How to enable ALPN on NGINX

Published in: HowTo

What is ALPN?

ALPN (Application-Layer Protocol Negotiation) is a TLS extension that allows an efficient way to negotiate encrypted traffic between the browser and the server. In order to enable ALPN on a server, a web server needs to have HTTPS configured and support the HTTP/2 protocol. ALPN doesn’t provide any additional security benefit over HTTPS, it allows a browser to take advantage of speed benefit of HTTP/2 by lowering the initial handshake latency. As a result, providing faster browsing experience. Considering most major browser already supports ALPN, The benefits of ALPN should be apparent as soon as ALPN is enabled on the server.

If you check you cite using this keycdn tool, you can if your site support APLN or not. The most likely reason your nginx doesn’t support ALPN because you are using an older version of nginx server, even if the version that comes with your distribution is the latest stable version for your distribution, it might not be the latest stable version nginx version available. One way would be to install latest stable nginx from source using OpenSSL 1.0.2 or above, which means you will also need to install OpenSSL 1.0.2 or above from source and them, as shown here. That’s a hard way to do it because chances are very high that you will stumble through dependencies issues when trying to compile from source. The easier and the preferable option would be to installing through this PPA, which has the latest NGINX Stable packages compiled against OpenSSL 1.0.2 for HTTP/2 support with ALPN. Of course, it goes without saying that it’s not a good idea to install packages from untrusted PPAs, and you should only install PPA packages from a source you trust and is linked with the original project.




about | twitter | facebook | archive | rss