How To Set Up Nginx with HTTP/2 Support on Ubuntu 20.04

How to Set Up Nginx with HTTP/2 Support on Ubuntu 20.04

Nginx is a powerful and efficient web server known for its scalability and low resource usage, making it one of the most popular choices for hosting websites. With the introduction of HTTP/2, web performance has improved drastically, offering faster page loads, better resource management, and increased security. In this article, we will show you how to set up Nginx with HTTP/2 support on Ubuntu 20.04 to improve your website’s performance and security.

Introduction to HTTP/2

HTTP/2 is the latest version of the HTTP protocol, designed to address limitations of HTTP/1.1, which was developed back in 1999. Over time, websites have grown larger and more complex, making the old HTTP protocol less efficient. HTTP/2 brings significant improvements such as multiplexing, header compression, and server push, all of which contribute to a faster browsing experience. Here are some key benefits of HTTP/2:

1. Parallel Request Handling: Unlike HTTP/1.1, where requests are processed sequentially, HTTP/2 allows for multiple requests to be processed in parallel, speeding up page loading times.

2. Header Compression: HTTP/2 compresses headers, reducing the amount of data sent between the client and server.

3. Binary Transmission: HTTP/2 transmits data in a binary format, which is more efficient than the text-based format used by HTTP/1.1.

4. Server Push: With HTTP/2, the server can proactively send resources to the client, reducing the number of requests needed and speeding up content delivery.

Although HTTP/2 is optional for encrypted connections, modern browsers like Google Chrome and Mozilla Firefox require HTTPS to enable HTTP/2. This means that securing your Nginx server with SSL/TLS is essential when setting up HTTP/2.

Prerequisites

Before you begin, ensure you have the following:

1. A server running Ubuntu 20.04 with sudo privileges.

2. Nginx installed on the server. You can follow a guide on installing Nginx if it's not set up already.

3. A domain name pointed to your server’s IP address.

4. A TLS/SSL certificate installed for your domain. You can either obtain a free certificate using Let’s Encrypt or generate a self-signed SSL certificate.

Step 1: Enable HTTP/2 in Nginx

To enable HTTP/2 on Nginx, you need to modify your Nginx configuration file. Open the configuration file for your website in a text editor:

sudo nano /etc/nginx/sites-available/your_domain

Locate the lines for the listen directive that handle SSL (port 443). The configuration should look like this:

listen 443 ssl; 
listen [::]:443 ssl ipv6only=on;

To enable HTTP/2, you need to add the http2 parameter to these lines:

listen 443 ssl http2; 
listen [::]:443 ssl http2 ipv6only=on;

This tells Nginx to use the HTTP/2 protocol for encrypted connections over port 443.

Save the file by pressing Ctrl+X, then Y, and Enter to confirm.

Step 2: Check for Configuration Errors

After making changes to your Nginx configuration file, it’s important to check if everything is correct. Run the following command to check for syntax errors:

sudo nginx -t

If the configuration test is successful, you should see:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Step 3: Restart Nginx

To apply the changes, restart the Nginx service:

sudo systemctl restart nginx

This will enable HTTP/2 on your server for secure connections.

Step 4: Improve Security by Updating Cipher Suites

HTTP/2 has a blocklist of old and insecure cipher suites that should be avoided. These ciphers may still be configured in your SSL settings, especially if you’re using Let’s Encrypt’s default SSL configuration.

Open your Nginx configuration file:

sudo nano /etc/nginx/sites-available/your_domain

If you’re using Let’s Encrypt, you might find a line like this:

include /etc/letsencrypt/options-ssl-nginx.conf;

Comment this line out by adding a # at the beginning, then add your own cipher suite configuration below:

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;

This ensures that your server uses modern, secure ciphers that are compatible with HTTP/2.

Step 5: Verifying HTTP/2 is Enabled

To confirm that HTTP/2 is working, you can use the curl command to check the HTTP version:

curl -I --http2 https://your_domain

If HTTP/2 is enabled, you’ll see HTTP/2 200 in the response headers.

Another way to check is by using the developer tools in modern browsers like Google Chrome. Open the browser, navigate to your website, and inspect the "Network" tab. You should see h2 in the "Protocol" column, indicating that HTTP/2 is being used.

Step 6: Enable HTTP Strict Transport Security (HSTS)

To improve security, you can enable HTTP Strict Transport Security (HSTS), which forces browsers to only use HTTPS when connecting to your site. Add the following line to your Nginx server block:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

This instructs browsers to always use HTTPS for your site, and it also applies to subdomains.

Conclusion

By setting up Nginx with HTTP/2 support on Ubuntu 20.04, you can significantly improve the performance and security of your website. HTTP/2’s features, like parallel request handling, header compression, and server push, make it a great choice for modern web applications. Make sure to test your server after enabling HTTP/2 and keep your SSL/TLS configuration up to date to ensure the highest security standards.