How to Enable HTTP/2 in CentOS 7

HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. It was derived from the earlier experimental SPDY protocol, originally developed by Google. HTTP/2 was developed by the Hypertext Transfer Protocol working group httpbis (where bis means "second") of the Internet Engineering Task Force. HTTP/2 is the first new version of HTTP since HTTP 1.1, which was standardized in RFC 2068 in 1997. The Working Group presented HTTP/2 to IESG for consideration as a Proposed Standard in December 2014, and IESG approved it to publish as Proposed Standard on February 17, 2015. The HTTP/2 specification was published as RFC 7540 in May 2015.

The standardization effort was supported by Chrome, Opera, Firefox, Internet Explorer 11, Safari, Amazon Silk, and Edge browsers. Most major browsers had added HTTP/2 support by the end of 2015.

According to W3Techs, as of November 2018, 31.8% of the top 10 million websites supported HTTP/2.

Why HTTP/2?

The big feature that makes HTTP/2 so great is the ability to push documents to the client without a GET request. Therefore, if the HTML code needs a CSS that could be a render block, pushing that file when asking for the HTML will save time displaying your webpage.

HTTP/2 is supported in Apache 2.4.17+ through its own module mod_http2. Sadly, CentOS 7 is shipped with Apache 2.4.6 so, it doesn't support HTTP2 out of the box.

Why Should I move to HTTP/2?

If you haven't figure out why you should use HTTP/2, then think it like this. HTTP/2 gives you faster loading times, therefore your web page will display faster and Google will rank you better. HTTP/2 is not the absolute solution, but it will help you to get a better SEO ranking.

How to Install Apache with HTTP/2 Support on CentOS7?

Easy, use my OKay RPM repository. I have created some RPMs for Apache 2.4.35. After adding it, just type yum update and you will see the update ready to work.

Configuring your Apache to Support HTTP/2

Easy, in your apache configuration. Edit it, and in your <VirtualHost> tag, add the Protocols h2 http/1.1 line. Please note that Apache will allow you to use HTTP/2 protocol on HTTP and HTTPS; however, web browsers won't, they will require HTTPS. So, unless you have a really good reason, there is no need to use HTTP/2 under a non-SSL connection.

Configuration files are in the /etc/httpd/conf/ directory.

Also, you need to use another MPM rather than preform. Edit your /etc/httpd/conf.modules.d/00-mpm.conf and change that. I use mpm_event_module as I still use mod_php.

Configuring HTTP/2 under ISPConfig 3

After updating the RPM's. Go to System -> Server Config -> Edit a Server. Go to the Web tab, then in the SSL Section enable the SPDY/HTTP2 mark. Save.

You will need to edit your websites one per one and in the SSL section, you will need to enable the SPDY/HTTP2 checkmark.

Verifying if your Server is Ready for HTTP/2

Easy, type the following line: curl -vsko /dev/null --http2 https://inside-out.xyz. You will get an output like this.

* Rebuilt URL to: https://inside-out.xyz/
*   Trying 198.23.164.220...
* TCP_NODELAY set
* Connected to inside-out.xyz (198.23.164.220) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
 CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [107 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2857 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [589 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=inside-out.xyz
*  start date: Dec  1 02:00:45 2018 GMT
*  expire date: Mar  1 02:00:45 2019 GMT
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x11bd1c0)
} [5 bytes data]
> GET / HTTP/2
> Host: inside-out.xyz
> User-Agent: curl/7.54.1
> Accept: */*
>
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
< HTTP/2 200
< date: Mon, 10 Dec 2018 07:10:28 GMT
< server: Apache/2.4.35 (IUS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.45 mod_python/3.5.0- Python/2.7.5
< x-powered-by: PHP/7.2.13
< link: </media/jui/js/jquery.min.js?f11ee7039abdca554ffcf6e758369331>; as=script; rel=preload, </media/jui/js/jquery-noconflict.js?f11ee7039abdca554
ffcf6e758369331>; as=script; rel=preload, </media/jui/js/jquery-migrate.min.js?f11ee7039abdca554ffcf6e758369331>; as=script; rel=preload, </media/sys
tem/js/caption.js?f11ee7039abdca554ffcf6e758369331>; as=script; rel=preload, </media/system/js/mootools-core.js?f11ee7039abdca554ffcf6e758369331>; as
=script; rel=preload, </media/system/js/core.js?f11ee7039abdca554ffcf6e758369331>; as=script; rel=preload, </media/system/js/mootools-more.js?f11ee70
39abdca554ffcf6e758369331>; as=script; rel=preload, </plugins/system/rokbox/assets/js/rokbox.js>; as=script; rel=preload, </media/plg_jchoptimize/js/
pro-jquery.lazyloadxt.js>; as=script; rel=preload, </media/jui/js/bootstrap.min.js?f11ee7039abdca554ffcf6e758369331>; as=script; rel=preload, </media
/gantry5/assets/js/main.js>; as=script; rel=preload, </templates/rt_galatea/js/owlcarousel.js>; as=script; rel=preload, </templates/rt_galatea/js/mos
aicgrid.js>; as=script; rel=preload, </plugins/system/rokbox/assets/styles/rokbox.css>; as=style; rel=preload, </media/gantry5/assets/css/font-awesom
e.min.css>; as=style; rel=preload, </media/gantry5/engines/nucleus/css-compiled/nucleus.css>; as=style; rel=preload, </templates/rt_galatea/custom/cs
s-compiled/galatea_14.css>; as=style; rel=preload, </media/gantry5/assets/css/bootstrap-gantry.css>; as=style; rel=preload, </media/gantry5/engines/n
ucleus/css-compiled/joomla.css>; as=style; rel=preload, </media/jui/css/icomoon.css>; as=style; rel=preload, </templates/rt_galatea/custom/css-compil
ed/galatea-joomla_14.css>; as=style; rel=preload, </templates/rt_galatea/custom/css-compiled/custom_14.css>; as=style; rel=preload, </templates/rt_ga
latea/css/animate.css>; as=style; rel=preload, </images/old-telephone.png>; as=image; rel=preload, </images/big-penguin-avatar.png>; as=image; rel=pr
eload, </images/projects-desktop.png>; as=image; rel=preload, </images/canada-flag-2.png>; as=image; rel=preload, </images/business.png>; as=image; r
el=preload, </images/freeswitch-fusionpbx.png>; as=image; rel=preload, </images/telegram.png>; as=image; rel=preload
< expires: Wed, 17 Aug 2005 00:00:00 GMT
< cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< pragma: no-cache
< set-cookie: cac53c7d0c431d8fd7553b0a276b88e8=a734sonmliit6jkhp4om74ksrk; path=/; secure; HttpOnly
< last-modified: Mon, 10 Dec 2018 07:10:30 GMT
< vary: Accept-Encoding
< cache-control: public
< content-type: text/html; charset=utf-8
<
{ [5 bytes data]
* Connection #0 to host inside-out.xyz left intact

If you see the server answering HTTP/2 200, then it is all set.

You are ready. Your website now supports HTTP2. Your next step is writing code that supports the HTTP/2 protocol. For example, Joomla 3 doesn't support HTTP/2 out of the box, you will need to install some plugins JCH is one of them (there are more).

Good luck!