NGINX.COM

Earlier this year we released an early‑alpha patch to enable HTTP/2 support in NGINX Open Source and last week we debuted a fully supported implementation of HTTP/2 in NGINX Plus. Today we proudly announce that HTTP/2 has been committed to the open source repo and is now officially available as part of NGINX version 1.9.5.

If you would like to learn more about HTTP/2, we’ve made the following resources available:

Please note that this release removes support for SPDY. In the NGINX 1.9.x branch, we have completely removed the SPDY module from the codebase and replaced it with the HTTP/2 module. After moving to version 1.9.5, you can no longer configure NGINX to use SPDY. If you would like to keep using SPDY, it will continue to be supported in the NGINX 1.8.x branch.

Moving to HTTP/2 with NGINX 1.9.5

This section goes through the changes required to enable HTTP/2, including just a few changes to the configuration of NGINX.

Prerequisites

Before upgrading, please remove the spdy parameter from all listen directives in your configuration. This ensures the upgrade goes smoothly. From there install or upgrade NGINX using one our prebuilt binaries. Instructions are available here.

Redirecting All Traffic to SSL/TLS

If your application is not already encrypted with SSL/TLS, now would be a good time to make that move. Encrypting your app protects you from spying and man‑in‑the‑middle attacks. Some search engines even reward encrypted sites with improved rankings in search results. The following configuration block redirects all plain HTTP requests to the encrypted version of the site.

server {
    listen 80;
    location / {
        return 301 https://$host$request_uri;
    }
}

Enabling HTTP/2

To enable HTTP/2 support, simply add the http2 parameter to all listen directives. Also include the ssl parameter, required because browsers do not support HTTP/2 without encryption.

server {
    listen 443 ssl http2 default_server;
 
    ssl_certificate     server.crt;
    ssl_certificate_key server.key;
    ...
}

If necessary, restart NGINX, for example by running the nginx -s reload command. To verify that HTTP/2 translation is working, you can use the “HTTP/2 and SPDY indicator” plug‑in available for Google Chrome and the “HTTP/2 indicator” for Firefox.

Caveats

  • If you are using a web application firewall (WAF) that is sitting in front of NGINX, ensure that it is capable of parsing HTTP/2, or move it behind NGINX.
  • HTTP/2’s ‘Server Push’ feature is not supported in this release.
  • If ssl_prefer_server_ciphers is set to on and/or a list of ssl_ciphers that are defined in RFC 7540’s Appendix A: TLS 1.2 Cipher Suite Black List is used, the browser experiences handshake errors and not work. Please refer to section 9.2.2 of the RFC for more details.

Special Thanks

NGINX, Inc. would like to thank Dropbox and Automattic, who are heavy users of our software and graciously cosponsored the development of our HTTP/2 implementation. Their contributions have helped accelerate our ability to bring this software to you, and we hope you are able to support them in turn.

To try NGINX Plus, start your free 30-day trial today or contact us to discuss your use cases.

Hero image
《NGINX 完全指南》2024 年最新完整版


高性能负载均衡的进阶使用指南

关于作者

Faisal Memon

软件工程师

关于 F5 NGINX

F5, Inc. 是备受欢迎的开源软件 NGINX 背后的商业公司。我们为现代应用的开发和交付提供一整套技术。我们的联合解决方案弥合了 NetOps 和 DevOps 之间的横沟,提供从代码到用户的多云应用服务。访问 nginx-cn.net 了解更多相关信息。