HTTP/2 Support now available for Plesk 12.5!

Created:

2016-11-16 13:08:46 UTC

Modified:

2017-06-17 12:20:21 UTC

18

Was this article helpful?


Have more questions?

Submit a request

HTTP/2 Support now available for Plesk 12.5!

Applicable to:

  • Plesk 12.5 for Linux

Introduction

HTTP/2 (originally named HTTP/2.0) is the second major version of the HTTP network protocol used by the World Wide Web.

Ratified in May 2015, HTTP/2 was created to address some significant performance problems with HTTP 1.1 in the modern Web era.

  • HTTP/2 is supported in NGINX webserver starting from version 1.9.5.
  • Currently HTTP/2 is supported by most major web browsers.
  • Your sites do not require any changes to get HTTP/2 advantages.

Now HTTP/2 is available out-of-the-box for Plesk 12.5 customers!

Note: HTTP/2 is supported for SSL sites only, so non-SSL sites will continue to work under HTTP/1.x. That's a restriction of NGINX web server and web browsers.

How to Enable HTTP/2 support for client web sites with NGINX

HTTP/2 support requires the Plesk 12.5.30 Update#28 being installed, as well as NGINX 1.9.14 (which is included in the update).

You can do this on Tools & Settings -> Server Components and Tools & Settings -> Services Management pages.

  • Login to your server via SSH under root and enable HTTP/2 support in Plesk using the following command line utility:

    on RedHat/CentOS:

    #/usr/local/psa/bin/http2_pref enable

    On Debian/Ubuntu:

    #/opt/psa/bin/http2_pref enable

    During the last step your NGINX web server will be tuned to use the TLS protocol with modern and secure ciphers, the whole web server configuration will be rebuilt, and all client's sites with 'SSL Support' will be moved to HTTP/2.
    Please check the output of the command to check for errors or warnings during the switch to HTTP/2.

If you wish to return to HTTP 1.x and disable HTTP/2, please use the following command:

 #/usr/local/psa/bin/http2_pref disable

Known Issues and Limitations

openssl 1.0.1 or higher is required to work with modern ciphers necessary for HTTP/2. For several older Operating Systems (such as CentOS-5 and RHEL-5), earlier openssl version is provided by the OS vendor.

HTTP/2 support on such OSes may be unavailable.

It is serverwide option, so there is no way to configure it on per-domain basis.

Also please check KB with troubleshooting materials: #213942145

Frequently Asked Questions

  • How can I check that http/2 support is enabled for domain?

Answer: You can simply use online service like https://tools.keycdn.com/http2-test

  • http2_pref utility returns warning about custom virtual host template. What should I do?
    # /usr/local/psa/bin/http2_pref enable
    WARNING: You are using a custom virtual host template(/usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php)

Answer: Please check KB #213942145 with troubleshooting materials. This situation is described there.

  • What about ALPN Support?

Answer: ALPN support for NGINX web-server is available out-of-the-box since Plesk 12.5.30 MU#35 for the following operating systems:CentOS-7,Rhel-7,Ubuntu 14,Debian 8

This means that HTTP/2 powered by Plesk works in all modern browsers including Google Chrome!

  • What about HTTP/2 support in Apache web server?

Answer: Plesk uses Apache provided by OS vendor. HTTP/2 support for Apache web server is available since Apache 2.4.17 that is not yet available for OSes that are supported by Plesk 12. Most of HTTP/2 improvements works perfect if you are using NGINX in front of Apache as it is supposed to do with Plesk.As additional option you can configure NGINX to serve static files in Plesk panel to exclude Apache from processing.More details on this option : Adjusting nginx Settings for Virtual Hosts

  • After enabling of HTTP/2 some browsers are not able to connect to my web site. Why?

Answer: HTTP/2 protocol specification defines that TLS 1.2 must be used for any implementation.Also it recommends to use strong ciphers list for encrypted connections. Check RFC #7540 for details https://tools.ietf.org/html/rfc7540 . Based on our security team research and opinion of Plesk experts community we choose a very balanced ciphers list that provides support for all modern browsers and "A" category in terms of security on SSLLabs: https://www.ssllabs.com/ssltest/index.html at the same time.If you have enought technical expertize on this you can simply customize ciphers list to allow support for old browsers. See the question below for more details.

  • How can I set up my own TLS ciphers list for NGINX?

Answer: You should use sslmng utility from Plesk to set up available protocols and TLS ciphers list after you enabled HTTP/2.For example if you want to use exactly the same ciphers list as Plesk does, the command will be the following:

    #plesk sbin sslmng --services=nginx --custom --ciphers="EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20" --protocols="TLSv1 TLSv1.1 TLSv1.2"

Configuration will be stored in /etc/nginx/conf.d/ssl.conf file. We do not recommend to edit this file manually.

  • How can I troubleshoot this is something goes wrong?

Answer: Please check KB #213942145 with troubleshooting materials.

References

Have more questions? Submit a request
Please sign in to leave a comment.