Index: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
===================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
@@ -3724,6 +3724,119 @@
php.ini-production. These are starting
points to assist administrators in their deployment.
+
+
+
+ HTTP2 Support
+
+
+ Apache support for
+ the HTTP2 protocol is included by default
+ when installing the port with pkg. The new
+ version of HTTP includes many improvements
+ over the previous version, including utilizing a single
+ connection to a website, reducing overall roundtrips of
+ TCP connections. Also, packet header data
+ is compressed and HTTP2 requires
+ encryption by default.
+
+ When Apache is configured to
+ only use HTTP2, web browsers will
+ require secure, encrypted HTTPS
+ connections. When Apache is
+ configured to use both versions, HTTP1.1
+ will be considered a fall back option if any issues
+ arise during the connection.
+
+ While this change does require administrators to make
+ changes, they are positive and equate to a more secure
+ Internet for everyone. The changes are only required for
+ sites not currently implementing SSL
+ and TLS.
+
+
+ This configuration depends on the previous sections,
+ including TLS support. It is
+ recommended those instructions be followed before
+ continuing with this configuration.
+
+
+ Start the process by enabling the
+ http2 module by uncommenting the line in
+ /usr/local/etc/apache24/httpd.conf and
+ replace the mpm_prefork module with mpm_event as the former
+ does not support HTTP2.
+
+ LoadModule http2_module libexec/apache24/mod_http2.so
+LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
+
+
+ There is a separate
+ mod_http2 port that is
+ available. It exists to deliver security and bug fixes
+ quicker than the module installed with the bundled
+ apache24 port. It is
+ not required for HTTP2 support but
+ is available. When installed, the
+ mod_h2.so should be used in place
+ of mod_http2.so in the
+ Apache configuration.
+
+
+ There are two methods to implement HTTP2
+ in Apache; one way is globally for
+ all sites and each VirtualHost running on the system. To enable
+ HTTP2 globally, add the following line
+ under the ServerName directive:
+
+ Protocols h2 http/1.1
+
+
+ To enable HTTP2 over plaintext,
+ use h2 h2c
+ http/1.1 in the
+ httpd.conf.
+
+
+ Having the h2c here will allow
+ plaintext HTTP2 data to pass on the
+ system but is not recommended. In addition, using the
+ http/1.1 here will allow fallback
+ to the HTTP1.1 version of the protocol
+ should it be needed by the system.
+
+ To enable HTTP2 for individual
+ VirtualHosts, add the same line within the VirtualHost
+ directive in either httpd.conf or
+ httpd-ssl.conf.
+
+ Reload the configuration using the
+ apachectl reload command
+ and test the configuration either by using either of the
+ following methods after visiting one of the hosted pages:
+
+ &prompt.root; grep "HTTP/2.0" /var/log/httpd-access.log
+
+ This should return something similar to the following:
+
+ 192.168.1.205 - - [18/Oct/2020:18:34:36 -0400] "GET / HTTP/2.0" 304 -
+192.0.2.205 - - [18/Oct/2020:19:19:57 -0400] "GET / HTTP/2.0" 304 -
+192.0.0.205 - - [18/Oct/2020:19:20:52 -0400] "GET / HTTP/2.0" 304 -
+192.0.2.205 - - [18/Oct/2020:19:23:10 -0400] "GET / HTTP/2.0" 304 -
+
+ The other method is using the web browser's built
+ in site debugger or tcpdump; however,
+ using either method is beyond the scope of this
+ document.
+
+ Support for HTTP2 reverse
+ proxy connections by using the
+ mod_proxy_http2.so module. When
+ configuring the ProxyPass or RewriteRules [P] statements,
+ they should use h2:// for the connection.
+
+
+