ScaleScaleScaleScale

Tips / Nginx


How to install and configure SPDY on Nginx

SSL

Weeks ago I shared with you a post called What is SPDY  where we briefly explained its basics and how good spdy is for website speed and security.  Today we will actually configure SPDY support on Nginx. In order to have SPDY working on Nginx there are a few things that you will need:

  • Openssl version 1.0.1e or greater.
  • SSL certificate installed on the website.
  • Nginx development version.

Find your OpenSSL version

CentOS 6 example:

[root@my.server.com:~]rpm -q openssl
openssl-1.0.1e-16.el6_5.4.x86_64

On CentOS 5 you will probably have openssl-0.9.8.x and it may be necessary to upgrade openssl compiling manually from source or using external unofficial repos.

Ubuntu and Debian and others:

Use the command “openssl version”.

[root@my.server.com:~]openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Install or reinstall Nginx Development version from source

RPM and DEB versions of the Nginx doesn’t come with SPDY module (ngx_http_spdy_module) enabled by default, so, the easy way to do this is to download the source and compile. Let’s do it:

Move to http://nginx.org/en/download.html and download latest development version (at this time the only one that does support SPDY 3.1).

wget http://nginx.org/download/nginx-1.5.12.tar.gz

Extract it

tar -xvpzf nginx-1.5.12.tar.gz
cd nginx-1.5.12

Compile

./configure --with-http_spdy_module --with-http_ssl_module

You may need other options for your configure command, I suggest this as are the most used ones:

./configure --with-http_spdy_module --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

Install

make
make install

Now type nginx -V to check if you have SPDY support.

At this point, I will assume you already configured Nginx, virtual hosts and also installed a SSL Certificate (if you need help on this, check out: How to install a SSL Certificate on Nginx ).

So, in order to activate SPDY on Nginx, the only thing you need to do is add “spdy” word on the SSL configuration, it should look like this:

Replace:

listen 10.1.2.3:443 ssl;

And update it as follows

listen 10.1.2.3:443 ssl spdy;

It should look like this:

server {
...
...
        listen 10.1.2.3:443 ssl spdy;
        server_name  yoursite.com;
...
...
...
}

Now reload Nginx to apply the changes:

service nginx reload

Check to see if SPDY support is working

There is a very nice chrome extension called ‘SPDY Indicator‘, which supports the latest SPDY version and it’s available from chrome store. Grab that, install it and then you will see a green indicator that shows you have SPDY enabled. If it appears in red, then your spdy support is not working. It should look like this:

spdy

There is an alternative way and that is using an online check page like http://spdycheck.org/

Popular search terms:

  • build nginx with fips
  • debian nginx build spdy
  • nginx openssl fips
  • nginx spdy centos 7
profile

Esteban Borges

Linux Geek, Webperf Addict, Nginx Fan. CTO @Infranetworking

  • love_decay

    Does, the entire site need to run on https to have speedy ?

  • Dongpt

    Hi,

    For SPDY take the efficient, do I need to use a commercial SSL certificate? I tried with self-signed cert and SPDY indicator doesn’t show the green light.

    Thanks!

    • admin

      It’s a very good question. I’ve heard Chrome does complain about self signed SSL if you use SPDY, try another browser maybe.
      Since you posted your comment I’ve been looking for an answer on the net, and almost everyone says self signed does work with SPDY in the same way as commercial SSL.

      Regards