$ssl_alpn_protocol

Description

The $ssl_alpn_protocol variable is specific to configurations that utilize HTTP/2 or other protocols that employ ALPN during the TLS handshake. This variable is set when a connection is made over HTTPS and allows the server to determine which application layer protocol has been selected by the client. It is primarily useful for servers that implement protocol variation in their service, such as providing content over both HTTP/1.1 and HTTP/2, depending on client capabilities. The value of this variable can be either the protocol name, such as 'h2' for HTTP/2 or 'http/1.1', representing the negotiated protocol. This variable is particularly important for performance optimization, as it allows the server to respond to client requests using the most appropriate protocol that the client supports according to the ALPN list. When a client initiates a TLS handshake, it can propose multiple protocols, and the server decides the best-suited protocol for that session. If the client does not support any of the protocols that the server offers, the variable will be unset, and a typical fallback may occur to a default protocol, often HTTP/1.1. This mechanism of negotiation enhances compatibility and performance across different client implementations.

Config Example

server {
    listen 443 ssl;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    # Using the variable in a log format to capture the negotiated protocol
    access_log /var/log/nginx/access.log custom_format;

    location / {
        if ($ssl_alpn_protocol = 'h2') {
            # Perform actions specific to HTTP/2
        }
        # Other processing...
    }
}

log_format custom_format '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" Protocol: $ssl_alpn_protocol';