I manage a server (hosted VPS) that we use as a shared hosting environment for sites we build for our clients. All new sites we build going forward will be running on HTTPS, but most of the older sites are not configured to support HTTPS. We'll likely convert them all some time soon, but we're not quite there yet.
I'd like to enable HTTP/2 so the new sites can take advantage of it, but I can't interfere with the old sites that have to continue to be served via HTTP/1 for now. Will the sites with no SSL/TLS certificates automatically fallback to HTTP/1, or will browsers detect HTTP/2 support and try to connect over SSL/TLS, producing an invalid certificate security warning? Is there anything I can/should do to ensure the correct behavior?
We're running Plesk Onyx 17 on CentOS 6, using Apache with nginx as a reverse proxy, if any of that is important.
upstream oldhttp1site {
server 127.0.0.1:8000; # Apache instance listens on port 8000
}
upstream newhttp2site {
server 127.0.0.1:8001;
}
http {
server {
listen 80;
server_name www.domain1.com;
proxy_pass http://localhost:8000/;
}
server {
listen 443 ssl http2 default_server;
server_name www.domain2.com;
ssl_certificate /path-to/yoursite.chain.crt;
ssl_certificate_key /path-to/yoursite.key;
# other HTTP/2 and SSL specific settings
proxy_pass http://localhost:8001/;
}
}
It's absolutely possible. Just to give you a basic idea.