Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

Nginx, SSL, and SPDY, how to set it up on Ubuntu 14.04?

So I’m following this article: https://thethemefoundry.com/blog/why-we-dont-use-a-cdn-spdy-ssl/

I’m lost on this paragraph:

“we jumped into manually compiling Nginx with the mainline version of the package. We used Nginx 1.5.9 (to avoid the “large certificate” bug), compiled against OpenSSL 1.0.1e (to enable NPN), and enabled Perfect Forward Secrecy”

Is SPDY something that’s already included with Nginx by default? Has this “large certificate” bug been fixed in subsequent versions? Also not sure about OpenSSL 1.0.1e and Perfect Forward Secrecy.

Is this something I can use some sort of apt-get command for?

If not, what’s the best way to compile Nginx with the set up as described above?

FYI I’m using the latest version of Ubuntu offered here at the moment: 14.04.

Thanks in advance for your help.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Kamal NasserAugust 13, 2014

SPDY has been supported in nginx since version 1.3.15. In order to be able to use SPDY, you will need to have a recent version of nginx and OpenSSL version 1.0.0d or newer.

You can find out what version of OpenSSL you have installed by running openssl version. The command for nginx is nginx -v.

Once you’ve made sure your system supports SPDY, you can enable it by adding spdy to the listen line in your server block:

server {
    listen 443 ssl spdy;
}

Finally, restart nginx so that the changed can take effect:

sudo nginx -t
sudo service nginx restart
walkApril 30, 2015

Hi Kamal,

Wonder if you could help - I’m having a related issue (new thread?) where the instructions to just ‘flip the spdy switch’ aren’t working for me.

Here’s the setup:

  • Ubuntu 12.04 LTS
  • Nginx 1.7.12 (upgraded today from Ubuntu mainline/dev PPA - includes ssl modules)
  • OpenSSL 1.0.1 (build from 19/03/15 - upgraded today)

Have restarted Dovecot/Postfix/PHP5-FPM/Monit and of course Nginx.

Spdycheck.org is showing no spdy due to no NPN (but this version of openssl supports it, checked changelog), the Chrome/FF extensions also reporting no spdy. SSL Labs are reporting ‘No’ for NPN.

Also trying to get HSTS working with no joy either. Using the line below.

Where am I going wrong?

I have included the following in the sites-enabled host file, for the https server block:

listen 443 ssl spdy default_server;

[server_name, limit_con, log, keepalive_timeout, ssl certs...]

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Alternate-Protocol  443:npn-spdy/3;

I’m seeing nothing about the latter two headers in the Network section of the Chrome/FF [F12] profilers.

Thanks!

Leland FiegelAugust 14, 2014

Hi Kamal, thanks so much for your response.

I did indeed have sufficient versions of nginx and OpenSSL so adding that to the server block worked great for me.

Definitely notice an improvement in speed now.

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up