• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Ubuntu 16.04 Apache2 HTTP/2, HSTS : Steps + Configuration

By Abhishek Ghosh May 31, 2017 10:02 am Updated on May 23, 2018

Ubuntu 16.04 Apache2 HTTP/2, HSTS : Steps + Configuration

Advertisement

As we said before – we are no longer supporting to install, configure Nginx but we are back to support Apache2 mainly for their odd idea to involve community to develop modules for free and distribute with paid product. Additionally, Nginx 502 error is a nightmare. Apache2 at current cost of web hosting not exactly bad. Here is a full working guided steps to setup Ubuntu 16.04 Apache2 HTTP/2, HSTS easily.

Ubuntu 16.04 Apache2 HTTP:2, HSTS - Steps + Configuration

 

Ubuntu 16.04 Apache2 HTTP/2, HSTS : Steps

 

We will use ondrej’s repository for Apache2, first update and add the repo :

Vim
1
2
sudo apt-get update
sudo add-apt-repository ppa:ondrej/apache2

After adding the repo, again update and install Apache2 :

Advertisement

---

Vim
1
sudo apt-get install apache2

To activate the http2 module, simply run :

Vim
1
a2enmod http2

Next restart Apache2 :

Vim
1
2
systemctl restart apache2
# sudo systemctl restart apache2.service

For practical reasons, we need SSL/HTTPS, so we will take it granted that you did these steps :

Vim
1
2
3
4
5
6
a2enmod ssl
systemctl restart apache2
# sudo systemctl restart apache2.service
a2ensite default-ssl
systemctl restart apache2
# sudo systemctl restart apache2.service

And for free SSL/TLS certificate, you have done something like these :

Vim
1
2
apt-get -y install python-letsencrypt-apache
apt-get -y install python-certbot-apache

To generate SSL certificates against your domains you did these :

Vim
1
letsencrypt --apache -d abhishekghosh.pro -d www.abhishekghosh.pro

Then had a restart :

Vim
1
2
systemctl restart apache2
# sudo systemctl restart apache2.service

You essentially can open your website’s HTTPS version on browser without warning. If your virtual host configuration file’s name is 000-default-le-ssl.conf with this (partial) content :

Vim
1
2
3
4
5
6
7
8
9
10
11
<IfModule mod_ssl.c>
<VirtualHost *:443>
       ServerName abhishekghosh.pro
       ServerAdmin webmaster@localhost
       DocumentRoot /var/www/html
 
       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/abhishekghosh.pro/fullchain.pem
...
...

You should add this line :

Vim
1
Protocols http/1.1 h2

here :

Vim
1
2
3
4
5
6
7
8
9
10
11
<IfModule mod_ssl.c>
<VirtualHost *:443>
Protocols http/1.1 h2
       ServerName abhishekghosh.pro
       ServerAdmin webmaster@localhost
       DocumentRoot /var/www/html
 
       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/abhishekghosh.pro/fullchain.pem
...

Ans restart Apache2 after config test :

Vim
1
2
apachectl -t
sudo systemctl restart apache2.service

Now, if you test somewhere for HTTP/2, you’ll get it. For adding different headers, you need to activate a module :

Vim
1
a2enmod headers

and restart Apache2 :

Vim
1
2
systemctl restart apache2
# sudo systemctl restart apache2.service

We already talked about HSTS in context of Nginx.

The configuration for HSTS should look like this :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<IfModule mod_ssl.c>
<VirtualHost *:443>
Protocols http/1.1 h2
       ServerName abhishekghosh.pro
       ServerAdmin webmaster@localhost
       DocumentRoot /var/www/html
 
       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/abhishekghosh.pro/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/abhishekghosh.pro/privkey.pem
 
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomainsi; preload"
...

and restart Apache2 :

Vim
1
2
systemctl restart apache2
# sudo systemctl restart apache2.service

 

Example Virtual Hosts Configuration File For Ubuntu 16.04 Apache2 HTTP/2, HSTS

 

It is an example modern, secured setup :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<IfModule mod_ssl.c>
<VirtualHost *:443>
Protocols http/1.1 h2
       ServerName abhishekghosh.pro
       ServerAdmin webmaster@localhost
       DocumentRoot /var/www/html
 
       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/abhishekghosh.pro/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/abhishekghosh.pro/privkey.pem
### For paid SSL follow their guide for cert installation
# SSLCertificateFile /etc/ssl/private/public.crt
# SSLCertificateKeyFile /etc/ssl/private/private.key
# SSLCertificateChainFile /etc/ssl/private/intermediate.crt
### End third party SSL cert block
 
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams_4096.pem"
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves secp521r1:secp384r1
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomainsi; preload"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Include /etc/letsencrypt/options-ssl-apache.conf
 
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
 
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
 
</VirtualHost>
 
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>

We kept other settings on /etc/letsencrypt/options-ssl-apache.conf file. Which essentially has :

Vim
1
2
3
4
5
6
7
8
9
10
11
SSLEngine on
 
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          (find latest cipher suitable for you and add here)
SSLHonorCipherOrder     on
SSLCompression          off
 
SSLOptions +StrictRequire
 
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

In case we want to enable HTTP Public Key Pinning (HPKP), Expect-CT etc headers, we will add headers in this fashion :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
...
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomainsi; preload"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Public-Key-Pins 'pin-sha256="add-your-pin"; pin-sha256="add-your-another-pin"; max-age=5184000; includeSubDomains'
Header set X-XSS-Protection "1; mode=block"
Header set Expect-CT "enforce; max-age=3600"
Header set Referrer-Policy "origin"
FileETag None
Include /etc/letsencrypt/options-ssl-apache.conf
 
    <Directory />

Quite simple. Test on SSL Lab and Security Headers like easy to test sites :

Vim
1
2
https://www.ssllabs.com/ssltest/analyze.html
https://securityheaders.io

Of course you can use HTTP/2 server push feature with Apache2. Please read the official docs on Apache’s site for more information.

Tagged With ubuntu apache2 xss block , https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1838 OoPuoYiXGDb5ib0nYNPbeZS6pNnq6djlBSJNE-SNbINnvHC2SXESHhxS9_yHmn3J 9753a63031ae2c64fa0e00dde9e18cc20e3d6607&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme , https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1824 xfocc2KLPQWl5uSXcgG9-2lkxuW8IHeSyab3d3_epJSUcuXj7eHXxPNjYNY_J6g2 19b258141e62443e33298fdbe777e685c0b132c9&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme , Expect-CT letsencrypt , enforce https on apache2 ubuntu 16 04 , apache2 after http2 header edit set-cookie no longer working , Apache2 , apache ubuntu require hsts , apache hsts ubuntu , apache HSTS

This Article Has Been Shared 930 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Ubuntu 16.04 Apache2 HTTP/2, HSTS : Steps + Configuration

  • Get SSH Type Functions When Root Access is Restricted

    Get SSH Type Functions When Root Access is Restricted by Mounting your FTP location locally using SSHFS. This only can be done on some Cloud Computing Platform.

  • Deploying a Facebook App With Heroku Cloud

    Deploying a Facebook App With Heroku enables to run your custom Application on Facebook. Its looks tough at first, but really not that difficult to work.

  • Install and Run Shadows Rising RPG Game on Rackspace Cloud Sites

    Install and Run Shadows Rising RPG Game on your own Rackspace Cloud Sites and with the power of Cloud Computing enjoy this browser based RPG written in PHP.

  • Cloud Computing and Ubuntu : Richard Stallman’s View

    Cloud Computing and Ubuntu both historically is being criticized by Richard Stallman not once but many a times. Why Father of Free Software Movement is against?

  • HP ASCII Logo on SSH Pre-Login (HP Cloud, Ubuntu)

    Here is How To Add Hewlett-Packard Company Official Logo on HP Helion Public Cloud on Ubuntu 14.04 LTS Instance. The HP Logo is an ASCII Art.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is an Automatic Ethanol Fireplace February 8, 2023
  • Disadvantages of Cloud-Native Computing February 7, 2023
  • Projector Screen Basics February 6, 2023
  • What is Configuration Management February 5, 2023
  • What is ChatGPT? February 3, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Ubuntu 16.04 Apache2 HTTP/2, HSTS : Steps + Configuration," in The Customize Windows, May 31, 2017, February 8, 2023, https://thecustomizewindows.com/2017/05/ubuntu-16-04-apache2-http2-hsts-steps-configuration/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT