diff --git a/manifests/hitch.pp b/manifests/hitch.pp
index c77dd7a..e0402cc 100644
--- a/manifests/hitch.pp
+++ b/manifests/hitch.pp
@@ -1,38 +1,46 @@
 # Support for hitch TLS termination proxy
 class profile::hitch {
   $frontend = hiera('hitch::frontend')
   $proxy_support = hiera('hitch::proxy_support')
+  $http2_support = hiera('hitch::http2_support')
 
   $ocsp_dir = '/var/lib/hitch'
 
   if $proxy_support {
     $varnish_proxy_port = hiera('varnish::proxy_port')
     $backend            = "[::1]:${varnish_proxy_port}"
     $write_proxy_v2     = 'on'
   } else {
     $apache_http_port = hiera('apache::http_port')
     $backend          = "[::1]:${apache_http_port}"
     $write_proxy_v2   = 'off'
   }
 
+  if $http2_support {
+    $alpn_protos = 'h2,http/1.1'
+  } else {
+    $alpn_protos = undef
+  }
+
   class {'::hitch':
     frontend       => $frontend,
     backend        => $backend,
     write_proxy_v2 => $write_proxy_v2,
+    alpn_protos    => $alpn_protos,
     require        => File[$ocsp_dir],
   }
 
   file {$ocsp_dir:
     ensure => directory,
     mode   => '0700',
     owner  => $::hitch::user,
     group  => $::hitch::group,
     notify => Service[$::hitch::service_name],
   }
 
   # Provide virtual resources for each possible hitch TLS certificate
   # Users can realize the resource using
   #   realize(::Profile::Hitch::Ssl_Cert[$cert_name])
   $ssl_certs = keys(hiera('ssl'))
   @::profile::hitch::ssl_cert {$ssl_certs:}
 }
diff --git a/manifests/varnish.pp b/manifests/varnish.pp
index 6187af0..c7946a4 100644
--- a/manifests/varnish.pp
+++ b/manifests/varnish.pp
@@ -1,61 +1,71 @@
 # Varnish configuration
 
 class profile::varnish {
   $includes_dir = '/etc/varnish/includes'
   $includes_vcl_name = 'includes.vcl'
   $includes_vcl = "/etc/varnish/${includes_vcl_name}"
 
   $http_port = hiera('varnish::http_port')
   $backend_http_port = hiera('varnish::backend_http_port')
 
   $listen = hiera('varnish::listen')
   $admin_listen = hiera('varnish::admin_listen')
   $admin_port = hiera('varnish::admin_port')
+  $http2_support = hiera('varnish::http2_support')
   $secret = hiera('varnish::secret')
   $storage_type = hiera('varnish::storage_type')
   $storage_size = hiera('varnish::storage_size')
   $storage_file = hiera('varnish::storage_file')
 
+  if $http2_support {
+    $runtime_params = {
+      feature => '+http2',
+    }
+  } else {
+    $runtime_params = {}
+  }
+
   class {'::varnish':
-    addrepo      => false,
-    listen       => $listen,
-    admin_listen => $admin_listen,
-    admin_port   => $admin_port,
-    secret       => $secret,
-    storage_type => $storage_type,
-    storage_size => $storage_size,
-    storage_file => $storage_file,
+    addrepo        => false,
+    listen         => $listen,
+    admin_listen   => $admin_listen,
+    admin_port     => $admin_port,
+    secret         => $secret,
+    storage_type   => $storage_type,
+    storage_size   => $storage_size,
+    storage_file   => $storage_file,
+    runtime_params => $runtime_params,
   }
 
   ::varnish::vcl {'/etc/varnish/default.vcl':
     content => template('profile/varnish/default.vcl.erb'),
     require => Concat[$includes_vcl],
   }
 
   file {$includes_dir:
     ensure  => directory,
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
     require => Class['varnish::install'],
     notify  => Exec['vcl_reload'],
   }
 
   concat {$includes_vcl:
     ensure         => present,
     owner          => 'root',
     group          => 'root',
     mode           => '0644',
     ensure_newline => true,
     require        => Class['varnish::install'],
     notify         => Exec['vcl_reload'],
   }
 
   concat::fragment {"${includes_vcl}:header":
     target  => $includes_vcl,
     content => "# File managed with puppet (module profile::varnish)\n# All modifications will be lost\n\n",
     order   => '00',
   }
 
   include ::profile::varnish::default_vcls
 }