You must enable HTTP/2 via Protocols in order to use the - functionality described in this document. The HTTP/2 protocol does not require the use of encryption so two schemes are available: h2 (HTTP/2 over TLS) and h2c (HTTP/2 over TCP).

You must enable HTTP/2 via Protocols + in order to use the functionality described in this document. The + HTTP/2 protocol does not require the use of encryption so two schemes are available: + h2 (HTTP/2 over TLS) and h2c (HTTP/2 over TCP).

Topics

@@ -113,11 +122,12 @@ pool from the MPM workers that you might be familiar with. This is just how things are right now and not intended to be like this forever. (It might be forever for the 2.4.x release line, though.) So, HTTP/2 - workers, or shorter H2Workers, will not show up in mod_status. They + workers, or shorter H2Workers, will not show up in mod_status. They are also not counted against directives such as ThreadsPerChild. However - they take ThreadsPerChild as default if you have not configured something - else via H2MinWorkers and - H2MaxWorkers. + they take ThreadsPerChild + as default if you have not configured something + else via H2MinWorkers and + H2MaxWorkers.

Another thing to watch out for is is memory consumption. Since HTTP/2 @@ -125,12 +135,12 @@ for and dependencies between them, it will always need more memory than HTTP/1.1 processing. There are three directives which steer the memory footprint of a HTTP/2 connection: - H2MaxSessionStreams, - H2WindowSize and - H2StreamMaxMemSize. + H2MaxSessionStreams, + H2WindowSize and + H2StreamMaxMemSize.

- H2MaxSessionStreams limits the + H2MaxSessionStreams limits the number of parallel requests that a client can make on a HTTP/2 connection. It depends on your site how many you should allow. The default is 100 which is plenty and unless you run into memory problems, I would keep it this @@ -138,14 +148,14 @@ use up only a little bit of memory until the actual processing starts.

- H2WindowSize controls how much + H2WindowSize controls how much the client is allowed to send as body of a request, before it waits for the server to encourage more. Or, the other way around, it is the amount of request body data the server needs to be able to buffer. This is per request.

- And last, but not least, H2StreamMaxMemSize + And last, but not least, H2StreamMaxMemSize controls how much response data shall be buffered. The request sits in a H2Worker thread and is producing data, the HTTP/2 connection tries to send this to the client. If the client does not read fast enough, @@ -153,7 +163,7 @@ H2Worker.

- If you serve a lot of static files, H2SessionExtraFiles + If you serve a lot of static files, H2SessionExtraFiles is of interest. This tells the server how many file handles per HTTP/2 connection it is allowed to waste for better performance. Because when a request produces a static file as the response, the file handle @@ -240,8 +250,9 @@

When a server/vhost does not have h2 or h2c enabled via - <Protocols>, - the connection is never inspected for a HTTP/2 preamble. H2Direct + Protocols, + the connection is never inspected for a HTTP/2 preamble. + H2Direct does not matter then. This is important for connections that use protocols where an initial read might hang indefinitely, such as NNTP. @@ -292,7 +303,7 @@

This directive sets the maximum number of seconds a h2 worker may idle until it shuts itself down. This only happens while the number of - h2 workers exceeds H2MinWorkers. + h2 workers exceeds H2MinWorkers.

Example

H2MaxWorkerIdleSeconds 20

@@ -310,7 +321,7 @@

This directive sets the maximum number of worker threads to spawn per child process for HTTP/2 processing. If this directive is not used, - mod_http2 will chose a value suitable for the mpm + mod_http2 will chose a value suitable for the mpm module loaded.

Example

H2MaxWorkers 20

@@ -329,7 +340,7 @@

This directive sets the minimum number of worker threads to spawn per child process for HTTP/2 processing. If this directive is not used, - mod_http2 will chose a value suitable for the mpm + mod_http2 will chose a value suitable for the mpm module loaded.

Example

H2MinWorkers 10

@@ -366,14 +377,14 @@ in OpSec, this is a moving target and can be expected to evolve in the future.

- One purpose of having these checks in mod_http2 is to enforce this + One purpose of having these checks in mod_http2 is to enforce this security level for all connections, not only those from browsers. The other purpose is to prevent the negotiation of HTTP/2 as a protocol should the requirements not be met.

Ultimately, the security of the TLS connection is determined by the - server configuration directives for mod_ssl. + server configuration directives for mod_ssl.

Example

H2ModernTLSOnly off

@@ -445,7 +456,7 @@

H2PushDiarySize Directive

- + @@ -501,7 +512,7 @@

When a stream depends on another, say X depends on Y, then Y gets all bandwidth before X gets any. Note that this - does not men that Y will block X. If Y has no data to send, + does not mean that Y will block X. If Y has no data to send, all bandwidth allocated to Y can be used by X.

@@ -692,8 +703,8 @@ H2PushPriority text/css interleaved <VirtualHost>s.

- See <H2TLSWarmUpSize> for a - description of TLS warmup. H2TLSCoolDownSecs reflects the fact + See H2TLSWarmUpSize for a + description of TLS warmup. H2TLSCoolDownSecs reflects the fact that connections may deteriorate over time (and TCP flow adjusts) for idle connections as well. It is beneficial to overall performance to fall back to the pre-warmup phase after a number of seconds that @@ -716,7 +727,7 @@ H2PushPriority text/css interleaved

H2TLSWarmUpSize Directive

Description:	H2 Server Push Diary Size
Syntax:	`H2PushDiarySize n`
Syntax:	`H2PushDiarySize n`
Default:	`H2PushDiarySize 256`
Context:	server config, virtual host
Status:	Extension

- + @@ -793,12 +804,12 @@ H2PushPriority text/css interleaved Please be aware that Upgrades are only accepted for requests that carry no body. POSTs and PUTs with content will never trigger an upgrade to HTTP/2. - See <H2Direct> for an + See H2Direct for an alternative to Upgrade.

This mode only has an effect when h2 or h2c is enabled via - the <Protocols>. + the Protocols.

Example

H2Upgrade on

Description:
Syntax:	`H2TLSWarmUpSize amount`
Syntax:	`H2TLSWarmUpSize amount`
Default:	`H2TLSWarmUpSize 1048576`
Context:	server config, virtual host
Status:	Extension

Warning

HTTP/2 in a VirtualHost context (TLS only)

HTTP/2 in a Server context (TLS and cleartext)

Topics

Example

Example

Example

Example

H2PushDiarySize Directive

H2TLSWarmUpSize Directive

Example