This morning I figured I'd set up HTTPS and HTTP2 on my web server. It was pretty easy, too. And man, HTTP2 is fast, especially on silly sites like mine that have a large amount of small images on the page. Good riddance to sprites.
Here's how I set up my Ubuntu Apache2 web server for HTTPS and HTTP2:
For starters, let's get a HTTPS cert. You can get one for free using Let's Encrypt, a non-profit certificate authority from the US. It has an automagical command line tool that creates certs for you and registers them with the CA. It can even automate installation for Apache. Sadly, my Apache config didn't work with the automatic tool, so I had to do it manually. Which wasn't too bad either.
First, I shut down the Apache web server with
sudo service apache2 stop. Then, I used the Let's Encrypt client to fetch the cert (this needs to be run on the server pointed to by the domain name):
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto certonly --standalone -d MY.DOMAIN.NAME
If everything goes well, you should now have the certificate files in
/etc/letsencrypt/live/MY.DOMAIN.NAME/. To get HTTPS running, I edited my Apache2 configuration to set up the SSL module and use it for my domain.
<VirtualHost *:443> ServerAlias MY.DOMAIN.NAME SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/MY.DOMAIN.NAME/cert.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/MY.DOMAIN.NAME/privkey.pem" SSLCertificateChainFile "/etc/letsencrypt/live/MY.DOMAIN.NAME/chain.pem" ...
Ok, HTTPS working. Let's do HTTP2 now. If you haven't yet, you need to upgrade your Apache to version 2.4.17 to get HTTP2 support. Older versions of Ubuntu don't have Apache 2.4.17, so you may need to add a custom PPA to your software sources with
sudo add-apt-repository ppa:ondrej/apache2 or such.
After upgrading Apache, turn on the HTTP2 module with
sudo a2enmod http2. Almost there! The last step is to turn on HTTP2 on our HTTPS virtual host by adding
h2 to the
Protocols directive. I also turned on the
H2Direct directive, as the description said that it'll spare the server from upgrading a HTTP/1.1 connection if the client starts talking HTTP2.
<VirtualHost *:443> ServerAlias MY.DOMAIN.NAME SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/MY.DOMAIN.NAME/cert.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/MY.DOMAIN.NAME/privkey.pem" SSLCertificateChainFile "/etc/letsencrypt/live/MY.DOMAIN.NAME/chain.pem" Protocols h2 http/1.1 H2Direct on ...
That's it! Now turn on Apache again with
sudo service apache2 start and you should have HTTP2 running. You can check for it in Chrome DevTools by going to the Network pane, right-clicking on the columns header and turning on the Protocol column.
Thanks for reading! Hope this helps you getting your site up and running on HTTP2.