⚠️ CRITICAL: Version Policy Change
H2O no longer uses version tagging since January 2020. The master branch is considered stable. Each commit is treated as a release. Build from source for latest features and security patches.
⚠️ CRITICAL: Debian Package Removal (May 2025)
H2O has been removed from Debian testing/unstable due to lack of a maintainer. The Debian Bookworm package (2.2.5) has 5 unpatched CVEs:
- CVE-2025-8671 (HTTP/2 DoS)
- CVE-2024-45397 (TLS 1.3 + QUIC bypass)
- CVE-2024-25622 (Header directive bug)
- CVE-2023-44487 (HTTP/2 rapid reset)
- CVE-2023-41337 (TLS session misdirection)
Recommendation: Build from source for production deployments.
H2O is an actively maintained, high-performance web server with native HTTP/3 (QUIC) support. Due to package availability issues, building from source is the recommended installation method for secure, up-to-date deployments.
| Method | Status | Recommendation |
|---|---|---|
| Source Build | ✅ Recommended | Latest version, security patches |
| Debian Package | ❌ Removed (May 2025) | Not recommended (unpatched CVEs) |
| RHEL Package | ⚠️ OKey repo only | Acceptable for RHEL 9 |
| Docker | ⚠️ Community only | Good for containerized deployments |
| Homebrew | ✅ Available | Recommended for macOS |
Debian/Ubuntu:
sudo apt update
sudo apt install build-essential cmake pkg-config libssl-dev zlib1g-dev git
RHEL/CentOS:
sudo dnf groupinstall "Development Tools"
sudo dnf install cmake pkg-config openssl-devel zlib-devel git
macOS:
xcode-select --install
brew install cmake pkg-config openssl
git clone --recurse-submodules https://github.com/h2o/h2o.git
cd h2o
⚠️ Important: Use
--recurse-submodulesto fetch required dependencies (picotls for TLS 1.3).
mkdir -p build
cd build
cmake ..
make
sudo make install
H2O will be installed to /usr/local by default:
/usr/local/bin/h2o/usr/local/etc/h2o/h2o.confh2o --version
Expected output shows commit hash (version tagging discontinued):
h2o version 2.3.0-DEV@<commit-hash>
sudo useradd -r -s /usr/sbin/nologin h2o
sudo tee /etc/systemd/system/h2o.service > /dev/null << 'EOF'
[Unit]
Description=H2O - HTTP/1, HTTP/2, HTTP/3 Server
After=network.target
[Service]
Type=simple
User=h2o
Group=h2o
ExecStart=/usr/local/bin/h2o -c /usr/local/etc/h2o/h2o.conf
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable h2o
sudo systemctl start h2o
⚠️ Warning: H2O was removed from Debian testing/unstable in May 2025. The package in Debian Bookworm has unpatched security vulnerabilities. Use only in isolated/test environments.
sudo apt update
sudo apt install h2o
sudo apt update
sudo apt install h2o
⚠️ Note: Ubuntu packages may also be outdated. Check Debian Package Tracker for current status.
H2O is available from the OKey repository for RHEL 9 and compatible distributions.
# Enable OKey repository
sudo dnf install https://rpm.okey.pl/el9/x86_64/okey-release-1-1.el9.noarch.rpm
# Install H2O
sudo dnf install h2o
h2o --version
systemctl status h2o
No official Docker image exists. Use community-maintained images.
docker run -d \
--name h2o \
-p 80:80 \
-p 443:443 \
-v $(pwd)/config:/etc/h2o \
micrograils/h2o:latest
See H2O Docker Setup for detailed Docker deployment.
brew install h2o
brew info h2o
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 8443/tcp # If using HTTP/3
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# Check service status
sudo systemctl status h2o
# Test HTTP response
curl -I http://localhost
# Check version
h2o --version
Open http://SERVER_IP in your browser.
| Option | Description | Default |
|---|---|---|
-DCMAKE_INSTALL_PREFIX=dir |
Installation directory | /usr/local |
-DWITH_MRUBY=on\|off |
Enable mruby scripting | on (if available) |
-DWITH_DTRACE=on\|off |
Enable DTrace/SystemTap | on (if available) |
-DWITH_H2OLOG=on\|off |
Enable h2olog tool | on (if available) |
-DOPENSSL_ROOT_DIR=path |
Custom OpenSSL path | Auto-detect |
-DCMAKE_BUILD_TYPE=Release\|Debug |
Build type | Release |
cmake -DWITH_MRUBY=off -DWITH_DTRACE=off ..
Since H2O doesn’t use version tagging, update by pulling latest master:
cd /path/to/h2o
git pull
cd build
make
sudo make install
sudo systemctl restart h2o
# Fix: Re-clone with submodules
git clone --recurse-submodules https://github.com/h2o/h2o.git
# Specify OpenSSL path
cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl ..
# Create default config
sudo mkdir -p /etc/h2o
sudo cp examples/h2o/h2o.conf /etc/h2o/h2o.conf
# Check what's using port 80
sudo netstat -tlnp | grep :80
# Or use alternative port in config
⚠️ Security Warning: Debian packages have unpatched CVEs. Build from source for production.
See h2o Security and H2O Hardening for security guidance.
See H2O Configuration for configuration details.
Setting up web servers can be complex. We offer consulting services for:
Contact us at office@linux-server-admin.com or visit our contact page.