Would you like to learn how to enable the Apache HTTP/2 on Ubuntu Linux? In this tutorial, we are going to show you all the steps required to enable the HTTP2 protocol and a computer running Ubuntu Linux.

• Ubuntu version: 18.04

Hardware List:

The following section presents the list of equipment used to create this WordPress tutorial.

Every piece of hardware listed above can be found at Amazon website.

WordPress Playlist:

On this page, we offer quick access to a list of videos related to WordPress installation.

Don't forget to subscribe to our youtube channel named FKIT.

WordPress Related Tutorial:

On this page, we offer quick access to a list of tutorials related to WordPress installation.

GoDaddy Account

First, you need to access the GODADDY WEBSITE and create an account.

This account will be used to create your HTTPS certificate.

THe HTTP2 feature requires an HTTPS certificate.

THe HTTP2 feature does not work using HTTP only.

Tutorial - HTTPS Certificate Creation

On the Linux console, use the following command to install the required packages.

# apt-get update
# apt-get install openssl

Use the following command to generate your KEY file and your CSR file.

# mkdir -p /downloads/certificate
# cd /downloads/certificate
# openssl req -new -newkey rsa:2048 -nodes -keyout techexpert.key -out techexpert.csr

The system will ask some questions to fulfill your certificate request.

• Country Name - Enter the 2 letter code for your country
• State or Province Name - Enter the name of your State or Province.
• Locality Name - Enter the name of your City
• Organization Name - Enter your organization name or your personal name.
• Organizational Unit Name - Optional
• Common Name - Enter your website hostname
• Email Address - Optional
• A challenge password - Optional.
• An optional company name - optional.

In our example, we are creating a certificate request for the website techexpert.tips.

Generating a 2048 bit RSA private key
...................+++
...................+++
writing new private key to 'techexpert.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:Rio de Janeiro
Locality Name (eg, city) []:Rio de Janeiro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Jonas Smith
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:techexpert.tips
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

The CSR contains your Certificate Sign Request and will be sent to GoDaddy to create your Public certificate.

Here is the content of the CSR file:

-----BEGIN CERTIFICATE REQUEST-----
MIICtDCCAZwCAQAwbzELMAkGA1UEBhMCQlIxFzAVBgNVBAgMDlJpbyBkZSBKYW5l
aXJvMRcwFQYDVQQHDA5SaW8gZGUgSmFuZWlybzEUMBIGA1UECgwLSm9uYXMgU21p
dGgxGDAWBgNVBAMMD3RlY2hleHBlcnQudGlwczCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALAZgXHiRxCZgLmAl+2eNmFY1VmQgvvBIxMW0V8hjfs81tU1
4nXUei51fwdai63ypc7EG8cTyhS3Os7/3npwJU2x1j55dlVXBSGN5JFP3Afa9SHe
9XDqaLRNHLUpkkaj6EV5RLvMZvT8jBUyh+wQTesAzWz1Gg07MfpD9Ls6JcUfg6GN
s5Fy/SYEEONtSAgH48+hJ0KP3zIeNk2/JUS9T3FktBnEN8Uwmv2U0A5HQAg5oAuR
doy7XMLn4bVnbH5b3FIjgkx6CIqgeEj9e3cDeULJPzUYZzdGuaWKCFllWy2vQUrh
ei1wl7lguwGfXEi6TJStackcZHPwyYLbpKFhEssCAwEAAaAAMA0GCSqGSIb3DQEB
CwUAA4IBAQCBKsz7z95s251RaZ/x+URiIvtMFl+JheLt8PSJB8CC+SltA245kYg4
CbWc5blXckwcM+2LQ0Dd4YcWfKGunlee/Agju74gbqybV77cpA14w8wRK3tasv24
8/VD+94WvMME+WlBpuTPGIEqgAIt653Fn/E+MLD42ICRGkL+HZITAYltn+4uNtO7
S35jJ5OIVJ5WdTLWfrakCqEtPXVOpyYalwVF5MrmYzJhfeIGuLQge62uP+EFHrWI
W3+ATnPFpq0/slsxu24s00GBkj56cO2JNnmhVpSjQkmd2Jmsz42+Myh/dGTrFnd5
fQcXU9D/+qELbzFtWyVeU1SK0mufavGw
-----END CERTIFICATE REQUEST-----

The KEY file contains your Certificate private key and must be kept in a safe place all the time.

