Merge pull request #79046 from aanderse/http2

nixos/httpd: add http2 option

nixos/modules/services/web-servers/apache-httpd/default.nix

@@ -29,8 +29,8 @@ let
 
   listenInfo = unique (concatMap mkListenInfo vhosts);
 
+  enableHttp2 = any (vhost: vhost.http2) vhosts;
   enableSSL = any (listen: listen.ssl) listenInfo;
-
   enableUserDir = any (vhost: vhost.enableUserDir) vhosts;
 
   # NOTE: generally speaking order of modules is very important
@@ -44,6 +44,7 @@ let
       "mpm_${cfg.multiProcessingModule}"
     ]
     ++ (if cfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
+    ++ optional enableHttp2 "http2"
     ++ optional enableSSL "ssl"
     ++ optional enableUserDir "userdir"
     ++ optional cfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; }
@@ -164,6 +165,7 @@ let
             SSLCertificateFile ${sslServerCert}
             SSLCertificateKeyFile ${sslServerKey}
             ${optionalString (sslServerChain != null) "SSLCertificateChainFile ${sslServerChain}"}
+            ${optionalString hostOpts.http2 "Protocols h2 h2c http/1.1"}
             ${acmeChallenge}
             ${mkVHostCommonConf hostOpts}
         </VirtualHost>

nixos/modules/services/web-servers/apache-httpd/vhost-options.nix

@@ -135,6 +135,15 @@ in
       description = "Path to server SSL chain file.";
     };
 
+    http2 = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. <emphasis>However, if you use the prefork mpm, there will
+        be severe restrictions.</emphasis> Refer to <link xlink:href="https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config"/> for details.
+      '';
+    };
+
     adminAddr = mkOption {
       type = types.nullOr types.str;
       default = null;