Apache HTTP Server Version 2.4
Apache HTTP Server Version 2.4
| Description: | Support for the HTTP/2 transport layer |
|---|---|
| Status: | Extension |
| Module Identifier: | http2_module |
| Source File: | mod_http2.c |
| Compatibility: | Available in version 2.4.17 and later |
This module provides HTTP/2 (RFC 7540) support for the Apache HTTP Server.
This module relies on libnghttp2 to provide the core http/2 engine.
You must enable HTTP/2 via Protocols
in order to use the functionality described in this document. The
HTTP/2 protocol does not require the use of encryption so two schemes are available:
h2 (HTTP/2 over TLS) and h2c (HTTP/2 over TCP).
Two useful configuration schemes are:
Protocols h2 http/1.1
Allows HTTP/2 negotiation (h2) via TLS ALPN in a secure
<VirtualHost>.
HTTP/2 preamble checking (Direct mode, see H2Direct) is disabled by default for h2.
Protocols h2 h2c http/1.1
Allows HTTP/2 negotiation (h2) via TLS ALPN for secure
<VirtualHost>. Allows
HTTP/2 cleartext negotiation (h2c) upgrading from an initial HTTP/1.1
connection or via HTTP/2 preamble checking (Direct mode, see
H2Direct).
Refer to the official HTTP/2 FAQ for any doubt about the protocol.
H2CopyFiles H2Direct H2EarlyHint H2EarlyHints H2MaxDataFrameLen H2MaxSessionStreams H2MaxWorkerIdleSeconds H2MaxWorkers H2MinWorkers H2ModernTLSOnly H2OutputBuffering H2Padding H2ProxyRequests H2Push H2PushDiarySize H2PushPriority H2PushResource H2SerializeHeaders H2StreamMaxMemSize H2StreamTimeout H2TLSCoolDownSecs H2TLSWarmUpSize H2Upgrade H2WebSockets H2WindowSize
Enabling HTTP/2 on your Apache Server has impact on the resource consumption and if you have a busy site, you may need to consider carefully the implications.
The first noticeable thing after enabling HTTP/2 is that your server processes will start additional threads. The reason for this is that HTTP/2 gives all requests that it receives to its own Worker threads for processing, collects the results and streams them out to the client.
In the current implementation, these workers use a separate thread
pool from the MPM workers that you might be familiar with. This is
just how things are right now and not intended to be like this forever.
(It might be forever for the 2.4.x release line, though.) So, HTTP/2
workers, or shorter H2Workers, will not show up in mod_status. They
are also not counted against directives such as ThreadsPerChild. However
they take ThreadsPerChild
as default if you have not configured something
else via H2MinWorkers and
H2MaxWorkers.
Another thing to watch out for is is memory consumption. Since HTTP/2
keeps more state on the server to manage all the open request, priorities
for and dependencies between them, it will always need more memory
than HTTP/1.1 processing. There are three directives which steer the
memory footprint of a HTTP/2 connection:
H2MaxSessionStreams,
H2WindowSize and
H2StreamMaxMemSize.
H2MaxSessionStreams limits the
number of parallel requests that a client can make on a HTTP/2 connection.
It depends on your site how many you should allow. The default is 100 which
is plenty and unless you run into memory problems, I would keep it this
way. Most requests that browsers send are GETs without a body, so they
use up only a little bit of memory until the actual processing starts.
H2WindowSize controls how much
the client is allowed to send as body of a request, before it waits
for the server to encourage more. Or, the other way around, it is the
amount of request body data the server needs to be able to buffer. This
is per request.
And last, but not least, H2StreamMaxMemSize
controls how much response data shall be buffered. The request sits in
a H2Worker thread and is producing data, the HTTP/2 connection tries
to send this to the client. If the client does not read fast enough,
the connection will buffer this amount of data and then suspend the
H2Worker.
Many sites use the same TLS certificate for multiple virtual hosts. The certificate either has a wildcard name, such as '*.example.org' or carries several alternate names. Browsers using HTTP/2 will recognize that and reuse an already opened connection for such hosts.
While this is great for performance, it comes at a price: such vhosts need more care in their configuration. The problem is that you will have multiple requests for multiple hosts on the same TLS connection. And that makes renegotiation impossible, in face the HTTP/2 standard forbids it.
So, if you have several virtual hosts using the same certificate and want to use HTTP/2 for them, you need to make sure that all vhosts have exactly the same SSL configuration. You need the same protocol, ciphers and settings for client verification.
If you mix things, Apache httpd will detect it and return a special response code, 421 Misdirected Request, to the client.
