How to Enable HTTP2 on Debian 8 with Nginx Web Server
Update: This method described below is rendered useless since web browsers drops support for NPN(Next Protocol Negotiation). Here is the latest working method.
As you may already know, HTTP2 is the latest update to the HTTP/1.1 protocol. HTTP2 is said to significantly speed up webpages due to the ability to send as many HTTP requests as the browser like on a single TCP connection.
HTTP2 is based on SPDY. This tutorial shows how to enable HTTP2 with Nginx on Debian 8 server and explain some Nginx knowledge. For a detailed explanation of why HTTP2 is way faster than HTTP/1.1, check out the following article.
You can skip it and read the following text if you just want to know how to enable HTTP2.
Install the Latest Version of Nginx on Debian 8 Jessie
Nginx only supports HTTP2 after version 1.9.5. The Debian 8 repository has Nginx 1.6.2. We can install the latest version from official Nginx repository.
There are two branches of Nginx: nginx stable and nginx mainline. As its name suggests, nginx stable is the more stable and older version and nginx mainline is the more recent version. That doesn’t necessarily mean nginx mainline is unstable. In fact, nginx.org recommends using nginx mainline if you don’t have a strong reason to use the older version.
To install Nginx mainline on Debian 8, first we need to fetch the Nginx GPG public key.
wget http://nginx.org/keys/nginx_signing.key
Then import the key to Debian 8 with the below command:
sudo apt-key add nginx_signing.key
After that edit /etc/apt/sources.list file.
sudo nano /etc/apt/sources.list
Add the following two lines at the end of the file.
deb http://nginx.org/packages/mainline/debian/ jessie nginx deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
Press Ctrl+O to save the file, then press Ctrl+X to close nano text editor.
During the installation process, Nginx will automatically install a new configuration files. So before the installation you should back up your configuration files. The following command will copy the main config file and server block config files to the home directory.
cp /etc/nginx/nginx.conf /etc/nginx/sites-available/*.conf /etc/nginx/conf.d/*.conf ~
If you have installed Nginx before, remove it:
sudo apt-get remove nginx nginx-common nginx-full nginx-core
Now update local package index and install Nginx mainline branch.
sudo apt-get update && sudo apt-get install nginx
Once the installation is completed, check your nginx version.
user@www:~$ sudo nginx -v nginx version: nginx/1.11.1
A little Note about Different Nginx Packages
On Debian and Ubuntu, you can find that there are /etc/nginx/sites-available and /etc/nginx/sites-enabled directory and also a /var/www directory as the default document root. This follows the Apache web server tradition.
However, official Nginx package sets /usr/share/nginx/html as the default document root and server block config file are stored in /etc/nginx/conf.d/ directory. RHEL, CentOS and Fedora follows the official way. To use this directory, the http section needs the following directive in /etc/nginx/nginx.conf file.
include /etc/nginx/conf.d/*.conf;
The Debian package maintainer believe it’s easier to enable or disable Nginx server blocks with the Apache way. You just need to create or delete a symlink between sites-available and sites-enabled.
But I think it’s also easy to do so with /etc/nginx/conf.d/. To disable an Nginx server block, you just need to make sure the file doesn’t end with .conf extension. For example:
sudo mv /etc/nginx/conf.d/example.conf /etc/nginx/conf.d/example.conf.save
After renaming the file, reload Nginx and the server block is disabled.
sudo service nginx reload or sudo systemctl reload nginx
If you still need sites-available and sites-enabled, you can manually create them.
sudo mkdir /etc/nginx/sites-avaiable /etc/nginx/sites-enabled
Then add the following line in the http section and reload Nginx.
include /etc/nginx/sites-enabled/*;
After you create a server block config file in sites-available directory, run the following command to create a symlink which will enable the server block.
sudo ln -s /etc/nginx/sites-available/example.conf /etc/nginx/sites-enabled/example.conf
To disable the server block, just delete with symlink with rm command:
sudo rm /etc/nginx/sites-enabled/example.conf
nginx or www-data ?
