ライブラリのインストール

$ sudo yum -y install libev-devel
$ sudo yum -y install zlib-devel
$ sudo yum -y install openssl-devel

nghttp2

$ wget https://github.com/tatsuhiro-t/nghttp2/releases/download/v1.4.0/nghttp2-1.4.0.tar.gz
$ tar zxf nghttp2-1.4.0.tar.gz
$ cd nghttp2-1.4.0
$ autoreconf -i 
$ automake
$ autoconf
$ ./configure
$ make
$ sudo make install

秘密鍵の作成

$ openssl genrsa 2048 > server.key
Generating RSA private key, 2048 bit long modulus
.......+++
...........................................................................................+++
e is 65537 (0x10001)
$

CSR（証明書署名要求）の作成

$ openssl req -new -key server.key > server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$

※基本空でエンター

SSLサーバ証明書の作成（有効期限10年）

$ openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt
Signature ok
subject=/C=JP/L=Default City/O=Default Company Ltd
Getting Private key
$

秘密鍵とSSLサーバ証明書を適当な場所に移動

$ sudo mv -i server.key /etc/pki/tls/private/
$ sudo mv -i server.crt  /etc/pki/tls/certs/
$

セキュリティ確保のため nghttpd の実行ユーザ「nghttp2」を作成

$ sudo useradd -d /run/nghttp2 -s /sbin/nologin nghttp2

秘密鍵とSSLサーバ証明書のオーナーを「nghttp2」ユーザに変更

$ sudo chown nghttp2:nghttp2 /etc/pki/tls/private/server.key
$ sudo chown nghttp2:nghttp2 /etc/pki/tls/certs/server.crt
$ sudo chmod 600 /etc/pki/tls/private/server.key
$ sudo chmod 600 /etc/pki/tls/certs/server.crt
$

CSRを削除

$ sudo rm server.csr

nghttpd の設定ファイルを作成します

$ sudo vi /etc/sysconfig/nghttpd
----
# worker スレッド数 
WORKERS=1 
 
# ドキュメントルート 
HTDOCS=/var/www/html 
 
# 待受ポート番号 
PORT=8080 
 
# サーバ秘密鍵 
PRIVATE_KEY=/etc/pki/tls/private/server.key 
 
# サーバ証明書 
CERT=/etc/pki/tls/certs/server.crt
----

nghttpd 用の systemd設定ファイルを作成

sudo vi /etc/systemd/system/nghttpd.service
----
[Unit] 
Description=nghttpd 
After=network.target 

[Service] 
Type=simple
User=nghttp2
EnvironmentFile=-/etc/sysconfig/nghttpd 
ExecStart=/usr/local/bin/nghttpd -n $WORKERS -d $HTDOCS $PORT $PRIVATE_KEY $CERT 

[Install] 
WantedBy=multi-user.target 
----

systemd

$ sudo systemctl daemon-reload
$ sudo systemctl list-unit-files | grep nghttpd
nghttpd.service                             disabled
$ 
$ sudo systemctl start nghttpd
$ sudo systemctl enable nghttpd
ln -s '/etc/systemd/system/nghttpd.service' '/etc/systemd/system/multi-user.target.wants/nghttpd.service'
$
$ ps aux | grep nghttpd
nghttp2   8063  0.0  0.3  52836  3564 ?        Ss   09:31   0:00 /usr/local/bin/nghttpd -n 1 -d /var/www/html 8080 /etc/pki/tls/private/server.key /etc/pki/tls/certs/server.crt
vagrant   8077  0.0  0.0 112656   964 pts/0    S+   09:32   0:00 grep --color=auto nghttpd
$

ドキュメントルートを準備

$ sudo mkdir -p /var/www/html
$ sudo chown vagrant.vagrant /var/www/html/
$ echo 'hoge' > /var/www/html/index.html
$ 

確認

※以下
HTTP/2 and SPDY indicator :: Add-ons for Firefox