Admin: New server guide

2026-04-12T15:55:52Z

New server guide

New page

= Setting Up HTTP/2 and HTTP/3 =

This guide provides a comprehensive walkthrough for enabling HTTP/2 and HTTP/3 on your Nginx and Apache web servers. These modern protocols offer significant performance improvements over HTTP/1.1, leading to faster page load times and a better user experience.

== Prerequisites ==
Before proceeding, ensure you have the following:

* A server running a modern Linux distribution (e.g., Ubuntu 20.04+, Debian 10+, CentOS 8+).
* Root or sudo privileges.
* A working web server (Nginx or Apache) already installed and serving content over HTTP/1.1.
* A domain name pointing to your server's public IP address.
* An SSL/TLS certificate installed for your domain. If you don't have one, consider using Let's Encrypt. For powerful GPU servers for demanding tasks, check out Immers Cloud GPU (https://en.immers.cloud/signup/r/20241007-8310688-334/). For reliable VPS hosting, PowerVPS (https://powervps.net/?from=32) is a good option.
* Basic understanding of Linux command line and web server configuration.

== Understanding HTTP/2 and HTTP/3 ==

'''HTTP/2''' is a major revision of the HTTP network protocol that was first published in May 2015. It addresses many of the performance limitations of HTTP/1.1 by introducing features such as:

* '''Multiplexing:''' Allows multiple requests and responses to be sent concurrently over a single TCP connection.
* '''Header Compression:''' Reduces the overhead of HTTP headers.
* '''Server Push:''' Allows the server to proactively send resources to the client before they are requested.
* '''Binary Framing:''' More efficient parsing and transmission of data.

'''HTTP/3''' is the third major version of the HTTP network protocol. It is designed to overcome the limitations of TCP, which can lead to head-of-line blocking issues. HTTP/3 uses '''QUIC''' (Quick UDP Internet Connections) as its transport layer protocol, which runs over UDP. Key benefits include:

* '''Reduced Latency:''' Faster connection establishment due to 0-RTT or 1-RTT handshakes.
* '''Improved Congestion Control:''' More robust and adaptable congestion control mechanisms.
* '''No Head-of-Line Blocking:''' Packet loss in one stream does not affect other streams.
* '''Built-in Encryption:''' TLS 1.3 is integrated into QUIC.

== Configuring Nginx ==

Nginx generally has excellent support for HTTP/2. HTTP/3 support is available through modules, often requiring compilation from source or using specific distributions.

=== Enabling HTTP/2 in Nginx ===

HTTP/2 is typically enabled by default in recent Nginx versions when SSL is configured.

# Edit your Nginx server block configuration file. This is usually located in `/etc/nginx/sites-available/your_domain` or `/etc/nginx/conf.d/your_domain.conf`.
# Open the file with your preferred text editor:
<pre>
sudo nano /etc/nginx/sites-available/your_domain
</pre>

# Ensure your `listen` directive includes `http2` for the SSL port (443).
# Your SSL configuration should look something like this:
<pre>
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

server_name your_domain.com www.your_domain.com;

# SSL certificate paths
ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;

# Other SSL settings (e.g., protocols, ciphers)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;

# ... your other server configurations (root, index, location blocks)
root /var/www/your_domain/html;
index index.html index.htm;

location / {
try_files $uri $uri/ =404;
}
}

# Optional: Redirect HTTP to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name your_domain.com www.your_domain.com;
return 301 https://$host$request_uri;
}
</pre>

# Test your Nginx configuration for syntax errors:
<pre>
sudo nginx -t
</pre>

# If the test is successful, reload Nginx to apply the changes:
<pre>
sudo systemctl reload nginx
</pre>

=== Enabling HTTP/3 in Nginx ===

HTTP/3 support in Nginx is still evolving and often requires compiling Nginx with specific modules or using pre-built packages that include them. A common approach is to use Nginx with the `ngx_http_v2_module` and QUIC support.

'''Method 1: Using a Distribution with HTTP/3 Support (e.g., Cloudflare's packaged Nginx)'''

Some distributions or custom Nginx builds include HTTP/3 support out-of-the-box. If you're using such a package, you might only need to enable it in your configuration.

'''Method 2: Compiling Nginx from Source with QUIC support'''

This is a more advanced method. You'll need to download the Nginx source code and compile it with the necessary QUIC/HTTP/3 modules. This process is detailed and beyond the scope of a simple wiki article but typically involves:

# Downloading Nginx source and the BoringSSL library (or OpenSSL with QUIC support).
# Configuring Nginx build with `--with-http_v2_module` and QUIC-related flags.
# Compiling and installing.

Once Nginx is compiled with HTTP/3 support, you would add a `listen` directive for UDP.

# Edit your Nginx server block configuration file.
<pre>
sudo nano /etc/nginx/sites-available/your_domain
</pre>

# Add a `listen` directive for UDP port 443 with `http3` enabled.
<pre>
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
listen 443 quic reuseport default_server; # For HTTP/3
listen [::]:443 quic reuseport default_server; # For HTTP/3

server_name your_domain.com www.your_domain.com;

ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
ssl_protocols TLSv1.3; # HTTP/3 requires TLS 1.3

# ... other configurations ...
}
</pre>

# Test and reload Nginx as shown in the HTTP/2 section.

'''Note:''' Firewall rules must allow UDP traffic on port 443.
<pre>
sudo ufw allow 443/udp
</pre>
or for firewalld:
<pre>
sudo firewall-cmd --add-port=443/udp --permanent
sudo firewall-cmd --reload
</pre>

== Configuring Apache ==

Apache's support for HTTP/2 is well-established. HTTP/3 support is available via the `mod_h3` module, which often needs to be compiled or installed separately.

