Enable SPDY, HSTS and pagespeed?

[Fred.]

Hi,

I'm trying to enable SPDY.
I added SPDY in "/usr/local/directadmin/data/templates/nginx_server_secure.conf":

changed

	listen |IP|:|PORT_443| ssl;
	|MULTI_IP|

to

	listen |IP|:|PORT_443| ssl spdy;
	|MULTI_IP|

And also added

add_header Alternate-Protocol  443:npn-spdy/3;

then I did
./build rewrite_confs

but still no SPDY?

to enable HSTS it should be this

map $scheme $hsts_header {
    https   "max-age=31536000;  includeSubDomains";
}

server {
    listen  80;
    listen  443 ssl spdy deferred;

    add_header Strict-Transport-Security $hsts_header;
}

That doesn't work ether...

And can someone tell me how I can enable the pagespeed module?
And what do I have to add to the nginx_server_secure.conf?

Thanks.

It would be nice to have these modules as default in Nginx. Everyone is using them!

 

[Vaporizer]

If you are using CB2.0 you should copy

/usr/local/directadmin/custombuild/configure/nginx/configure.nginx
/usr/local/directadmin/custombuild/configure/nginx/conf/nginx-vhosts.conf

to

/usr/local/directadmin/custombuild/custom/nginx/configure.nginx
/usr/local/directadmin/custombuild/custom/nginx/conf/nginx-vhosts.conf

Then modify configure.nginx so the SPDY module is compiled (--with-http_spdy_module) and add the following in nginx-vhosts.conf:

listen       |IP|:|PORT_443| ssl [B]spdy[/B];
listen       127.0.0.1:|PORT_443| ssl [B]spdy[/B];
listen       [::1]:|PORT_443| ssl [B]spdy[/B];

[B]add_header Alternate-Protocol 443:npn-spdy/3;[/B]

Finally, rebuild nginx through CB2.0 and now SPDY should work.

 

[Fred.]

Hi Vaporizer,

I did exactly what you said. But still no SPDY.
There must be something else that's not right...

If I check spdycheck.org it says

SPDY Protocol Not Enabled!
Seriously? This SSL/TLS server is using the NPN Entension to tell browsers it supports alternative protocols, but SPDY is not a protocol it supports. The server is not making SPDY an option. Since all the pieces are in place, hopefully it will be easy to enable SPDY support with this server.

Not Using Strict-Transport-Security
This website is not using HSTS, also known as Strict Transport Security. HSTS is a special HTTP response header, sent by the web server on content served over SSL, which tells the browser to always use SSL when talking to this website. HSTS not only adds security, but improves performance since your visitors will always exclusively use the SSL version of your website, allowing them to also use SPDY.

The SPDY module is loaded

nginx -V
nginx version: nginx/1.6.2
built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) 
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --with-ipv6 --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-cc-opt=''-D FD_SETSIZE=32768'' --with-http_spdy_module

 

[Vaporizer]

Could you check if /etc/nginx/nginx-vhosts.conf was changed after you rebuilt nginx? It should contain the changes you made in /usr/local/directadmin/custombuild/custom/nginx/conf/nginx-vhosts.conf.

Also check the output of

/usr/local/directadmin/custombuild/build used_configs

For nginx it should point to /usr/local/directadmin/custombuild/custom/nginx/configure.nginx

 

[Fred.]

Thanks Vaporizer

With your last post I found out it wasn't updating
/etc/nginx/nginx-vhosts.conf

Then I started checking what could be wrong and found out that I had my .conf files in the wrong location
Mine was in /usr/local/directadmin/custombuild/configure/nginx/nginx-vhosts.conf
And it has to be /usr/local/directadmin/custombuild/configure/nginx/conf/nginx-vhosts.conf

All good now.
Thanks!