Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Tomcat Last updated: September 14, 2023
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

A step-by-step guide to setup HTTP2 in Apache Tomcat

Full HTTP2 support is added to the latest version of Tomcat 9.x. HTTP/2 is fast, much faster than HTTP/1.1.

If you directly serve the content to the browser (without going through a web server) from Tomcat then implementing HTTP/2 can drastically reduce the application load time and overall improve the performance. Its recommended testing this in a non-production environment to ensure application behave as expected.

Read this if you are looking to enable in a web server like Apache or Nginx.

https://geekflare.com/http2-implementation-apache-nginx/

Pre-requisite

Tomcat must be secured with SSL/TLS certificate before implementing HTTP2. If you need help with the implementation, then check out this guide.

https://geekflare.com/tomcat-ssl-guide/

Implementing HTTP/2 on Tomcat

Note: Take a backup of configuration files before modification so you can restore if something goes wrong.

  • Login to Tomcat Server and go the installation folder
  • Go to conf folder
  • Modify server.xml file using vi or your favorite editor
  • Add the following in SSL connector
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

Overall, it should look like below.

<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/key.pem"
                         certificateFile="conf/cert.pem"
                         certificateChainFile="conf/chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

Above are my lab configuration so if you are copying it then don’t forget to adjust the configuration to fit your environment requirement — especially the port if using a custom one and certificate path.

  • Restart Tomcat instance by going to bin folder and execute the following scripts
./shutdown.sh
./startup.sh
  • Check the catalina.out log, and you should see the following confirmation that is configured to support h2
24-Feb-2019 19:43:47.559 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-apr-443"] connector has been configured to support negotiation to [h2] via ALPN

This means Tomcat is ready to serve requests over HTTP2 protocol.

Also read: HTTP 2 Implementation Guide on LiteSpeed Web Server

Testing if Tomcat is serving over H2

How do you know if it is working as expected?

There are multiple ways to test this.

Using Chrome

Useful for testing Intranet applications.

  • Launch Google Chrome
  • Open Developer Tools by pressing F12
  • Go to the network tab
  • Access your Tomcat application and pay attention to Protocol column
tomcat-http2

And, as you can see the requests were served using h2.

Using Logs

Look at access.log file and review the incoming requests.

xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET / HTTP/2.0" 200 11468
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /tomcat.css HTTP/2.0" 200 5931
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /tomcat.png HTTP/2.0" 200 5103
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-button.png HTTP/2.0" 200 713
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-upper.png HTTP/2.0" 200 3103
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-nav.png HTTP/2.0" 200 1401
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /asf-logo-wide.svg HTTP/2.0" 200 27530
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-middle.png HTTP/2.0" 200 1918
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /favicon.ico HTTP/2.0" 200 21630

Do you see HTTP/2.0 is being categorized in every request?

Using Internet-based tools

If your Tomcat application URL is available on the Internet, then you can check against the following tools.

Conclusion

Implementing H2 on Tomcat is straightforward. I would strongly recommend testing your application post implementation to ensure there are no side-effects.

If you are interested in learning Tomcat administration, then check out this online course.

  • Chandan Kumar
    Author
    As the founder of Geekflare, I’ve helped millions to excel in the digital realm. Passionate about technology, I’m on a mission to explore the world and amplify growth for professionals and businesses alike.
Thanks to our Sponsors
More great readings on Tomcat
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder