Return-Path:
This module relies on libnghttp2 - to provide the core http/2 engine.
+ to provide the core http/2 engine.This module is experimental. Its behaviors, directives, and @@ -48,24 +48,33 @@ consult the "CHANGES" file for potential updates.
You must enable HTTP/2 via Protocols
in order to use the
- functionality described in this document. The HTTP/2 protocol does not require the use of encryption so two schemes are available: h2
(HTTP/2 over TLS) and h2c
(HTTP/2 over TCP).
You must enable HTTP/2 via Protocols
+ in order to use the functionality described in this document. The
+ HTTP/2 protocol does not require the use of encryption so two schemes are available:
+ h2
(HTTP/2 over TLS) and h2c
(HTTP/2 over TCP).
Two useful configuration schemes are:
Protocols h2 http/1.1-
Allows HTTP/2 negotiation (h2) via TLS ALPN in a secure VirtualHost
. HTTP/2 preamble checking (Direct mode, see H2Direct
) is disabled by default for h2
.
Allows HTTP/2 negotiation (h2) via TLS ALPN in a secure
+ <VirtualHost>
.
+ HTTP/2 preamble checking (Direct mode, see H2Direct
) is disabled by default for h2
.
Protocols h2 h2c http/1.1-
Allows HTTP/2 negotiation (h2) via TLS ALPN for secure VirtualHost
. Allows HTTP/2 cleartext negotiation (h2c) upgrading from an initial HTTP/1.1 connection or via HTTP/2 preamble checking (Direct mode, see H2Direct
).
Allows HTTP/2 negotiation (h2) via TLS ALPN for secure
+ <VirtualHost>
. Allows
+ HTTP/2 cleartext negotiation (h2c) upgrading from an initial HTTP/1.1
+ connection or via HTTP/2 preamble checking (Direct mode, see
+ H2Direct
).
Refer to the official HTTP/2 FAQ for any doubt about the protocol.
+Refer to the official HTTP/2 FAQ + for any doubt about the protocol.
mod_status
. They
are also not counted against directives such as ThreadsPerChild. However
- they take ThreadsPerChild as default if you have not configured something
- else via H2MinWorkers
and
- H2MaxWorkers
.
+ they take ThreadsPerChild
+ as default if you have not configured something
+ else via H2MinWorkers
and
+ H2MaxWorkers
.
Another thing to watch out for is is memory consumption. Since HTTP/2
@@ -125,12 +135,12 @@
for and dependencies between them, it will always need more memory
than HTTP/1.1 processing. There are three directives which steer the
memory footprint of a HTTP/2 connection:
- H2MaxSessionStreams
,
- H2WindowSize
and
- H2StreamMaxMemSize
.
+ H2MaxSessionStreams
,
+ H2WindowSize
and
+ H2StreamMaxMemSize
.
- H2MaxSessionStreams
limits the
+ H2MaxSessionStreams
limits the
number of parallel requests that a client can make on a HTTP/2 connection.
It depends on your site how many you should allow. The default is 100 which
is plenty and unless you run into memory problems, I would keep it this
@@ -138,14 +148,14 @@
use up only a little bit of memory until the actual processing starts.
- H2WindowSize
controls how much
+ H2WindowSize
controls how much
the client is allowed to send as body of a request, before it waits
for the server to encourage more. Or, the other way around, it is the
amount of request body data the server needs to be able to buffer. This
is per request.
- And last, but not least, H2StreamMaxMemSize
+ And last, but not least, H2StreamMaxMemSize
controls how much response data shall be buffered. The request sits in
a H2Worker thread and is producing data, the HTTP/2 connection tries
to send this to the client. If the client does not read fast enough,
@@ -153,7 +163,7 @@
H2Worker.
- If you serve a lot of static files, H2SessionExtraFiles
+ If you serve a lot of static files, H2SessionExtraFiles
is of interest. This tells the server how many file handles per
HTTP/2 connection it is allowed to waste for better performance. Because
when a request produces a static file as the response, the file handle
@@ -240,8 +250,9 @@
When a server/vhost does not have h2 or h2c enabled via
- <Protocols>
,
- the connection is never inspected for a HTTP/2 preamble. H2Direct
+ Protocols
,
+ the connection is never inspected for a HTTP/2 preamble.
+ H2Direct
does not matter then. This is important for connections that
use protocols where an initial read might hang indefinitely, such
as NNTP.
@@ -292,7 +303,7 @@
This directive sets the maximum number of seconds a h2 worker may
idle until it shuts itself down. This only happens while the number of
- h2 workers exceeds H2MinWorkers
.
+ h2 workers exceeds H2MinWorkers
.
H2MaxWorkerIdleSeconds 20
This directive sets the maximum number of worker threads to spawn
per child process for HTTP/2 processing. If this directive is not used,
- mod_http2
will chose a value suitable for the mpm
+ mod_http2
will chose a value suitable for the mpm
module loaded.
H2MaxWorkers 20@@ -329,7 +340,7 @@
This directive sets the minimum number of worker threads to spawn
per child process for HTTP/2 processing. If this directive is not used,
- mod_http2
will chose a value suitable for the mpm
+ mod_http2
will chose a value suitable for the mpm
module loaded.
H2MinWorkers 10@@ -366,14 +377,14 @@ in OpSec, this is a moving target and can be expected to evolve in the future.
- One purpose of having these checks in mod_http2 is to enforce this
+ One purpose of having these checks in mod_http2
is to enforce this
security level for all connections, not only those from browsers. The other
purpose is to prevent the negotiation of HTTP/2 as a protocol should
the requirements not be met.
Ultimately, the security of the TLS connection is determined by the
- server configuration directives for mod_ssl.
+ server configuration directives for mod_ssl
.
H2ModernTLSOnly off
Description: | H2 Server Push Diary Size |
---|---|
Syntax: | H2PushDiarySize n |
Syntax: | H2PushDiarySize n |
Default: | H2PushDiarySize 256 |
Context: | server config, virtual host |
Status: | Extension |
Description: | |
---|---|
Syntax: | H2TLSWarmUpSize amount |
Syntax: | H2TLSWarmUpSize amount |
Default: | H2TLSWarmUpSize 1048576 |
Context: | server config, virtual host |
Status: | Extension |