How to enable HTTP/2 with Nginx on Ubuntu

HTTP/2 does not require any changes to how existing web applications work, but new applications can take advantage of new features for increased speed.

In this post, we will see the steps that are needed to enable HTTP/2 for your web app running/proxied over Nginx on Ubuntu 23.04.

Prerequisites:

• An Ubuntu server with SSH access and packages updated
• Nginx installed on Ubuntu with firewall allowing ports 443 and 80
• A domain name with DNS records pointing to the public IP of your server and a nginx server block setup for it
• SSL setup for the domain using Certbot

9 steps to enable HTTP/2 with Nginx

HTTP/2 do not require any changes to how existing web applications work, but new applications can take advantage of new features for increased speed. HTTP/2 leaves all of HTTP/1.1's high-level semantics, such as methods, status codes, header fields, and URIs, the same. What is new is how the data is framed and transported between the client and the server.

Locate the nginx conf file for the app which you want to enable HTTP/2 and then update it as mentioned below:

Open the Nginx server block file in a editor

sudo vi /etc/nginx/sites-available/<file_name>

Add HTTP/2

Locate the line that reads

listen 443 ssl;

And update with

listen 443 ssl http2;

Remove the old and insecure blacklisted ciphers

Locate the line that reads and comment on it by adding # in the front

# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<^>

Add below the line and save/exit from vi editor by pressing ESC and then type :wq

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

Validate Nginx conf for the app

Test nginx configuration for errors

sudo nginx -t

Reload nginx for changes to take effect

sudo systemctl reload nginx

Enable HTTP Strict Transport Security (HSTS)

Open the nginx configuration file:

sudo vi /etc/nginx/nginx.conf

and add to it

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;

Test nginx configuration for errors

sudo nginx -t

Reload nginx for changes to take effect

sudo systemctl reload nginx

Validate the HTTP/2 setup

Open the developer console in the browser and open the network tab. Now visit your page and you should see the h2 protocol.