HTTP/2 actually makes TLS (the protocol behind SSL/HTTPS) mandatory for most browsers, turning a security feature into a performance requirement.
Let’s see this in action with a simple Nginx setup. Imagine we have a basic Nginx configuration for a website:
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /var/www/example.com/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Notice the listen 443 ssl http2; line. That’s the key. It tells Nginx to listen on port 443, enable SSL/TLS, and use the HTTP/2 protocol. When a browser connects to https://example.com, it will negotiate a TLS connection. If successful, Nginx will then enable HTTP/2 for that connection.
The primary problem HTTP/2 solves is head-of-line blocking in HTTP/1.1. In HTTP/1.1, if you request multiple resources (HTML, CSS, JS, images), they have to be sent sequentially over a single TCP connection. If one resource is slow to download, all subsequent resources are delayed. HTTP/2 breaks requests down into smaller, independent "streams" that can be multiplexed over a single TCP connection. If one stream is slow, others can still proceed. This makes web pages load significantly faster, especially on high-latency connections, because the browser can request and receive many assets concurrently.
To get this working, you need a few things:
- A Web Server Capable of HTTP/2: Most modern web servers (Nginx, Apache, Caddy, LiteSpeed) support HTTP/2. For Nginx, it’s as simple as adding
http2to thelistendirective. For Apache, you typically need themod_http2module enabled and anH2Directdirective. - A Valid SSL/TLS Certificate: As mentioned, browsers mandate TLS for HTTP/2. You can get certificates from Certificate Authorities (CAs) like Let’s Encrypt (free and automated), DigiCert, or Sectigo.
- Correct Server Configuration: This involves telling your web server where your certificate and private key are located and enabling the HTTP/2 protocol.
Here’s a breakdown of the Nginx configuration:
listen 443 ssl http2;: This is the core directive. It tells Nginx to listen on port 443 (the standard HTTPS port), use SSL/TLS, and enable the HTTP/2 protocol.ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;: This points to your SSL certificate file, which includes the server’s certificate and any intermediate certificates.ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;: This points to your SSL private key. It must be kept secure.
The surprising part is how little configuration change is often needed. For many, the transition from HTTP/1.1 to HTTP/2 is as simple as adding http2 to the listen directive and ensuring valid SSL certificates are in place. The performance gains are immediate and substantial without requiring application-level changes.
Once your HTTP/2 setup is running, the next logical step is to optimize it further. This involves understanding how HTTP/2’s stream prioritization works and tuning server-side parameters like http2_max_concurrent_streams in Nginx to match your server’s capacity and your application’s needs.