One place for hosting & domains

      Support

      How To Set Up Nginx with HTTP/2 Support on Ubuntu 20.04


      A previous version of this tutorial was written by Sergey Zhukaev.

      Introduction

      Nginx is a fast and reliable open-source web server. It gained its popularity due to its low memory footprint, high scalability, ease of configuration, and support for a wide variety of protocols.

      HTTP/2 is a newer version of the Hypertext Transport Protocol, which is used on the Web to deliver pages from server to browser. HTTP/2 is the first major update of HTTP in almost two decades: HTTP1.1 was introduced to the public back in 1999 when webpages were much smaller in size. The Internet has dramatically changed since then, and we are now facing the limitations of HTTP 1.1. The protocol limits potential transfer speeds for most modern websites because it downloads parts of a page in a queue – the previous part must download completely before the download of the next part begins – and an average modern web page downloads dozens of individual CSS, javascript, and image assets.

      HTTP/2 solves this problem because it brings a few fundamental changes:

      • All requests are downloaded in parallel, not in a queue
      • HTTP headers are compressed
      • Pages transfer as a binary, not as a text file, which is more efficient
      • Servers can “push” data even without the user’s request, which improves speed for users with high latency

      Even though HTTP/2 does not require encryption, developers of the two most popular browsers, Google Chrome and Mozilla Firefox, have stated that for security reasons they will support HTTP/2 only for HTTPS connections. Hence, if you decide to set up servers with HTTP/2 support, you must also secure them with HTTPS.

      This tutorial will help you set up a fast and secure Nginx server with HTTP/2 support.

      Prerequisites

      Before getting started, you will need a few things:

      • An Ubuntu 20.04 server set up by following the Ubuntu 20.04 initial server setup guide, including a sudo non-root user and a firewall.
      • Nginx installed on your server, which you can do by following How To Install Nginx on Ubuntu 20.04.
      • A domain name configured to point to your server. You can purchase one on Namecheap or get one for free on Freenom. You can learn how to point domains to DigitalOcean Droplets by following the documentation on How To Manage Your Domain With DigitalOcean.
      • A TLS/SSL certificate configured for your server. You have three options:
      • Nginx configured to redirect traffic from port 80 to port 443, which should be covered by the previous prerequisites.
      • Nginx configured to use a 2048-bit or higher Ephemeral Diffie-Hellman (DHE) key, which should also be covered by the previous prerequisites.

      Step 1 — Enabling HTTP/2 Support

      If you followed the server block set up step in the Nginx installation tutorial, you should have a server block for your domain at /etc/nginx/sites-available/your_domain with the server_name directive already set appropriately. The first change we will make will be to modify your domain’s server block to use HTTP/2.

      Open the configuration file for your domain using nano or your preferred editor:

      • sudo nano /etc/nginx/sites-enabled/your_domain

      In the file, locate the listen variables associated with port 443:

      /etc/nginx/sites-enabled/your_domain

      ...
          listen [::]:443 ssl ipv6only=on; 
          listen 443 ssl; 
      ...
      

      The first one is for IPv6 connections. The second one is for all IPv4 connections. We will enable HTTP/2 for both.

      Modify each listen directive to include http2:

      /etc/nginx/sites-enabled/your_domain

      ...
          listen [::]:443 ssl http2 ipv6only=on; 
          listen 443 ssl http2; 
      ...
      

      This tells Nginx to use HTTP/2 with supported browsers.

      Save the configuration file and exit the text editor. If you are using nano, press Ctrl+X then, when prompted, Y and then Enter.

      Whenever you make changes to Nginx configuration files, you should check the configuration for errors, using the -t flag, which runs Nginx’s built-in syntax check command:

      If the syntax is error-free, you will receive output like the following:

      Output of sudo nginx -t

      nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
      nginx: configuration file /etc/nginx/nginx.conf test is successful
      

      Next, you’ll configure your Nginx server to use a more restrictive list of ciphers to improve your server’s security.

