Trying to enable HTTP2 in Apache 2.4.17 on 10.2

We are trying to enable HTTP2 together with www/apache24 (2.4.17), installed from ports.

We have added the following directive to one of our virtual hosts (running without https):

Code:
Protocols h2c http/1.1
H2Direct on
The HTTPD2 module is loaded in http.conf with:
Code:
LoadModule http2_module libexec/apache24/mod_http2.so
No errors when restarting the server, still the older protocol 1.1 seems to be running on the virtual host.
Shouldn't this work without the newer security/OpenSSL, as this virtual host doesn't use HTTPS?

Code:
HTTP/1.1 200 OK
Date: Wed, 25 Nov 2015 07:43:28 GMT
Server: Apache
Set-Cookie: frontend=aq97pn1h3g1n27a1u64m1v1vob; expires=Wed, 25-Nov-2015 09:43:28 GMT; Max-Age=7200; path=/; domain=www.kilramar.se; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, public
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Age: 78176
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
 
How are you testing this?

With e.g. ftp/curl you need to explicitly request use of HTTP2 and it needs to be compiled with the HTTP2 option (it's off by default, see the just opened PR 204803 if you want to have it changed): curl -I --http2 https://twitter.com
 
Thanks for your answer tobik,

I was just accessing the site with a browser, and then checked the response header.

The test was done with Firefox, which should support H2 I think? I have cURL but it doesn't have H2 support on our server.

Is there any other way to verify that this virtual host is using H2 or 1.1?
 
The page says:

"Remember that Firefox only implements http2 over TLS. You will only ever see http2 in action with Firefox when going to https:// sites that offer http2 support."

So I guess I need to install OpenSSL 1.0.2 from ports, and rebuild some ports (Need ALPN for testing https and H2 together).
 
OpenSSL on FreeBSD 10x will work, but if using FreeBSD 9x you will need the port.

Qualys SSL Labs can be used to test your site (if available from the internet). Look for "Next Protocol Negotiation (NPN) Yes h2 http/1.1". While both Chrome and Firefox require TLS for http2, they will forward connections from http1 to http2 if you use the opportunistic option in the http header. Example:
Code:
Alt-Svc h2="tls.example.com:443"
All my http/2 servers are nginx, so I'm not sure how this is done in Apache.
 
Thanks for your answer Jeckt! Please let me get back when I have checked this :)
 
Back
Top