Debian 8 Nginx HTTP2 + ALPN

Ever since google started to love https sites, more mass installation of SSLs is required where possible. In general, in addition to more harassment for servers, we also have a degradation in speed. It's good, that HTTP2 the standard has been integrated in all major http servers and browsers for over a year and a half and its support is stable enough. Unfortunately debian stable does not have packages that support HTTP2 in the main http servers. The versions we need for HTTP2 to work are as follows:

For me the mix is ​​big and depending depends on apache or nginx. I haven't played playing debian's apache http2 yet 8 since I didn't have to but in backports the repo is like that, that won't be a big deal. For nginx has already played it several times. In general, the steps are several and relatively simple:

  1. We add the nginx official repo – in debian the version is 1.6.x 🙄
  2. Installing openssl from backports is currently 1.0.2k – this is what we need for ALPN maintenance so that everything can work and be fast
  3. we install our devscripts – here is the moment to share that we will build our package because the official one is compiled with openssl 1.0.1t where ALPN does not work and the browsers do not respond well and the http2 works only if you force it
  4. we increment the version so as not to hold the gypsies with the packages and when there is a new version only to sync sources

Let's start step by step

Add nginx repo

deb codename nginx
deb-src codename nginx

Adding openssl 1.0.2k and the dev library otherwise we will build it again with 1.0.1t which is not our goal

echo 'deb jessie-backports main' | tee /etc/apt/sources.list.d/backports.list

apt update && apt install libssl-dev -t jessie-backports


Now it remains to add the libraries needed to compile nginx

apt install devscripts

apt build-dep nginx

mkdir nginx-build

cd nginx-build

apt-get source nginx

If you have worked correctly you must have a structure like

~/nginx-build # ll
total 1004
drwxr-xr-x 10 root root   4096 Feb 21 18:37 nginx-1.10.3
-rw-r--r--  1 root root 103508 Jan 31 17:59 nginx_1.10.3-1~jessie.debian.tar.xz
-rw-r--r--  1 root root   1495 Jan 31 17:59 nginx_1.10.3-1~jessie.dsc
-rw-r--r--  1 root root 911509 Jan 31 17:59 nginx_1.10.3.orig.tar.gz

You enter a folder in which the source of nginx is unzipped, in my case it is also nginx-1.10.3 you execute a command with which you increment the version, I personally prefer to add 1 to the current build

debchange --newversion 1.10.3-1

After adding the changelog of your choice, you can proceed to the actual compilation

debuild -us -uc -i -I -b -j6

A little explanation of the command configuration:

-us -uc tell the script not to “signs” .dsc and .changes files. -i and -I cause the script to ignore version control files. -B to generate only a binary package. -j as in make with how many parallel processes to compile 🙂


Once the above process is complete, we should install our new packages. If you already have nginx installed, it's a good idea to uninstall it

apt remove nginx nginx-*

It's also a good idea to back up the nginx folder in / etc. Basically when upgrading from 1.6.5 to 1.10.3 I had no dramas but you never know. The new packs are located in the top-level folder and should be installed with a command such as:

dpkg -i ../*.deb

If everything went smoothly, all you have to do is run the nginx process and configure http2, which is no longer the goal of this article..

Leave a Reply

Your email address will not be published.

Anti SPAM *