How To Set Up Nginx with HTTP/2 Support on Ubuntu
31 Mar 2017HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. – Wikipedia
HTTP/2 decreases latency to improve page load speed in web browsers, it solves this problem because it brings a few fundamental changes:
- Multiple requests over a single TCP connection
- Compression of HTTP headers
- Servers push
- Fixing the head-of-line blocking problem in HTTP 1.x
Enable HTTP/2 support
If you’re on Ubuntu 12.04/14.04, see note at the bottom of post.
To enable HTTP/2 you need at least Nginx 1.9.5, you can check Nginx HTTP/2 support using this command:
$ sudo nginx -V
The result would be something like this
nginx version: nginx/1.11.12
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.2)
built with OpenSSL 1.0.2g-fips 1 Mar 2016 (running with OpenSSL 1.0.2g 1 Mar 2016)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
If you don’t have --with-http_v2_module somewhere in that output, you need to update your Nginx or compile with HTTP/2 module.
Now, enable HTTP/2 for Nginx is as simple as adding a keyword to your server configuration, please note that you also need SSL support to use HTTP/2.
The standard itself does not require usage of encryption, but most browsers have stated that they will only support HTTP/2 over TLS.
Open the server block configuration for your HTTPS site, and change this line:
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
to:
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
If you’re on Ubuntu 14.04 you can reload nginx using this command
$ service nginx reload
For ubuntu 16.04, use this to reload your nginx
$ sudo systemctl reload nginx
Note for Ubuntu 12.04/14.04
Chrome removed support for NPN from Chrome build 51, so if the web server only support NPN (not ALPN), the new Chrome browser drops back to HTTP/1.
Ubuntu support for ALPN and NPN
| OS | OpenSSL Support | ALPN and NPN Support |
|---|---|---|
| Ubuntu 12.04 LTS | 1.0.1 | NPN |
| Ubuntu 14.04 LTS | 1.0.1f | NPN |
| Ubuntu 16.04 LTS | 1.0.2g | ALPN and NPN |
ALPN support depend on OpenSSL >= 1.0.2, so you have 3 options if you’re on Ubuntu 12.04 or 14.04:
- Upgrade your operating system
- Compile NGINX from source and use OpenSSL 1.0.2
- Run NGINX in a container