Step-by-Step Guide: How to Enable HTTP/2 on Nginx

1 Star2 Stars3 Stars4 Stars5 Stars (10 votes, average: 26.40 out of 5)

Nginx, developed by Igor Sysoev, is a powerful web server that can perform other important tasks such as load balancing, serving as a mail proxy or reverse proxy, and HTTP caching. Although it’s not as popular as Apache, Nginx is a more efficient web server in terms of resource allocation and efficiency.

There are actually two different version of Nginx. Nginx is an open-source software, whereas Nginx Plus is the commercial version that comes with user support. Both software fully support HTTP/2.

To enable HTTP/2 on Nginx, there are a few things to know:

  • It’s important to enable HTTPS on your server because almost all browsers allow HTTP/2 only over HTTPS.
  • TLS protocol version 1.2 and above with modern cipher suites is required.
  • Nginx Open Source version 1.9.5 or higher has built-in support for HTTP/2. Nginx Plus R7 and all higher versions fully support HTTP/2.

How to Enable HTTP/2 in Nginx

Let us look at how to enable http/2 in Nginx server.

    • Make a backup of the nginx.conf file (default location: /etc/nginx/nginx.conf).
    • After that, modify the file by adding http2 under the listen directive.

      > listen 443 ssl http2;

    • The SSL configuration needs to be updated, so ensure that it is added under server block which has SSL configuration since HTTP/2 is only supported over HTTPS.

      server {
      listen 443 ssl http2;
      listen [::]:443 ssl http2;
      root /path/to/public;
      ssl_certificate /path/to/certificate.crt;
      ssl_certificate_key /path/to/private.key;
      ssl_protocols TLSv1.2;

    • Restart Nginx using the following command:

      > sudo systemctl reload nginx.service

    • To verify that HTTP/2 is enabled on the website, the addon HTTP/2 Indicator, can be used on Firefox or the HTTP/2 and SPDY Indicator can be used for Chrome.


      • If the Nginx server is sitting behind a web application firewall, ensure that the web application firewall (WAF) is capable of parsing HTTP/2 traffic.
      • Ensure that the SPDY parameter is removed from all listen directives. Since Google deprecated SPDY in 2016, support for it has been withdrawn.
      • If ssl_prefer_server_ciphers is set to on and/or a list of ssl_ciphers defined in Appendix A: TLS 1.2 Cipher Suite Black List is used, the client browser experiences handshake errors and will not work.

Purchase a Multi-Domain Wildcard SSL Certificate from CheapSSLSecurity & Save Up to 84%!

We offer the best discount on multi-domain wildcard SSL certificates starting as low as $148.18 per year.

Shop All Multi-Domain Wildcard Certificates