Este contenido no está disponible en el idioma seleccionado.

Chapter 5. Enabling HTTP/2 for the JBoss Core Services HTTP Server

The Hypertext Transfer Protocols are standard methods of transmitting data between applications (such as servers and browsers) over the internet. HTTP/2 improves on HTTP/1.1 by providing enhancements such as:

header compression - reducing the size of the header transmitted by omitting implied information, and
multiple requests and responses over a single connection - using binary framing to break down response messages, as opposed to textual framing.

Using HTTP/2 with the Red Hat JBoss Core Services Apache HTTP Server:

is supported for encrypted connections using Transport Layer Security (TLS) (SSLEnabled="true"), indicated by the h2 keyword when enabled.
is not supported for unencrypted connections using the Transmission Control Protocol (TCP) indicated by the h2c keyword when enabled.

Note

HTTP/2 is not available for web servers using the Multi-Processing Module prefork modules/mod_mpm_prefork.so

Prerequisites

Root user access (Red Hat Enterprise Linux and Solaris systems)
Administrative access (Windows Server)
Red Hat JBoss Core Services Apache HTTP Server 2.4.23 or higher
Modules required:
- ssl_module modules/mod_ssl.so
- http2_module modules/mod_http2.so

Procedure

Enable HTTP/2 for a Apache HTTP Server:

Add the http2_module to HTTP_HOME/conf.modules.d/00-base.conf:
```
...
LoadModule http2_module modules/mod_http2.so
```
```
...
LoadModule http2_module modules/mod_http2.so
```
Copy to Clipboard Toggle word wrap
Add the h2 protocol in HTTP_HOME/conf/httpd.conf.
- To enable HTTP/2 support for a virtual host, add the h2 protocol to the virtual host configuration,
- To enable HTTP/2 support for all server connections, add the h2 protocol to the 'Main' server configuration section of httpd.conf.
  For example:
  <IfModule http2_module> Protocols h2 http/1.1 ProtocolsHonorOrder on </IfModule>
  Copy to Clipboard Toggle word wrap

Update the Secure Socket Layer (SSL) configuration in HTTP_HOME/conf.d/ssl.conf.

Ensure the SSLEngine directive is set to enabled (the SSL Engine is enabled by default):
```
SSLEngine on
```
```
SSLEngine on
```
Copy to Clipboard Toggle word wrap
Update the SSLProtocol directive to disable the SSLv2 and SSLv3 protocols, forcing connections to use the Transport Layer Security (TLS) Protocols:
```
SSLProtocol all -SSLv2 -SSLv3
```
```
SSLProtocol all -SSLv2 -SSLv3
```
Copy to Clipboard Toggle word wrap

Update the SSLCipherSuite directive to specify which SSL ciphers can with the Apache HTTP Server.

For example:

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

Copy to Clipboard

Toggle word wrap

Note

For information on the SSL module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.

Restart the Red Hat JBoss Core Services Apache HTTP Server as the root user, to apply the changed configuration.
1. For SysV (Red Hat Enterprise Linux 6) users:
  # service jbcs-httpd24-httpd restart
  Copy to Clipboard Toggle word wrap
2. For systemd (Red Hat Enterprise Linux 7) users:
  # systemctl restart jbcs-httpd24-httpd.service
  Copy to Clipboard Toggle word wrap
3. For Red Hat Enterprise Linux users running Red Hat JBoss Core Services using apachectl:
  # HTTP_HOME/sbin/apachectl restart
  Copy to Clipboard Toggle word wrap
4. For Solaris users:
  # HTTP_HOME/sbin/apachectl restart
  Copy to Clipboard Toggle word wrap
5. For Windows Server users:
  # net restart Apache2.4
  Copy to Clipboard Toggle word wrap

Next Steps

Verify that HTTP/2 is enabled by reviewing the Apache HTTP Server logs or by using the curl command:

Access the server from a browser or using curl, then check the SSL/TLS access or request logs (HTTP_HOME/logs/ssl_access_log or HTTP_HOME/logs/ssl_access_log) to verify that the connection is configured to support HTTP/2:

grep 'HTTP/2' HTTP_HOME/logs/ssl_request_log
grep 'HTTP/2' HTTP_HOME/logs/ssl_access_log

$ grep 'HTTP/2' HTTP_HOME/logs/ssl_request_log

[26/Apr/2018:06:44:45 +0000] 172.17.0.1 TLSv1.2 AES128-SHA "HEAD /html-single/index.html HTTP/2" -

$ grep 'HTTP/2' HTTP_HOME/logs/ssl_access_log

172.17.0.1 - - [26/Apr/2018:06:44:45 +0000] "HEAD /html-single/index.html HTTP/2" 200 -

Copy to Clipboard

Toggle word wrap

Or verify using curl (for versions of curl that support HTTP2):
Note
The curl package provided with Red Hat Enterprise Linux 7 or earlier does not support HTTP/2. To check curl for HTTP/2 support:
$ curl -V curl 7.55.1 (x86_64-redhat-linux-gnu) ... Release-Date: 2017-08-14 Protocols: dict file ftp ftps gopher http https ... Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy Metalink PSL
Copy to Clipboard Toggle word wrap
- For example, when the HTTP/2 protocol is inactive:
  $ curl -I http://<JBCS_httpd_server>:80/<test.html> HTTP/1.1 200 ...
  Copy to Clipboard Toggle word wrap
- But if the HTTP/2 protocol is active, curl returns:
  $ curl -I https://<JBCS_httpd_server>:443/<test.html> HTTP/2 200 ...
  Copy to Clipboard Toggle word wrap
- Where:
  - <JBCS_httpd_server> is the URI of the server (such as example.com),
  - the port number is dependent on your configuration,
  - <test.html> is any html page for testing the configuration (not provided), and

Additional Resources

For additional information on using HTTP/2, see: Apache HTTP Server Documentation Version 2.4 - How-To / Tutorials: HTTP/2 guide.
For information on SSL configuration, see: Apache HTTP Server Documentation Version 2.4 - SSL/TLS Strong Encryption: How-To.
For information on the HTTP/2 module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_http2.
For information on the SSL module and the supported directives, see: Apache HTTP Server Documentation Version 2.4 - Modules: Apache Module mod_ssl.
The proposed internet standard for HTTP/2: IETF: RFC 7540 - Hypertext Transfer Protocol Version 2 (HTTP/2).

Este contenido no está disponible en el idioma seleccionado.

Chapter 5. Enabling HTTP/2 for the JBoss Core Services HTTP Server

Prerequisites

Procedure

Next Steps

Additional Resources

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Hacer que el código abierto sea más inclusivo

Acerca de Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links