ScaleScaleScaleScale

Tips / Nginx


How to Enable HTTP/2 on Nginx

HTTP/2 is the new generation protocol replacement for the common HTTP/1.1 protocol that you use in your daily tasks while browsing the internet. Based on the fabulous SPDY, this new HTTP protocol is focused on providing the best performance ever between network connections and end users. Specifically, it aims to improve end-user latency and network usage. Its major goal is to allow the use of one single connection between client browsers and websites.

Main features of HTTP/2

True multiplexing: HTTP/2 allows requests to be satisfied in parallel and out of order, rather than one by one as in the HTTP/1.1 protocol.

Single persistent connection: With the true multiplexing feature, all objects placed on a website can be downloaded in parallel using just a single connection. On HTTP/1.1, if you wanted to download parallel objects, you were forced to open multiple connections (not efficient in terms of network usage).

Binary encoding: Headers are sent encoded in binary format. This allows you to save bytes on the way until information reaches your client’s browser. On HTTP/1.1, it was sent using plain text which caused more spending in terms of bandwidth usage.

Header compression: Headers are also compressed with HPACK compression, which helps to reduce the total amount of data across the network.

SSL/TLS encryption: With HTTP/2 SSL/TSL, encryption is a must. This is controlled and defined by the web browsers (instead by the RFC) that currently support the new HTTP/2 protocol. HTTP/2 not only cares about speed, but also about your security by adopting SSL/TSL encryption as a mandatory requirement.

Notes before enabling HTTP/2 on Nginx

1. HTTP/2 is currently available for Nginx users and Nginx Plus users (commercial version of Nginx).

2. If you don’t have SSL encryption on your website, you must redirect all traffic to SSL/TLS, as HTTP/2 runs over SSL/TLS encryption. Make sure your website is fully configured to work with an SSL Certificate.

3. SPDY and HTTP/2 cannot run together. Remove the ‘spdy’ option from all listen directives inside the Nginx configuration, and replace it with the ‘http2’ and ‘SSL’ parameters.

How can you enable HTTP/2 on Nginx?

To enable HTTP/2 support on Nginx, just add “http2” option to the listen directives that you previously had. Remember to also include the SSL parameter, example:

listen 443 ssl http2 default_server;

Full output inside the server {} block:

server {listen 443 ssl http2 default_server
ssl_certificate /etc/nginx/conf/ssl.crt/yoursite.com.crt; ssl_certificate_key /etc/nginx/conf/ssl.key/yoursite.com.key; ... ... }

Reload Nginx to apply changes:

nginx -s

How can you check that HTTP/2 is working on your website?

There is a cool browser add on called “HTTP/2 and SPDY indicator.” It is available from Google Chrome store and Firefox.

What about browsers that don’t support HTTP/2?

The folks at Nginx Inc. already had that in mind, and because currently 50% of the browsers still don’t support HTTP/2, Nginx engineers created what they call the “Next Protocol Negotiation (NPN).” This is a TLS extension that allows Nginx to serve HTTP /1.x requests if the browser doesn’t fully support HTTP/2.

Conclusion

As you can see, the web is changing really fast. To continue growing, you need to adopt new protocols and ways that allow users to reduce page response time and network usage. HTTP/2 is the next generation of HTTP protocol. If you want to be a part of this new change, try to enable it on your Nginx installation. The results will amaze you.

Further reading

 

Popular search terms:

  • enable fips on nginx
  • enabling http2 nginx
  • gentlyfu1
  • N7H5
profile

Esteban Borges

Linux Geek, Webperf Addict, Nginx Fan. CTO @Infranetworking

  • Worth mentioning that as of Chrome 47 or so Google decided to disable NPN protocol in favor of ALPN but to support ALPN you need to have at least OpenSSL 1.0.2 which leaves many systems with disabled http2 on chrome since none of the mayor server distributions support new openssl version (Except Ubuntu 16.04).