      Step 2 — Removing Old and Insecure Cipher Suites

      HTTP/2 has a blocklist of old and insecure ciphers that should be avoided. Cipher suites are cryptographic algorithms that describe how the transferred data should be encrypted.

      The method you’ll use to define the ciphers depends on how you’ve configured your TLS/SSL certificates for Nginx.

      If you used Certbot to obtain your certificates, it also created the file /etc/letsencrypt/options-ssl-nginx.conf that contains ciphers that aren’t secure enough for HTTP/2. However, modifying this file will prevent Certbot from applying updates in the future, so we’ll just tell Nginx not to use this file and we’ll specify our own list of ciphers.

      Open the server block configuration file for your domain:

      sudo nano /etc/nginx/sites-enabled/your_domain
      

      Locate the line that includes the options-ssl-nginx.conf file and comment it out by adding a # character to the beginning of the line:

      /etc/nginx/sites-enabled/your_domain

      
          # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<^>
      

      Below that line, add this line to define the allowed ciphers:

      /etc/nginx/sites-enabled/your_domain

      
      ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
      

      Save the file and exit the editor.

      If you used self-signed certificates or used a certificate from a third party and configured it according to the prerequisites, open the file /etc/nginx/snippets/ssl-params.conf in your text editor:

      • sudo nano /etc/nginx/snippets/ssl-params.conf

      Locate the following line:

      /etc/nginx/snippets/ssl-params.conf

      ...
      ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
      ...
      

      Modify it to use the following list of ciphers:

      /etc/nginx/snippets/ssl-params.conf

      
      ...
      ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
      

      Save the file and exit your editor.

      Once again, check the configuration for syntax errors using the nginx -t command:

      If you encounter any errors, address them and test again.

      Once your configuration passes the syntax check, restart Nginx using the systemctl command:

      • sudo systemctl reload nginx.service

      With the server restarted, let’s verify that it works.

      Step 3 — Verifying that HTTP/2 is Enabled

      Let’s ensure the server is running and working with HTTP/2.

      Use the curl command to make a request to your site and view the headers:

      • curl -I -L --http2 https://your_domain

      You’ll receive output like the following:

      HTTP/2 200
      server: nginx/1.18.0 (Ubuntu)
      date: Wed, 10 Nov 2021 17:53:10 GMT
      content-type: text/html
      content-length: 612
      last-modified: Tue, 09 Nov 2021 23:18:37 GMT
      etag: "618b01cd-264"
      accept-ranges: bytes
      

      You can also verify that HTTP/2 is in use in Google Chrome. Open Chrome and navigate to https://your_domain. Open the Chrome Developer Tools (View -> Developer -> Developer Tools) and reload the page (View -> Reload This Page). Navigate to the Network tab, right-click on the table header row that starts with Name, and select the Protocol option from the popup menu.

      You’ll have a new Protocol column that contains h2 (which stands for HTTP/2), indicating that HTTP/2 is working.

      Chrome Developer Tools HTTP/2 check

      At this point, you’re ready to serve content through the HTTP/2 protocol. Let’s improve security and performance by enabling HSTS.

      Step 4 — Enabling HTTP Strict Transport Security (HSTS)

      Even though your HTTP requests redirect to HTTPS, you can enable HTTP Strict Transport Security (HSTS) to avoid having to do those redirects. If the browser finds an HSTS header, it will not try to connect to the server via regular HTTP again for a given time period. No matter what, it will exchange data using only encrypted HTTPS connection. This header also protects us from protocol downgrade attacks.

      Open the server block configuration file for your domain again:

      sudo nano /etc/nginx/your_domain
      

      Add this line to the same block of the file containing the SSL ciphers in order to enable HSTS:

      /etc/nginx/your_domain

      server {
      ...
          ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
          add_header Strict-Transport-Security "max-age=15768000" always;
      }
      ...
      

