apache2 - http2 / h2 proxy configuration with WampServer

In this short article we would like to show how to configure http2 (called h2 over TSL) proxy with Apache 2.4.

Note: presented below configuration shoul be working on Linux too.

Go to this article to see how to confiugure http2 / h2 that is requred by h2 proxy.

Note: configuration was tested on Apache 2.4.39 installed as WampServer x64 under Windows 10.

In this case we need to enable only 2 modules: proxy_module and proxy_http2_module.

We can do it in 2 ways:

• from context menu:
  Apache -> Apache modules -> proxy_module
  Apache -> Apache modules -> proxy_http2_module
  optionally we can enable:
  Apache -> Apache modules -> proxy_http_module
• from configuration file c:\wamp64\bin\apache\apache2.4.39\conf\httpd.conf by uncommenting following lines:
  Copy

  xxxxxxxxxx

   

  1

  LoadModule proxy_module modules/mod_proxy.so

  2

  LoadModule proxy_http2_module modules/mod_proxy_http2.so
  optionally we can enable:
  Copy

  xxxxxxxxxx

   

  1

  LoadModule proxy_http_module modules/mod_proxy_http.so

It is necessary to create new one VirtualHost with http2 / h2 proxy.

We should select one of below configuration.

This approach is useful when we have proxy on same apache2 server and it is not required to verify corectness of certificate.

Solution: open c:\wamp64\bin\apache\apache2.4.39\conf\extra\httpd-vhosts.conf file and add as last configuration following VirtualHost:

xxxxxxxxxx

<VirtualHost *:443>

  ServerName localhost

  ServerAlias localhost

  SSLEngine on

  SSLCertificateKeyFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.key"

  SSLCertificateFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.crt"

  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

  Protocols h2 http/1.1

  SSLProxyEngine on

  ProxyPass "/tomcat" "h2://localhost:8080"

  ProxyPassReverse "/tomcat" "https://localhost:8080"

</VirtualHost>

Where:

• https://localhost/tomcat will be redirected to https://localhost:8080 with h2 protocol,
• reverse proxy will provide bidirectional communication that is required by http2 protocol.

Note: read this article to know more about http2 / h2 proxy configuration.

This approach is useful when servers are in internal network and we don't need to take care of additional security - checking details of certificates like domain, whi signed certificate etc. can be disabled.

e.g. we want to redirect requests from Apache 2.4 to Spring Boot Application that uses Tomcat 9

Solution: open c:\wamp64\bin\apache\apache2.4.39\conf\extra\httpd-vhosts.conf file and add as last configuration following VirtualHost:

xxxxxxxxxx

<VirtualHost *:443>

  ServerName localhost

  ServerAlias localhost

  SSLEngine on

  SSLCertificateKeyFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.key"

  SSLCertificateFile "${INSTALL_DIR}/bin/apache/apache2.4.39/conf/cert/localhost.crt"

  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

  Protocols h2 http/1.1

  SSLProxyEngine on

  SSLProxyVerify none 

  SSLProxyCheckPeerCN off

  SSLProxyCheckPeerName off

  SSLProxyCheckPeerExpire off

  ProxyPass "/tomcat" "h2://localhost:8080"

  ProxyPassReverse "/tomcat" "https://localhost:8080"

</VirtualHost>

Type in web browser address bar https://localhost/tomcat and confirm with Enter key.

Screenshot: