Note: there are multiple reported security issues with HTTP/2 and Apache versions less than 2.4.26 – Debian 9 includes 2.4.25, so I’ve disabled the below for now.
A quick Google didn’t tell me the answer, but setting up HTTP/2 with Apache 2.4 on Debian Stretch is way easier than I thought it would be:
Create the following file:
Protocols h2 http/1.1
Run the following three commands:
sudo a2enmod http2 sudo a2enconf http2 sudo systemctl restart apache2
You can add more, but so long as you’re specifying a reasonable list of SSL ciphers (and if you’re using Let’s Encrypt – you’re already doing so), the defaults for other settings are probably fine.