What Is ALPN?
ALPN, or Application-Layer Protocol Negotiation, is a TLS extension that includes the protocol negotiation within the exchange of hello messages. ALPN is able to negotiate which protocol should be handled over a secure connection in a way that is more efficient and avoids additional round trips. The ever-growing in popularity HTTP/2 protocol, makes use of ALPN to further decrease website load times and encrypt connections faster.
Why it is not supported in Centos 7?
The centos 7 is not using the latest openssl package . This the reason behind failing ALPN support with nginx in Centos 7.
Do I need ALPN with HTTP2 ?
The ALPN enabled nginx is more faster than normal http2. So it is better to enable ALPN in your server .
Steps To Enable ALPN with nginx on Centos 7
Please make sure that you are running the latest version of cpnginx software . You need to download the latest openssl packages from https://www.openssl.org/ as follows
cd /usr/local/src/ wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz tar -xzf openssl-1.0.2j.tar.gz mkdir -pv /opt/cpnginx/openssl cp -vrf openssl-1.0.2j/* /opt/cpnginx/openssl/
Now make a custom nginx build configure as follows,
cp -vf /etc/cpnginx/build/configure.sh /etc/cpnginx/build/custom/
Now edit the file /etc/cpnginx/build/custom/configure.sh and add the options –with-openssl=/opt/cpnginx/openssl
#!/bin/bash
./configure --prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-ipv6 \
--with-openssl=/opt/cpnginx/openssl \
--with-http_stub_status_module
Now build the nginx software
# nginxctl build nginx --version 1.10.2
Thats it . You have now cpnginx with full ALPN support with http2.
How to test it ?
You can check it from https://tools.keycdn.com/http2-test
Test to see if you browser is getting http2 support . You need to open your https websites on Chrome browser and do an inspect by right clicking your mouse. Now you see as “h2” in protocol section . Please see a sample screen short below,
Thanks for detailed article. I’m not using cPnginx Server, could I following your steps for pure Nginx server?
Hi,
Not work. When I’m check it on https://tools.keycdn.com/http2-test, the results :
Yeah! idw.io supports HTTP/2.0
ALPN is not supported.
Any solutions?
probably you are compiling with an old version of openssl