How to Install Nginx with HTTP/2 Support on Ubuntu (Complete Guide)

Nginx is one of the most widely deployed web servers in the world, celebrated for its exceptional performance, low memory footprint, and ability to handle thousands of concurrent connections. When combined with HTTP/2, Nginx becomes an even more powerful platform — enabling multiplexed requests, header compression, server push, and dramatically reduced page load times.

This comprehensive guide walks you through every step required to install Nginx with full HTTP/2 support on Ubuntu 20.04 and Ubuntu 22.04 LTS, from initial setup through SSL configuration, server block optimization, and live verification.

> Who is this guide for? System administrators, developers, and website owners who want to maximize web performance on a Linux server. If you're running your site on a VPS Hosting plan or a Dedicated Server, this tutorial applies directly to your environment.

Table of Contents

1. What Is HTTP/2 and Why Does It Matter?
2. Prerequisites
3. Step 1 — Update the System Package Index
4. Step 2 — Install Nginx
5. Step 3 — Install OpenSSL
6. Step 4 — Obtain a Free SSL Certificate with Let's Encrypt
7. Step 5 — Configure Nginx for HTTP/2
8. Step 6 — Optimize Your Nginx HTTP/2 Configuration
9. Step 7 — Test the Nginx Configuration
10. Step 8 — Restart Nginx and Apply Changes
11. Step 9 — Verify HTTP/2 Is Active
12. Troubleshooting Common Issues
13. Conclusion

What Is HTTP/2 and Why Does It Matter?

HTTP/2 is the second major version of the Hypertext Transfer Protocol, standardized in RFC 7540. It was designed to address the performance limitations of HTTP/1.1, which has been in use since 1997.

Key advantages of HTTP/2 over HTTP/1.1:

For website owners, enabling HTTP/2 translates directly into faster page loads, better Core Web Vitals scores, and improved SEO rankings — since Google uses page speed as a ranking signal.

> Important: HTTP/2 requires HTTPS (TLS/SSL). You cannot run HTTP/2 over an unencrypted connection in any modern browser. This is why obtaining an SSL certificate is a mandatory step in this guide. If you need a trusted certificate for your domain, AlexHost offers SSL Certificates for all use cases.

Prerequisites

Before you begin, make sure you have the following in place:

• A server running Ubuntu 20.04 LTS or Ubuntu 22.04 LTS (the steps are nearly identical for both)
• A non-root user with sudo privileges or direct root access
• A registered domain name pointed to your server's IP address via an A record
• Ports 80 and 443 open in your firewall (UFW or iptables)
• Basic familiarity with the Linux command line

If you don't yet have a domain, you can register one directly through AlexHost Domain Registration and point it to your server within minutes.

Step 1 — Update the System Package Index

Always start by refreshing your package index to ensure you're installing the latest available versions of all software:

sudo apt update && sudo apt upgrade -y

This command updates the local package list and upgrades any outdated packages already installed on your system.

Step 2 — Install Nginx

Install the Nginx Package

Ubuntu's default repositories include a stable version of Nginx. Install it with:

sudo apt install nginx -y

Start the Nginx Service

Once installed, start the Nginx service immediately:

sudo systemctl start nginx

Enable Nginx to Start Automatically at Boot

Ensure Nginx launches automatically every time the server reboots:

sudo systemctl enable nginx

Verify Nginx Is Running

Confirm the service is active and running:

sudo systemctl status nginx

You should see output similar to:

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since ...

Allow Nginx Through the Firewall

If UFW is active on your server, allow HTTP and HTTPS traffic:

sudo ufw allow 'Nginx Full'
sudo ufw status

Nginx Full opens both port 80 (HTTP) and port 443 (HTTPS), both of which are required for this setup.

Step 3 — Install OpenSSL

HTTP/2 depends on TLS, which in turn depends on OpenSSL. Install it to ensure all cryptographic dependencies are available:

sudo apt install openssl -y

Verify the installed version:

openssl version

You should see output like OpenSSL 3.0.x or similar. Any version above 1.0.2 fully supports the cipher suites required for HTTP/2.

Step 4 — Obtain a Free SSL Certificate with Let's Encrypt

Let's Encrypt provides free, automatically renewable SSL/TLS certificates trusted by all major browsers. The Certbot client makes the entire process straightforward.

Install Certbot and the Nginx Plugin

sudo apt install certbot python3-certbot-nginx -y

Request Your SSL Certificate

Replace your_domain.com with your actual registered domain name:

sudo certbot --nginx -d your_domain.com -d www.your_domain.com

Certbot will:

1. Verify domain ownership via an HTTP challenge
2. Issue the certificate from Let's Encrypt
3. Automatically modify your Nginx configuration to use the certificate
4. Set up HTTPS redirects from HTTP

Follow the interactive prompts. When asked whether to redirect HTTP traffic to HTTPS, select option 2 (Redirect) — this is the recommended choice.

Verify Automatic Certificate Renewal

Let's Encrypt certificates expire after 90 days. Certbot installs a cron job or systemd timer to renew them automatically. Test the renewal process with a dry run:

sudo certbot renew --dry-run

If no errors appear, automatic renewal is correctly configured.

> Tip: For production environments with multiple domains or wildcard certificates, consider a Dedicated Server for complete control over your SSL infrastructure.

Step 5 — Configure Nginx for HTTP/2

Now that SSL is in place, you need to explicitly enable HTTP/2 in the Nginx server block configuration.

Open the Nginx Configuration File

The default site configuration is located at:

sudo nano /etc/nginx/sites-available/default

If you created a custom server block for your domain (recommended), open that file instead:

sudo nano /etc/nginx/sites-available/your_domain.com

Update the Server Block to Enable HTTP/2

Locate the listen 443 ssl; directive. Certbot will have added this automatically. Modify it to include http2:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name your_domain.com www.your_domain.com;

    # SSL Certificate paths (set by Certbot)
    ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    root /var/www/your_domain.com/html;
    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ =404;
    }
}

# HTTP to HTTPS redirect block
server {
    listen 80;
    listen [::]:80;
    server_name your_domain.com www.your_domain.com;
    return 301 https://$host$request_uri;
}

The critical change is on the listen line: adding http2 after ssl activates the HTTP/2 protocol for that virtual host.

Save and Exit

Press CTRL + X, then Y, then Enter to save the file and exit the nano editor.

Step 6 — Optimize Your Nginx HTTP/2 Configuration

Simply enabling HTTP/2 is a good start, but applying additional optimizations ensures you extract maximum performance from your setup.

Recommended SSL and Performance Settings

Add or verify the following directives inside your server block:

# Modern TLS protocols only
ssl_protocols TLSv1.2 TLSv1.3;

# Strong cipher suites compatible with HTTP/2
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;

# SSL session caching for performance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;

# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

# HTTP Strict Transport Security (HSTS)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# Additional security headers
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

# Gzip compression (complements HTTP/2)
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

> Note on HTTP/2 and Gzip: HTTP/2 uses its own HPACK header compression, but enabling Gzip for response bodies still provides significant bandwidth savings for text-based assets.

Step 7 — Test the Nginx Configuration

Never restart Nginx without first testing the configuration for syntax errors. A misconfigured file can bring down your entire web server.

Run the built-in configuration test:

sudo nginx -t

A successful test produces:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you see any errors, review the output carefully. The error message will include the filename and line number where the problem was detected.

Step 8 — Restart Nginx and Apply Changes

Once the configuration test passes, restart Nginx to apply all changes:

sudo systemctl restart nginx

Alternatively, if you prefer a zero-downtime reload (which applies configuration changes without dropping active connections):

sudo systemctl reload nginx

For HTTP/2 enablement specifically, a full restart is recommended to ensure the new protocol settings are fully initialized.

