How to Configure HTTP/2 Support in Nginx On Ubuntu/Debian

HTTP/2 is a robust multiplexed protocol for improving page load speed and security. In this tutorial, we will learn how to setup NGINX with HTTP/2 support.

Nginx enable http2 support on Ubuntu and Debian
How To Set Up Nginx with HTTP2 Support

Overview

Nginx is a open source fast and reliable web server. It gained popularity due to its low memory footprint, load balancing, high scalability, caching, support for the majority of protocols and reverse proxying. Now let’s talk about how nginx enable http2 protocol.

One of the protocols supported by Nginx is HTTP/2 which was published in May 2015. The main advantage of HTTP/2 is its high transfer speed for content-rich websites, reduces the load on the web server and it can initiate multiple parallel requests in a single TCP connection. Nginx enable http2 is an improved version of the HTTP protocol. Before we get started, we will need a few Ubuntu or Debian server with SSL certificate. In this tutorial, we’ll guide you step-by-step on how to nginx enable http2 on ubuntu.

  • Updating the packages and Installing Nginx
  • Enabling HTTP/2 Support
  • Adding the Server Name
  • Adding the SSL Certificates
  • Removing the Ciphers
  • Redirect all HTTP Requests to HTTPS
  • Restart Nginx
  • Conclusion

Step 1: Updating the packages and Installing Nginx

The first step is to update and upgrade the repositories in the apt packaging system. Using update will download the latest version packages and upgrading will install the latest version of the packages in the list. Run the below apt command to update and upgrade the packages.

sudo apt-get update && apt-get upgrade

The next step is to install the latest version of nginx package. Support for the HTTP/2 protocol was introduced in Nginx version 1.9.5 and above. Therefore, we will have to install the latest version of the Nginx package. Run the below use apt install command to install the Nginx packages:

sudo apt-get install nginx

You will be prompted to confirm the step by step installation process. Select YES option and finish the installation process. After the installation process finishes, the next step is to check the version of the package whether we have installed the right version or not. You can check the version of nginx web server by typing command:

sudo nginx -v

The output of above version check command should be similar to the following:

nginx version: nginx/1.10.0 (Ubuntu)

Step 2: Enabling HTTP/2 Support

After installing the nginx package, we need to enable http2 nginx. The user has to change the listening port from 80 to 443. Let’s open the nginx configuration file:

sudo nano /etc/nginx/sites-available/domain-name.com

You can see the by default value of Nginx is set to listen is port 80.

listen 80 default_server; 
listen [::]:80 default_server;

As you can see that there two different listen variables. The first one listen variable is for all IPv4connections and the second one is for IPv6 connections. We will enable encryption for both variables. Change the listening port number to 443 and add SSL connection for HTTPS protocol as shown below:

listen 443 ssl http2 default_server; 
listen [::]:443 ssl http2 default_server;

Notice that in addition to ssl, we also added http2. Nginx is now able to use browsers that supports HTTP/2 protocol.

Step 3: Adding the Server Name

Next step is to change the server_name so that the server name is associated with the domain name. The user just needs to change the server name in the configuration file. Locate the server_name entry in the configuration file and change _ to your actual domain, like this:

server_name example.com www.example.com;

Save the server configuration file by editing in the text editor. You can check the Nginx configuration for syntax errors with command:

sudo nginx -t

If the syntax is error free then you will see the below output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok 
nginx: configuration file /etc/nginx/nginx.conf test is successful

Step 4: Adding the SSL Certificates

Next step is to enable nginx https configuration to use your SSL certificate. You can generate a self signed certificate or install a free certificate from Let’s Encrypt. If you don’t have an SSL certificate then please follow this tutorial. Add your SSL certificates inside the nginx configuration directory similar to:

sudo mkdir /etc/nginx/ssl

Copy your certificate and the private key to this location and also replace example.com with your actual domain name:

sudo cp /path/to/your/certificate.crt /etc/nginx/ssl/example.com.crt 
sudo cp /path/to/your/private.key /etc/nginx/ssl/example.com.key

Now open nginx server configuration file once again. Add and configure new SSL lines inside the nginx server block with the location of your certificates to enable nginx ssl configuration:

sudo nano /etc/nginx/sites-available/domain-name.com
ssl_certificate /etc/nginx/ssl/example.com.crt; 
ssl_certificate_key /etc/nginx/ssl/example.com.key;

Save the file nginx file and exit the text editor.

Step 5: Removing the Ciphers

Cipher is an algorithm used in cryptography for data encryption and decryption. Cipher suites are a bunch of cryptographic algorithms used to secure network connections. HTTP/2 has a huge blacklist of insecure ciphers which need to be removed. Here we will use a popular cipher set, approved by Internet giants CloudFlare.

Open the following nginx configuration file /etc/nginx/nginx.conf and add the below lines just after ssl_prefer_server_ciphers on. These lines include the list of latest ciphers that HTTP2 browsers understand.

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+
AES256:EECDH+3DES:RSA+3DES:!MD5;

You may set gzip to off and add proxy_max_temp_file_size 0; to avoid err_http2_protocol_error nginx error.

Step 6: Redirect all HTTP Requests to HTTPS

Now we should tell nginx http2 proxy what it should serve the content through HTTPS only if the server receives an HTTP request. Finally, ignoring commented out lines, your nginx configuration file /etc/nginx/sites-available/domain-name.com should look similar to this:

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com;
location / {
try_files $uri $uri/ =404;
}
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
}
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://$server_name$request_uri;
}

Save the file /etc/nginx/sites-available/domain-name.com and then exit. Check the configurations for syntax errors:

sudo nginx -t

Step 7: Restart Nginx

To apply the all changes, restart the nginx http2 reverse proxy server and check configuration status.

sudo systemctl restart nginx
sudo systemctl status nginx

Conclusion:

Congratulations, you have successfully learned how to set up nginx config http2 support on ubuntu server. Your nginx http2 settings is now serving HTTP/2 pages and it also cleared the difference between HTTP/1 and HTTP/2 protocols. If you still face any configuration issues, do let us know in the comment section.

Explore

You may also like below articles: