Earlier this year we released an early‑alpha patch to enable HTTP/2 support in NGINX Open Source and last week we debuted a fully supported implementation of HTTP/2 in NGINX Plus. Today we proudly announce that HTTP/2 has been committed to the open source repo and is now officially available as part of NGINX version 1.9.5.
If you would like to learn more about HTTP/2, we’ve made the following resources available:
- Please read our white paper that covers everything you need to know about HTTP/2.
- Download our special edition of the ebook by Ilya Grigorik of Google, High Performance Browser Networking.
Please note that this release removes support for SPDY. In the NGINX 1.9.x branch, we have completely removed the SPDY module from the codebase and replaced it with the HTTP/2 module. After moving to version 1.9.5, you can no longer configure NGINX to use SPDY. If you would like to keep using SPDY, it will continue to be supported in the NGINX 1.8.x branch.
Moving to HTTP/2 with NGINX 1.9.5
This section goes through the changes required to enable HTTP/2, including just a few changes to the configuration of NGINX.
Prerequisites
Before upgrading, please remove the spdy
parameter from all listen
directives in your configuration. This ensures the upgrade goes smoothly. From there install or upgrade NGINX using one our prebuilt binaries. Instructions are available here.
Redirecting All Traffic to SSL/TLS
If your application is not already encrypted with SSL/TLS, now would be a good time to make that move. Encrypting your app protects you from spying and man‑in‑the‑middle attacks. Some search engines even reward encrypted sites with improved rankings in search results. The following configuration block redirects all plain HTTP requests to the encrypted version of the site.
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
Enabling HTTP/2
To enable HTTP/2 support, simply add the http2
parameter to all listen
directives. Also include the ssl
parameter, required because browsers do not support HTTP/2 without encryption.
server {
listen 443 ssl http2 default_server;
ssl_certificate server.crt;
ssl_certificate_key server.key;
…
}
If necessary, restart NGINX, for example by running the nginx
-s
reload
command. To verify that HTTP/2 translation is working, you can use the “HTTP/2 and SPDY indicator” plug‑in available for Google Chrome and the “HTTP/2 indicator” for Firefox.
Caveats
- If you are using a web application firewall (WAF) that is sitting in front of NGINX, ensure that it is capable of parsing HTTP/2, or move it behind NGINX.
- HTTP/2’s ‘Server Push’ feature is not supported in this release.
- If
ssl_prefer_server_ciphers
is set toon
and/or a list ofssl_ciphers
that are defined in RFC 7540’s Appendix A: TLS 1.2 Cipher Suite Black List is used, the browser experiences handshake errors and not work. Please refer to section 9.2.2 of the RFC for more details.
Special Thanks
NGINX, Inc. would like to thank Dropbox and Automattic, who are heavy users of our software and graciously cosponsored the development of our HTTP/2 implementation. Their contributions have helped accelerate our ability to bring this software to you, and we hope you are able to support them in turn.
To try NGINX Plus, start your free 30-day trial today or contact us to discuss your use cases.