HTTP/2 not detected


#1

So I’ve followed the directions from: https://easyengine.io/blog/new-release-http2-letsencrypt-support/ & https://easyengine.io/docs/http2-support/ . I’ve also read the thread found here: Http/2

See image below:

I’ve also tested using the web-app found at: https://tools.keycdn.com/http2-test

See image below:

Finally, I’ve tested using Google’s Chrome and a browser extension dedicated to testing for HTTP/2 and SPDY, found at: https://chrome.google.com/webstore/detail/http2-and-spdy-indicator/mpbpobfflnpcgagjijhmgnchggcjblin?hl=en

See image below:

The lightning bolt should be blue, but it’s not.

There has to be more than simply using the command:

ee stack remove --nginx && ee stack install --nginxmainline

…to invoke HTTP2.


#2

There seems to be an issue when using the Let’s Encrypt instructions from https://easyengine.io/tutorials/nginx/letsencrypt/ and then using:

ee stack remove --nginx && ee stack install --nginxmainline

…to enable HTTP/2. The:

/var/www/example.com/conf/nginx/ssl.conf

…file is missing the HTTP/2 flag, as shown below:

listen 443 ssl;
    ssl on;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/example.com/privkey.pem;

This should be modified to read:

listen 443 ssl http2;
    ssl on;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/example.com/privkey.pem;

It seems this issue (HTTP/2 not detected) is caused by another issue, found at Easyengine and Letsencrypt setup


#3

how would we also enable ALPN?


#4

I believe the original intent of HTTP/2 (all HTTP/2) was to use ALPN to allow for faster encrypted connections, due to the application protocol being determined during the initial connection.

To enable ALPN on Nginx, I believe you need to be using OpenSSL 1.0.2 on your server.

You can determine the version of OpenSSL you have installed on your server by running:

openssl version

…from the command line.

Additionally, you can actually check to see if ALPN is installed/used by running:

echo | openssl s_client -alpn h2 -connect example.com:443 | grep ALPN

…or by navigating to https://tools.keycdn.com/http2-test in a web browser, typing in your URL and clicking the test button.


#5