Gilang Chandrasa Thoughts, stories, and ideas

How To Set Up Nginx with HTTP/2 Support on Ubuntu

HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. – Wikipedia

HTTP/2 decreases latency to improve page load speed in web browsers, it solves this problem because it brings a few fundamental changes:

Enable HTTP/2 support

If you’re on Ubuntu 12.04/14.04, see note at the bottom of post.

To enable HTTP/2 you need at least Nginx 1.9.5, you can check Nginx HTTP/2 support using this command:

$ sudo nginx -V

The result would be something like this

nginx version: nginx/1.11.12
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.2)
built with OpenSSL 1.0.2g-fips  1 Mar 2016 (running with OpenSSL 1.0.2g  1 Mar 2016)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

If you don’t have --with-http_v2_module somewhere in that output, you need to update your Nginx or compile with HTTP/2 module.

Now, enable HTTP/2 for Nginx is as simple as adding a keyword to your server configuration, please note that you also need SSL support to use HTTP/2.

The standard itself does not require usage of encryption, but most browsers have stated that they will only support HTTP/2 over TLS.

Open the server block configuration for your HTTPS site, and change this line:

listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;

to:

listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;

If you’re on Ubuntu 14.04 you can reload nginx using this command

$ service nginx reload

For ubuntu 16.04, use this to reload your nginx

$ sudo systemctl reload nginx

Note for Ubuntu 12.04/14.04

Chrome removed support for NPN from Chrome build 51, so if the web server only support NPN (not ALPN), the new Chrome browser drops back to HTTP/1.

Ubuntu support for ALPN and NPN

OS OpenSSL Support ALPN and NPN Support
Ubuntu 12.04 LTS 1.0.1 NPN
Ubuntu 14.04 LTS 1.0.1f NPN
Ubuntu 16.04 LTS 1.0.2g ALPN and NPN

ALPN support depend on OpenSSL >= 1.0.2, so you have 3 options if you’re on Ubuntu 12.04 or 14.04: