ssl_alpn
The `ssl_alpn` directive specifies the Application-Layer Protocol Negotiation (ALPN) protocols for Stream connections in NGINX.
Description
The ssl_alpn directive is crucial for defining the ALPN protocols used by the Stream module in NGINX. By allowing clients to negotiate which application protocol to use during the SSL/TLS handshake, ssl_alpn facilitates optimal performance and compatibility for various protocols, such as HTTP/2 and HTTP/1.1.
When specified, the directive takes one or more protocol names as arguments, which are used in the ALPN negotiation process. This directive must be included in the valid contexts of stream or stream server, signifying that it is used specifically for TCP or UDP connections rather than HTTP. If multiple protocols are specified, they must be listed in the order of preference, as the server will present them to the client in that sequence.
Additionally, it is important to note that if the client does not support any of the offered protocols, the connection may fail, so proper configuration and support validation are necessary to ensure clients can negotiate a protocol successfully. Also, make sure that your OpenSSL version is compatible with ALPN for this directive to function correctly.
Config Example
stream {
server {
listen 443 ssl;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
ssl_alpn h2 http/1.1;
}
}Make sure the specified protocols are supported by the client to avoid connection failures.
Always test configurations after changing ALPN settings for compatibility issues or server responses.
Ensure that your OpenSSL version is compiled with ALPN support.