Rolling Out HTTP/2 Using Let’s Encrypt SSL

Posted: March 1, 2016

With the release of my newly updated site, I decided to opt to also upgrade my webserver. My webserver has remained almost as it was over 8 months ago (as seen here) running a hideously outdated version of Nginx. I wanted to take advantage of 2 pieces of technology that required an upgrade to Nginx: HTTP/2 and ngx_pagespeed.

What is HTTP/2 and ngx_pagespeed?

HTTP/2 is an evolutionary step beyond the now outdated HTTP/1.1 standard. HTTP/1.1 has been around for a while now and (finally) steps have been taken to address its pitfalls. Google led the charge almost 5 years ago releasing SPDY, with many of the changes introduced being taken forward to the new HTTP/2 standard.

But why have a new standard? Isn’t HTTP/1.1 enough? Well, the main issue with HTTP/1.1 is that it loads resources sequentially. This means loading large resources like bulky external Javascript or CSS files can “block” the acquisition of other files until the download to your browser is complete. This is fine for small lightweight sites, but larger sites end up with slow loading times which impacts the usability of sites.

HTTP/2 addresses this issue in two ways: server pushing and multiplexing. With server pushing the server itself “pushes” more data to the client (browser) than it actually requests, as the server knows the browser will later request the resource. This allows the server to drastically reduce the number of requests from the client whilst still serving all the required data. Multiplexing allows the server to send a number of resource asynchronously – ie: without doing them in order. This allows the webpage resource to be downloaded far quicker than previous HTTP protocols.

Combining these two methods allows HTTP/2 to drastically reduce latency and page load times, and is generally well supported in modern browsers. But the benefits of HTTP/2 only help to a certain extent. Large resources take time to download regardless of how they are downloaded – which is where ngx_pagespeed comes in. Ngx_pagespeed is a module developed by Google that allows the Nginx webserver to compress, minify, and generally streamline data transfer to the browser. When combined with a content cache, files are quickly served from a static location to Nginx, which then optimises the data before sending it to the browser. This overhead would normally slow the page down, as processing takes time, so Ngx_pagespeed also has its own cache, caching the optimised files to serve to multiple browsers. In all, this process reduces the amount of processing done by “slow” processors like PHP.

Why all the upgrades?

Ngx_pagespeed requires at least Nginx 1.9.6 – I was way behind on 1.4.6 (that’s what you get for using Ubuntu repositories)! It also requires compilation of Nginx from source, as it must be included when compiling Nginx. So my first upgrade was to the latest version Nginx, building ngx_pagespeed in as a module during compilation. Google’s PageSpeed module documentation has a great step by step guide for compiling ngx_pagespeed from source with Nginx but I will be writing a more detailed post on that later this month. After upgrading Nginx to the latest version I installed LetsEncrypt, a free local open Certificate Authority that allows self generation of SSL certificates. Installation of this was simple, and within less than an hour I’d generated an SSL certificate for my site.

From there I enabled SSL and HTTP/2 in the Ajenti control panel, and setup Cloudflare to honour SSL certificates originating from my server, providing end-to-end encryption from browser to origin server. I also setup a redirect within Cloudflare to redirect all HTTP traffic to HTTPS.

So currently, if your browser supports it, you’ll be reading this post via HTTP/2 in a fully SSL secured environment! I have yet to benchmark actual speed improvements over HTTP/1.1 but I’ll be sure to do that in the future. I’ll also be writing a tutorial on installing Nginx with HTTP/2 support and also installation and configuration of LetsEncrypt!

© 2012-2019 Tom Kent. All Rights Reserved