Table of contents
About HTTP2
Be aware
http2 requires only over https
- http1 » textual protocol, simplex streaming
- http2 » binary protocol, compressed header, persistent connection, multiplex streaming, server push
http1.1
- generates 3 connections
- connection 1: client -> server -> returns 1 single html file
- connection 2: html -> style.css
- connection 3. html -> javascript.js
http2
- generate 1 connection
- connection 1: client -> server -> returns: html, css and js at once
Deploy certificate
Step: 1
Create certificate directory and content
mkdir /etc/ssl/[self-certificate]
Then, add the below 2 files in the above directory
1. example.com.crt
2. example.com.key
Step: 2
Define certificate path
ssl_certificate /etc/ssl/self-certificate/example.com.crt;
ssl_certificate_key /etc/ssl/self-certificate/example.com.key;
OpenSSL
Using OpenSSL for creating self-signed certificate
openssl req -x509 -days 10 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/self.key -out /etc/nginx/ssl/self.crt
- openssl request a new certificate signing (req). Certificate standards: we request (x509), valid for 10 days (-days 10), leave password for the key file (-nodes), generate new key during the signing off at the same time (-newkey), type of certificate using rsa with length of 2048 bytes (rsa:2048), write out key (-keyout), in the path /etc/nginx/ssl/self.key, writing out a certificate (-out), in directory of /etc/nginx/ssl/ and save the file as self.crt.
- outputs some questions, follow the questions
- once done, the self.crt and self.key will be generated in the directory
Enable HTTP2 in Nginx
events {...}
http {
include mine.type;
server {
server_name 198.255.25.1;
root /sites/domo;
# enable http2
listen 443 ssl http2;
ssl_certificate /etc/ssl/self-certificate/example.com.crt;
ssl_certificate_key /etc/ssl/self-certificate/example.com.key;
}
}
Fallback http1
curl -Ik https://example.com