Hello friends. Learning how to enable HTTP/2 on Nginx is a very good way to improve the security of your website. In addition to this, it also allows for better system loading.
As is well known to many HTTP is the protocol that allows the transfer of information over the web. This protocol was improved and evolved little by little until it reached version 2 which incorporates many advantages in security and performance.
HTTP/2 is a binary protocol that retains the same semantics as the HTTP1.X protocol, which means that all verbs, headers, etc. continue to work unchanged. This means that there is no need to rewrite the way connections are made in the server. With this new version, transfer speed is improved and connection security is added.
Some advantages of using this protocol instead of HTTP 1.x are:
- Faster loading speed
- Improved web positioning, thanks to the fact that Google values sites with better loading times.
- Less bandwidth consumption
- Immediate presentation of the results.
So if you have a website then you should enable HTTP/2 at the server level and you will learn how to do it today.
Enabling HTTP/2 on Nginx
In this case, I have used a clean install of Ubuntu 20.04. So, connect to it, and update it.
sudo apt update sudo apt upgrade
Proceed now, to install Nginx from the official Ubuntu repositories.
sudo apt install nginx Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libtiff5 libwebp6 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxpm4 libxslt1.1 nginx-common nginx-core Suggested packages: libgd-tools fcgiwrap nginx-doc ssl-cert The following NEW packages will be installed: fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libtiff5 libwebp6 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxpm4 libxslt1.1 nginx nginx-common nginx-core 0 upgraded, 23 newly installed, 0 to remove and 3 not upgraded. Need to get 3,334 kB of archives. After this operation, 11.6 MB of additional disk space will be used. Do you want to continue? [Y/n]
At the end of the installation, it is convenient to check the status of the service.
sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-07-19 18:30:45 CEST; 58s ago
Docs: man:nginx(8)
Main PID: 1649 (nginx)
Tasks: 2 (limit: 2286)
Memory: 4.1M
CGroup: /system.slice/nginx.service
├─1649 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─1650 nginx: worker process
Jul 19 18:30:45 osradar systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 19 18:30:45 osradar systemd[1]: Started A high performance web server and a reverse proxy server.
Now, it is necessary to obtain a new TLS certificate to enable HTTPS which is a previous step. This can be done quickly and easily using certbot and its nginx plugin.
To install them, run this command
sudo apt install certbot python3-certbot-nginx Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: python3-acme python3-certbot python3-configargparse python3-future python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr python3-pyparsing python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface Suggested packages: python3-certbot-apache python-certbot-doc python-acme-doc python-certbot-nginx-doc python-future-doc python-mock-doc python-openssl-doc python3-openssl-dbg python-pyparsing-doc Recommended packages: python3-icu The following NEW packages will be installed: certbot python3-acme python3-certbot python3-certbot-nginx python3-configargparse python3-future python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr python3-pyparsing python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface 0 upgraded, 19 newly installed, 0 to remove and 3 not upgraded. Need to get 1,143 kB of archives. After this operation, 6,405 kB of additional disk space will be used. Do you want to continue? [Y/n]
Get the certificate for Nginx and your domain like this
sudo certbot --nginx -d [your-domain] -d www.[your-domain]
Now to complete the HTTP/2 enablement you need to modify the ServerBlock file of your website.
sudo nano /etc/nginx/sites-available/your-domain.conf
And add the following lines before the `http` section
listen [::]:443 ssl http2 ipv6only=on; listen 443 ssl http2; ssl_protocols TLSv1.2;
In it, we indicate which is the protocol listening order that Nginx will use for the site configuration.
For more information on how to create a server block for a website, we have this post and the official Nginx documentation.
Save your changes and close the text editor.
In the end, restart Nginx to apply the changes.
sudo systemctl restart nginx
And with this, HTTP/2 on Nginx will be enabled.
So, enjoy it.
Conclusion
In this post, you have learned something fundamental to improve the loading and speed of your web pages. This protocol change is an advantage that you can use to your advantage. As you can see the process is not strange at all and it is usable.
