- Plesk for Linux
HTTP/2 (originally named HTTP/2.0) is the second major version of the HTTP network protocol used by the World Wide Web.
Ratified in May 2015, HTTP/2 was created to address some significant performance problems with HTTP 1.1 in the modern Web era.
- HTTP/2 is supported in nginx web server starting from version 1.9.5.
- Currently HTTP/2 is supported by most major web browsers.
- Your sites do not require any changes to get HTTP/2 advantages.
Now HTTP/2 is available out-of-the-box for Plesk 12.5 customers!
Note: HTTP/2 is supported for SSL sites only, so non-SSL sites will continue to work under HTTP/1.x. That's a restriction of nginx web server and web browsers.
How to Enable HTTP/2 support for client web sites with nginx
HTTP/2 support requires the Plesk 12.5.30 Update#28 being installed, as well as nginx 1.9.14 (which is included in the update).
- Install Plesk 12.5.30 Update #28 or later: Installing Plesk micro-updates
- Make sure you have nginx web server updated to version 1.9.14 or later and running.
You can do this in Tools & Settings > Server Components and Tools & Settings > Services Management pages.
Login to your server via SSH under root and enable HTTP/2 support in Plesk using the following command line utility:
# /usr/local/psa/bin/http2_pref enable
# /opt/psa/bin/http2_pref enable
During the last step your nginx web server will be tuned to use the TLS protocol with modern and secure ciphers, the whole web server configuration will be rebuilt, and all client's sites with 'SSL Support' will be moved to HTTP/2.
Please check the output of the command to check for errors or warnings during the switch to HTTP/2.
If you wish to return to HTTP 1.x and disable HTTP/2, please use the following command:
# /usr/local/psa/bin/http2_pref disable
Known Issues and Limitations
- OpenSSL 1.0.1 or higher is required to work with modern ciphers necessary for HTTP/2. For several older Operating Systems (such as CentOS 5 and RHEL 5), earlier openssl version is provided by the OS vendor.
- HTTP/2 support on such OSes may be unavailable.
- It is serverwide option, so there is no way to configure it on per-domain basis.
- For troubleshooting materials please check the following article: HTTP/2 Troubleshooting
Frequently Asked Questions
- How can I check that http/2 support is enabled for domain?
Answer: You can simply use online service like https://tools.keycdn.com/http2-test
- http2_pref utility returns warning about custom virtual host template. What should I do?
# /usr/local/psa/bin/http2_pref enable
WARNING: You are using a custom virtual host template(/usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php)
Answer: Please check KB #213942145 with troubleshooting materials. This situation is described there.
- What about ALPN Support?
Answer: ALPN support for nginx web server is available out-of-the-box since Plesk 12.5.30 MU#35. For ALPN support OpenSSL 1.0.2 or above is required, thus this feature is available for the following operating systems: RHEL/CentOS 7, Ubuntu 14/16, Debian 8/9
- What about HTTP/2 support in Apache web server?
Answer: Plesk uses Apache provided by OS vendor. HTTP/2 support for Apache web server is available since Apache 2.4.17 that is not yet available for OSes that are supported by Plesk 12. Most of HTTP/2 improvements works perfect if you are using nginx in front of Apache as it is supposed to do with Plesk.As additional option you can configure nginx to serve static files in Plesk panel to exclude Apache from processing. More details on this option: Adjusting nginx Settings for Virtual Hosts
- After enabling of HTTP/2 some browsers are not able to connect to my web site. Why?
Answer: HTTP/2 protocol specification defines that TLS 1.2 must be used for any implementation. Also it recommends using strong ciphers list for encrypted connections. Check RFC #7540 for details https://tools.ietf.org/html/rfc7540. Based on our security team research and opinion of Plesk experts community we choose a very balanced ciphers list that provides support for all modern browsers and "A" category in terms of security on SSLLabs: https://www.ssllabs.com/ssltest/index.html at the same time.If you have enought technical expertize on this you can simply customize ciphers list to allow support for old browsers. See the question below for more details.
- How can I set up my own TLS ciphers list for nginx?
Answer: You should use sslmng utility from Plesk to set up available protocols and TLS ciphers list after you enabled HTTP/2.For example if you want to use exactly the same ciphers list as Plesk does, the command will be the following:
# plesk sbin sslmng --services=nginx --custom --ciphers="EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20" --protocols="TLSv1 TLSv1.1 TLSv1.2"
Configuration will be stored in /etc/nginx/conf.d/ssl.conf file. We do not recommend to edit this file manually.
- How can I troubleshoot this is something goes wrong?
Answer: Please check KB #213942145 with troubleshooting materials.
- How to install Plesk updates: https://kb.plesk.com/en/128626
- HTTP/2 support for nginx web-server: https://www.nginx.com/blog/nginx-1-9-5/
- Our Blog Post about HTTP/2 and Let' Encrypt and WordPress: https://devblog.plesk.com/2016/04/http2-lets-encrypt-for-wordpress/