diff --git a/build-scripts/compile-options b/build-scripts/compile-options
index 11b091805..2efea9b64 100644
--- a/build-scripts/compile-options
+++ b/build-scripts/compile-options
@@ -208,7 +208,7 @@ case "$ROLE" in
     # HUB-ONLY dependencies
     hub)
         var_append DEPS "libcurl-hub"
-        var_append DEPS "libexpat apr apr-util apache git rsync"
+        var_append DEPS "nghttp2 libexpat apr apr-util apache git rsync"
         var_append DEPS "postgresql php"
         ;;
     # AGENT-ONLY dependencies
diff --git a/deps-packaging/apache/cfbuild-apache.spec b/deps-packaging/apache/cfbuild-apache.spec
index 8fd727d13..cc113dae6 100644
--- a/deps-packaging/apache/cfbuild-apache.spec
+++ b/deps-packaging/apache/cfbuild-apache.spec
@@ -30,13 +30,13 @@ CPPFLAGS=-I%{buildprefix}/include
     --prefix=%{prefix}/httpd \
     --enable-so \
     --enable-mods-shared="all ssl ldap authnz_ldap" \
+    --enable-http2 \
     --with-z=%{prefix} \
     --with-ssl=%{prefix} \
     --with-ldap=%{prefix} \
     --with-apr=%{prefix} \
     --with-apr-util=%{prefix} \
     --with-pcre=%{prefix}/bin/pcre2-config \
-    --with-mpm=prefork \
     CPPFLAGS="$CPPFLAGS"
 
 %build
diff --git a/deps-packaging/apache/debian/rules b/deps-packaging/apache/debian/rules
index 504541046..d76a3e604 100755
--- a/deps-packaging/apache/debian/rules
+++ b/deps-packaging/apache/debian/rules
@@ -24,7 +24,6 @@ build-stamp:
 --with-apr=$(PREFIX) \
 --with-apr-util=$(PREFIX) \
 --with-pcre=$(PREFIX)/bin/pcre2-config \
---with-mpm=prefork \
 CPPFLAGS="$(CPPFLAGS)"
 	make
 
diff --git a/deps-packaging/apache/httpd.conf b/deps-packaging/apache/httpd.conf
index 6a98248fa..6bbb34145 100644
--- a/deps-packaging/apache/httpd.conf
+++ b/deps-packaging/apache/httpd.conf
@@ -56,6 +56,8 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 # Required to log into mission portal
 LoadModule authz_core_module modules/mod_authz_core.so
 
+# Enable http2
+LoadModule http2_module modules/mod_http2.so
 
 # TRACE can be useful for debugging, but can be abused to perform Cross-Site
 # Tracing (XST) attacheks in order to obtain access to user cooking via
@@ -178,6 +180,12 @@ LogLevel warn
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin
 
