http/2 with Apache on Debian

One of the nice things to come out this year (at least on paper) is the the http/2 specification.
Most web servers still don’t support it as only the latest Apache (2.4.17) has inbuilt support for it, so only people who compile their own or use experimental distributions are lucky enough to get it.

Below is an easy patch to enable it on a stable Debian configuration, this server has been running part unstable for a long time but it does require some attention to detail.

Prerequisites

  • Up to date stable Debian installation
  • Some nerves / acceptable downtime
  • Configured ssl certificate, there is virtually no support for non https http/2

/etc/apt/sources.list add:

#unstable
deb http://ftp.us.debian.org/debian unstable main contrib non-free

/etc/apt/preferences add:

Package: apache2-bin
Pin: release a=unstable
Pin-Priority: 800

Package: apache2-data
Pin: release a=unstable
Pin-Priority: 800

Package: apache2
Pin: release a=unstable
Pin-Priority: 800

Package: apache2-utils
Pin: release a=unstable
Pin-Priority: 800

Package: *
Pin: release l=Debian-Security
Pin-Priority: 999

Package: *
Pin: release a=stable
Pin-Priority: 700

Package: *
Pin: release a=unstable
Pin-Priority: 1

Run:

sudo apt-get update && apt-get install apache2

/etc/apache2/apache2.conf add:

ProtocolsHonorOrder On
Protocols h2c h2 http/1.1

This method can also be used to install a more up to date version of other packages, but beware that packages in unstable are compiled against unstable libraries so this might not be a great idea to start upgrading everything you see.