HTTP2 tests with Apache2 and docker

1. General remarks

http/2 is the next generation protocol for the web. Initially http/2 was developed by google with the name SPDY [2]. The protocol was introduced because the actual / former protocols http/1.1 and http/1.0 allowed just one request per connection, so that a webpage with a lot of images etc. had to load them sequentially. http/2 allows to multiplex multiple transfers/requests via a single connection. Further drawbacks of the http/1* protocols have to do with the lower level tcp protocol. http/2 also uses udp to get rid of some of those disadvantages.

2. Software

Curl [3] supports http/2 since version 7.43.0 and is very well suited to test your http/2 installations with the special option --http2.

Apache2 supports http/2 with a special module [4] since version 2.4.17. This Apache2 version is available in debian sid already as a package from repository.

Firefox supports http/2 completly [5] since version 36.

Chrome [6] supports http/2 of course 🙂

Internet Explorer 11 does NOT support http/2.

If your Browser supports http/2 can be checked online using a service of akamai [1].

3. Installation steps on a debian 8 system

I have a running debian 8 (jessie) box and I wanted to try the new apache2 module for http2. Because I didn’t wanted to destroy someting on this box, I decided to test this using a docker [7] container.

Of course I had to install docker first. One important remark here: There is another package called docker which has something to to with docking windows on the desktop. And this is the WRONG docker package which we do not need here. Do get docker installed, you have to create or modify an apt conf file:

Before executing

the https transport protocol package for apt has to be installed (if not already installed).

Now you can run apt-get update to pull the available packages from the docker repository. When you now search for docker you get the following or a similar result:

The package that is needed for our experiments is docker-engine. The package is simply installed with:

If everything worked like expected you should see the socker service running:

Your first simple docker command can be the check of running/available docker containers:

Of course this devlivers an empty list. We will change this by starting a debian sid container with the following command:

Our first step in the brand new sid container is a apt update:

Now we can install apache2 (2.4.17)

sid-apache2-installation

We check the installed apache2 version:

Ok great. This is the required version which already supports http/2. Let’s proceed with the installation of curl:

We see that this is a curl version which supports already the http/2 protocol.

And we see that the –http2 option is also available.

Let’s install some network tools so that we can check our system from the network point of view:

Now we have to enable the http2 module in the apache configs:

Now add the following lines to the virtual host config files. Be aware that the TLS config has protocol h2 and NOT h2c!!

Add/change the marked lines in default-ssl.conf. If you want you can also replace the snake oil certificate/key by a real or self signed certificate!

apache2-ssl-vhost

And correspondingly for the non ssl vhost:

apache2-http-vhost

Additionally we have to change some settings in the general ssl config:

  1. disable SSLSessionCache
  2. set the SSLCipherSuite like shown
  3. set SSLProtocol like shown.

Now let’s start the apache2 server:

So this looks good up to now. The apache2 server is up and running and is listing on http port (80) and https port (443).

4. Testing the http/2 abilities

4.1. In container curl

Our first test is possible directly in the container. To check the http2 abilities we use the previously installed curl package:

4.2. From outside of the container with real browsers

On our host system we can check the running docker containers again:

We can check if the mapped ports (1443 and 1080) are available as LISTEN on the host system.

So we can for example access to those ports from your client to the host (the firewall settings have to be adapted eventually).

See here the access log after accessing the webserver with firefox and chrome.

http2-access-log

 

5. Links:

[1] https://http2.akamai.com/demo

[2] http://dev.chromium.org/spdy/

[3] http://curl.haxx.se/docs/http2.html

[4] https://httpd.apache.org/docs/2.4/de/mod/mod_http2.html

[5] http://www.golem.de/news/mozilla-firefox-36-kann-http-2-1502-112509.html

[6] https://www.google.de/chrome/browser/desktop/

[7] https://www.docker.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.