This module can be configured to provide HTTP/2 related information
as additional environment variables to the SSI and CGI namespace, as well
as in custom log configurations (see %{VAR_NAME}e).
| Variable Name: | Value Type: | Description: |
|---|---|---|
HTTP2 | flag | HTTP/2 is being used. |
H2PUSH | flag | HTTP/2 Server Push is enabled for this connection and also supported by the client. |
H2_PUSH | flag | alternate name for H2PUSH |
H2_PUSHED | string | empty or PUSHED for a request being pushed by the server. |
H2_PUSHED_ON | number | HTTP/2 stream number that triggered the push of this request. |
H2_STREAM_ID | number | HTTP/2 stream number of this request. |
H2_STREAM_TAG | string | HTTP/2 process unique stream identifier, consisting of connection id and stream id separated by -. |
| Description: | Determine file handling in responses |
|---|---|
| Syntax: | H2CopyFiles on|off |
| Default: | H2CopyFiles off |
| Context: | server config, virtual host, directory, .htaccess |
| Status: | Extension |
| Module: | mod_http2 |
| Compatibility: | Available in version 2.4.24 and later. |
This directive influences how file content is handled in
responses. When off, which is the default, file handles
are passed from the requestion processing down to the main
connection, using the usual Apache setaside handling for
managing the lifetime of the file.
When set to on, file content is copied while the
request is still being processed and the buffered data is passed
on to the main connection. This is better if a third party
module is injecting files with different lifetimes into the response.
An example for such a module is mod_wsgi that may place
Python file handles into the response. Those files get close down when
Python thinks processing has finished. That may be well before
mod_http2 is done with them.
| Description: | H2 Direct Protocol Switch |
|---|---|
| Syntax: | H2Direct on|off |
| Default: | H2Direct on for h2c, off for h2 protocol |
| Context: | server config, virtual host |
| Status: | Extension |
| Module: | mod_http2 |
This directive toggles the usage of the HTTP/2 Direct Mode. This
should be used inside a
<VirtualHost>
section to enable direct HTTP/2 communication for that virtual host.
Direct communication means that if the first bytes received by the server on a connection match the HTTP/2 preamble, the HTTP/2 protocol is switched to immediately without further negotiation. This mode is defined in RFC 7540 for the cleartext (h2c) case. Its use on TLS connections not mandated by the standard.
When a server/vhost does not have h2 or h2c enabled via
Protocols,
the connection is never inspected for a HTTP/2 preamble.
H2Direct
does not matter then. This is important for connections that
use protocols where an initial read might hang indefinitely, such
as NNTP.
For clients that have out-of-band knowledge about a server supporting h2c, direct HTTP/2 saves the client from having to perform an HTTP/1.1 upgrade, resulting in better performance and avoiding the Upgrade restrictions on request bodies.
This makes direct h2c attractive for server to server communication as well, when the connection can be trusted or is secured by other means.
H2Direct on
| Description: | Add a response header to be picked up in 103 Early Hints |
|---|---|
| Syntax: | H2EarlyHint name value |
| Context: | server config, virtual host, directory, .htaccess |
| Status: | Extension |
| Module: | mod_http2 |
| Compatibility: | Available in version 2.4.58 and later. |
H2EarlyHint allows adding a response
header before the real request processing is started. Such headers
are picked up for "103 Early Hints" intermediate responses. The main
purpose is to send "preload" information to client browsers.
name and value must be valid HTTP header fields
or will lead to failed responses. H2EarlyHints
must still be enabled to allow 103 intermediate responses to be sent.
This directive can be repeated several times and header fields of the
same names add.
H2EarlyHint Link "</my.css>;rel=preload;as=style"
| Description: | Determine sending of 103 status codes |
|---|---|
| Syntax: | H2EarlyHints on|off |
| Default: | H2EarlyHints off |
| Context: | server config, virtual host |
| Status: | Extension |
| Module: | mod_http2 |
| Compatibility: | Available in version 2.4.24 and later. |
This setting controls if HTTP status 103 interim responses are forwarded to the client or not. By default, this is currently not the case since a range of clients still have trouble with unexpected interim responses.
When set to on, PUSH resources announced with
H2PushResource will
trigger an interim 103 response
before the final response. The 103 response will carry Link
headers that advise the preload of such resources.
| Description: | Maximum bytes inside a single HTTP/2 DATA frame |
|---|---|
| Syntax: | H2MaxDataFrameLen n |
| Default: | H2MaxDataFrameLen 0 |
| Context: | server config, virtual host |
| Status: | Extension |
| Module: | mod_http2 |
| Compatibility: | Available in version 2.4.58 and later. |
H2MaxDataFrameLen limits the maximum
amount of response body bytes placed into a single HTTP/2 DATA
frame. Setting this to 0 places no limit (but the max size
allowed by the protocol is observed).
The module, by default, tries to use the maximum size possible, which is somewhat around 16KB. This sets the maximum. When less response data is availble, smaller frames will be sent.
| Description: | Maximum number of active streams per HTTP/2 session. |
|---|---|
| Syntax: | H2MaxSessionStreams n |
| Default: | H2MaxSessionStreams 100 |