Link Search Menu Expand Document
Table of contents

About HTTP2

Be aware

http2 requires only over https

  • http1 » textual protocol, simplex streaming
  • http2 » binary protocol, compressed header, persistent connection, multiplex streaming, server push

http1.1 - generates 3 connections

  • connection 1: client -> server -> returns 1 single html file
  • connection 2: html -> style.css
  • connection 3. html -> javascript.js

http2 - generate 1 connection

  • connection 1: client -> server -> returns: html, css and js at once

Deploy certificate

Step: 1

Create certificate directory and content

mkdir /etc/ssl/[self-certificate]
Then, add the below 2 files in the above directory

Step: 2

Define certificate path

ssl_certificate /etc/ssl/self-certificate/;
ssl_certificate_key /etc/ssl/self-certificate/;


Using OpenSSL for creating self-signed certificate

openssl req -x509 -days 10 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/self.key -out /etc/nginx/ssl/self.crt
  • openssl request a new certificate signing (req). Certificate standards: we request (x509), valid for 10 days (-days 10), leave password for the key file (-nodes), generate new key during the signing off at the same time (-newkey), type of certificate using rsa with length of 2048 bytes (rsa:2048), write out key (-keyout), in the path /etc/nginx/ssl/self.key, writing out a certificate (-out), in directory of /etc/nginx/ssl/ and save the file as self.crt.
  • outputs some questions, follow the questions
  • once done, the self.crt and self.key will be generated in the directory

Enable HTTP2 in Nginx

events {...}

http {
        include mine.type; 

    server {
        root /sites/domo; 

        # enable http2 
        listen 443 ssl http2;
        ssl_certificate /etc/ssl/self-certificate/;
        ssl_certificate_key /etc/ssl/self-certificate/;

Fallback http1

curl -Ik