diff --git a/tasks/config.yml b/tasks/config.yml
index f44329810cf14ec1d599f458da96f319c2713ab6..25d2405157a801f4aafa885c7e73e705f0a022bc 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -50,6 +50,14 @@
group: root
mode: 0644
+ - name: Custom Apache http2 config available
+ template:
+ src: http2.conf.j2
+ dest: /etc/apache2/mods-available/http2.conf
+ owner: root
+ group: root
+ mode: 0644
+
- name: Custom Apache ssl.conf available
template:
src: ssl.conf.j2
diff --git a/templates/http2.conf.j2 b/templates/http2.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..0599bd93012e326018d2b21546120306b0ea1d5f
--- /dev/null
+++ b/templates/http2.conf.j2
@@ -0,0 +1,40 @@
+# {{ ansible_managed }}
+# mod_http2 doesn't work with mpm_prefork
+<IfModule !mpm_prefork>
+{% if apache_mods_enabled is defined and "md" in apache_mods_enabled %}
+ Protocols h2 h2c http/1.1 acme-tls/1
+{% else %}
+ Protocols h2 h2c http/1.1
+{% endif %}
+
+ # # HTTP/2 push configuration
+ #
+ # H2Push on
+ #
+ # # Default Priority Rule
+ #
+ # H2PushPriority * After 16
+ #
+ # # More complex ruleset:
+ #
+ # H2PushPriority * after
+ # H2PushPriority text/css before
+ # H2PushPriority image/jpeg after 32
+ # H2PushPriority image/png after 32
+ # H2PushPriority application/javascript interleaved
+ #
+ # # Configure some stylesheet and script to be pushed by the webserver
+ #
+ # <FilesMatch "\.html$">
+ # Header add Link "</style.css>; rel=preload; as=style"
+ # Header add Link "</script.js>; rel=preload; as=script"
+ # </FilesMatch>
+ # Since mod_http2 doesn't support the mod_logio module (which provide the %O format),
+ # you may want to change your LogFormat directive as follow:
+ #
+ # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+ # LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ # LogFormat "%h %l %u %t \"%r\" %>s %B" common
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/templates/mc3.conf.j2 b/templates/mc3.conf.j2
index 4a23e74755d67bb23d04f56ea9d6cf9101ff6d35..ae2f36ba2920d3c526b9f990bfdc2e39ec8b299b 100644
--- a/templates/mc3.conf.j2
+++ b/templates/mc3.conf.j2
@@ -10,6 +10,9 @@ LogFormat "%I %O" bandwidth
# HTTP/2 https://httpd.apache.org/docs/trunk/mod/mod_http2.html
Protocols h2 h2c http/1.1
ProtocolsHonorOrder Off
+{% elif apache_mods_enabled is defined and "http2" in apache_mods_enabled and "md" in apache_mods_enabled %}
+Protocols h2 h2c http/1.1 acme-tls/1
+ProtocolsHonorOrder On
{% endif %}
# Let's Encrypt
# Alias "/.well-known/acme-challenge" "/var/www/html/.well-known/acme-challenge"
diff --git a/templates/webarch.conf.j2 b/templates/webarch.conf.j2
index 9f6ba25ed11de9b88c50013098b066a42cb1c391..baa7919bf9cbe7f4ba570d5bc7b9ea65cb200760 100644
--- a/templates/webarch.conf.j2
+++ b/templates/webarch.conf.j2
@@ -8,8 +8,11 @@ LogFormat "%I %O" bandwidth
{% if apache_mods_enabled is defined and "http2" in apache_mods_enabled %}
# HTTP/2 https://httpd.apache.org/docs/trunk/mod/mod_http2.html
-Protocols h2 h2c http/1.1
+Protocols h2 h2c http/1.1
ProtocolsHonorOrder Off
+{% elif apache_mods_enabled is defined and "http2" in apache_mods_enabled and "md" in apache_mods_enabled %}
+Protocols h2 h2c http/1.1 acme-tls/1
+ProtocolsHonorOrder On
{% endif %}
# Let's Encrypt
# Alias "/.well-known/acme-challenge" "/var/www/html/.well-known/acme-challenge"