diff --git a/Dockerfile b/Dockerfile
index 0445b4d..cc80e08 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.9.2
+FROM nginx:1.9.5
 MAINTAINER Jason Wilder jwilder@litl.com
 
 # Install wget and install/updates certificates
diff --git a/README.md b/README.md
index b4b1df7..4053506 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![nginx 1.9.2](https://img.shields.io/badge/nginx-1.9.2-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)
+![nginx 1.9.5](https://img.shields.io/badge/nginx-1.9.5-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)
 
 nginx-proxy sets up a container running nginx and [docker-gen][1].  docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.
 
diff --git a/nginx.tmpl b/nginx.tmpl
index 08f6c01..788ca90 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -61,7 +61,7 @@ server {
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
 	server_name _; # This is just an invalid value which will never trigger on a real hostname.
-	listen 443 ssl spdy;
+	listen 443 ssl http2;
 	return 503;
 
 	ssl_certificate /etc/nginx/certs/default.crt;
@@ -117,7 +117,7 @@ server {
 
 server {
 	server_name {{ $host }};
-	listen 443 ssl spdy {{ $default_server }};
+	listen 443 ssl http2 {{ $default_server }};
 	access_log /var/log/nginx/access.log vhost;
 
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@@ -185,7 +185,7 @@ server {
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
 	server_name {{ $host }};
-	listen 443 ssl spdy {{ $default_server }};
+	listen 443 ssl http2 {{ $default_server }};
 	access_log /var/log/nginx/access.log vhost;
 	return 503;