As of July 2017, Apache modproxy doesn't support HTTP/2.0 protocol. There is a modproxyhttp21 module but it is still experimental. Like detailed in the StackOverflow answer provided in the second edit, you could use modhttp2 to enable HTTP/2.0 support on Apache side, and communicate back to the Tomcat server either with HTTP/1.1 or AJP. But you would loose one of HTTP/2.0 biggest feature. Apache Tomcat 8.5.x 5.58 / 9.0.x HTTP/2 Request Mix-Up medium Nessus Plugin ID 141446. Vulnerability Priority Rating (VPR) Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to.

The HTTP2 Upgrade Protocol

Table of Contents

  • Attributes
Http2

Introduction

The HTTP Upgrade Protocol element represents an Upgrade Protocol component that supports the HTTP/2 protocol. An instance of this component must be associated with an existing HTTP/1.1 Connector.

Tomcat

HTTP/2 connectors use non-blocking I/O, only utilising a container thread from the thread pool when there is data to read and write. However, because the Servlet API is fundamentally blocking, each HTTP/2 stream requires a dedicated container thread for the duration of that stream.

Apache Tomcat 8 (8.5.65) - Changelog

Attributes

Common Attributes

All implementations of Upgrade Protocol support the following attributes:

Attribute Description
className

This must be org.apache.coyote.http2.Http2Protocol.

Standard Implementation

The HTTP/2 Upgrade Protocol implementation supports the following attributes in addition to the common attributes listed above.

Attribute Description
allowedTrailerHeaders

By default Tomcat will ignore all trailer headers when processing HTTP/2 connections. Matica printers driver download for windows 10. For a header to be processed, it must be added to this comma-separated list of header names.

compressibleMimeType

The value is a comma separated list of MIME types for which HTTP compression may be used. The default value is text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml .

compression

The HTTP/2 protocol may use compression in an attempt to save server bandwidth. The acceptable values for the parameter is 'off' (disable compression), 'on' (allow compression, which causes text data to be compressed), 'force' (forces compression in all cases), or a numerical integer value (which is equivalent to 'on', but specifies the minimum amount of data before the output is compressed). If the content-length is not known and compression is set to 'on' or more aggressive, the output will also be compressed. If not specified, this attribute is set to 'off'.

Note: There is a tradeoff between using compression (saving your bandwidth) and using the sendfile feature (saving your CPU cycles). If the connector supports the sendfile feature, e.g. the NIO2 connector, using sendfile will take precedence over compression. The symptoms will be that static files greater that 48 Kb will be sent uncompressed. You can turn off sendfile by setting useSendfile attribute of the protocol, as documented below, or change the sendfile usage threshold in the configuration of the DefaultServlet in the default conf/web.xml or in the web.xml of your web application.

compressionMinSize

If compression is set to 'on' then this attribute may be used to specify the minimum amount of data before the output is compressed. If not specified, this attribute is defaults to '2048'.

initialWindowSize

Controls the initial size of the flow control window for streams that Tomcat advertises to clients. If not specified, the default value of 65535 is used.

keepAliveTimeout

The time, in milliseconds, that Tomcat will wait between HTTP/2 frames when there is no active Stream before closing the connection. Negative values will be treated as an infinite timeout. If not specified, a default value of 20000 will be used.

maxConcurrentStreamExecution

The controls the maximum number of streams for any one connection that can be allocated threads from the container thread pool. If more streams are active than threads are available, those streams will have to wait for a stream to become available. If not specified, the default value of 20 will be used.

maxConcurrentStreams

The controls the maximum number of active streams permitted for any one connection. If a client attempts to open more active streams than this limit, the stream will be reset with a STREAM_REFUSED error. If not specified, the default value of 100 will be used.

maxHeaderCount

The maximum number of headers in a request that is allowed by the container. A request that contains more headers than the specified limit will be rejected. A value of less than 0 means no limit. If not specified, a default of 100 is used.

maxHeaderSize

The maximum total size for all headers in a request that is allowed by the container. Total size for a header is calculated as the uncompressed size of the header name in bytes, plus the uncompressed size of the header value in bytes plus an HTTP/2 overhead of 3 bytes per header. A request that contains a set of headers that requires more than the specified limit will be rejected. Download line 6 mobile phones & portable devices driver. A value of less than 0 means no limit. If not specified, a default of 8192 is used.

maxTrailerCount

The maximum number of trailer headers in a request that is allowed by the container. A request that contains more trailer headers than the specified limit will be rejected. A value of less than 0 means no limit. If not specified, a default of 100 is used.

