HTTP/2

or also named HTTP/2.0 is the second major version of the HTTP network protocol used by the World Wide Web since HTTP1/1. It is based on Google’s SPDY protocol. HTTP/2 is the new version of HyperText Transport Protocol
(HTTP), which was released as an IETF standard in early 2015. HTTP/2 support is now
available in some web servers. Nginx was the first web-server that began to support HTTP/2.

HTTP/2 is closely tied to SSL. While SSL is not required by the HTTP/2 specification, all web
browsers released so far will only run HTTP/2 if a website also uses SSL. HTTP/2 speeds up
SSL-enabled websites and makes web applications simpler.

HTTP/2 5 key features:
• Single, Persistent Connection – Only one connection is used for each web page, as
shown in the figure. The same connection is used as long as the web page is open.

• Multiplexing – Requests and replies are prioritized and multiplexed onto separate
streams within the single connection. When the connection is stable, “head of line
blocking” – making every transfer wait for all previous transfers to complete – is
eliminated.

• Header Compression and Binary Encoding – Headers are compressed using a new,
separate, secure standard, HPACK compression, which reduces the amount of data
crossing the network. Header information is sent in compact, binary format, not as
plain text.

• Prioritization – Requests are assigned levels of dependency and requests at the same
level are prioritized. The server uses this information to order and assign resources to
fulfilling requests.

• SSL Encryption – HTTP/2 allows you to add SSL support with, in some cases, no
performance penalty, making your site more secure.

Nginx since 1.9.5 is HTTP/2 enabled by default.

To check your nginx is HTTP/2 enabled:

# nginx -V

1	# nginx -V

configure arguments must contains “-with-http_v2_module”

example:

nginx version: nginx/1.9.6
built by gcc 4.7.2 (Debian 4.7.2-5)
built with OpenSSL 1.0.1e 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_dav_module --add-module=nginx-dav-ext-module-0.0.3 --add-module=echo-nginx-module-0.57 --add-module=simpl-ngx_devel_kit-b62f5a3 --add-module=kyprizel-testcookie-nginx-module-fa546e2 --add-module=openresty-lua-nginx-module-7b1ff62 --with-http_geoip_module --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' --with-ld-opt=-Wl,-z,relro --with-ipv6

nginx version: nginx/1.9.6

built by gcc 4.7.2 (Debian 4.7.2-5)

built with OpenSSL 1.0.1e 11 Feb 2013

TLS SNI support enabled

configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_dav_module --add-module=nginx-dav-ext-module-0.0.3 --add-module=echo-nginx-module-0.57 --add-module=simpl-ngx_devel_kit-b62f5a3 --add-module=kyprizel-testcookie-nginx-module-fa546e2 --add-module=openresty-lua-nginx-module-7b1ff62 --with-http_geoip_module --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' --with-ld-opt=-Wl,-z,relro --with-ipv6

For HTTP/2-enabled version of NGINX, do the following:
1. Add the http2 parameter and, if not already in place, the ssl parameter, to existing
listen directives – but first, add a URL redirector for HTTP/1.x:

server {
    listen 80;
    server_name nginx.com;
    return 301 https://www.nginx.com$request_uri;
}

server {
    listen 443 ssl http2;
    ssl_certificate /path/to/server.crt;
    ssl_certificate_key /path/to/server.key;
    …
}

server {

listen 80;

server_name nginx.com;

return 301 https://www.nginx.com$request_uri;

}

server {

listen 443 ssl http2;

ssl_certificate /path/to/server.crt;

ssl_certificate_key /path/to/server.key;

…

}

2. Restart NGINX:

# nginx -s reload

1	# nginx -s reload

To test your web-site you can use http://http2.loadimpact.com/

NGINX_HTTP2_White_Paper_v4
Nginx white paper in HTTP2