Coder's Cat

How To Config Nginx with HTTP/2

2020-11-13

What is HTTP/2

HTTP/2 (Originally named HTTP 2.0) is the second major version of the HTTP protocol, it is the first update to the HTTP protocol since the release of HTTP 1.1 in 1999.

The Benefits of HTTP/2

  • Transferring data in binary format instead of text format. This binary format offers more possibilities for protocol parsing and optimizations.
  • Compressing headers for transmission saves traffic on the network. While HTTP1.1 carries a large number of redundant headers for each request, which wasting bandwidth resources.
  • Multiplexing, which means that multiple requests are completed concurrently over a single TCP connection, HTTP/2 provides truly concurrent requests. Streaming also supports priority and flow control.
  • Server push, the server can be faster to push resources to the client. For example, the server can take the initiative to push JS and CSS files to the client. These files will be ready when the client needs them.
  • Protects website security.

Enabling HTTP/2 on Nginx

To support HTTP/2 on Nginx, we need Nginx 1.9.5 or later, and you need OpenSSL version 1.0.2 or later.

How to upgrade OpenSSL

If the system’s version of OpenSSL is lower than 1.0.2, we will have to upgrade your OpenSSL version first.

  • Checking OpenSSL Versions
$ openssl version
OpenSSL 1.0.2g 1 Mar 2016

Install Nginx

  • Download Nginx
$ wget http://nginx.org/download/nginx-1.12.0.tar.gz
  • Compile and install Nginx
$ apt-get install libreadline-dev libncurses5-dev libpcre3-dev libssl-dev perl make build-essential
$ tar xzvf nginx-1.12.0.tar.gz
$ cd nginx-1.12.0.tar.gz
$ . /configure --with-http_ssl_module --with-http_v2_module
$ make && make install

If the system OpenSSL version is lower than 1.0.2, we need to add a -with-openssl to indicates the location of the source code for the higher version of the OpenSSL library.

  • Verifying the Nginx and compiled versions of OpenSSL
$ . /nginx -V
nginx version: nginx/1.12.0
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_v2_module

Modify Nginx configuration

Configuring Nginx to enable HTTP/2 is particularly easy by adding http2 after listen in the server configuration section.

Note: HTTP/2 has to work under HTTPS! Don’t add http2 to the 80 port.

Even HTTP/2 will work under non-HTTPS, there is no browser support for it yet!

$ vim /usr/local/nginx/conf/nginx.conf

server {
listen 443 ssl http2;
server_name coderscat.com;
...
}

Restart Nginx and let the configuration take effect.

$ cd /usr/local/nginx/sbin
$ ./nginx -s reload

Verifying HTTP/2

Open the https://tools.keycdn.com/http2-test and enter your domain name to test if HTTP/2 is properly supported.

Browser support

If HTTP/2 is enabled, even a low version of the browser will work! If a client does not support HTTP/2, Nginx is automatically backwards compatible with HTTP 1.1.

Most browsers currently support HTTP/2:

  • Google Chrome, Mozilla Firefox, Microsoft Edge, and Opera have HTTP/2 support and are enabled by default.
  • Internet Explorer has supported HTTP/2 since IE 11 and is enabled by default.
Tags: Misc