S A
Home » DevOps » How to enable http2 and http3 in NGINX

How to enable http2 and http3 in NGINX

Updated: January 20, 2024 By: Guest Contributor Post a comment
Table Of Contents
1 Introduction
2 Enabling HTTP/2
3 Configuring NGINX for Better Performance with HTTP/2
4 Enabling HTTP/3
5 Advanced Configuration for HTTP/3
6 Troubleshooting
7 Conclusion

Introduction

With the evolution of web technologies, HTTP/2 and HTTP/3 have emerged as the successors to the HTTP/1.x protocol, bringing improvements in efficiency, speed, and security. In this tutorial, we’ll explore how to enable HTTP/2 and HTTP/3 in NGINX, providing step-by-step instructions and examples to ensure you can make the most of these advanced protocols.

Prerequisites

  • A server with NGINX installed
  • Root or sudo access to the server
  • A valid SSL certificate (HTTP/2 and HTTP/3 require HTTPS)

Enabling HTTP/2

HTTP/2 requires a secure connection, so it’s paramount to have an SSL certificate for your domain. Let’s begin by modifying the NGINX configuration to enable HTTP/2.

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name yourdomain.com;

    ssl_certificate /path/to/your/ssl/cert.pem;
    ssl_certificate_key /path/to/your/ssl/key.pem;

    # Other SSL configurations

    # Remaining server configuration
}

Save the configuration file and check for syntax errors with:

sudo nginx -t

If no errors are found, you can now restart NGINX to apply the changes:

sudo systemctl restart nginx

Once NGINX restarts, HTTP/2 will be enabled for the specified domain. You can verify it’s working by using browser tools or online services like SSL Labs.

Configuring NGINX for Better Performance with HTTP/2

With HTTP/2 enabled, there are some optimizations you can implement to improve performance:

http2_max_field_size 16k;
http2_max_header_size 32k;
http2_max_requests 1000;
http2_recv_timeout 30s;

These directives control various aspects of HTTP/2 performance and can be adjusted according to your needs. Add them inside the http block of your NGINX configuration.

Enabling HTTP/3

As of my last update, HTTP/3 is still experimental in NGINX, and you need to compile NGINX from source with the quiche module (QUIC and HTTP/3 support) to use it. This process is more complex than enabling HTTP/2.

First, ensure that you have the required dependencies:

sudo apt install git build-essential cmake go libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev

Clone the NGINX source and the quiche repository:

git clone https://github.com/nginx/nginx.git
 git clone --recursive https://github.com/cloudflare/quiche

Navigate to the cloned NGINX directory and checkout the version you wish to compile:

cd nginx
 git checkout branches/your_nginx_version

Compile NGINX with the quiche module:

./auto/configure --prefix=/etc/nginx --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-openssl=../quiche/deps/boringssl --with-quiche=../quiche
 make
 sudo make install

Now you’ll need to adjust your NGINX configuration to listen for HTTP/3:

server {
    # Existing HTTP/2 configuration

    # Add the following
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    listen 443 quic reuseport;
    listen [::]:443 quic reuseport;

    # SSL configuration with the provided certificate paths

    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;

    # Other configuration tweaking

    # Add the following to enable HTTP/3
    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;
    add_header Alt-Svc 'h3-23=":443"'; # Advertise that HTTP/3 is available
    add_header QUIC-Status $quic;
}

After configuring, validate your config and restart NGINX as shown in previous sections.

Advanced Configuration for HTTP/3

To further tweak HTTP/3 performance, consider adjusting the following directives within your configuration:

ssl_session_cache shared:SSL:2m;
ssl_session_timeout 5m;
ssl_buffer_size 4k;
ssl_quic_max_udp_payload_size 1452;

These settings can help improve connection times and the overall user experience.

Troubleshooting

After enabling HTTP/2 or HTTP/3, you may encounter issues. Here are some common problems and their solutions:

  • Configuration syntax errors: Recheck your configuration files for typos.
  • Failed to start NGINX: Ensure that all required modules were correctly compiled, and paths to SSL certificates are valid.
  • HTTP/3 isn’t working: Make sure that your browser and client support HTTP/3 and that it’s advertised properly in the config.

Conclusion

Enabling HTTP/2 and HTTP/3 in NGINX is a significant step toward a faster, more efficient web. HTTP/2 is easy to implement, while HTTP/3, due to its experimental nature, requires additional effort. With these protocols configured, your users can enjoy improved performance and overall better experience.

Search tutorials, examples, and resources