I am interested in adding http2 support to nginx installed on my router. I can see that there is an nginx-all-module package that will support this, however I don't need all of those modules as I have concerns about the increased attack surface.
If http2 is added to the nginx-ssl package, then I understand that the module is only enabled if the nginx conf files are explicitly changed to add http2 on a listen.
I understand that I know just enough to be dangerous and that I am potentially asking the package maintainer to do additional work
Thanks for reading
Unless you want to do it just for research, I would not bother about http2. Which servers use it ? For widespread production use, I see it in the distant future only.
I use nginx as a reverse proxy in front of a server supporting http2, so the site gets downgraded. It is more for research than full production use. However it does look as if http2 should deliver reduced overall resource usage, possibly at the cost of higher instantaneous resource usage. And both at the server side and client side.
I just checked latest sources. You can explicitly configure nginx-module http2 to be included in custom build of firmware.
CONFIG_NGINX_HTTP_V2=y
Personally, I am against it, as it practically forces usage of SSL, which trades all honest possibilities of data caching for the purpose of acceleration against a false feeling of "security". Which helps certain institutions to render ad-blockers useless. And same for legitimate web filters, i.e. regarding minors.
For clarification, it appears that you are against SSL being made a requirement by certain web giants? Rather than including http2 in the nginx-ssl package?
Yes, I am against SSL being made a requirement by certain web giants. But that also means, I am against widespread use of http2, SSL, although not absolutely required for http2, practically it is/will be.
Logically, that means that these comments are not relevant to my specific question. Since I am already using SSL, then bundling http2 does not make any difference in the context of your objections.
I set up a VM to build OpenWRT (Ubuntu server) but need a hint on how to get started for building nginx. The default build configuration tool menu does not have an option for nginx, so I guess that I must download additional sources from somewhere and somehow integrate it into what I already setup.
and that I am potentially asking the package maintainer to do additional work