DigitalOcean

Report this

What is the reason for this report?
Question

Simple SPDY implementation not working

Posted on May 1, 2015
Nginx
System Tools
Ubuntu
walk

By walk

Hello,

Wonder if you could help - I’m having an issue where the instructions to just ‘flip the spdy switch’ aren’t working for me.

Here’s the setup:

Ubuntu 12.04 LTS Nginx 1.7.12 (upgraded today from Ubuntu mainline/dev PPA - includes ssl modules) OpenSSL 1.0.1 (build from 19/03/15 - upgraded today) Have restarted Dovecot/Postfix/PHP5-FPM/Monit and of course Nginx.

Spdycheck.org is showing no spdy due to no NPN (but this version of openssl supports it, checked changelog), the Chrome/FF extensions also reporting no spdy. SSL Labs are reporting ‘No’ for NPN.

Also trying to get HSTS working with no joy either. Using the line below.

Where am I going wrong?

I have included the following in the sites-enabled host file, for the https server block:

listen 443 ssl spdy default_server;

[server_name, limit_con, log, keepalive_timeout, ssl certs…]

add_header Strict-Transport-Security “max-age=31536000; includeSubDomains”; add_header Alternate-Protocol 443:npn-spdy/3; I’m seeing nothing about the latter two headers in the Network section of the Chrome/FF [F12] profilers.

Thanks!

– This is a a new thread based on comment here



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Jonathan Tittle
Jonathan Tittle
May 3, 2015

@walk

Here’s a quick copy & paste from a template we’ve been using. The top is the http block, followed by the server block. All you should need to do is copy & paste in the differences. Also at the very top is how to get the dhparam.pem generated so you can set that as well.

http://hastebin.com/xijeneberi.nginx

0
walk
walk
May 5, 2015

For info, this is the version of openssl being used:

https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.25

0
walk
walk
May 5, 2015

Thanks for sharing that, @jtittle - I took the parts I didn’t have yet (stapling, the ‘ssl on’ line) and re-ordered the headers so that the Alternate-Protocol came before the STS line. Nothing changed. It’s still not being read by nginx.

Something in my config is either overriding it or getting there first.

SSL Labs still reporting no HSTS, no stapling, no NPN (thus, no spdy!).

Error logs only showing some md5 cache collisions - will keep looking.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.