+
+# Enable http2. As described in https://httpd.apache.org/docs/2.4/howto/http2.html
+# there is no need to do an IfModule check here as the Protocols are free-form
+# and not validated in any way.
+Protocols h2 h2c http/1.1
+
   <VirtualHost _default_:443>
     DocumentRoot "/var/cfengine/httpd/htdocs/public"
     Alias "/api" "/var/cfengine/httpd/htdocs/api"
diff --git a/deps-packaging/nghttp2/cfbuild-nghttp2.spec b/deps-packaging/nghttp2/cfbuild-nghttp2.spec
new file mode 100644
index 000000000..07aeb11e6
--- /dev/null
+++ b/deps-packaging/nghttp2/cfbuild-nghttp2.spec
@@ -0,0 +1,67 @@
+%define nghttp2_version 1.62.1
+
+Summary: CFEngine Build Automation -- nghttp2
+Name: cfbuild-nghttp2
+Version: %{version}
+Release: 1
+Source0: nghttp2-%{nghttp2_version}.tar.xz
+License: MIT
+Group: Other
+Url: nghttp2.org
+BuildRoot: %{_topdir}/BUILD/%{name}-%{version}-%{release}-buildroot
+
+AutoReqProv: no
+
+%define prefix %{buildprefix}
+%prep
+mkdir -p %{_builddir}
+%setup -q -n nghttp2-%{nghttp2_version}
+
+./configure --prefix=%{prefix}
+
+%build
+
+make
+
+%install
+
+rm -rf ${RPM_BUILD_ROOT}
+
+make install DESTDIR=${RPM_BUILD_ROOT}
+
+# Remove unused files
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/lib/libnghttp2.*a
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/doc/nghttp2/README.rst
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/man/man1/h2load.1
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/man/man1/nghttp*
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/nghttp2/fetch-ocsp-response
+
+%clean
+
+rm -rf $RPM_BUILD_ROOT
+
+%package devel
+Summary: CFEngine Build Automation -- nghttp2 -- development files
+Group: Other
+AutoReqProv: no
+
+%description
+CFEngine Build Automation -- nghttp2
+
+%description devel
+CFEngine Build Automation -- nghttp2 -- development files
+
+%files
+%defattr(-,root,root)
+
+%dir %prefix/lib
+%prefix/lib/*.so*
+
+%files devel
+%defattr(-,root,root)
+
+%prefix/include
+%dir %prefix/lib
+%prefix/lib/pkgconfig
+
+%changelog
diff --git a/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install b/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install
new file mode 100644
index 000000000..96c4b3019
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install
@@ -0,0 +1,2 @@
+/var/cfengine/include
+/var/cfengine/lib/pkgconfig
diff --git a/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install b/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install
new file mode 100644
index 000000000..d47339c9d
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install
@@ -0,0 +1 @@
+/var/cfengine/lib/*.so*
diff --git a/deps-packaging/nghttp2/debian/compat b/deps-packaging/nghttp2/debian/compat
new file mode 100644
index 000000000..f599e28b8
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/deps-packaging/nghttp2/debian/control b/deps-packaging/nghttp2/debian/control
new file mode 100644
index 000000000..778b59ddc
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/control
@@ -0,0 +1,18 @@
+Source: cfbuild-nghttp2
+Section: libs
+Priority: optional
+Maintainer: CFEngine Packages <packager@cfengine.com>
+Build-Depends: debhelper
+Standard-Version: 3.8.4
+
+Package: cfbuild-nghttp2
+Section: libs
+Architecture: any
+Description: CFEngine Build Automation -- nghttp2
+ CFEngine Build Automation -- nghttp2
+
+Package: cfbuild-nghttp2-devel
+Section: libdevel
+Architecture: any
+Desciption: CFEngine Build Automation -- cfbuild-nghttp2-devel
+ CFEngine Build Automation -- cfbuild-nghttp2-devel
diff --git a/deps-packaging/nghttp2/debian/copyright b/deps-packaging/nghttp2/debian/copyright
new file mode 100644
index 000000000..e69de29bb
diff --git a/deps-packaging/nghttp2/debian/rules b/deps-packaging/nghttp2/debian/rules
new file mode 100644
index 000000000..cf106c36b
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/rules
@@ -0,0 +1,50 @@
+#!/usr/bin/make -f
+PREFIX=$(BUILDPREFIX)
+
+clean:
+	dh_testdir
+	dh_testroot
+
+	dh_clean
+
+build: build-stamp
+build-stamp:
+	dh_testdir
+
+	./configure --prefix=$(PREFIX)
+
+	make
+
+	touch build-stamp
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	$(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
+
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/lib/libnghttp2.*a
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/doc/nghttp2/README.rst
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/man/man1/h2load.1
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/man/man1/nghttp*
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/nghttp2
+
+binary-indep: build install
+
+binary-arch: build install
+	dh_testdir
+	dh_testroot
+	dh_install --sourcedir=debian/tmp
+	dh_link
+	dh_strip
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
diff --git a/deps-packaging/nghttp2/distfiles b/deps-packaging/nghttp2/distfiles
new file mode 100644
index 000000000..ab9b85cef
--- /dev/null
+++ b/deps-packaging/nghttp2/distfiles
@@ -0,0 +1 @@
+2345d4dc136fda28ce243e0bb21f2e7e8ef6293d62c799abbf6f633a6887af72  nghttp2-1.62.1.tar.xz
diff --git a/deps-packaging/nghttp2/source b/deps-packaging/nghttp2/source
new file mode 100644
index 000000000..bbdbefacd
--- /dev/null
+++ b/deps-packaging/nghttp2/source
@@ -0,0 +1 @@
+https://github.com/nghttp2/nghttp2/releases/download/v1.62.1/
diff --git a/deps-packaging/php/cfbuild-php.spec b/deps-packaging/php/cfbuild-php.spec
index 25d0bcedd..1bdd526eb 100644
--- a/deps-packaging/php/cfbuild-php.spec
+++ b/deps-packaging/php/cfbuild-php.spec
@@ -45,10 +45,7 @@ LDFLAGS=""
   --enable-mbstring \
   --enable-sockets \
   --disable-mbregex \
-  --without-fpm-user \
-  --without-fpm-group \
-  --without-fpm-systemd \
-  --without-fpm-acl \
+  --enable-fpm \
   --without-layout \
   --without-sqlite3 \
   --without-bz2 \
diff --git a/deps-packaging/php/debian/rules b/deps-packaging/php/debian/rules
index 94eaf588d..469606184 100755
--- a/deps-packaging/php/debian/rules
+++ b/deps-packaging/php/debian/rules
@@ -25,10 +25,7 @@ build-stamp:
 --enable-mbstring \
 --enable-sockets \
 --disable-mbregex \
---without-fpm-user \
---without-fpm-group \
---without-fpm-systemd \
---without-fpm-acl \
+--enable-fpm \
 --without-layout \
 --without-sqlite3 \
 --without-bz2 \
diff --git a/deps-packaging/release-monitoring.json b/deps-packaging/release-monitoring.json
index e9749b68e..1eb7b9f46 100644
--- a/deps-packaging/release-monitoring.json
+++ b/deps-packaging/release-monitoring.json
@@ -14,6 +14,7 @@
         "libxml2":"1783",
         "libyaml":"13522",
         "lmdb":"6974",
+        "nghttp2":"8651",
         "openldap":"2551",
         "openssl":"2566",
         "pcre2":"5832",
diff --git a/packaging/common/cfengine-hub/postinstall.sh b/packaging/common/cfengine-hub/postinstall.sh
index 9189d1e75..24a78b966 100644
--- a/packaging/common/cfengine-hub/postinstall.sh
+++ b/packaging/common/cfengine-hub/postinstall.sh
@@ -87,7 +87,7 @@ fi
 #Copy necessary Files and permissions
 #
 cp "$PREFIX/lib/php"/*.ini "$PREFIX/httpd/php/lib"
-EXTENSIONS_DIR="$(ls -d -1 "$PREFIX/httpd/php/lib/php/extensions/no-debug-non-zts-"*|tail -1)"
+EXTENSIONS_DIR="$(ls -d -1 "$PREFIX/httpd/php/lib/php/extensions/no-debug-zts-"*|tail -1)"
 cp "$PREFIX/lib/php"/*.so "$EXTENSIONS_DIR"
 
 #