Configure Tomcat 9 for HTTP/2

Datetime:2016-08-23 03:52:45          Topic: Tomcat           Share

Introduction

One of the most important developments in JavaEE 8 will be support for HTTP/2 (now the official RFC 7540 ). The Java Community Process JSR-369 has been in development for almost 2 years now, and the specification leaders Ed Burns and Shing Wai Chan have done a great job in advancing its progress.

At the time of writing, three server vendors currently support Servlet 4.0:  Apache Tomcat 9.0.0.M4 , Jetty 9 and WildFly 10.0.0.Final . Let's have a look at how to configure Tomcat 9 to support it.

The Goal of HTTP2

The goal of HTTP/2 is to increase the perceived performance of the web browsing experience.

Why Do We Need HTTP2

A web page has many resources that need to be loaded. In HTTP 1.0, requests for all resources are sent all at once and the server responds to each request. If one of the resources takes extra time, then all other resources are blocked because of head-of-line blocking.

Upgrade From HTTP1.1

Most website are using HTTP1.1. To talk in HTTP/2 you can use the upgrade header (101 switching protocols) to send h2c to the server. The server will upgrade to h2c (c means clear text). Note that at the moment there is no h2c in Firefox or Chrome.

What if it is secure? We can use ALPN, which is a TLS extension. In the handshake you send an extension and the server will determine that the communication is h2.

Download Tomcat 9

Download the appropriate binary distribution of Tomcat 9 for your system and install by unpacking the bundle. Ensure that you have Java 8 SE installed.

Generate Certificate With OpenSSL

As we have discussed above, it is required to configure TLS to use HTTP/2 because of the lack of clear text support for Firefox and Chrome. For TLS we need a certificate. If you don’t already have a certificate you can generate one with OpenSSL .

Configure server.xml

One of the changes in Tomcat 9 is that TLS virtual hosting and multiple certificates are supported for a single connector, with each virtual host able to support multiple certificates.

Open the conf/server.xml file and make the following configuration changes.

<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
<SSLHostConfig honorCipherOrder="false">
<Certificate certificateKeyFile="conf/ca.key"
certificateFile="conf/ca.crt"/>
</SSLHostConfig>
</Connector>

Restart Tomcat.

Conclusion

To test the configuration visit https://localhost:8443 . If you see the Tomcat home page, then you have successfully configured TLS for Tomcat 9. You are now ready to develop using Servlet 4.0.

Watch this space for more tutorials about Servlet 4.0.

If you are interested in the HTTP/2 specification you might be interested in my HTTP/2 specification tutorial.





About List