      The max-age is set in seconds. The value 15768000 is equivalent to 6 months.

      By default, this header is not added to subdomain requests. If you have subdomains and want HSTS to apply to all of them, you should add the includeSubDomains variable at the end of the line, like this:

      /etc/nginx/your_domain

      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
      

      Save the file, and exit the editor.

      Once again, check the configuration for syntax errors:

      Finally, restart the Nginx server to apply the changes.

      • sudo systemctl reload nginx.service

      Conclusion

      Your Nginx server is now serving HTTP/2 pages. If you want to test the strength of your SSL connection, please visit Qualys SSL Lab and run a test against your server. If everything is configured properly, you should get an A+ mark for security.

      To learn more about how Nginx parses and implements server block rules, try reading Understanding Nginx Server and Location Block Selection Algorithms.



      Source link

      How to Successfully Deal With Tech Support (5 Simple Steps)


      Spoiler alert: Setting up a website can be stressful — especially if it’s your first time. And even if you’re a pro, having something go wrong with your website at one point or another is pretty much inevitable. The hard truth is that technical difficulties can make you want to throw in the towel.

      But don’t give up, champ. 

      DreamHost’s brilliant tech support team is here to get you back on track. For more than 20 years, our top priority has always been customer satisfaction, which is why our support team wins awards for quality and responsiveness

      What’s more, getting help with your website is even easier if you know what to expect when you reach out to us and what you can do on your end to make the process as quick and painless as possible. Yep, you’ve got the power!

      In this article, we’ll help you cope with your website’s technical difficulties, give you some advice for contacting technical support, and let you know what to expect when you interact with a customer service rep. 

      Want to jump ahead? Here are 5 steps to successfully dealing with tech support:

      1. Try Some Basic Solutions
      2. Document the Problem in Detail
      3. Contact the Support Team
      4. Request a Callback (If Necessary)
      5. Work with the Support Specialist to Solve the Problem

      Are you ready to uncover the secrets to getting good customer service? Let’s dive in!

      We’ll Support Your Dream

      Whatever your goals, we’ll be right there with you, making sure your site is fast, secure, and always up. Plans start at $2.59/mo.

      Step 1: Try Some Basic Solutions

      If it looks like your site has gone offline entirely, there may be a quick fix you can tackle on your own. First, check to make sure the website is genuinely down and that the issue isn’t something on your end.

      Security software may be blocking your website, especially if you’re trying to access it from a different network than usual. Maybe your cat unplugged the router. Actually, she may be trying to help, so don’t forget to check and see if the reset worked. Last but not least, have you tried turning your computer on and off again? You’re welcome, fans of The IT Crowd.

      via GIPHY

      Once you’ve eliminated other possibilities and determined that your site is down, you’ll want to know whether it’s just you or if it’s a hosting problem. You can look at the DreamHost Status page to find out if there’s a system-wide issue.

      DreamHost’s status page.

      If DreamHost is experiencing downtime, there’s no need to contact tech support, as we’re already aware of the problem. You’ll just have to sit tight until it’s over.

      If this doesn’t seem to be the source of the issue, here are a few questions to ask yourself:

      • Did you miss a hosting payment? Maybe your payment information changed and you forgot to update it. If so, once you’ve paid up, your site should be back in a few hours. 
      • Have you recently made a Domain Name Server (DNS) change? If you’ve swapped hosting providers or made a similar change, your website may be down for several hours. Patience is the solution here.
      • Did your domain expire? Perhaps life got crazy and you forgot to renew your domain. It happens. Fortunately, DreamHost gives you a 30-day grace period.
      • Are your files in the wrong place? Websites can be finicky, so if you’ve moved an important file, your site may go down. You can check on this using the website file manager.
      • Have you changed any code recently? If you suspect this is the problem, you may want to review your error log. Even if this isn’t the cause, the information may be helpful to share with tech support.

