NGINX.COM
Web Server Load Balancing with NGINX Plus

Earlier this year we released an early‑alpha patch to enable HTTP/2 support in NGINX Open Source and last week we debuted a fully supported implementation of HTTP/2 in NGINX Plus. Today we proudly announce that HTTP/2 has been committed to the open source repo and is now officially available as part of NGINX version 1.9.5.

If you would like to learn more about HTTP/2, we’ve made the following resources available:

Please note that this release removes support for SPDY. In the NGINX 1.9.x branch, we have completely removed the SPDY module from the codebase and replaced it with the HTTP/2 module. After moving to version 1.9.5, you can no longer configure NGINX to use SPDY. If you would like to keep using SPDY, it will continue to be supported in the NGINX 1.8.x branch.

Moving to HTTP/2 with NGINX 1.9.5

This section goes through the changes required to enable HTTP/2, including just a few changes to the configuration of NGINX.

Prerequisites

Before upgrading, please remove the spdy parameter from all listen directives in your configuration. This ensures the upgrade goes smoothly. From there install or upgrade NGINX using one our prebuilt binaries. Instructions are available here.

Redirecting All Traffic to SSL/TLS

If your application is not already encrypted with SSL/TLS, now would be a good time to make that move. Encrypting your app protects you from spying and man‑in‑the‑middle attacks. Some search engines even reward encrypted sites with improved rankings in search results. The following configuration block redirects all plain HTTP requests to the encrypted version of the site.

server {
    listen 80;
    location / {
        return 301 https://$host$request_uri;
    }
}

Enabling HTTP/2

To enable HTTP/2 support, simply add the http2 parameter to all listen directives. Also include the ssl parameter, required because browsers do not support HTTP/2 without encryption.

server {
    listen 443 ssl http2 default_server;
 
    ssl_certificate     server.crt;
    ssl_certificate_key server.key;
    ...
}

If necessary, restart NGINX, for example by running the nginx -s reload command. To verify that HTTP/2 translation is working, you can use the “HTTP/2 and SPDY indicator” plug‑in available for Google Chrome and the “HTTP/2 indicator” for Firefox.

Caveats

  • If you are using a web application firewall (WAF) that is sitting in front of NGINX, ensure that it is capable of parsing HTTP/2, or move it behind NGINX.
  • HTTP/2’s ‘Server Push’ feature is not supported in this release.
  • If ssl_prefer_server_ciphers is set to on and/or a list of ssl_ciphers that are defined in RFC 7540’s Appendix A: TLS 1.2 Cipher Suite Black List is used, the browser experiences handshake errors and not work. Please refer to section 9.2.2 of the RFC for more details.

Special Thanks

NGINX, Inc. would like to thank Dropbox and Automattic, who are heavy users of our software and graciously cosponsored the development of our HTTP/2 implementation. Their contributions have helped accelerate our ability to bring this software to you, and we hope you are able to support them in turn.

To try NGINX Plus, start your free 30-day trial today or contact us to discuss your use cases.

Hero image
Free O'Reilly eBook: The Complete NGINX Cookbook

Updated for 2024 – Your guide to everything NGINX



About The Author

Faisal Memon

Software Engineer

About F5 NGINX

F5, Inc. is the company behind NGINX, the popular open source project. We offer a suite of technologies for developing and delivering modern applications. Together with F5, our combined solution bridges the gap between NetOps and DevOps, with multi-cloud application services that span from code to customer.

Learn more at nginx.com or join the conversation by following @nginx on Twitter.