D26850.id78730.diff
No OneTemporary
Actions

Size

5 KB

Referenced Files

None

Subscribers

None

D26850.id78730.diff
View Options

	Index: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
	===================================================================
	--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
	+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
	@@ -3724,6 +3724,119 @@
	<filename>php.ini-production</filename>. These are starting
	points to assist administrators in their deployment.</para>
	</sect3>
	+
	+ <sect3>
	+ <info>
	+ <title>HTTP2 Support</title>
	+ </info>
	+
	+ <para><application>Apache</application> support for
	+ the <acronym>HTTP</acronym>2 protocol is included by default
	+ when installing the port with <command>pkg</command>. The new
	+ version of <acronym>HTTP</acronym> includes many improvements
	+ over the previous version, including utilizing a single
	+ connection to a website, reducing overall roundtrips of
	+ <acronym>TCP</acronym> connections. Also, packet header data
	+ is compressed and <acronym>HTTP</acronym>2 requires
	+ encryption by default.</para>
	+
	+ <para>When <application>Apache</application> is configured to
	+ only use <acronym>HTTP</acronym>2, web browsers will
	+ require secure, encrypted <acronym>HTTPS</acronym>
	+ connections. When <application>Apache</application> is
	+ configured to use both versions, <acronym>HTTP</acronym>1.1
	+ will be considered a fall back option if any issues
	+ arise during the connection.</para>
	+
	+ <para>While this change does require administrators to make
	+ changes, they are positive and equate to a more secure
	+ Internet for everyone. The changes are only required for
	+ sites not currently implementing <acronym>SSL</acronym>
	+ and <acronym>TLS</acronym>.</para>
	+
	+ <note>
	+ <para>This configuration depends on the previous sections,
	+ including <acronym>TLS</acronym> support. It is
	+ recommended those instructions be followed before
	+ continuing with this configuration.</para>
	+ </note>
	+
	+ <para>Start the process by enabling the
	+ <acronym>http</acronym>2 module by uncommenting the line in
	+ <filename>/usr/local/etc/apache24/httpd.conf</filename> and
	+ replace the mpm_prefork module with mpm_event as the former
	+ does not support <acronym>HTTP</acronym>2.</para>
	+
	+ <programlisting>LoadModule http2_module libexec/apache24/mod_http2.so
	+LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so</programlisting>
	+
	+ <note>
	+ <para>There is a separate
	+ <filename role="port">mod_http2</filename> port that is
	+ available. It exists to deliver security and bug fixes
	+ quicker than the module installed with the bundled
	+ <filename role="port">apache24</filename> port. It is
	+ not required for <acronym>HTTP</acronym>2 support but
	+ is available. When installed, the
	+ <filename>mod_h2.so</filename> should be used in place
	+ of <filename>mod_http2.so</filename> in the
	+ <application>Apache</application> configuration.</para>
	+ </note>
	+
	+ <para>There are two methods to implement <acronym>HTTP</acronym>2
	+ in <application>Apache</application>; one way is globally for
	+ all sites and each VirtualHost running on the system. To enable
	+ <acronym>HTTP</acronym>2 globally, add the following line
	+ under the ServerName directive:</para>
	+
	+ <programlisting>Protocols h2 http/1.1</programlisting>
	+
	+ <note>
	+ <para>To enable <acronym>HTTP</acronym>2 over plaintext,
	+ use <acronym>h2</acronym> <acronym>h2c</acronym>
	+ <acronym>http</acronym>/1.1 in the
	+ <filename>httpd.conf</filename>.</para>
	+ </note>
	+
	+ <para>Having the <acronym>h2c</acronym> here will allow
	+ plaintext <acronym>HTTP</acronym>2 data to pass on the
	+ system but is not recommended. In addition, using the
	+ <acronym>http</acronym>/1.1 here will allow fallback
	+ to the <acronym>HTTP</acronym>1.1 version of the protocol
	+ should it be needed by the system.</para>
	+
	+ <para>To enable <acronym>HTTP</acronym>2 for individual
	+ VirtualHosts, add the same line within the VirtualHost
	+ directive in either <filename>httpd.conf</filename> or
	+ <filename>httpd-ssl.conf</filename>.</para>
	+
	+ <para>Reload the configuration using the
	+ <command>apachectl</command> <parameter>reload</parameter> command
	+ and test the configuration either by using either of the
	+ following methods after visiting one of the hosted pages:</para>
	+
	+ <screen>&prompt.root; <userinput>grep "HTTP/2.0" /var/log/httpd-access.log</userinput></screen>
	+
	+ <para>This should return something similar to the following:</para>
	+
	+ <programlisting>192.168.1.205 - - [18/Oct/2020:18:34:36 -0400] "GET / HTTP/2.0" 304 -
	+192.0.2.205 - - [18/Oct/2020:19:19:57 -0400] "GET / HTTP/2.0" 304 -
	+192.0.0.205 - - [18/Oct/2020:19:20:52 -0400] "GET / HTTP/2.0" 304 -
	+192.0.2.205 - - [18/Oct/2020:19:23:10 -0400] "GET / HTTP/2.0" 304 -</programlisting>
	+
	+ <para>The other method is using the web browser's built
	+ in site debugger or <command>tcpdump</command>; however,
	+ using either method is beyond the scope of this
	+ document.</para>
	+
	+ <para>Support for <acronym>HTTP</acronym>2 reverse
	+ proxy connections by using the
	+ <filename>mod_proxy_http2.so</filename> module. When
	+ configuring the ProxyPass or RewriteRules [P] statements,
	+ they should use h2:// for the connection.</para>
	+ </sect3>
	+
	+
	</sect2>

	<sect2>

File Metadata

Mime Type: text/plain
Expires: Thu, Apr 2, 4:13 AM (5 h, 49 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 30681713
Default Alt Text: D26850.id78730.diff (5 KB)

D26850.id78730.diffNo OneTemporaryActions

D26850.id78730.diffView Options

File Metadata

Event Timeline

D26850.id78730.diff
No OneTemporary
Actions

D26850.id78730.diff
View Options