      These are just a few possibilities, but asking the above questions may help get you on the right track. 

      If you were able to pinpoint the issue, you might want to see if you can DIY your way to a solution. Troubleshooting help is available 24/7 via our Knowledge Base and blog. Or you can join our private Facebook group to swap ideas with other website owners. 

      You’re Cordially Invited

      Join DreamHost’s Facebook group to connect with like-minded website owners and get advice from peers and experts alike!

      Step 2: Document the Problem in Detail

      So you’ve done your detective work, but you still don’t know what’s wrong. It’s probably time to call in some expert help. However, before contacting support, you might want to spend some time carefully documenting the issue your website is having. Being thorough now will make it easier for tech support to get you a solution quickly.

      First, try to reproduce the issue. A problem that can’t be copied will be much more challenging to solve. If you’re able to consistently trigger the issue, you can provide more information to the DreamHost tech.

      If you’re unable to recreate the exact circumstances, try to accomplish the task in other ways. Now might be an excellent time to explore the forums. Another user may have some helpful insight or creative suggestions for how to reproduce your problem.

      You don’t need to be a tech expert to document complex issues. Just use precise language to describe what you see in as much detail as possible. If you’re vague or inaccurate, you’ll likely end up having more back and forth with the support agent.

      DreamHost’s Contact Support form improperly filled out.

      Once you’ve put together a detailed description of the issue, you’ll want to compile your website’s recent history. Identify which domain is having problems and what Content Management System (CMS) you’re using. Include any changes you made, no matter how innocent they seem — even installing a new theme or plugin can sometimes create problems.

      Additionally, you’ll want to take screenshots of what you see to support your description. A picture is worth a thousand words, especially in tech support! Bonus points apply if you can grab some video while you’re at it.

      After you’ve thoroughly documented your problem, you’ll need to gather your account information. Have your domain name and the last four digits of your password handy.

      Step 3: Contact the DreamHost Tech Support Team

      Now it’s time to contact DreamHost’s award-winning, in-house support team. You can access a technical support specialist by email or live chat. If you’re an existing customer, both of these options will be available to you through your panel on the Contact Support page. If you’re unable to log in to your DreamHost account for any reason, you’ll need to contact support using the online contact form.

      No matter which avenue you choose to get in touch, you’ll start by filling out the Contact Support form. Remember all that information we asked you to gather in the first two steps? Plug it into the form. Include your detailed description of the problem, as well as any methods you’ve tried to fix it.

      Live chat is available from 5:30 am–9:30 pm Pacific time, seven days a week. The service is available in Spanish as well. After filling out the Contact Support box, click on the Chat now button and wait for an agent to join.

      Alt-text: DreamHost’s Live Chat feature.

      Once the chat is complete, you can review it in the Contact Support page’s Recent Messages section. Keep in mind that while it may be convenient, live chat is best suited for situations with a quick fix. If your issue is more complicated, the chat agent may ask you to open a ticket via email, as this is the preferred method for contacting support.

      You can create a ticket the same way you access the live chat. The only difference is that you’ll click on the Submit a ticket button after you’ve filled out the Contact Support form.

      Once you’ve submitted your ticket, it will appear under Open Tickets. You can withdraw it if you solve the issue independently and no longer need help from tech support. Otherwise, you’ll be able to view your conversation here. 

      Step 4: Request a Callback if Necessary

      After support resolves your issue, you can still refer back to the conversation if needed. You can find the closed ticket in the Support History section of DreamPanel. You’ll also find any other messages from DreamHost here.

      The support history section of DreamPanel.

      If you need to submit a file, you can do so by selecting the Attach files link at the bottom of the form. If you prefer, you can send the file via SFTP to your DreamHost server. Just be sure to explain what you’ll be uploading and where you uploaded it.

      DreamHost’s support team doesn’t typically operate over the phone. However, callbacks may be available to you, depending on your plan. You can choose to add three callbacks per month to any plan for an additional fee.

