Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 6. Enabling HTTP/2 for the JBCS Apache HTTP Server

The Hypertext Transfer Protocols (HTTP) are standard methods of transmitting data between applications, such as servers and browsers, over the internet. The Apache HTTP Server supports the use of HTTP/2 for encrypted connections that are using Transport Layer Security (TLS), which is indicated by the h2 keyword when enabled.

HTTP/2 improves on HTTP/1.1 by providing the following enhancements:

  • Header compression omits implied information to reduce the size of the header that is transmitted.
  • Multiple requests and responses over a single connection use binary framing rather than textual framing to break down response messages.
Note

The Apache HTTP Server does not support the use of HTTP/2 for unencrypted connections that are using the Transmission Control Protocol (TCP), which is indicated by the h2c keyword when enabled.

HTTP/2 is not available for web servers that are using the Multi-Processing Module (MPM) pre-fork (modules/mod_mpm_prefork.so).

6.1. Prerequisites
Copiar enlace

  • You have root user access on Red Hat Enterprise Linux.
  • You have administrative access on Windows Server.
  • You have installed Red Hat JBoss Core Services Apache HTTP Server 2.4.23 or later.

  • You have installed the SSL module (modules/mod_ssl.so).

    If you need to install the SSL module, enter the following command: 

    yum install mod_ssl
    Copy to Clipboard Toggle word wrap

  • You have installed the HTTP/2 module (modules/mod_http2.so).

    If you need to install the HTTP/2 module, enter the following command: 

    yum install mod_http2
    Copy to Clipboard Toggle word wrap
Note

Red Hat Enterprise Linux 6 is no longer supported and subsequently was removed from the documentation.

6.2. Enabling HTTP/2 for the Apache HTTP Server
Copiar enlace

You can enable HTTP/2 for the Apache HTTP Server by updating configuration file settings in the HTTP_HOME directory.

Procedure

  1. To add the http2_module to the configuration:

    1. Open the HTTP_HOME/conf.modules.d/00-base.conf file.

    2. Enter the following line: 

      ...
LoadModule http2_module modules/mod_http2.so
      Copy to Clipboard Toggle word wrap

  2. To add the h2 protocol to the configuration:

    1. Open the HTTP_HOME/conf/httpd.conf file.

    2. If you want to enable HTTP/2 support for a virtual host, add the h2 protocol to the virtual host configuration.

      Alternatively, if you want to enable HTTP/2 support for all server connections, add the h2 protocol to the main server configuration section.

      For example: 

      <IfModule http2_module>
    Protocols h2 http/1.1
    ProtocolsHonorOrder on
</IfModule>
      Copy to Clipboard Toggle word wrap

  3. To update the Secure Socket Layer (SSL) configuration:

    1. Open the HTTP_HOME/conf.d/ssl.conf file:

    2. Ensure the SSLEngine directive is set to enabled. The SSL Engine is enabled by default. 

      SSLEngine on
      Copy to Clipboard Toggle word wrap

    3. Update the SSLProtocol directive to disable the SSLv2 and SSLv3 protocols. This forces connections to use the Transport Layer Security (TLS) Protocols. 

      SSLProtocol all -SSLv2 -SSLv3
      Copy to Clipboard Toggle word wrap

    4. Update the SSLCipherSuite directive to specify which SSL ciphers can be used with the Apache HTTP Server.

      For example: 

      SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
      Copy to Clipboard Toggle word wrap
      Note

      For more information about the SSL module and the supported directives, see Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.

  4. To restart the Red Hat JBoss Core Services Apache HTTP Server, and apply the changed configuration, perform one of the following steps as the root user:

    • If you want to use systemd to start the Apache HTTP Server on Red Hat Enterprise Linux, enter the following command: 

      # systemctl restart jbcs-httpd24-httpd.service
      Copy to Clipboard Toggle word wrap

    • If you want to use apachectl to start Red Hat JBoss Core Services on Red Hat Enterprise Linux, enter the following command: 

      # HTTP_HOME/sbin/apachectl restart
      Copy to Clipboard Toggle word wrap

    • If you want to start the Apache HTTP Server on Windows Server, enter the following command: 

      # net restart Apache2.4
      Copy to Clipboard Toggle word wrap

6.3. Viewing Apache HTTP Server logs to verify that HTTP/2 is enabled
Copiar enlace

You can view the Apache HTTP Server access log or request log to verify that HTTP/2 is enabled.

Prerequisites

Procedure

  1. Access the server from a browser or by using the curl command-line tool.

  2. To check the SSL/TLS request log, enter the following command: 

    $ grep 'HTTP/2'  HTTP_HOME/logs/ssl_request_log
    Copy to Clipboard Toggle word wrap

  3. To check the SSL/TLS access log, enter the following command: 

    $ grep 'HTTP/2'  HTTP_HOME/logs/ssl_access_log
    Copy to Clipboard Toggle word wrap

Verification

  1. If HTTP/2 is enabled, the grep 'HTTP/2' HTTP_HOME/logs/ssl_request_log command produces the following type of output: 

    [26/Apr/2018:06:44:45 +0000] 172.17.0.1 TLSv1.2 AES128-SHA "HEAD /html-single/index.html HTTP/2" -
    Copy to Clipboard Toggle word wrap

  2. If HTTP/2 is enabled, the grep 'HTTP/2' HTTP_HOME/logs/ssl_access_log command produces the following type of output: 

    172.17.0.1 - - [26/Apr/2018:06:44:45 +0000] "HEAD /html-single/index.html HTTP/2" 200 -
    Copy to Clipboard Toggle word wrap

6.4. Using the curl command to verify that HTTP/2 is enabled
Copiar enlace

You can use the curl command-line tool to verify that HTTP/2 is enabled.

Note

The curl package that is provided with Red Hat Enterprise Linux 7 or earlier does not support HTTP/2.

Prerequisites

  • You have enabled HTTP/2.

  • You are using a version of curl that supports HTTP2.

    To check that you are using a version of curl that supports HTTP/2, enter the following command: 

    $ curl -V
    Copy to Clipboard Toggle word wrap

    This command produces the following type of output: 

    curl 7.55.1 (x86_64-redhat-linux-gnu) ...
Release-Date: 2017-08-14
Protocols: dict file ftp ftps gopher http https ...
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink PSL
    Copy to Clipboard Toggle word wrap

Procedure

  1. To check that the HTTP/2 protocol is active, enter the following command: 

    $ curl -I https://<JBCS_httpd_server>:<port>/<test.html>
    Copy to Clipboard Toggle word wrap
    Note

    In the preceding example, replace <JBCS_httpd_server> with the URI of the server, such as example.com, and replace <test.html> with any HTML file that you want to use to test the configuration. An example HTML test page is not provided. The port number is dependent on your configuration.

Verification

  • If the HTTP/2 protocol is active, the curl command produces the following output: 

    HTTP/2 200
    Copy to Clipboard Toggle word wrap

    Otherwise, if the HTTP/2 protocol is inactive, the curl command produces the following output: 

    HTTP/1.1 200
    Copy to Clipboard Toggle word wrap
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat