Upgrade Your NGINX From SPDY To HTTP2

If you are using nginx as your main web server with SPDY protocol , Then its time to upgrade to HTTP2 ( not fully but partially without Server Push feature ) . Few Days ago nginx team announced about HTTP2 experimental support in open source mainline version of NGINX servers . You can read nginx’s white paper to know more about how they implement and what it is all about , which I highly recommend to read .

https://ma.ttias.be
img : https://ma.ttias.be

How to Upgrade

all it requires , pre built binaries of nginx 1.9.5 and above . If you already using SSL/TLS with your nginx then its great if not then setup SSL/TLS with nginx .

Redirect all traffic to SSL using nginx

server {
    listen 80;
    location / {
        return 301 https://$host$request_uri;
    }
}

REMOVE SPDY related configuration & add HTTP2

server {
      listen 443 ssl http2 default_server;

      ssl_certificate    YourServer.crt;
      ssl_certificate_key YourServer.key;

      [ YOUR REMAINING CONFIG GOES HERE ] 
} 

You can use Mozilla’s awesome nginx SSL config generator to generate SSL related config , and if you are configuring Self Signed Certificate the Read This my previous post for Tutorial .

few Caveats ( according nginx post )

  • If you are using a web application firewall (WAF) that is sitting in front of NGINX, ensure that it is capable of parsing HTTP/2, or move it behind NGINX.
    HTTP/2’s ‘Server Push’ feature is not supported in this release.
  • If ssl_prefer_server_ciphers is set to on and/or a list of ssl_ciphers that are defined in Appendix A: TLS 1.2 Cipher Suite Black List is used, the browser will experience handshake-errors and not work.
  • Please refer to section 9.2.2 of the HTTP/2 RFC for more details.

And Please Note , There are many browsers that do not support HTTP2 Yet , so be careful about that , If your most of the users use modern browsers then you can upgrade or Stick to SPDY/3.1 it’s up to you.
You can see which browsers are supported .

http://caniuse.com/#feat=http2
http://caniuse.com/#feat=spdy

Tagged With : -
Add Comment