Introduction
With the evolution of web technologies, HTTP/2 and HTTP/3 have emerged as the successors to the HTTP/1.x protocol, bringing improvements in efficiency, speed, and security. In this tutorial, we’ll explore how to enable HTTP/2 and HTTP/3 in NGINX, providing step-by-step instructions and examples to ensure you can make the most of these advanced protocols.
Prerequisites
- A server with NGINX installed
- Root or sudo access to the server
- A valid SSL certificate (HTTP/2 and HTTP/3 require HTTPS)
Enabling HTTP/2
HTTP/2 requires a secure connection, so it’s paramount to have an SSL certificate for your domain. Let’s begin by modifying the NGINX configuration to enable HTTP/2.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com;
ssl_certificate /path/to/your/ssl/cert.pem;
ssl_certificate_key /path/to/your/ssl/key.pem;
# Other SSL configurations
# Remaining server configuration
}
Save the configuration file and check for syntax errors with:
sudo nginx -t
If no errors are found, you can now restart NGINX to apply the changes:
sudo systemctl restart nginx
Once NGINX restarts, HTTP/2 will be enabled for the specified domain. You can verify it’s working by using browser tools or online services like SSL Labs.
Configuring NGINX for Better Performance with HTTP/2
With HTTP/2 enabled, there are some optimizations you can implement to improve performance:
http2_max_field_size 16k;
http2_max_header_size 32k;
http2_max_requests 1000;
http2_recv_timeout 30s;
These directives control various aspects of HTTP/2 performance and can be adjusted according to your needs. Add them inside the http block of your NGINX configuration.
Enabling HTTP/3
As of my last update, HTTP/3 is still experimental in NGINX, and you need to compile NGINX from source with the quiche module (QUIC and HTTP/3 support) to use it. This process is more complex than enabling HTTP/2.
First, ensure that you have the required dependencies:
sudo apt install git build-essential cmake go libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
Clone the NGINX source and the quiche repository:
git clone https://github.com/nginx/nginx.git
git clone --recursive https://github.com/cloudflare/quiche
Navigate to the cloned NGINX directory and checkout the version you wish to compile:
cd nginx
git checkout branches/your_nginx_version
Compile NGINX with the quiche module:
./auto/configure --prefix=/etc/nginx --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-openssl=../quiche/deps/boringssl --with-quiche=../quiche
make
sudo make install
Now you’ll need to adjust your NGINX configuration to listen for HTTP/3:
server {
# Existing HTTP/2 configuration
# Add the following
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 quic reuseport;
listen [::]:443 quic reuseport;
# SSL configuration with the provided certificate paths
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# Other configuration tweaking
# Add the following to enable HTTP/3
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
add_header Alt-Svc 'h3-23=":443"'; # Advertise that HTTP/3 is available
add_header QUIC-Status $quic;
}
After configuring, validate your config and restart NGINX as shown in previous sections.
Advanced Configuration for HTTP/3
To further tweak HTTP/3 performance, consider adjusting the following directives within your configuration:
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 5m;
ssl_buffer_size 4k;
ssl_quic_max_udp_payload_size 1452;
These settings can help improve connection times and the overall user experience.
Troubleshooting
After enabling HTTP/2 or HTTP/3, you may encounter issues. Here are some common problems and their solutions:
- Configuration syntax errors: Recheck your configuration files for typos.
- Failed to start NGINX: Ensure that all required modules were correctly compiled, and paths to SSL certificates are valid.
- HTTP/3 isn’t working: Make sure that your browser and client support HTTP/3 and that it’s advertised properly in the config.
Conclusion
Enabling HTTP/2 and HTTP/3 in NGINX is a significant step toward a faster, more efficient web. HTTP/2 is easy to implement, while HTTP/3, due to its experimental nature, requires additional effort. With these protocols configured, your users can enjoy improved performance and overall better experience.