Nginx, developed by Igor Sysoev, is a powerful web server that can perform other important tasks such as load balancing, serving as a mail proxy or reverse proxy, and HTTP caching. Although it’s not as popular as Apache, Nginx is a more efficient web server in terms of resource allocation and efficiency.
There are actually two different version of Nginx. Nginx is an open-source software, whereas Nginx Plus is the commercial version that comes with user support. Both software fully support HTTP/2.
To enable HTTP/2 on Nginx, there are a few things to know:
- It’s important to enable HTTPS on your server because almost all browsers allow HTTP/2 only over HTTPS.
- TLS protocol version 1.2 and above with modern cipher suites is required.
- Nginx Open Source version 1.9.5 or higher has built-in support for HTTP/2. Nginx Plus R7 and all higher versions fully support HTTP/2.
How to Enable HTTP/2 in Nginx
Let us look at how to enable http/2 in Nginx server.
-
- Make a backup of the nginx.conf file (default location: /etc/nginx/nginx.conf).
- After that, modify the file by adding http2 under the listen directive.
> listen 443 ssl http2;
- The SSL configuration needs to be updated, so ensure that it is added under server block which has SSL configuration since HTTP/2 is only supported over HTTPS.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /path/to/public;
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private.key;
ssl_protocols TLSv1.2;
} - Restart Nginx using the following command:
> sudo systemctl reload nginx.service
- To verify that HTTP/2 is enabled on the website, the addon HTTP/2 Indicator, can be used on Firefox or the HTTP/2 and SPDY Indicator can be used for Chrome.
Troubleshooting
-
-
- If the Nginx server is sitting behind a web application firewall, ensure that the web application firewall (WAF) is capable of parsing HTTP/2 traffic.
- Ensure that the SPDY parameter is removed from all listen directives. Since Google deprecated SPDY in 2016, support for it has been withdrawn.
- If ssl_prefer_server_ciphers is set to on and/or a list of ssl_ciphers defined in Appendix A: TLS 1.2 Cipher Suite Black List is used, the client browser experiences handshake errors and will not work.
-
Purchase a Multi-Domain Wildcard SSL Certificate from CheapSSLSecurity & Save Up to 84%!
We offer the best discount on multi-domain wildcard SSL certificates starting as low as $148.18 per year.