Hello friends. Learning how to enable HTTP/2 in Apache is a very good way to improve the security of your website. In addition to this, it also allows for better system loading.
As is well known to many HTTP is the protocol that allows the transfer of information over the web. This protocol was improved and evolved little by little until it reached version 2 which incorporates many advantages in security and performance.
HTTP/2 is a binary protocol that retains the same semantics as the HTTP1.X protocol, which means that all verbs, headers, etc. continue to work unchanged. This means that there is no need to rewrite the way connections are made in the server. With this new version, transfer speed is improved and connection security is added.
Some advantages of using this protocol instead of HTTP 1.x are:
- Faster loading speed
- Improved web positioning, thanks to the fact that Google values sites with better loading times.
- Less bandwidth consumption
- Immediate presentation of the results.
So if you have a website then you should enable HTTP/2 at the server level and you will learn how to do it today.
Enabling HTTP/2 on Apache
Install and configure Apache for HTTP/2
For this post, we are using a clean Ubuntu 20.04 server. So, if you have one in production make sure you make some backups of files and settings.
So, update the distribution first.
sudo apt update sudo apt upgrade
Then, install Apache from the official repositories.
Note that not all versions of Apache support this new protocol, but in the case of modern distributions, there are no problems.
sudo apt install apache2 Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libgdbm-compat4 libjansson4 liblua5.2-0 libperl5.30 perl perl-modules-5.30 Suggested packages: apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl make libb-debug-perl liblocale-codes-perl Recommended packages: ssl-cert The following NEW packages will be installed: apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libgdbm-compat4 libjansson4 liblua5.2-0 libperl5.30 perl perl-modules-5.30 0 upgraded, 14 newly installed, 0 to remove and 3 not upgraded. Need to get 8,768 kB of archives. After this operation, 54.2 MB of additional disk space will be used. Do you want to continue? [Y/n]
Check the status of the service to make sure everything is in order.
systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-07-19 18:44:49 CEST; 16s ago
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 4467 (apache2)
Tasks: 55 (limit: 2286)
Memory: 5.2M
CGroup: /system.slice/apache2.service
├─4467 /usr/sbin/apache2 -k start
├─4469 /usr/sbin/apache2 -k start
└─4470 /usr/sbin/apache2 -k start
Jul 19 18:44:49 osradar systemd[1]: Starting The Apache HTTP Server...
Jul 19 18:44:49 osradar apachectl[4454]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName'>ul 19 18:44:49 osradar systemd[1]: Started The Apache HTTP Server.
Next, install the php7.4-fpm package if you don’t already have it.
sudo apt-get install php7.4-fpm Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: libmagic-mgc libmagic1 php-common php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline Suggested packages: file php-pear The following NEW packages will be installed: libmagic-mgc libmagic1 php-common php7.4-cli php7.4-common php7.4-fpm php7.4-json php7.4-opcache php7.4-readline 0 upgraded, 9 newly installed, 0 to remove and 3 not upgraded. Need to get 4,370 kB of archives. After this operation, 24.2 MB of additional disk space will be used. Do you want to continue? [Y/n]
And now the game begins. Disable the php7.4 module in Apache.
sudo a2dismod php7.4
If you do not have PHP installed, then you will be told that the module does not appear. So there is no problem.
Enable the php-fpm configuration and the proxy_fcgi module.
sudo a2enconf php7.4-fpm sudo a2enmod proxy_fcgi
Restart Apache to apply the changes.
sudo systemctl restart apache2
The mpm_prefork module does not support HTTP/2 so you have to disable it.
sudo a2dismod mpm_prefork
And enable the mpm_event, ssl and http2 modules.
sudo a2enmod mpm_event sudo a2enmod ssl sudo a2enmod http2
Restart Apache to apply the changes.
sudo systemctl restart apache2
And now you can check the service status again to verify Apache.
sudo systemctl status apache2
With everything in order, edit the Apache available mods configuration file.
sudo nano /etc/apache2/mods-available/http2.conf
And make sure this line is present:
Protocols h2 h2c http/1.1
Or edit the existing one and leave it as indicated.
Save the changes and close the editor.
Enabling HTTPS with Certbot
Now, you need to secure the website with Certbot. So, install the package to get the certificate and the Apache plugin.
sudo apt install certbot python3-certbot-apache Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: augeas-lenses libaugeas0 python3-acme python3-augeas python3-certbot python3-configargparse python3-future python3-josepy python3-mock python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface Suggested packages: augeas-doc python3-certbot-nginx python-certbot-doc augeas-tools python-acme-doc python-certbot-apache-doc python-future-doc python-mock-doc Recommended packages: python3-icu The following NEW packages will be installed: augeas-lenses certbot libaugeas0 python3-acme python3-augeas python3-certbot python3-certbot-apache python3-configargparse python3-future python3-josepy python3-mock python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface 0 upgraded, 20 newly installed, 0 to remove and 3 not upgraded. Need to get 1,570 kB of archives. After this operation, 8,498 kB of additional disk space will be used. Do you want to continue? [Y/n]
Now, generate and install a certificate for your website and Apache as follows:
sudo certbot --apache -d [your-domain] -d www.[your-domain]
For this, you have to have a valid domain and then restart Apache.
sudo systemctl restart apache2
Conclusion
In this post, you have learned something fundamental to improve the loading and speed of your web pages. This protocol change is an advantage that you can use to your advantage. As you can see the process is not strange at all and it is usable.
