HTTP/2 and QUIC (HTTP/3) Settings

HTTP/2 improves multiplexing and header compression over TLS, which helps busy WordPress sites reduce connection overhead. HTTP/3 (QUIC) can improve performance on lossy networks, but it adds operational requirements (UDP 443, compatible clients, and correct server support).

Quick Summary

• Enable HTTP/2 for most sites; it's widely supported and low risk.
• Only enable HTTP/3 if your web server supports it and 443/udp is open end-to-end.
• Verify protocols using curl --http2 and curl --http3.

Prerequisites

• A working HTTPS virtual host (certificate installed).
• Firewall allows 443/tcp and (for HTTP/3) 443/udp.

Verify what you have now

check-http2-with-curl.sh

curl -I --http2 https://example.com/

If your curl supports it, test HTTP/3 (may require a recent version):

check-http3-with-curl.sh

curl -I --http3 https://example.com/ || true

Enable HTTP/2 and HTTP/3

Use the tab for your web server.

Nginx

HTTP/2

In modern Nginx, HTTP/2 is enabled per listen 443 ssl http2;.

nginx-http2-snippet.conf

server {
  listen 443 ssl http2;
  server_name example.com;

  # ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
  # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}

Test and reload:

nginx-test-and-reload.sh

sudo nginx -t
sudo systemctl reload nginx

HTTP/3 (QUIC)

HTTP/3 support depends on the Nginx build. Many distro packages do not ship QUIC-enabled Nginx. If you need HTTP/3 on Nginx, you typically use:

• a QUIC-enabled Nginx build
• a CDN (Cloudflare/Fastly) in front

If your Nginx build supports HTTP/3, follow the vendor/build documentation and ensure 443/udp is allowed.

Apache

HTTP/2

Apache HTTP/2 is usually provided by mod_http2.

enable-apache-http2-module.sh

sudo a2enmod http2
sudo apachectl configtest
sudo systemctl reload apache2

Then ensure your TLS vhost has HTTP/2 protocols enabled.

apache-http2-snippet.conf

Protocols h2 http/1.1

HTTP/3 (QUIC)

Apache HTTP/3 is not commonly available in default packages. If HTTP/3 is required, use OpenLiteSpeed, a QUIC-enabled reverse proxy, or a CDN.

OpenLiteSpeed

OpenLiteSpeed supports HTTP/2 and HTTP/3 in most builds.

HTTP/2

Enable HTTP/2 in the listener/vhost SSL settings (often enabled by default once SSL is configured). After changes:

reload-openlitespeed.sh

sudo systemctl reload lsws

HTTP/3 (QUIC)

To use QUIC/HTTP3, you typically need to:

• enable QUIC in the listener settings
• ensure UDP 443 is open
• advertise HTTP/3 via Alt-Svc

If you enable HTTP/3, verify your firewall:

allow-udp-443-ufw.sh

sudo ufw allow 443/udp

Reload OLS:

reload-openlitespeed-after-quic.sh

sudo systemctl reload lsws

Verify after enabling

verify-http2-after-change.sh

curl -I --http2 https://example.com/

If HTTP/3 is enabled and supported by your client:

verify-http3-after-change.sh

curl -I --http3 https://example.com/

You can also validate ALPN negotiation with OpenSSL:

openssl-alpn-check.sh

openssl s_client -connect example.com:443 -servername example.com -alpn h2,http/1.1 </dev/null 2>/dev/null | rg -n 'ALPN protocol|Protocol'

Troubleshooting

Symptom	Likely cause	Fix
curl --http2 still shows HTTP/1.1	listen missing http2 (Nginx) or module not enabled (Apache)	Fix config, reload web server
HTTP/3 fails but HTTP/2 works	UDP 443 blocked or build doesn't support QUIC	Open 443/udp, verify server build, or use a CDN
Random client issues after enabling HTTP/3	Middleboxes/NAT issues	Keep HTTP/2 enabled; consider disabling HTTP/3 if unstable