• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • A step-by-step guide to setup HTTP2 in Apache Tomcat

    Full HTTP2 support is added to the latest version of Tomcat 9.x. HTTP/2 is fast, much faster than HTTP/1.1.

    If you directly serve the content to the browser (without going through a web server) from Tomcat then implementing HTTP/2 can drastically reduce the application load time and overall improve the performance. Its recommended testing this in a non-production environment to ensure application behave as expected.

    Read this if you are looking to enable in a web server like Apache or Nginx.


    Tomcat must be secured with SSL/TLS certificate before implementing HTTP2. If you need help with the implementation, then check out this guide.

    Implementing HTTP/2 on Tomcat

    Note: Take a backup of configuration files before modification so you can restore if something goes wrong.

    • Login to Tomcat Server and go the installation folder
    • Go to conf folder
    • Modify server.xml file using vi or your favorite editor
    • Add the following in SSL connector
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

    Overall, it should look like below.

    <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
                   maxThreads="150" SSLEnabled="true" >
            <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
                <Certificate certificateKeyFile="conf/key.pem"
                             type="RSA" />

    Above are my lab configuration so if you are copying it then don’t forget to adjust the configuration to fit your environment requirement — especially the port if using a custom one and certificate path.

    • Restart Tomcat instance by going to bin folder and execute the following scripts
    • Check the catalina.out log, and you should see the following confirmation that is configured to support h2
    24-Feb-2019 19:43:47.559 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-apr-443"] connector has been configured to support negotiation to [h2] via ALPN

    This means Tomcat is ready to serve requests over HTTP2 protocol.

    Testing if Tomcat is serving over H2

    How do you know if it is working as expected?

    There are multiple ways to test this.

    Using Chrome

    Useful for testing Intranet applications.

    • Launch Google Chrome
    • Open Developer Tools by pressing F12
    • Go to the network tab
    • Access your Tomcat application and pay attention to Protocol column

    And, as you can see the requests were served using h2.

    Using Logs

    Look at access.log file and review the incoming requests.

    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET / HTTP/2.0" 200 11468
    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /tomcat.css HTTP/2.0" 200 5931
    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /tomcat.png HTTP/2.0" 200 5103
    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-button.png HTTP/2.0" 200 713
    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-upper.png HTTP/2.0" 200 3103
    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-nav.png HTTP/2.0" 200 1401
    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /asf-logo-wide.svg HTTP/2.0" 200 27530
    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-middle.png HTTP/2.0" 200 1918
    xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /favicon.ico HTTP/2.0" 200 21630

    Do you see HTTP/2.0 is being categorized in every request?

    Using Internet-based tools

    If your Tomcat application URL is available on the Internet, then you can check against the following tools.


    Implementing H2 on Tomcat is straightforward. I would strongly recommend testing your application post implementation to ensure there are no side-effects.

    If you are interested in learning Tomcat administration, then check out this online course.