Popular Keywords

Categories

No Record Found

View All Results

Nginx HTTP/2 Modern Config Guide for cPanel, WHM, and Bare Nginx

Update older Nginx HTTP/2 configs to the newer http2 on directive, test safely, reload without downtime, and verify h2 from the browser or curl.

This older HTTP/2 article has been refreshed for modern Nginx configs. The big change is simple but important: on newer Nginx builds, do not keep copying the old listen 443 ssl http2; pattern into fresh configs. Use a normal TLS listen line and enable HTTP/2 with a separate http2 on; directive.

That keeps the config aligned with current Nginx documentation, makes virtual hosts easier to audit, and avoids noisy warnings on newer 1.25.x and later builds. If you inherited a cPanel/WHM, reverse proxy, VPS, agency, or SaaS server with old examples pasted all over the place, this is the cleanup path.

What changed in newer Nginx HTTP/2 configs

Nginx documents the http2 directive in the ngx_http_v2_module. The official example now uses listen 443 ssl; and then http2 on; inside the server block. Nginx also notes that the directive appeared in version 1.25.1 and that HTTP/2 over TLS needs ALPN support from OpenSSL.

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    server_name example.com www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    root /var/www/example.com/public;
    index index.php index.html;
}

Older configs like this may still work on some systems, but they are not the pattern to keep using for new work:

listen 443 ssl http2;

On hosts that run an older Nginx package, http2 on; may not exist yet. That is why the first step is not editing the config. The first step is checking what package and module you actually have.

Check the server before you edit

nginx -v
nginx -V 2>&1 | tr ' ' 'n' | grep -E 'http_v2|openssl|configure'
openssl version

You are looking for an Nginx build with HTTP/2 module support and an OpenSSL stack that can negotiate ALPN for browser traffic. On a vendor-managed server, also check whether the panel owns the Nginx templates. cPanel, Plesk, Nginx Manager style plugins, and managed hosting stacks may regenerate files after updates.

Safe update workflow

  1. Back up the vhost or include file you are changing.
  2. Confirm the domain already has a valid TLS certificate.
  3. Change listen 443 ssl http2; to listen 443 ssl;.
  4. Add http2 on; inside the matching server block.
  5. Keep port 80 redirect logic separate from the HTTPS server block.
  6. Run nginx -t before every reload.
  7. Reload Nginx during a low-risk window and keep a rollback copy ready.
sudo cp /etc/nginx/conf.d/example.com.conf /root/example.com.conf.before-http2
sudo nginx -t
sudo systemctl reload nginx

If nginx -t fails with an unknown directive error for http2, the package is too old for this syntax or was not built with the HTTP/2 module. Roll back the file, verify the package source, and plan a controlled Nginx upgrade instead of forcing a half-working config.

Recommended HTTPS redirect block

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;

    return 301 https://example.com$request_uri;
}

Keep redirects boring. HTTP/2 belongs on the TLS server. Do not try to solve certificate redirects, www redirects, canonical redirects, and application rewrites all in one mystery block unless you enjoy future-you staring at logs at 1:00 AM.

Verify HTTP/2 after reload

curl -I --http2 https://example.com/
curl -sS -o /dev/null -w '%{http_version}n' https://example.com/

Browsers should show h2 in the network protocol column. If you are behind Cloudflare, another CDN, or a load balancer, test both the public hostname and the origin path you control. The edge may speak HTTP/2 to visitors even when the edge-to-origin leg uses HTTP/1.1, so be clear about which connection you are checking.

cPanel and WHM notes

On cPanel/WHM servers, do not blindly hand-edit generated Nginx reverse proxy files. Confirm whether Nginx is installed through cPanel, a supported plugin, Engintron, a custom reverse proxy, or your own package. If the panel owns the include files, update the supported template, local include, or plugin setting instead of changing generated output that may be overwritten later.

For hosting providers, test one low-risk domain first, then roll through the fleet in batches. Watch error logs, access logs, CDN behavior, and customer apps that depend on unusual headers, websocket paths, long uploads, or old TLS settings.

Rollback plan

Rollback is straightforward if you keep a copy of the original file and only change one thing at a time. Restore the previous vhost file, run nginx -t, and reload. If the problem is package-level, hold the rollout and test the package in a staging VM or non-customer server first.

Related Fix I.T. Phill guides

Sources checked

Picture of admin

admin

Leave a Reply

About Us

Fix I.T. Phill is a site dedicated to sharing knowledge freely to the public.  Use our Contact Us Form to submit new requests for tutorials that we will get up and ready for you ASAP!

Recent Posts

Follow Us

Twitch Twitter

Sign up for our Newsletter

Get the latest information on what is going on in the I.T. World.