maxTrailerSize

The maximum total size for all trailer headers in a request that is allowed by the container. Total size for a header is calculated as the uncompressed size of the header name in bytes, plus the uncompressed size of the header value in bytes plus an HTTP/2 overhead of 3 bytes per header. A request that contains a set of trailer headers that requires more than the specified limit will be rejected. A value of less than 0 means no limit. If not specified, a default of 8192 is used.

noCompressionUserAgents

The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients for which compression should not be used, because these clients, although they do advertise support for the feature, have a broken implementation. The default value is an empty String (regexp matching disabled).

overheadContinuationThreshold

The threshold below which the payload size of a non-final CONTINUATION frame will trigger an increase in the overhead count (see overheadCountFactor). The overhead count will be increased by overheadContinuationThreshold/payloadSize so that the smaller the CONTINUATION frame, the greater the increase in the overhead count. A value of zero or less disables the checking of non-final CONTINUATION frames. If not specified, a default value of 1024 will be used.

overheadCountFactor

The factor to apply when counting overhead frames to determine if a connection has too high an overhead and should be closed. The overhead count starts at -10. The count is decreased for each data frame sent or received and each headers frame received. The count is increased by the overheadCountFactorfor each setting received, priority frame received and ping received. If the overhead count exceeds zero, the connection is closed. A value of less than 1 disables this protection. In normal usage a value of 3 or more will close the connection before any streams can complete. If not specified, a default value of 1 will be used.

overheadDataThreshold

The threshold below which the average payload size of the current and previous non-final DATA frames will trigger an increase in the overhead count (see overheadCountFactor). The overhead count will be increased by overheadDataThreshold/average so that the smaller the average, the greater the increase in the overhead count. A value of zero or less disables the checking of non-final DATA frames. If not specified, a default value of 1024 will be used.

overheadWindowUpdateThreshold

The threshold below which the average size of current and previous WINDOW_UPDATE frame will trigger an increase in the overhead count (see overheadCountFactor). The overhead count will be increased by overheadWindowUpdateThreshold/average so that the smaller the average, the greater the increase in the overhead count. A value of zero or less disables the checking of WINDOW_UPDATE frames. If not specified, a default value of 1024 will be used.

readTimeout

The time, in milliseconds, that Tomcat will wait for additional data when a partial HTTP/2 frame has been received. Negative values will be treated as an infinite timeout. If not specified, a default value of 5000 will be used.

streamReadTimeout

The time, in milliseconds, that Tomcat will wait for additional data frames to arrive for the stream when an application is performing a blocking I/O read and additional data is required. Negative values will be treated as an infinite timeout. If not specified, a default value of 20000 will be used.

streamWriteTimeout

The time, in milliseconds, that Tomcat will wait for additional window update frames to arrive for the stream and/or conenction when an application is performing a blocking I/O write and the stream and/or connection flow control window is too small for the write to complete. Negative values will be treated as an infinite timeout. If not specified, a default value of 20000 will be used.

writeTimeout

The time, in milliseconds, that Tomcat will wait to write additional data when an HTTP/2 frame has been partially written. Negative values will be treated as an infinite timeout. If not specified, a default value of 5000 will be used.

The HTTP/2 upgrade protocol will also inherit the following limits from the HTTP Connector it is nested with:

  • maxCookieCount
  • maxParameterCount
  • maxPostSize
  • maxSavePostSize

See Full List On Tomcat.apache.org

Nested Components

This component does not support any nested components.

Special Features

This component does not support any special features.

Notice: This comments section collects your suggestions on improving documentation for Apache Tomcat.
If you have trouble and need help, read Find Help page and ask your question on the tomcat-users mailing list. Do not ask such questions here. This is not a Q&A section.
The Apache Comments System is explained here. Comments may be removed by our moderators if they are either implemented or considered invalid/off-topic.

Description

dotCMS 5.0 ships with Tomcat 8.5 which supports the HTTP2 protocol. HTTP2 is a modern version of HTTP that can combine multiple requests into a single request (among other benefits), greatly increasing client performance when accessing sites. If you are interested in trying to run dotCMS with HTTP2 enabled there are a few things you will need. First off, HTTP2 requires SSL and will not work without it, so you will need a valid certificate file and key. Second, if you are running tomcat without a proxy server or load balancer in front, you will need the APR library installed, which allows tomcat access to system native (non-java) libraries for better performance. You will need to apt-get apr or yum -i apr or brew install apr in order to get this running correctly. Once you do this, hit your site with https and check out your browsers developers tools to insure that you are seeing the connections using HTTP2. Your network connections should look something like the attached image.

And below that is the snippet of code that activates HTTP2 in your server.xml

To learn more about the benefits of the HTTP2 protocol, see: https://en.wikipedia.org/wiki/HTTP/2