=== Enabling HTTP/2 in Apache ===

HTTP/2 support in Apache is provided by `mod_http2`.

# Ensure `mod_http2` is enabled. On Debian/Ubuntu:
<pre>
sudo a2enmod http2
</pre>
On CentOS/RHEL (if not already compiled in): you might need to install a specific Apache package or compile from source.

# Edit your Apache virtual host configuration file. This is usually located in `/etc/apache2/sites-available/your_domain.conf` or `/etc/httpd/conf.d/your_domain.conf`.
<pre>
sudo nano /etc/apache2/sites-available/your_domain.conf
</pre>

# Add `Protocols h2 http/1.1` to your SSL-enabled virtual host.
<pre>
<VirtualHost *:443>
ServerName your_domain.com
ServerAlias www.your_domain.com

Protocols h2 http/1.1

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/your_domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_domain.com/privkey.pem

# ... other configurations (DocumentRoot, Directory settings)
DocumentRoot /var/www/your_domain/html
<Directory /var/www/your_domain/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

# Optional: Redirect HTTP to HTTPS
<VirtualHost *:80>
ServerName your_domain.com
ServerAlias www.your_domain.com
Redirect permanent / https://your_domain.com/
</VirtualHost>
</pre>

# Enable the site and restart Apache:
<pre>
sudo a2ensite your_domain.conf # Debian/Ubuntu
sudo systemctl restart apache2 # Debian/Ubuntu
sudo systemctl restart httpd # CentOS/RHEL
</pre>

=== Enabling HTTP/3 in Apache ===

Apache's HTTP/3 support relies on `mod_h3`. This module is not always included in standard packages and may require compilation.

'''Method 1: Using a Distribution with mod_h3 Support'''

Some distributions or custom Apache builds might include `mod_h3`.

'''Method 2: Compiling Apache with mod_h3'''

This involves downloading Apache source, compiling it with QUIC support (often via BoringSSL or OpenSSL), and then building `mod_h3`. This is a complex process.

Once `mod_h3` is installed and enabled:

# Edit your Apache virtual host configuration file.
<pre>
sudo nano /etc/apache2/sites-available/your_domain.conf
</pre>

# Add `Protocols h3 h2 http/1.1` to your SSL virtual host.
<pre>
<VirtualHost *:443>
ServerName your_domain.com
ServerAlias www.your_domain.com

Protocols h3 h2 http/1.1 # Enable HTTP/3, HTTP/2, and HTTP/1.1

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/your_domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_domain.com/privkey.pem

# ... other configurations ...
</VirtualHost>
</pre>

# Restart Apache to apply changes.
<pre>
sudo systemctl restart apache2 # Debian/Ubuntu
sudo systemctl restart httpd # CentOS/RHEL
</pre>

'''Note:''' Ensure UDP port 443 is open in your firewall.
<pre>
sudo ufw allow 443/udp
</pre>
or for firewalld:
<pre>
sudo firewall-cmd --add-port=443/udp --permanent
sudo firewall-cmd --reload
</pre>

== Verifying Protocol Support ==

You can verify that HTTP/2 and HTTP/3 are being used by your server.

# '''Using Browser Developer Tools:'''
# Open your website in a modern browser (Chrome, Firefox, Edge).
# Open the browser's developer tools (usually by pressing F12).
# Navigate to the "Network" tab.
# Reload your page.
# Look for a "Protocol" column. If it's not visible, right-click on the table headers and enable it.
# You should see "h2" for HTTP/2 and "h3" for HTTP/3.

# '''Using Online Tools:'''
# There are several online tools that can check your website's protocol support, such as:
# * KeyCDN's HTTP/2 Test: (Search online for "KeyCDN HTTP2 Test")
# * HTTP/3 Check: (Search online for "HTTP3 Check")

== Troubleshooting ==

* '''Firewall Blocking UDP:''' HTTP/3 relies on UDP. Ensure your firewall allows UDP traffic on port 443.
* '''Incorrect Nginx/Apache Configuration:''' Double-check your configuration files for typos or syntax errors. Use `nginx -t` or `apachectl configtest`.
* '''Outdated Web Server Version:''' Older versions of Nginx and Apache may not support HTTP/2 or HTTP/3, or may require specific compilation flags. Ensure you are using recent versions.
* '''SSL Certificate Issues:''' HTTP/2 and HTTP/3 ''require'' SSL/TLS. Ensure your certificate is valid and correctly configured.
* '''Module Not Loaded/Compiled:''' For HTTP/3, ensure the necessary modules (`ngx_http_v2_module` for Nginx, `mod_h3` for Apache) are compiled and enabled.

== Further Reading ==

* [[Nginx Configuration]]
* [[Apache Configuration]]
* [[SSL/TLS Certificates]]

[[Category:Web Server Setup]]
[[Category:Nginx]]
[[Category:Apache]]
[[Category:Performance]]

{{Exchange Box}}

Setting Up HTTP/2 and HTTP/3 - Revision history

Admin: New server guide