-
Notifications
You must be signed in to change notification settings - Fork 5
Instructions for upgrading NGINX to allow HTTP2 support on Ubuntu 14.04
This document can be deleted when we upgrade the production server to Ubuntu 16.04 or higher.
In order to enable HTTP2 support for improved speed, particularly on JS and image loading, we require NGINX at at least version 1.9.6. Ubuntu 14.04's default is version 1.4. So we need to use an external PPA to upgrade NGINX. However, Chrome does not support HTTP2 unless the server also enables ALPN. ALPN is a feature that is only available with OpenSSL v1.0.2, which is also not available on Ubuntu 14.04. Upgrading OpenSSL manually is a bad idea because almost everything web related on the system dynamically links against OpenSSL (so switching versions can break everything).
Ondřej Surý, a programmer, made a special version of NGINX that compiles with OpenSSL 1.0.2 statically linked. Static linking means the version of the package used with NGINX doesn't need to be the same as the version of the package used with everything else.
To transition from Ubuntu's default NGINX to Surý's, the following commands are needed:
sudo service nginx stop
Stop NGINX running
sudo apt-get remove nginx nginx-common
This uninstalls the default nginx while keeping configuration files
sudo add-apt-repository ppa:ondrej/nginx
Tells Ubuntu to accept third-party software in this repository (the repository is still overseen by Canonical/Ubuntu)
sudo apt-get update
Updates your software catalogue to take into account new availability from the new repo
sudo apt-get install nginx
During install, it will ask whether you want to use your config file, the default config file, etc. Select "N" (use your config file).
sudo service nginx start
Restart NGINX
nginx -V
Verify this version of NGINX is built with OpenSSL 1.0.2
Now check site to verify it is running. The site should have the green HTTPS padlock. Open Chrome's Inspector by right clicking and clicking Inspect. Switch to Network. Refresh the page and watch a pageload. If the "protocol" column is not visible on the inspector, right-click the column headers and select protocol. All requests should say "h2", not "http/1.1".