3

I manage a server (hosted VPS) that we use as a shared hosting environment for sites we build for our clients. All new sites we build going forward will be running on HTTPS, but most of the older sites are not configured to support HTTPS. We'll likely convert them all some time soon, but we're not quite there yet.

I'd like to enable HTTP/2 so the new sites can take advantage of it, but I can't interfere with the old sites that have to continue to be served via HTTP/1 for now. Will the sites with no SSL/TLS certificates automatically fallback to HTTP/1, or will browsers detect HTTP/2 support and try to connect over SSL/TLS, producing an invalid certificate security warning? Is there anything I can/should do to ensure the correct behavior?

We're running Plesk Onyx 17 on CentOS 6, using Apache with nginx as a reverse proxy, if any of that is important.

laike9m
  • 18,344
  • 20
  • 107
  • 140
Corey C.
  • 77
  • 1
  • 8
  • Nginx is able to serve multiple sites with different configurations, then you can have one site served using HTTP/1, others using HTTP/2+HTTPS, so what's the problem here? – laike9m Dec 09 '16 at 04:59
  • I don't use Plesk, does it give you the permission to edit the Nginx conf file? – laike9m Dec 09 '16 at 16:53
  • I'm primarily a developer, and use Plesk for most server management. In Plesk there is not an option to set HTTP version on a per-site basis that I know of. I have limited familiarity with nginx config files, so it's entirely possible I'm missing an obvious answer here. If you're suggesting I need to manually edit each site's config file individually, that's a valid answer. But note that by "shared hosting," I meant vhosts on a shared IP. I thought I read that nginx can only configure different HTTP protocols by IP address. I could probably swing a 2nd IP if that's the only solution, though. – Corey C. Dec 09 '16 at 16:58
  • It looks like there's a space for entering nginx config directives on a per-site basis. So that may be the best route here. – Corey C. Dec 09 '16 at 17:09

1 Answers1

0
upstream oldhttp1site {
  server 127.0.0.1:8000;  # Apache instance listens on port 8000
}

upstream newhttp2site {
  server 127.0.0.1:8001;
}

http {
    server {
        listen      80;
        server_name www.domain1.com;
        proxy_pass http://localhost:8000/;
    }

    server {
        listen 443 ssl http2 default_server;
        server_name www.domain2.com;

        ssl_certificate /path-to/yoursite.chain.crt;
        ssl_certificate_key /path-to/yoursite.key;
        # other HTTP/2 and SSL specific settings 

        proxy_pass http://localhost:8001/;
    }
}

It's absolutely possible. Just to give you a basic idea.

laike9m
  • 18,344
  • 20
  • 107
  • 140