HTTP/2 with Apache 2.4 on Debian 9 (Stretch)

Note: there are multiple reported security issues with HTTP/2 and Apache versions less than 2.4.26 – Debian 9 includes 2.4.25, so I’ve disabled the below for now.

A quick Google didn’t tell me the answer, but setting up HTTP/2 with Apache 2.4 on Debian Stretch is way easier than I thought it would be:

Create the following file: /etc/apache2/conf-available/http2.conf

Protocols h2 http/1.1

Run the following three commands:

sudo a2enmod http2
sudo a2enconf http2
sudo systemctl restart apache2

You can add more, but so long as you’re specifying a reasonable list of SSL ciphers (and if you’re using Let’s Encrypt – you’re already doing so), the defaults for other settings are probably fine.