Open Source NGINX 1.9.5 Released with HTTP/2 Support

Earlier this year we released an early-alpha patch to enable HTTP/2 support in our open source NGINX product and last week a fully-supported implementation of HTTP/2 in NGINX Plus. Today we proudly announce that HTTP/2 has been committed to the open source repo and is now officially available as part of NGINX version 1.9.5.

If you would like to learn more about HTTP/2, we’ve made the following resources available:

Please note that this release removes support for SPDY. In the NGINX 1.9.x branch, we have completely removed the SPDY module from the codebase and replaced it with the HTTP/2 module. After moving to 1.9.5, you can no longer configure NGINX to use SPDY. If you would like to keep using SPDY, it will continue to be supported in the NGINX 1.8.x branch.

Moving to HTTP/2 with NGINX 1.9.5

This section goes through the changes required to enable HTTP/2, including just a few changes to the configuration of NGINX.

Prerequisites

Before upgrading, please remove the spdy parameter from all listen directives in  your configuration. This will ensure the upgrade goes smoothly. From there install or upgrade NGINX using one our pre-built binaries. Instructions are available here.

Redirecting All Traffic  to SSL/TLS

If your application is not already encrypted with SSL/TLS, now would be a good time to make that move. Encrypting your app protects you from spying and man-in-the-middle attacks. Some search engines even reward encrypted sites with improved rankings in search results. The following configuration block redirects all plain HTTP requests to the encrypted version of the site.

server {
    listen 80;
    location / {
        return 301 https://$host$request_uri;
    }
}

Enabling HTTP/2

To enable HTTP/2 support, simply add the http2 parameter to all listen directives. Also include the ssl parameter, required because browsers do not support HTTP/2 without encryption.

server {
    listen 443 ssl http2 default_server;

    ssl_certificate    server.crt;
    ssl_certificate_key server.key;
    ...
}

If necessary, restart NGINX, for example by running the nginx -s reload command. To verify that HTTP/2 translation is working, you can use the “HTTP/2 and SPDY indicator” plug-in available for Google Chrome and Firefox.

Caveats

  • If you are using a web application firewall (WAF) that is sitting in front of NGINX, ensure that it is capable of parsing HTTP/2, or move it behind NGINX.
  • HTTP/2’s ‘Server Push’ feature is not supported in this release.
  • If ssl_prefer_server_ciphers is set to on and/or a list of ssl_ciphers that are defined in RFC 7540’s Appendix A: TLS 1.2 Ciper Suite Black List is used, the browser will experience handshake errors and not work. Please refer to section 9.2.2 of the RFC for more details.

Special Thanks

NGINX, Inc. would like to thank Dropbox and Automattic, who are heavy users of our software and graciously cosponsored the development of our HTTP/2 implementation. Their contributions have helped accelerate our ability to bring this software to you, and we hope you are able to support them in turn.

NGINX recognized by Gartner in 2016 Magic Quadrant for Application Delivery Controllers

Everything you need to know about choosing the right ADC