Here is the content of the KEY file:

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCwGYFx4kcQmYC5
gJftnjZhWNVZkIL7wSMTFtFfIY37PNbVNeJ11HoudX8HWout8qXOxBvHE8oUtzrO
/956cCVNsdY+eXZVVwUhjeSRT9wH2vUh3vVw6mi0TRy1KZJGo+hFeUS7zGb0/IwV
MofsEE3rAM1s9RoNOzH6Q/S7OiXFH4OhjbORcv0mBBDjbUgIB+PPoSdCj98yHjZN
vyVEvU9xZLQZxDfFMJr9lNAOR0AIOaALkXaMu1zC5+G1Z2x+W9xSI4JMegiKoHhI
/Xt3A3lCyT81GGc3RrmlighZZVstr0FK4XotcJe5YLsBn1xIukyUrWnJHGRz8MmC
26ShYRLLAgMBAAECggEAdpK19ljGQQcbBczwf67oLuQBxCzqBVomo9PZZpTRZTmx
7h46Pdyz6FR1FB6DrryTqIWjrohEqW42yuq+gvLAK3BzMd3XL99INS+1l6KOJTvp
ksTtvvoXRlAl5FX5iFcVLrJY9ZrMOGlUaXF81BamYHZJ2/OtdvtEy562Str8U52m
GTkgfpWnaLc66T05zViNwiAb5yg0v9Xb9YOEgLY8VdqYppUnJNzYs7utiDGbOjPa
OCZ5oLTl1b9l6sNw7RhhOmq/jPOur4Keg124fyleULi2Uln52waLWeI8fWI/AHmP
UQQkC3athEOKr0f1Zk9ZRxYJq5FYGPTElqQdbltEAQKBgQDiqSp4XM0tfFJwZIkH
ooEcPw+to4T0333K4mipx+YxlELCHvIXW2xIxlejyhgnVIQWX6qS0F7VUGnVuSKz
hB0zfcd89MYcqGyQSEdc9kZB+Twb9Hzd3fTXu7hKjXoz9+UKfcOXfQdILGnDqyG8
zCF//aNocRvxaO9E1cZ+1irlcQKBgQDG5OZUr8kMYI8Tl0GcmWZSFZfMYBYT3CAq
YPHmNQcHhENGz6v9jBZjkeZJBLMRZLlRWjcrWhKbEEHsjZJYiJP4u2n6n57Il9h9
OVqfK7RR3k1r9bMKzhYRnu1FsEPpMKKUrLPDChthxduXEPPZgoKGSYmhLAiYqyPg
USOyZzFt+wKBgQCmfjSgLSrZ2pSD0pWFciz8nqXZml+zr+cq/Jx8+kVw7cML7MdP
uOwVmPwPaAfN/Br6hFM7fKvsbSEQyOlgjA8XH7FFbFeJ/X2hjjY9Zvm8xGMO9cwy
/TM4tL9uo/W77r/jsPXXdRPARD98Z1xk3l1NMvaxZURtU/NN0On5iUABQQKBgGIu
FiER0R3iAF68WLAT7TVx4UgK2nsdO2eQCXkJDhpAyPEIjK8RWu/10oaS4k4guXYW
IYut3+dZpCFAVVCMwvaSlSMZbkk4464VBM3zxgRvxyoW1DXuO2ihWiD/fNZ8opTf
l7EcqR2fjOFKhgUF7qaZYG4GDYxHVuNhSkzDsdvHAoGBAIfDk7fLsG/BYROxJpzN
b1CoG8DE+DKYTWwMWW45rDF0ImbC6H3fg876CeZ3YKGWqt9qkha7gnGGVRRufP15
O7ZEXebZXeDYafXSNcnqSe7FSNtVr1eFlTWmL8OiWQuaqxjs/VogdWfhkEGPISVF
AOM3I6XSGx4NxW2RgYmvQZ4O
-----END PRIVATE KEY-----

Go back to the GODADDY WEBSITE and purchase the SSL certificate.

You will be required to paste the content of the CSR file on the website.

GoDaddy Generate Certificate

After 10 minutes, GoDaddy will finish the creation of your certificate and allow you to download a ZIP file.

In our example, the ZIP file was named: techexpert.tips.zip

GoDaddy Certificate Download

Copy the ZIP file to your Linux server.

In our example, I will assume that you did copy the ZIP file to the following directory: /downloads/certificate

# cd /downloads/certificate
# unzip techexpert.tips.zip

Archive: techexpert.tips.zip
inflating: gd_bundle-g2-g1.crt
inflating: 1c9ad5b95b2ac0fb.crt

Let's list the files available inside the certificate directory.

•  1c9ad5b95b2ac0fb.crt
• gd_bundle-g2-g1.crt
• techexpert.csr
• techexpert.key
• techexpert.tips.zip

You should have similar files inside your certificate directory.

Optional. If you want to look inside the certificate files sent from Godady, use the following commands.

# openssl x509 -in gd_bundle-g2-g1.crt -text -noout
# openssl x509 -in ab0562011b4bb0c7.crt -text -noout

Don't forget to change the file names to reflect your environment.

Tutorial - Apache HTTP2 Installation

First, you need to install the Apache web server.

On the Linux console, use the following commands to install Apache with HTTP/2 and PHP support.

# apt-get update
# apt-get install apache2 php7.2-fpm

Enable the required modules and configuration files.

# a2enmod proxy_fcgi
# a2enmod setenvif
# a2enconf php7.2-fpm

If you had PHP installed in your Apache installation, you need to disable the standard Apache PHP module.

# a2dismod php7.2

Enable the new Apache PHP module.

Disable the Apache default MPM.

Enable the new Apache MPM.

# a2dismod php7.2
# a2dismod mpm_prefork
# a2enmod mpm_event

Apache 2 introduced Multi-Processing Modules or MPMs.

