To enable HTTP/2 in Tomcat 10, configure the {tomcat home}/conf/server.xml file as follows:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" maxParameterCount="1000">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/keystore.jks" certificateKeystorePassword="..." type="RSA" />
</SSLHostConfig>
</Connector>
The <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> element enables HTTP/2 support in Tomcat 10 when HTTPS is properly configured. HTTP/2 in Tomcat 10 requires HTTPS to be properly configured. Refer to the Tomcat 10 SSL/TLS Configuration Guide for details.
After enabling HTTP/2 in Tomcat 10, developers may encounter issues with JSP code that relies on the HTTP/1.1 Host header.
The following JSP snippet will return null:
<%= request.getHeader("host") %><br />
Replace the snippet with
<%= request.getServerName() + ":" + request.getServerPort() %>
To retrieve the equivalent information, use request.getServerName() + ":" + request.getServerPort(), which returns the server name and port derived from the request’s metadata.
In HTTP/2, the :authority pseudo-header replaces the HTTP/1.1 Host header, causing request.getHeader("host") to return null in JSP code. The :authority pseudo-header includes the authority portion of the target URI (RFC 7540, Section 8.1.2.3), used in place of the HTTP/1.1 Host header (RFC 7540).