How to add HTTP2 support to Nginx on Linux Cloud Servers

2020-06-18 By Sam 1570 Views linux nginx http2 development
1 reviews

The Nginx is an open-source, high-performance HTTP server and reverse proxy, caching, load balancing, media streaming, and more.

The HTTP/2 is a new version of the HTTP network protocol. The main use of HTTP/2 is that to reduce the latency, minimize the protocol overhead and add support for request prioritization and makes the web applications to load much faster. The advantage of HTTP/2 is that it provides high transfer speed for content rich websites.


This article will help to setup the fast and secure Nginx server with HTTP/2 in the server.


  1. Installing Nginx service

    Before proceeding with the installation of Nginx, execute the below command to update all the system packages.

    # sudo apt-get update
    or
    # yum update
    

    linuxhttp2nginx1


    Start to install Nginx:

    # sudo apt-get install nginx
    or
    # yum install nginx
    

    linuxhttp2nginx2


    After the Nginx installation, can check the version of Nginx by using the following command:

    # sudo nginx -v
    

    linuxhttp2nginx3

    linuxhttp2nginx4


  1. Changing the Listening Port and Enabling HTTP/2

    First change the listening port from 80 to 443. Normally the Nginx is set to listen the port 80 (standard HTTP port), now need to modify the listening port to 443, which is used by the HTTPS protocol in configuration file.

    # nano /etc/nginx/sites-available/default
    or
    # vi /etc/nginx/sites-available/default
    
    
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    

    linuxhttp2nginx5


  1. Changing the Server Name

    Open the configuration file using following command.

    # nano /etc/nginx/sites-available/default
    or
    # vi /etc/nginx/sites-available/default
    


    Then update the following and save the file.

    server_name example.com;
    

    NOTE: Replace the example.com with the actual domain name or server hostname.


    Once the changes have done in the Nginx configuration files, then should check the configuration for any syntax errors in it using following command.

    # sudo nginx -t
    

    linuxhttp2nginx6


  1. Configure Nginx to use your SSL certificate

    Create a folder to store the SSL certificates inside the Nginx configuration using following command.

    # sudo mkdir /etc/nginx/ssl
    

    linuxhttp2nginx7


    Then copy the certificate and the private key to this location. Please rename the files to show which domain they are associated.

    # sudo cp /path/to/your/certificate.crt /etc/nginx/ssl/example.com.crt
    
    # sudo cp /path/to/your/private.key /etc/nginx/ssl/example.com.key
    


    Then you need to open the configuration file and update the configure SSL details.

    # nano /etc/nginx/sites-available/default
    or
    # vi /etc/nginx/sites-available/default
    


    Add the SSL configure details inside the server block, define the location of your certificates and Save the file and exit.

    ssl_certificate /etc/nginx/ssl/example.com.crt;
    
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
    

    NOTE: Replace the example.com with the actual domain name. Here we use self-signed SSL for the same.

    linuxhttp2nginx8


  1. Avoiding Old Cipher Suites

    The HTTP/2 has a huge blacklist of old and insecure ciphers, so need to avoid them. The Cipher suites describe how the transferring data should be encrypted.

    Open the following nginx configuration file:

    # vi /etc/nginx/nginx.conf
    or
    # nano /etc/nginx/nginx.conf
    


    Add this line after ssl_prefer_server_ciphers on:

    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    

    linuxhttp2nginx9


    Once this done, then need to check the configuration for syntax errors using following command.

    # sudo nginx -t
    

    linuxhttp2nginx10


  1. Setup Increasing Key Exchange Security

    A secure connection can be defined that the exchange of the private keys in between server and client end. Please use the following command for it. This process normally will take some time to complete it. You must wait until it complete.

    # sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
    


    Once this done, please add the following inside server block in the default configuration file, define the location of the custom DHE key.

    # nano /etc/nginx/sites-available/default
    or
    # vi /etc/nginx/sites-available/default
    
    ssl_dhparam  /etc/nginx/ssl/dhparam.pem;
    


  1. Setup Redirection from all HTTP Request to HTTPS

    Adding the following in the default configuration file.

    # nano /etc/nginx/sites-available/default
    or
    # vi /etc/nginx/sites-available/default
    
    
    server {
    listen  80;
    listen  [::]:80;
    server_name  example.com;
    return  301 https://$server_name$request_uri;
    }
    

    linuxhttp2nginx11


    Once it done need to check the configuration for syntax errors using following command.

    # sudo nginx -t
    


  1. Testing whether the HTTP/2 is enabled

    Please open domain name or server IP in IE/Chrome/Firefox and press F12. Then go to Network tab and you will see protocol as HTTP/2.

    linuxhttp2nginx12

    linuxhttp2nginx13


Related Tutorials

What do you think about this article?

Rate this article