Configure Tomcat 9 for HTTP/2

The Goal of HTTP2

The goal of HTTP/2 is to increase the perceived performance of the web browsing experience.

Why Do We Need HTTP2

A web page has many resources that need to be load. In HTTP 1.0 requests for all resources are sent all at once and the server responds to each request. If one of the resources takes time to response then all other resources are blocked because of head-of-line blocking.

Upgrade From HTTP1.1

Most website are using HTTP1.1. To talk in HTTP/2.

You can use the upgrade header (101 switching protocols) to send h2c to the server, the server will upgrade to h2c (c means clear text). However there is no h2c in Firefox or Chrome.

What if it is secure? We can use ALPN which is a TLS extension and in the handshake you send an extension and the server will determine that the communication is h2 and will continue using h2.

Download Tomcat 9

Download the appropriate binary distribution of Tomcat 9 for your system and install by unpacking the bundle. Ensure that you have Java 8 SE installed.

Generate Certificate With OpenSSL

As we have discussed above it is required to configure TLS, for this we need a certificate. If you don’t already have a certificate you can generate one with OpenSSL.

Configure server.xml

One of the changes in Tomcat 9 is that TLS virtual hosting and multiple certificate are supported for a single connector with each virtual host able to support multiple certificates.

Open the conf/server.xml file and make the following configuration changes.

<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
<SSLHostConfig honorCipherOrder="false">
<Certificate certificateKeyFile="conf/ca.key"
certificateFile="conf/ca.crt"/>
</SSLHostConfig>
</Connector>

Restart Tomcat.

See the video:

Original POST