The MPMs change how Apache handles requests from clients.

Enable the Apache HTTP2 module.

# a2enmod http2

Edit the apache2.conf configuration file.

# vi /etc/apache2/apache2.conf

Enable the Apache HTTP2 support by adding the following line at the end of the configuration file.

Protocols h2 http/1.1

As an example, here is our apache2.conf file.

DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
Protocols h2 http/1.1

Restart the PHP service and verify the service status.

# /etc/init.d/php7.2-fpm restart
# service php7.2-fpm status

Here is an example of the PHP service status output.

● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-12-15 01:59:52 UTC; 48s ago
Docs: man:php-fpm7.2(8)
Main PID: 8859 (php-fpm7.2)
Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
Tasks: 3 (limit: 1152)
CGroup: /system.slice/php7.2-fpm.service
├─8859 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
├─8873 php-fpm: pool www
└─8874 php-fpm: pool www

You should also restart apache manually and verify the service status.

# service apache2 stop
# service apache2 start
# service apache2 status

Here is an example of the Apache service status output.

● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sat 2018-12-15 01:51:28 UTC; 11min ago
Process: 8672 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
Process: 8715 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 8730 (apache2)
Tasks: 55 (limit: 1152)
CGroup: /system.slice/apache2.service
├─8730 /usr/sbin/apache2 -k start
├─8733 /usr/sbin/apache2 -k start
└─8734 /usr/sbin/apache2 -k start

You have finished the Apache installation with HTTp/2 enabled.

Testing Apache HTTP2 Support

Now, we are going to test if our Apache installation really supports HTTP2.

Install the required software to test the Apache HTTP/2 support.

# apt-get update
# apt-get install wget curl

Use the following command to test the Apache HTTP2 feature support using WGET.

Keep in mind that you need to change 200.200.200.200 to your server IP address.

# wget -S http://200.200.200.200/

Here is the result after our configuration:

HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Sat, 15 Dec 2018 02:34:09 GMT
Server: Apache/2.4.29 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 15 Dec 2018 01:48:02 GMT
ETag: "2aa6-57d05bcfe6618"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Content-Type: text/html
Length: 10918 (11K) [text/html]

As you can see, the following line tells that our server supports the HTTP2 feature.

Tutorial - Configure Apache HTTP2 Virtualhost

Now, let' use the HTTPS certificate that we purchased from GoDaddy and create an HTTP2 website.

Use the folowing command to create the required folders.

# mkdir -p /websites/techexpert
# mkdir -p /websites/techexpert/www
# mkdir -p /websites/techexpert/logs
# chown www-data.www-data /websites/* -R

Create your Apache VIRTUALHOST configuration file to also offer your website over HTTPS:

# vi /etc/apache2/sites-available/techexpert.conf

Keep in mind that your VIRTUALHOST file name and location may not be the same of mine.

As an example, here is our VirtualHost configuration file.

This VIRTUALHOST file has the HTTPS and HTTP2 enabled.

This file was also configured to redirect any HTTP connection to the HTTPS version of the website.

<VirtualHost *:80>
ServerAdmin nobody@care.com
ServerName techexpert.tips
Redirect permanent / https://techexpert.tips/
</virtualhost>

<VirtualHost *:443>
Protocols h2 http/1.1
ServerAdmin nobody@care.com
DocumentRoot /websites/techexpert/www
ServerName techexpert.tips

<Directory /websites/techexpert/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLCertificateFile /downloads/certificate/1c9ad5b95b2ac0fb.crt
SSLCertificateKeyFile /downloads/certificate/techexpert.key
SSLCertificateChainFile /downloads/certificate/gd_bundle-g2-g1.cr

ErrorLog /websites/techexpert/logs/error.log
CustomLog /websites/techexpert/logs/access.log combined
LogLevel error
</VirtualHost>

Set the correct file permission on all certificate and key files.

# chown www-data.www-data /downloads/certificate/* -R

Enable the Apache VIRTUALHOST configuration.

Restart the Apache service.

# a2ensite techexpert.conf
# service apache2 restart

You have finished the Apache HTTP2 Configuration.

Test HTTP2 Connection using Chrome

Now, we are going to test our Apache HTTP2 installation.

We are going to use the  Chrome HTTP/2 and SPDY Indicator extension to detect the HTTP2 support.

Access the Google web store and install the Chrome HTTP/2 and SPDY Indicator extension.

HTTP2 and SPDy Chrome Extension

The HTTP/2 extension will add an indicator button on the top-right part of the screen.

The indicator button is in the shape of a lightning.

If the lightning indicator is gray, it means that the website does not support HTTP2

If the lightning indicator is gray, it means that the website does not support HTTP2.

http2 spdy off

If the lightning indicator is blue, it means that the website does support HTTP2.

http2 spdy on

If the lightning indicator is green, it means that the website does support HTTP2, SPDY and the QUIC protocol

http2 spdy on QUIC

Now, you are able to quickly detect which website has HTTP/2 support enabled.

Try to access your website and verify if the lightning indicator is blue.

Keep in mind that you need to change the website https://techexpert.tips to your website name.