How to enable ALPN with http2 for nginx on Centos 7 cPnginx Server

What Is ALPN?

ALPN, or Application-Layer Protocol Negotiation, is a TLS extension that includes the protocol negotiation within the exchange of hello messages. ALPN is able to negotiate which protocol should be handled over a secure connection in a way that is more efficient and avoids additional round trips. The ever-growing in popularity HTTP/2 protocol, makes use of ALPN to further decrease website load times and encrypt connections faster.

Why it is not supported in Centos 7?

The centos 7 is not using the latest openssl package . This the reason behind failing ALPN support with nginx in Centos 7.

Do I need ALPN with HTTP2 ?

The ALPN enabled nginx is more faster than normal http2. So it is better to enable ALPN in your server .

Steps To Enable ALPN with nginx on Centos 7

Please make sure that you are running the latest version of cpnginx software . You need to download the latest openssl packages from https://www.openssl.org/ as follows

cd /usr/local/src/
wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
tar -xzf openssl-1.0.2j.tar.gz 
mkdir -pv /opt/cpnginx/openssl
cp -vrf openssl-1.0.2j/* /opt/cpnginx/openssl/

Now make a custom nginx build configure as follows,

cp -vf /etc/cpnginx/build/configure.sh /etc/cpnginx/build/custom/	

Now edit the file /etc/cpnginx/build/custom/configure.sh and add the options –with-openssl=/opt/cpnginx/openssl

#!/bin/bash
./configure --prefix=/usr/local/nginx \
        --with-http_ssl_module \
        --with-http_ssl_module \
        --with-http_v2_module \
        --with-http_realip_module \
        --with-http_flv_module \
        --with-http_mp4_module \
        --with-ipv6 \
        --with-openssl=/opt/cpnginx/openssl \
        --with-http_stub_status_module 

Now build the nginx software

# nginxctl build nginx --version 1.10.2

Thats it . You have now cpnginx with full ALPN support with http2.

How to test it ?

You can check it from https://tools.keycdn.com/http2-test

Test to see if you browser is getting http2 support . You need to open your https websites on Chrome browser and do an inspect by right clicking your mouse. Now you see as “h2” in protocol section . Please see a sample screen short below,

http2-alpn