Enable HTTP/2 support
in Tutorial with 5 comments
HTTPS HTTP/2
Enable HTTP/2 support
in Tutorial with 5 comments

HTTPS HTTP/2

Optimization for HTTP/1. x

  1. HTTP/2 multiplexes a TCP connection for multiple transmissions, that is, asynchronous connection multiplexing
  2. HTTP/2 will appropriately merge resource files, that is, header compression
  3. HTTP/2's Server Push feature allows the server to make full use of bandwidth and push resources to the client in a certain priority order, that is, request feedback pipelining
  4. Fully semantic compatible with HTTP 1.1···

Conditions for enabling HTTP/2

HTTP/2 support

Currently, browsers supporting HTTP/2 include Chrome 41+, Firefox 36+, Safari 9+, IE 11 and Edge on Windows 10

Configure HTTP/2

HTTPS needs to be configured before HTTP/2 is enabled. Here we will simply repeat what needs to be done

First, upgrade OpenSSL

Secondly, upgrade Nginx and compile it together with OpenSSL --with-http_v2_module --with-http_ssl_module Compile two modules together

Then, configure the configuration file of Nginx's site

 server { listen 443 ssl http2 default_server; ssl_certificate    server.crt; ssl_certificate_key server.key; ... }

Finally restart and check whether it is correctly started···

Some configuration tutorials

Here are the help configurations of the articles written previously,

Let's Encrypt certificate issuance and configuration
https://www.linpx.com/p/lets-encrypt-certificate-and-configuration.html

Issue certificate request file CSR with ECC algorithm
https://www.linpx.com/p/ecc-algorithm-is-used-to-issue-the-certificate-request-file-csr.html

Cascade the certificate chain and configure Nginx to enable SSL
https://www.linpx.com/p/the-series-of-certificate-chain-and-configure-nginx-to-open-ssl.html

Optimization of Nginx's SSL configuration
https://www.linpx.com/p/ssl-configuration-optimization.html

Enable HSTS and apply for HSTS Preload List
https://www.linpx.com/p/hsts-and-hsts-preload-list-enabled-applications.html

ChaCha20-Poly1305 cipher suite for OpenSSL
https://www.linpx.com/p/the-openssl-chacha20poly1305-cipher-suite.html

Install ChaCha20-Poly1305 encryption suite to Nginx
https://www.linpx.com/p/nginx-chacha20poly1305-encryption-suite.html

My little knowledge of HSTS
https://www.linpx.com/p/i-know-little-about-hsts.html

Enable Certificate Transparency policy
https://www.linpx.com/p/https-certificate-to-enable-transparency-certificate-policy.html

Some practices of OCSP Staging
https://www.linpx.com/p/some-small-practice-of-stapling-ocsp.html

This article is written by Chakhsu Lau Creation, adoption Knowledge Sharing Attribution 4.0 International License Agreement.
All articles on this website are original or translated by this website, except for the reprint/source. Please sign your name before reprinting.

Responses
  1. mrjucn

    The lnmp of the military brother doesn't know whether he can do this. The phrase "Second, upgrade Nginx to compile with OpenSSL, and also compile with -- with-http_v2_module -- with-http_ssl_module" in your article does not know how to operate. I don't know whether it is the problem of lnmp or NetEase Honeycomb Docker. I think it should be my improper operation.

    Reply
    1. Chakhsu Lau
      @mrjucn

      When compiling Nginx, you can directly take the two templates -- with http_v2_module -- with http_ssl_module and compile them together. Then the following work is configuration.

      Reply
    2. Chakhsu Lau
      @mrjucn

      Do you mean to enable HTTP/2.0?
      If so, Nginx is also used as the server. Both modules are required;
      To compile Nginx, OpenSSL is required, so I definitely don't need to use the system's own OpenSSL. The system's own OpenSSL is generally 1.0.1x. Either upgrade OpenSSL to 1.0.2x, or use OpenSSL 1.0.2x source code directly when compiling Nginx.

      Reply
      1. mrjucn
        @Chakhsu Lau

        Thanks for such a detailed explanation. I'll study it again. In other words, your blog is faster after using h2.

        Reply
  2. Cloud Computing Notes

    It has already been used. The oneinstack can be used directly~

    Reply