A step-by-step guide to setup HTTP2 in Apache Tomcat

Full HTTP2 support is added to the latest version of Tomcat 9.x. HTTP/2 is fast, much faster than HTTP/1.1.

If you directly serve the content to the browser (without going through a web server) from Tomcat then implementing HTTP/2 can drastically reduce the application load time and overall improve the performance. Its recommended testing this in a non-production environment to ensure application behave as expected.

Read this if you are looking to enable in a web server like Apache or Nginx.

Pre-requisite

Tomcat must be secured with SSL/TLS certificate before implementing HTTP2. If you need help with the implementation, then check out this guide.

Implementing HTTP/2 on Tomcat

Note: Take a backup of configuration files before modification so you can restore if something goes wrong.

  • Login to Tomcat Server and go the installation folder
  • Go to conf folder
  • Modify server.xml file using vi or your favorite editor
  • Add the following in SSL connector
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

Overall, it should look like below.

<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/key.pem"
                         certificateFile="conf/cert.pem"
                         certificateChainFile="conf/chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

Above are my lab configuration so if you are copying it then don’t forget to adjust the configuration to fit your environment requirement — especially the port if using a custom one and certificate path.

  • Restart Tomcat instance by going to bin folder and execute the following scripts
./shutdown.sh
./startup.sh
  • Check the catalina.out log, and you should see the following confirmation that is configured to support h2
24-Feb-2019 19:43:47.559 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-apr-443"] connector has been configured to support negotiation to [h2] via ALPN

This means Tomcat is ready to serve requests over HTTP2 protocol.

Testing if Tomcat is serving over H2

How do you know if it is working as expected?

There are multiple ways to test this.

Using Chrome

Useful for testing Intranet applications.

  • Launch Google Chrome
  • Open Developer Tools by pressing F12
  • Go to the network tab
  • Access your Tomcat application and pay attention to Protocol column

And, as you can see the requests were served using h2.

Using Logs

Look at access.log file and review the incoming requests.

xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET / HTTP/2.0" 200 11468
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /tomcat.css HTTP/2.0" 200 5931
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /tomcat.png HTTP/2.0" 200 5103
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-button.png HTTP/2.0" 200 713
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-upper.png HTTP/2.0" 200 3103
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-nav.png HTTP/2.0" 200 1401
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /asf-logo-wide.svg HTTP/2.0" 200 27530
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /bg-middle.png HTTP/2.0" 200 1918
xx.xxx.xxx.xxx - - [24/Feb/2019:20:59:23 +0000] "GET /favicon.ico HTTP/2.0" 200 21630

Do you see HTTP/2.0 is being categorized in every request?

Using Internet-based tools

If your Tomcat application URL is available on the Internet, then you can check against the following tools.

Conclusion

Implementing H2 on Tomcat is straightforward. I would strongly recommend testing your application post implementation to ensure there are no side-effects.

If you are interested in learning Tomcat administration, then check out this online course.