Why use Nginx with SPDY?
SPDY is Google initiated project.This is part of Make the Web faster initiative taken by Google.Google PageSpeed was other major project under make the web faster initiative.SPDY makes your website faster.But SPDY will not work for HTTP.You need to have SSL configured in your web server to take benefit from SPDY.
So in this way it is related to Make Web safer place to be initiative.Google has recently included HTTPS as one of the search engine ranking factors.You can read more about that announcement in this post.To use SPDY with Nginx you need to have SSL configured for Nginx.Recently I configured my Nginx web server to use SSL.You can read this post for details.Along the way I also configured SPDY support in my web server.
The commands discussed in this tutorial will be of Debian operating system.They should work fine for Ubuntu as well.But in case you have different operating system like centOS or Fedora then some of the commands will not work.You need to look for commands available in your operating system.
The Nginx configuration will be same across operating system.The location of configuration files will differ.For Debian and Ubuntu the Nginx configuration files will be located in /etc/nginx directory.
Nginx with SPDY steps
This is important.I would not recommend installing Nginx from source if you are using Debian.It is better to use dotdeb for Nginx and other package installation.dotdeb includes ngx_pagespeed and SPDY in their Nginx package.So your task becomes simple.
Also it is easier to update and upgrade the packages once newer version is available.To install Nginx from dotdeb enter below commands
deb http://packages.dotdeb.org wheezy all deb-src http://packages.dotdeb.org wheezy all wget http://www.dotdeb.org/dotdeb.gpg sudo apt-key add dotdeb.gpg apt-get update
These commands tell Software updater to look into dotdeb repository.This is just one time setup.You do not have to run the first four commands more than once.After adding the repository using last command we are updating the list of software available.After adding the repository its time to install Nginx.Enter below commands to install Nginx
apt-get install nginx-common nginx-extras
dotdeb offers four Nginx packages nginx-naxsi,nginx-full,nginx-extras and nginx-common.nginx-common is also known as nginx-light.As per Guillaume Plessis of dotdeb SPDY is available in all flavors of Nginx package offered by them.So you can choose any of the Nginx flavors offered by them.But I would recommend using nginx-extras and nginx-common.nginx-naxsi does not contain ngx_pagespeed so it is not recommended by me.
nginx-extras package installs ngx_pagespeed and SPDY.ngx_pagespeed is Google PageSpeed port for Nginx.I would recommend you using it.It will make your website lightening fast.Also you Google PageSpeed score will be in 90s.You can read ngx_pagespeed tutorial here.nginx_common installs other useful packages.I am using these two packages on my server.So far I have seen support for most of the useful packages.
Adding SSL support to Nginx
SSL configuration is required to use SPDY.As mentioned before it works over HTTPS only.You can configure third party SSL certificate or self signed SSL certificate.For public sites I would recommend using 3rd party SSL certificate.If not then your visitor will see message this website is not trusted.This message might turn off your visitors and you will loose traffic.
For configuration of 3rd party SSL certificate with Nginx read this post.The steps will work for self signed certificate also but with some differences.3rd party SSL certificate will have additional steps.After completing this step you should move to next step.
Configuring SPDY with Nginx
Now it is time to tell Nginx about SPDY.If you have installed using dotdeb then SPDY is enabled by default.But if you are installing from source then you need to enable it by passing the configuration parameter.
Now open the file in /etc/nginx/sites-available.Search for below piece of code in that file
listen 443 ssl;
Now you need to change this line and add support for SPDY.The modified line will look as shown below
listen 443 ssl spdy;
Nginx SPDY module offers mainly two directives spdy_chunk_size and spdy_headers_comp.The default value for spdy_chunk_size is 8k.The default value of spdy_headers_comp is 0 which disables it.Compression is good for increasing performance.But enabling this directive is not recommended as per Nginx forum (link to the post).It may subject to CRIME attacks.You can leave them unchanged.
In addition to configuration mentioned in SSL post of mine I have added below to directives specially for SPDY.
add_header Alternate-Protocol 443:npn-spdy/3; ssl_buffer_size 2k;
The first directive Alternate-Protocol 443:npn-spdy/3 line to your server response header.
Loading Nginx configuration changes
Now it is time to load configuration changes you made.It is better to test the configuration changes for syntax errors before applying the same.If wrong configuration is applied your website will not load (will go offline).Run below command to check Nginx configuration for syntax errros
You will see below output
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
After this you can reload current configuration file.Nginx will use the latest configuration.Enter below commands
You will see below output in this case
[ ok ] Reloading nginx configuration: nginx.
If you see this message them everything is ok.
Testing SPDY Nginx configuration
Now it is time to test our setup.You can use http://spdycheck.org/ for this purpose.It also gives idea about possible configuration issue.It checks your server configuration based on below parameters
- Is your server listening on port 443 ? Port 443 is dedicated to SSL.
- Is SSL/TLS configured for your website?
- Does your website has valid X.509 certificate?
- Does your server supports NPN extension?
- Is SPDY enabled for your server? It also shows version of it if SPDY is enabled.
- Is your server configured to use HTTPS? This is required for old browsers which does not support SPDY.Currently Firefox and Chrome has full support for SPDY.But Internet Explorer version below 11 does not support this protocol.So it is important that your server is properly configured to use both the protocols.It should use SPDY is browser supports it but if not then HTTPS.
- Whether HTTPS is redirected to SPDY.If yes then your visitors will be redirected to SPDY if browser support it.
Ideally your server should pass all the parameters.This website currently passes all the tests.
SPDY is good way to speed up your website.With time more browsers are supporting this protocol.If you are enabling this then you are minimizing the slowness caused by using HTTPS website.Note HTTPS will be slower then corresponding version of HTTP page.
Consider sharing this post in case you found this useful.