Skip to main content

Enable http2 support on a server with nginx and Debian

ww.kr.ua Web server


HTTP / 2 is the second version of the http network protocol, which includes many different improvements. These include multiplexing requests (all requests can be processed in parallel), increased performance, header compression, etc.

HTTP / 2 has replaced SPDY, which has been discontinued.



Nginx supports the http / 2 protocol, starting with version 1.9.5. However, only version 1.6.2 is present in the stable release of Debian Jessie. Therefore, we will connect the backports repository to upgrade nginx to 1.9.10.

Before upgrading, you need to know which nginx packages are installed on the system (there are several of them). See the output of the command: 

  # dpkg -l |  grep nginx

On my server it is like this:

 
  root @ ww.kr.ua: ~ # dpkg -l |  grep nginx
 ii nginx-common 1.6.2-5 + deb8u1 small, powerful, scalable web / proxy server - common files
 ii nginx-extras 1.6.2-5 + deb8u1 i386 nginx web / proxy server (extended version)

So I should upgrade these packages. What I did. 

  # aptitude install nginx-common nginx-extras openssl -t jessie-backports

Here, after the -t switch, specify the jessie-backports repository.

OpenSSL version 1.0.2 we install to support ALPN.



Enable http / 2 for virtual host

In the configuration file of all your sites that support ssl (if you use separate files for virtual hosts in the / etc / nginx / sites-enabled folder) or in the main configuration file /etc/nginx/nginx.conf, we find the listen parameter.

Usually, this parameter looks like this: 

  listen 443 ssl;

If spdy is enabled, then: 

  listen 443 ssl spdy;

In the first case, you just need to add after the ssl parameter http2. In the second, replace spdy with http2. In the end, this should be: 

  listen 443 ssl http2;

The ssl_prefer_server_ciphers parameter ssl_prefer_server_ciphers set to off .

Or give a list of available ciphers to match with the black list of RFC 7540, Appendix A. 

  ssl_ciphers EECDH: EDH:! 3DES:! DES:! DSS:! SEED:! CAMELLIA:! NULL:! RC4:! SHA;

After all the changes you have made, you should test the configuration with the nginx -t command.

In case of successful testing, we restart nginx and go to the ssllabs.com to test the server. You can also use the supplement SPDY indicator for Firefox .



How do you rate the article?
Звёзд: 1Звёзд: 2Звёзд: 3Звёзд: 4Звёзд: 5 ( 1 rating, average: 5.00 out of 5)
Loading...

Add a comment

Your email will not be published.