Securing NGINX - Debian/Ubuntu

Step 3c - Enabling HTTP/1.1 & HTTP/2 (H2) Protocols - Mandatory Step!!!

Enabling HTTP 1.1 & HTTP 2 (H2) Protocols

HTTP 2 (H2) has many wonderful benefits compared to HTTP 1.0/1.1. H2 has by default Distributed Denial of Service (DDoS) protection, better overall security, options, and so forth. H2 allows us to use H2 with Application-Layer Protocol Negotiation (ALPN) which drops our latency to pretty much zero for requests. Mobile devices are also upping the ante for security by supporting H2. We should use it whenever possible and pretty much every modern browser supports it.

Enabling HTTP/2 on your server has an impact for resource consumption and if you have a busy site; you may need to carefully consider the implications. The first noticeable difference enabling HTTP/2 is the additional threads started on your server. The reason is HTTP/2 gives all requests it receives its own Worker Threads for processing, collecting the results and streaming those results out to the client.

H2 explained more in depth and the Akamai test shows the speed difference between HTTP/1.1 and HTTP/2. People still think encryption kills performance! This is an older myth that needs to die a painful death! Straight HTTP is slower than HTTPS! Despite the warnings, we have not had problems or complaints with H2. Test to see if H2 is enabled

Make changes to the NGINX Website config file by adding the section in blue to the file

nano /etc/nginx/sites-available/EXAMPLE_com_ssl.conf

server {
    listen 443 ssl http2;
    ..............................
}

Close and exit the file

ctrl + o   (Save)
ctrl + x   (Exit)

Restart NGINX

systemctl restart nginx

Zombie HTTP2 Test Results

Zombie H2 Test Results

We are surprised at how many large sites do not have HTTP/2 deployed.

Other Sites H2 Test Results

* Test performed June 2019 - Image source keycdn.com