How to install NGINX with HTTP2 on Debian Jessie (upgrading OpenSSL)

Maybe lot's of you (performance fans) would want to try the latest enabling technologies, at some point, to improve your website speed and to be part of the web going forward.

Sometimes it becomes difficult cause you must decide to move forward at the expense of stability and risk to break things.

I'm too sick about web performance so I will always choose the breaking way.

I was running an Nginx shipped with Jessie (1.6.4 or similar) so in order to upgrade Nginx to the latest version I removed the Debian equipped version (as explained here) with

# Removes all but config files.
sudo apt-get remove nginx nginx-common 
# To remove no longer required dependencies.
sudo apt-get autoremove

After this I added the official NGINX repos like the following at the end of /etc/apt/sources.list file

deb http://nginx.org/packages/mainline/debian/ codename nginx
deb-src http://nginx.org/packages/mainline/debian/ codename nginx

And run the command

apt-get update
apt-get install nginx

Well done. Now I modified spdy with http2 in my virtualhost configuration, but when testing my website I found that all the resources where served using http/1.1 according to the Chrome Network Panel.

I went deeper to find what were going wrong and just to double check I tried the
chrome://net-internals/#events&q=type:HTTP2_SESSION%20is:active but it simply confirmed the issue.

What to do when http2 is enabled but not running?

I searched a little bit on Google a possible issues and I found this interesting discussion on Serverfault.

The issued seems to be related to the Jessie Openssl build (1.0.1) and NPN. Chrome decided to not supporting anymore HTTP/2 with NPN and as a consequence I needed to follow the not suggested way of installing OpenSSL 1.0.2 from jessie-backports and use Ubuntu 16.04 LTS builds from nginx's own repository.

So in /etc/apt/sources.list again:

# jessie-backports, from stretch-level but with no dependencies
deb http://httpredir.debian.org/debian/ jessie-backports main contrib non-free
deb-src http://httpredir.debian.org/debian/ jessie-backports main contrib non-free

# Nginx repository - use Ubuntu 16.04 LTS Xenial to get packages compiled with OpenSSL 1.0.2
deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx
deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx

Then run:

apt-get remove nginx
apt-get update
apt-get install -t jessie-backports openssl
apt-get install nginx

Now running my website I finally see h2 going on.

Welcome HTTP/2. Bye bye SPDY.