How to enable HTTP/2 in Nginx

Enabling HTTP/2 in Nginx reduces latency for modern browsers by multiplexing many requests over a single TCP connection and minimizing the connection churn common with HTTP/1.1.

On HTTPS virtual hosts, the HTTP version is negotiated during the TLS handshake using ALPN, so enabling HTTP/2 is largely a server-side switch. Clients that advertise h2 automatically upgrade to HTTP/2, while older clients transparently fall back to HTTP/1.1 without requiring separate listeners or application changes.

Most browsers only use HTTP/2 over TLS, so valid certificates and working HTTPS must already exist. Newer Nginx releases enable HTTP/2 with the dedicated http2 directive (introduced in 1.25.1) and emit warnings when the older listen ... http2 parameter is used, so configuration syntax must match the installed version. Always run nginx -t before reloading to avoid a failed reload or an accidental restart outage.

Steps to enable HTTP/2 in Nginx:

Confirm that the virtual host responds over HTTPS on port 443.
```
$ curl -I https://example.com/
HTTP/1.1 200 OK
Server: nginx
##### snipped #####
```
Certificate or hostname errors must be resolved before HTTP/2 negotiation can succeed.

Related: How to configure Let's Encrypt SSL in Nginx
Locate the configuration file that defines the HTTPS server block.
```
$ sudo grep --recursive --line-number "server_name example.com" /etc/nginx
/etc/nginx/sites-enabled/example.com.conf:8:    server_name example.com;
```
When multiple includes match, prefer the file that also contains the listen 443 directive for the same host.
Enable HTTP/2 in the HTTPS server block.
```
server {
    listen 443 ssl;
    listen [::]:443 ssl;

    http2 on;

    server_name example.com;
    ##### snipped #####
}
```
On Nginx 1.25.1 and newer, use http2 on; and keep the listen line as listen 443 ssl; to avoid deprecation warnings. On older Nginx builds, remove http2 on; and use listen 443 ssl http2; (and the IPv6 equivalent) instead.

Test the updated configuration for syntax errors.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Accepting HTTP/2 over TLS requires ALPN support in the TLS library (OpenSSL 1.0.2+).

Reload Nginx to apply the configuration change.
```
$ sudo systemctl reload nginx
```
Reloading applies new configuration without dropping established connections, but a full restart can take the site offline if the config cannot load.
Verify HTTP/2 negotiation from a client.
```
$ curl -I --http2 https://example.com/
HTTP/2 200
server: nginx
##### snipped #####
```
If the status line still shows HTTP/1.1, HTTP/2 was not negotiated and the client fell back to HTTP/1.1.

Confirm ALPN selection of h2 during the TLS handshake.

$ echo | openssl s_client -alpn h2 -connect example.com:443 2>/dev/null | grep -i "ALPN protocol"
ALPN protocol: h2

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.