OpenSSL 1.0.2f, nginx 1.9.11, and Let's Encrypt on Ubuntu 14.04

I’m excited about HTTP/2. It’s still early in its history, and protocols have a long life and slow adoption curve (see IPv6). However, it takes significant effort to get HTTP/2 up and working on web servers like nginx on popular Linux distributions like Ubuntu 14.04.

This article is about compiling nginx from source code on Ubuntu 14.04 with support for OpenSSL 1.0.2—a requirement for using the TLS protocol extension Application Layer Protocol Negotiation (ALPN). This is important because the Google Chrome team recently announced APLN will be the only protocol supported for HTTP/2 connections over TLS in starting May 2016.

What's with the .fail domain?

This site is an experiment. If your browser supports it, it’s delivered to you using the glorious HTTP/2 application protocol encrypted using the latest in certificate technology from Let’s Encrypt, sent to you from nginx on a cheap server somewhere on the U.S. West Coast.

The .fail domain acknowledges that things break, certificates expire, configuration errors take down sites, bad code gets pushed to production, and people forget how to do things.

This quote at the top of the page isn’t my own. It’s taken directly from Richard Cook’s classic paper on failure in complex systems and a favorite of many people in the operations world (including me). I want to use this site as a sandbox for testing the latest web technology for less than $5 a month—and to have a place to share what I’m working on.