      To access phone support, check the Request a callback box when you submit your ticket.

       

      The option to request a callback when contacting DreamHost tech support.

      Here, you’ll also be able to add your phone number and a preferred time. Even if you choose to have a callback, be sure to include as much information as possible when filling out the Contact Support box.

      Step 5: Work With Our Support Team to Solve Your Problem

      The DreamHost support team tries to reply to all requests within 24 hours. However, that doesn’t necessarily mean we’ll completely solve the problem at that time. You’ll be working together with a support agent to diagnose and resolve your issue. Tech support is a team effort.

      Be prepared to answer some questions and maybe even perform a few tasks to help diagnose the trouble. You’ll also be able to ask any questions that you may have. If it turns out the issue isn’t with DreamHost, our support specialists will try to point you in the right direction to get it worked out.

      Of course, it helps the entire process if everyone tries to remain calm and courteous. Glitches and technical difficulties are part of owning a website, and this likely isn’t the only time you’ll encounter frustrations. Even if you’re worried about losing traffic, it won’t help to lose your cool. You haven’t done all that yoga for nothing. Breathe.

      Remember, even if your website is experiencing significant downtime, DreamHost has a 100% uptime guarantee. You’ll receive credit for the inconvenience, and we’ll do everything we can to improve your customer experience.

      Be Awesome on the Internet

      Subscribe to our monthly newsletter for helpful tips and tricks to build your dream website!

      Great Customer Support Is a Click Away

      Handling website problems is no one’s idea of a fun time, and TBH, neither is interacting with angry customers. It’s totally normal that you’re feeling stressed out, frustrated, and maybe even embarrassed for not having the answers yourself. But before you open that bottle of wine, keep calm and contact tech support.

      Knowing what to do when complex issues arise can make the situation a little less scary. Also, planning ahead when dealing with tech support can help you get the most out of the experience. Gather as much detailed information as you can and know what channels you have available to you, as well as how to use them.

      With DreamHost’s superhero tech support team in your corner, you can build your website fearlessly. Get started with a hosting plan today!



      Source link

      INAP Introduces New Managed AWS Support Plans


      INAP announced today its new Managed AWS support plans, offering greater service capabilities and more flexibility for a broad range of public cloud use cases and budgets. Each plan offers critical features and benefits like consolidated billing, access to certified AWS architects and technicians, and around-the-clock troubleshooting.

      Premium features include advanced deployment services, interconnectivity to AWS from INAP data centers, flexible solution architecture, and comprehensive reporting and cost optimization consultation.

      You can learn all the key details of the support plans—Service First On-Demand and Service First Premier—by reading on below or heading to our Managed AWS service page.

      First, though, some context for why we believe Managed AWS with INAP is a whole lot more than a one-off solution.

      INAP Managed AWS Certified Architects

       

      Multicloud & Hybrid IT Have Arrived

      Managed AWS complements INAP’s existing cloud, colocation and network portfolio, allowing customers to fully realize the potential of hybrid strategies shaping the future of IT.

      As reported in INAP’s 2019 State of IT Infrastructure Management, on-premise-only IT strategies are facing steep decline. A majority (56 percent) of organizations currently maintaining their own data centers will be moving at least some of their infrastructure off-premise within the next three years; 78 percent of those organizations will be selecting hyperscale providers like AWS for specific workloads.

      The challenge for many organizations, however, is that AWS is whole new ball game from an operational and economics perspective.

      While the platform offers compelling solutions for a variety of applications, it is as complex as it is powerful. Even for skilled IT infrastructure professionals, achieving proficiency in the platform and its ever-growing list of tools and products is no easy feat. According to Amazon’s own recommendations, attempting the AWS Solutions Architect Associate certification requires a year of platform experience and studying. Practitioners chasing mastery can add another year for the Professional certificate and several months of prep for specialty certifications like networking and security.

