Nginx

Configuration HTTP/2 NGINX

image-1-1024x538 Configuration HTTP/2 NGINX

Open the configuration file for your domain:

sudo nano /etc/nginx/sites-available/your_domain

In the file, locate the listen variables associated with port 443:

...
    listen [::]:443 ssl ipv6only=on; 
    listen 443 ssl; 
...

The first one is for IPv6 connections. The second one is for all IPv4 connections. We will enable HTTP/2 for both.

...
    listen [::]:443 ssl http2 ipv6only=on; 
    listen 443 ssl http2; 
...

Test NGINX

sudo nginx -t

Removing Old and Insecure Cipher Suites

sudo nano /etc/nginx/sites-available/your_domain

Locate the line that includes the options-ssl-nginx.conf file and comment it out:

# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<^>

Below that line, add this line to define the allowed ciphers:

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

Open the file /etc/nginx/snippets/ssl-params.conf in your text editor:

sudo nano /etc/nginx/snippets/ssl-params.conf

Locate the following line:

...
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
...

Modify it so it looks like this:

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

Save the file and exit your editor.

sudo nginx -t
sudo systemctl reload nginx
Thànhnh

I am gaining experience and developing my skills in the field of information technology. My focus areas include basic network administration, troubleshooting, and supporting IT infrastructure. I am keen on learning and growing in various aspects of IT, from system setup and maintenance to exploring new technologies and methodologies.

view all posts

Related Posts

Post Comment

You May Have Missed

© 2025 Powered by Nguyen Huy Thanh.