To have HTTP/2 fully supported in Nginx, you will need OpenSSL 1.0.2+ to have APLN enabled (What is APLN)
Unfortunately, nowadays most linux distributions are shipping with older version of OpenSSL. For example Ubuntu 14.04 is using openssl 1.0.1f
I can also use 3rd party repositories but I couldn’t find out something I think it is trusted
So it leaves me with only one option: compiling from source
Good thing is, it is pretty easy to compile nginx with a custom OpenSSL. You don’t even have to compile the OpenSSL and install into the system (which could break your system dependences)
All you have to do are:
- Download the latest stable OpenSSL from https://www.openssl.org/source/ and extract the tar
- Download the latest stable nginx from http://nginx.org/en/download.html and extract the tar
- Go into nginx source folder and
./configure --with-openssl=/path/to/openssl-1.0.2f --with-http_ssl_module --with-http_v2_module make && make install
- Note: –with-openssl points to the openssl source folder instead of the installation folder
- Enable HTTP/2 in nginx configure file
That’s it
And here is how you can verify if your website is now supporting HTTP/2 and ALPN
echo | /usr/local/ssl/bin/openssl s_client -alpn h2 -connect c11e.wodemo.com:443 | grep ALPN
Which will report
- “ALPN protocol: h2”
- or “No ALPN negotiated”