      Do you need these credentials to spin up a cloud environment on AWS? No, but we believe there are two related reasons Amazon emphasizes their certification programs and maintains a vast database of technical documentation.

      First, AWS’s support model is designed for DIY shops. Outside of resolving underlying AWS infrastructure and network issues, Amazon leaves you on your own for environment configuration and optimization.

      Second, running mission-critical workloads in AWS without a deep understanding of the platform’s nuances and complexity can lead to significant problems: sticker shock and blown budgets, workload performance degradation, or worse yet, security vulnerabilities and downtime caused by environment misconfigurations and architectural mistakes.

      For many IT organizations operating hybrid and multicloud strategies, learning a brand-new platform is not the best use of time and limited resources.

      In fact, nearly 8 in 10 IT pros we surveyed believe they could bring more value to their organization if they spent less time on routine tasks like cloud server monitoring and maintenance. Increasingly, IT professionals’ skills are better spent on value-added tasks like new application development and collaborating with business units on new technology initiatives.

      This is all to say that Amazon has made a conscious choice to rely on third-party partners like INAP to help customers succeed.

      Our Managed AWS plans are carefully designed to help IT organizations achieve the promise of hyperscale cloud without confronting operational headaches along the way.

      Simply put: Our experienced team of AWS certified solutions architects and support experts mastered AWS so you don’t have to.

      INAP Managed AWS: Service Plan Overview

      Managed Support Services

      Service First On-Demand

      For a low monthly fee, customers receive core infrastructure monitoring and response, ticketing and hotline access, consolidated billing and basic issue mitigation—e.g., break/fix and simple configurations.

      Service First Premier

      A fully managed, proactive support experience with advanced monitoring, performance optimization best practices, and detailed monthly reporting. You’ll receive hands-on management for all supported AWS services active in your deployment. For infrastructure issues with AWS data centers, our team will work directly with Amazon representatives.


      CHAT NOW

      AWS Migration Support and Deployment Services

      For customers new to AWS or for customers deploying new environments, INAP offers two tiers of onboarding and deployment services.

      Tier 1: A certified onboarding engineer will implement architecture best-practices tailored to your applications, spin-up your instances and configure services.

      Tier 2: This white-glove onboarding service includes everything from Tier 1, plus:

      • Custom image configuration
      • Network and load balancer configuration
      • Access management and security configuration
      • Set up of up to five enhanced AWS services

      Add-on services include advanced solution architecture for complex deployments, migration support and AWS Direct Connect configuration.

      Deployment services are only available to customers signing up for one of INAP’s Service First support plans.

      Common AWS Use Cases

      INAP’s AWS experts support a vast array of Amazon’s powerful toolkit, specializing in four primary areas: hyperscale compute and storage environments, off-premise backup, serverless, and multicloud.

      Hyperscale: INAP manages and optimizes your core AWS infrastructure, including EC2, VPC, ELB, S3 and RDS.   

      Off-Premise Backup: Using AWS’s wide range of cloud backup storage services to support both application and archival compliance requirements, INAP manages the backup schedule and data life cycle.

      Serverless: Using AWS Lamda, INAP will design and operate the ideal environment for your serverless backend and data processing systems.

      Multicloud & Hybrid: Pair the ideal AWS solution with your on-premise, INAP Colo or INAP Cloud environment to improve performance and reliability.

      In the coming weeks, we’ll break down common reference architectures for each of these specialty areas and share advice for getting started.

      In the meantime, chat with us today and download the following resources:

      INAP Managed AWS Overview [pdf]
      INAP Managed AWS FAQ [pdf]   

      Interested in learning more?

      CHAT NOW

      Jennifer Curry
      • SVP, Global Cloud Services


      Jennifer Curry is SVP, Global Cloud Services. She is an operational and technology leader with over 17 years of experience in the IT industry, including seven years in the hosting/cloud market. READ MORE



      Source link