Step 9 — Verify HTTP/2 Is Active

After restarting Nginx, confirm that HTTP/2 is actually being served to clients using one of the following methods.

Method 1: Using curl

The curl command-line tool can report the protocol version used:

curl -I --http2 https://your_domain.com

Look for the response header:

HTTP/2 200

If you see HTTP/2 200, HTTP/2 is working correctly.

Method 2: Using the OpenSSL Command

openssl s_client -connect your_domain.com:443 -alpn h2

In the output, look for:

ALPN protocol: h2

h2 is the ALPN identifier for HTTP/2. If you see this, your server is correctly advertising HTTP/2 support during the TLS handshake.

Method 3: Using Browser Developer Tools

1. Open your website in Google Chrome or Mozilla Firefox
2. Press F12 to open Developer Tools
3. Navigate to the Network tab
4. Reload the page (F5 or Ctrl+R)
5. Right-click on any column header in the request list and enable the Protocol column
6. You should see h2 listed as the protocol for your domain's requests

Method 4: Using an Online HTTP/2 Testing Tool

Visit https://tools.keycdn.com/http2-test and enter your domain. The tool will confirm whether HTTP/2 is active and provide additional details about your server's TLS configuration.

Troubleshooting Common Issues

HTTP/2 Not Showing in Browser Despite Configuration

• Cause: Browser cached an older HTTP/1.1 connection.
• Fix: Clear browser cache and cookies, or test in a private/incognito window.

nginx -t Returns SSL Certificate Errors

• Cause: Incorrect certificate paths in the configuration file.
• Fix: Verify the exact paths using sudo ls /etc/letsencrypt/live/your_domain.com/ and update the ssl_certificate and ssl_certificate_key directives accordingly.

Port 443 Not Accessible

• Cause: Firewall blocking HTTPS traffic.
• Fix: Run sudo ufw allow 443/tcp and verify with sudo ufw status.

Certbot Fails Domain Validation

• Cause: DNS A record not yet propagated, or port 80 is blocked.
• Fix: Verify your domain resolves to the correct IP using dig your_domain.com A. Ensure port 80 is open for the ACME HTTP challenge.

unknown directive "http2" Error in Nginx

• Cause: Nginx version is too old (pre-1.9.5) or was compiled without HTTP/2 support.
• Fix: Upgrade Nginx. On Ubuntu 20.04+, the default repository version supports HTTP/2. You can also add the official Nginx PPA: sudo add-apt-repository ppa:nginx/stable && sudo apt update && sudo apt upgrade nginx.

Conclusion

You have successfully installed Nginx with full HTTP/2 support on Ubuntu. Here's a summary of everything accomplished:

• ✅ Installed and enabled Nginx as a system service
• ✅ Obtained a free, auto-renewing SSL certificate via Let's Encrypt and Certbot
• ✅ Configured the Nginx server block with the http2 directive
• ✅ Applied TLS hardening, OCSP stapling, HSTS, and Gzip compression
• ✅ Tested the configuration and verified HTTP/2 is active

Enabling HTTP/2 is one of the highest-impact, lowest-effort optimizations you can make to a web server. Combined with strong TLS settings and proper caching headers, it significantly improves page load times, Core Web Vitals scores, and ultimately your site's search engine rankings.

Keep your stack current: Regularly run sudo apt update && sudo apt upgrade to keep Nginx, OpenSSL, and Certbot up to date with the latest security patches.

Take Your Server Performance Further

The performance gains from HTTP/2 are most pronounced on fast, reliable infrastructure. If you're currently on shared hosting and hitting resource limits, consider upgrading to a VPS Hosting plan for dedicated resources and full root access. For high-traffic applications, Dedicated Servers offer unmatched raw performance. You can also manage your server environment easily with a VPS with cPanel if you prefer a graphical interface over the command line.

Whatever your infrastructure needs, AlexHost provides the platform to run Nginx, HTTP/2, and your entire web stack at peak efficiency.