Please also note that the official Nginx sets nginx as the nginx user instead of www-data. You want to make sure the php-fpm process is running as the same user. Check the php www pool configuration file. (I suppose you installed PHP7.)
sudo nano /etc/php/7.0/fpm/pool.d/www.conf
Find the user and group name.
user = www-data group = www-data
You can see it’s running as www-data user. So you will want to configure Nginx to run as www-data.
sudo nano /etc/nginx/nginx.conf
At the top of this file, change user from nginx to www-data.
Save and close the file. Then reload Nginx.
Enable HTTP2 with Nginx Web Server
The HTTP2 specification itself don’t require HTTPS. However, all major Web browsers (Firefox, Google Chrome, Edge etc) only support HTTP2 with HTTPS sites. So you need to obtain a TLS/SSL Certificate. Thanks to Let’s Encrypt, you can now easily obtain a free cert. Check out the following tutorial.
Install Let’s Encrypt Free TLS/SSL Certificate with Nginx on Debian 8 Server
Once you enable HTTPS on your site, edit your server block config file.
sudo nano /etc/nginx/conf.d/example.conf
or
sudo nano /etc/nginx/sites-available/example.conf
To enable HTTP2, you simply need to append http2 to the end of the listen directive.
Change
listen 443 ssl;
To
listen 443 ssl http2;
Save and close the file. Then test nginx configuration.
sudo nginx -t
If the test is successful, reload Nginx
sudo service nginx reload or sudo systemctl reload nginx
And you are done. Very easy !
How to Check if HTTP/2 is Working on Your Site
You have the following methods to choose from.
- Go to https://tools.keycdn.com/http2-test and enter your domain name.
- Install the HTTP/2 and SPDY indicator extension in Google Chrome and Firefox
Thank you for another great tutorial, awesome work.
I am a bit confused on how to create a new virtual host with the official nginx package sets. I’ve copied the virtual host file from your previous tutorial here: https://www.linuxbabe.com/linux-server/how-to-install-lemp-stack-on-debian-8-jessie-nginx-mariadb-php-fpm and pasted into a new file in /etc/nginx/conf.d/owncloud.mydomain.com.conf but when I check the nginx -t I have a couple warnings regarding “conflicting server name”? I did not create the sites-available or sites-enabled folders as I started with a fresh minimal install, but I had to manually create the /var/www and /var/www/html as they did not exist. In spite of the warnings the configuration file test is successful. I guess the sintax for this file in the official package set is different from the deb distribution?
Also, when installing owncloud, creating the nginx config file at /etc/nginx/conf.d/owncloud.conf will give another error when trying to restart the service: “nginx: [emerg] duplicate upstream “php-handler” in /etc/nginx/conf.d/owncloud.conf:1″. the configuration test failed. i renamed all other conf files in the folder to end with a different extension but the error persists.
I’m assuming there is a different process or sintax to creating the config files in the official package set?
Thanks once again for the great tutorial.
The syntax is the same.
If more than one virtual host configuration file has the same server name, whether it’s in /etc/nginx/sites-available or /etc/nginx/conf.d directory, there will be a conflict.
If you didn’t create the sites-availabe or sites-enabled directory, then there probably are two conf files in /etc/nginx/conf.d/ that contains the same server_name directive.
I think the problem was that exactly – I had renamed two other conf files in /etc/nginx/conf.d to have a different extension. I tried again and kept only the owncloud.conf and it works perfectly!! tested http2 and it is working. valid ssl certificate, which means I can finally use webdav on windows! I’m very happy, Thank You!
If the duplicate upstream “php-handler” error persists, you can delete the the following upstream directive.
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php7.0-fpm.sock;
}
Then in the location ~ .php(?:$|/) section, change
fastcgi_pass php-handler;
to
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
The php-fpm process listens on /run/php/php7.0-fpm.sock which is a Unix domain socket. This is indicated by /etc/php/7.0/fpm/pool.d/www.conf file. You can find the following line in this file. (the 36th line)
listen = /run/php/php7.0-fpm.sock