2015-11-13 Update: The content of this article is now outdated, and some configurations may have potential issues. Not recommended for use, for reference only.
2014-04-09 Update: Upgraded OpenSSL version (1.0.1f) and Nginx version to avoid the Heartbleed attack.
The blog now enforces HTTPS access. Visitors coming from non-search-engine sources will be automatically redirected to HTTPS. Besides providing more secure data transmission, this was also done to enable SPDY.
Enabling SPDY was actually quite a headache. Since I’m using Nginx (unlike Apache which has a direct SPDY module), I looked it up online and found out that Nginx versions 1.4.X and above come with SPDY/2 support built-in. So I went ahead and upgraded Nginx. After the upgrade, I wrote the configuration file, but when I tried to restart, I suddenly got this message:
nginx: [warn] nginx was built without OpenSSL NPN support, SPDY is not enabled for 0.0.0.0:443 in …..
It seemed SPDY failed to enable. When I tested it in the browser, although the site was accessible, SPDY was not actually working. I searched for the reason and discovered that the OpenSSL version was too old. So I figured I’d just upgrade it. I followed some online tutorials to upgrade, but after the upgrade, when I started Nginx again, I still got the same error. At that point I was completely lost and couldn’t figure out what went wrong. I checked the issue several more times but still couldn’t find the cause, so in the end I just restored the old configuration and gave up.
The next day (yesterday), because I also wanted to enable SSL on coxxs.me, I searched for information again and incidentally looked up SPDY once more. Suddenly I found this article. After reading it, everything clicked — the problem was probably that Nginx wasn’t linked to the new version of OpenSSL and was still using the old one. So I made some small modifications, followed his steps, and here’s roughly what I did:
# Download and compile openssl (do not install) cd /root/ wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz tar xfz openssl-1.0.1g.tar.gz cd openssl-1.0.1g ./config make # Then stop nginx process, rename /usr/local/nginx to nginx_old cd /root/ wget http://nginx.org/download/nginx-1.5.13.tar.gz tar xfz nginx-1.5.13.tar.gz cd nginx-1.5.13 ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-http_spdy_module --with-openssl=/root/openssl-1.0.1g make make install # After installation, delete /usr/local/nginx/conf, copy /usr/local/nginx_old/conf to /usr/local/nginx/conf, then restart the server
After configuring it properly in the corresponding Nginx .conf file, SSL & SPDY were successfully enabled. Try visiting this site with Chrome (or any browser that supports SPDY) — doesn’t it feel much faster?