ALPN, or Application-Layer Protocol Negotiation, is a TLS extension that includes the protocol negotiation within the exchange of hello messages. ALPN is able to negotiate which protocol should be handled over a secure connection in a way that is more efficient and avoids additional round trips. The ever-growing in popularity HTTP/2 protocol, makes use of ALPN to further decrease website load times and encrypt connections faster.
The centos 7 is not using the latest openssl package . This the reason behind failing ALPN support with nginx in Centos 7.
The ALPN enabled nginx is more faster than normal http2. So it is better to enable ALPN in your server .
Please make sure that you are running the latest version of cpnginx software . You need to download the latest openssl packages from https://www.openssl.org/ as follows
cd /usr/local/src/ wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz tar -xzf openssl-1.0.2j.tar.gz mkdir -pv /opt/cpnginx/openssl cp -vrf openssl-1.0.2j/* /opt/cpnginx/openssl/
Now make a custom nginx build configure as follows,
cp -vf /etc/cpnginx/build/configure.sh /etc/cpnginx/build/custom/
Now edit the file /etc/cpnginx/build/custom/configure.sh and add the options –with-openssl=/opt/cpnginx/openssl
#!/bin/bash ./configure --prefix=/usr/local/nginx \ --with-http_ssl_module \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-ipv6 \ --with-openssl=/opt/cpnginx/openssl \ --with-http_stub_status_module
Now build the nginx software
# nginxctl build nginx --version 1.10.2
Thats it . You have now cpnginx with full ALPN support with http2.
You can check it from https://tools.keycdn.com/http2-test
Test to see if you browser is getting http2 support . You need to open your https websites on Chrome browser and do an inspect by right clicking your mouse. Now you see as “h2” in protocol section . Please see a sample screen short below,