How to enable HTTP/2 in Nginx

Enabling HTTP/2 in Nginx reduces latency for modern browsers by multiplexing many requests over a single TCP connection and minimizing the connection churn common with HTTP/1.1.

On HTTPS virtual hosts, the HTTP version is negotiated during the TLS handshake using ALPN, so enabling HTTP/2 is largely a server-side switch. Clients that advertise h2 automatically upgrade to HTTP/2, while older clients transparently fall back to HTTP/1.1 without requiring separate listeners or application changes.

Most browsers only use HTTP/2 over TLS, so valid certificates and working HTTPS must already exist. Newer Nginx releases enable HTTP/2 with the dedicated http2 directive (introduced in 1.25.1) and emit warnings when the older listen ... http2 parameter is used, so configuration syntax must match the installed version. Always run nginx -t before reloading to avoid a failed reload or an accidental restart outage.

Steps to enable HTTP/2 in Nginx:

Confirm that the virtual host responds over HTTPS on port 443.

$ curl -I https://example.com/
HTTP/2 200
server: nginx/1.24.0 (Ubuntu)
date: Mon, 29 Dec 2025 22:42:25 GMT
content-type: text/html
content-length: 10671
last-modified: Sun, 28 Dec 2025 06:15:52 GMT
vary: Accept-Encoding
etag: "6950cb18-29af"
strict-transport-security: max-age=31536000
accept-ranges: bytes

Certificate or hostname errors must be resolved before HTTP/2 negotiation can succeed.

Locate the configuration file that defines the HTTPS server block.

$ sudo nginx -T 2>/dev/null | grep -n "server_name example.com"
/etc/nginx/conf.d/redirect-http.conf:3:    server_name example.com www.example.com;
/etc/nginx/conf.d/ssl-http2.conf:3:    server_name example.com;
/etc/nginx/sites-available/default:130:#	server_name example.com;

When multiple includes match, prefer the file that also contains the listen 443 directive for the same host.

Enable HTTP/2 in the HTTPS server block.
```
server {
    listen 443 ssl http2;

    server_name example.com;
    ##### snipped #####
}
```
On Nginx 1.25.1 and newer, use http2 on; and keep the listen line as listen 443 ssl; to avoid deprecation warnings. On older Nginx builds, remove http2 on; and use listen 443 ssl http2; instead.

Test the updated configuration for syntax errors.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Accepting HTTP/2 over TLS requires ALPN support in the TLS library (OpenSSL 1.0.2+).

Reload Nginx to apply the configuration change.
```
$ sudo systemctl reload nginx
```
Reloading applies new configuration without dropping established connections, but a full restart can take the site offline if the config cannot load.

Verify HTTP/2 negotiation from a client.

$ curl -I --http2 https://example.com/
HTTP/2 200
server: nginx/1.24.0 (Ubuntu)
date: Mon, 29 Dec 2025 22:42:50 GMT
content-type: text/html
content-length: 10671
last-modified: Sun, 28 Dec 2025 06:15:52 GMT
vary: Accept-Encoding
etag: "6950cb18-29af"
strict-transport-security: max-age=31536000
accept-ranges: bytes

If the status line still shows HTTP/1.1, HTTP/2 was not negotiated and the client fell back to HTTP/1.1.

Confirm ALPN selection of h2 during the TLS handshake.

$ echo | openssl s_client -alpn h2 -connect example.com:443 2>/dev/null | grep -i "ALPN protocol"
ALPN protocol: h2

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.