Steps

Verify that HTTP/2 is enabled by reviewing the Red Hat JBoss Web Server logs or by using the curl command:

  • Check the console output log (JWS_HOME/tomcat/logs/catalina.out) to verify that the "connector has been configured to support negotiation to [h2]":

    $ cat JWS_HOME/tomcat/logs/catalina.out | grep 'h2'
    
    06-Apr-2018 04:49:26.201 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-apr-8443"] connector has been configured to support negotiation to [h2] via ALPN
  • Or verify using curl (for versions of curl that support HTTP2):

    Note

    To check curl for HTTP/2 support:

    $ curl -V
    
    curl 7.55.1 (x86_64-redhat-linux-gnu) ...
    Release-Date: 2017-08-14
    Protocols: dict file ftp ftps gopher http https ...
    Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink PSL
    • For example, when the HTTP/2 protocol is inactive:

      $ curl -I http://<JBoss_Web_Server>:8080/
      
      HTTP/1.1 200
      ...
    • But if the HTTP/2 protocol is active, curl returns:

      $ curl -I https://<JBoss_Web_Server>:8443/
      
      HTTP/2 200
      ...

      Where <JBoss_Web_Server> is the URI of the modified connector (such as example.com), and the port number is dependent on your configuration.

Additional Resources

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.