So I’m following this article: https://thethemefoundry.com/blog/why-we-dont-use-a-cdn-spdy-ssl/
I’m lost on this paragraph:
“we jumped into manually compiling Nginx with the mainline version of the package. We used Nginx 1.5.9 (to avoid the “large certificate” bug), compiled against OpenSSL 1.0.1e (to enable NPN), and enabled Perfect Forward Secrecy”
Is SPDY something that’s already included with Nginx by default? Has this “large certificate” bug been fixed in subsequent versions? Also not sure about OpenSSL 1.0.1e and Perfect Forward Secrecy.
Is this something I can use some sort of apt-get command for?
If not, what’s the best way to compile Nginx with the set up as described above?
FYI I’m using the latest version of Ubuntu offered here at the moment: 14.04.
Thanks in advance for your help.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
SPDY has been supported in nginx since version 1.3.15. In order to be able to use SPDY, you will need to have a recent version of nginx and OpenSSL version 1.0.0d or newer.
You can find out what version of OpenSSL you have installed by running
openssl version
. The command for nginx isnginx -v
.Once you’ve made sure your system supports SPDY, you can enable it by adding
spdy
to thelisten
line in your server block:Finally, restart nginx so that the changed can take effect:
SPDY has been supported in nginx since version 1.3.15. In order to be able to use SPDY, you will need to have a recent version of nginx and OpenSSL version 1.0.0d or newer.
You can find out what version of OpenSSL you have installed by running
openssl version
. The command for nginx isnginx -v
.Once you’ve made sure your system supports SPDY, you can enable it by adding
spdy
to thelisten
line in your server block:Finally, restart nginx so that the changed can take effect:
Hi Kamal,
Wonder if you could help - I’m having a related issue (new thread?) where the instructions to just ‘flip the spdy switch’ aren’t working for me.
Here’s the setup:
Have restarted Dovecot/Postfix/PHP5-FPM/Monit and of course Nginx.
Spdycheck.org is showing no spdy due to no NPN (but this version of openssl supports it, checked changelog), the Chrome/FF extensions also reporting no spdy. SSL Labs are reporting ‘No’ for NPN.
Also trying to get HSTS working with no joy either. Using the line below.
Where am I going wrong?
I have included the following in the sites-enabled host file, for the https server block:
I’m seeing nothing about the latter two headers in the Network section of the Chrome/FF [F12] profilers.
Thanks!
Hi Kamal, thanks so much for your response.
I did indeed have sufficient versions of nginx and OpenSSL so adding that to the server block worked great for me.
Definitely notice an improvement in speed now.