Beta Branch add HTTP/2 push optional patch support via NGINX_HTTPPUSH variable

eva2000 · Jun 7, 2017

add HTTP/2 push optional patch support via NGINX_HTTPPUSH variable

In Centmin Mod 123.09beta01+ and higher add Nginx HTTP/2 push support via Cloudflare patch https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/. Disabled by default with NGINX_HTTPPUSH='n' variable. Can enable prior to nginx recompile by setting NGINX_HTTPPUSH='y' variable in persistent config file /etc/centminmod/custom_config.inc and then running centmin.sh menu option 4 to recompile Nginx 1.11.12+ i.e. 1.13.1. Configuring HTTP/2 push after recompile is left to end user as instructions https://github.com/ghedo/http2-push-nginx-module

Continue reading...

123.09beta01 branch

Branch: https://github.com/centminmod/centminmod/tree/123.09beta01

Commit History: https://github.com/centminmod/centminmod/commits/123.09beta01

eva2000 · Jun 7, 2017

nginx -V
nginx version: nginx/1.13.1
built by gcc 6.2.1 20160916 (Red Hat 6.2.1-3) (GCC)
built with OpenSSL 1.0.2l 25 May 2017
TLS SNI support enabled
configure arguments: --with-ld-opt='-ljemalloc -lpcre -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_pagespeed-1.12.34.2-beta --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.31 --add-module=../echo-nginx-module-0.60 --add-module=../redis2-nginx-module-0.14 --add-module=../ngx_http_redis-0.3.7 --add-dynamic-module=../lua-nginx-module-0.10.9rc5 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.32 --with-pcre=../pcre-8.40 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --add-module=../http2-push-nginx-module --with-openssl=../openssl-1.0.2l
Click to expand...

eva2000 · Jun 7, 2017

Also examples posted at https://github.com/ghedo/http2-push-nginx-module/tree/master/examples
Code (Text):
        http2_server_push on;
        add_header HTTP2-Pushed $http2_pushed;

        location / {
            return 304 "";

            http2_push_path "/hello";
            http2_push_path "/fail";
        }

Sunka · Jun 7, 2017

Any help with this?
I need to add NGINX_HTTPPUSH='y' variable in persistent config file and recompile nginx and after that add to mydomain.ssl.conf exatly what and where?
This is my domain.conf

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name pijanitvor.com www.pijanitvor.com;
    return 301 https://www.$server_name$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name pijanitvor.com www.pijanitvor.com;

  ##  redirect https non-www to https www
      if ($host = 'pijanitvor.com' ) {
         return 301 https://www.pijanitvor.com$request_uri;
      }
 
  ssl_dhparam /usr/local/nginx/conf/ssl/pijanitvor.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-unified.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/pijanitvor.com/pijanitvor.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # mozilla recommended
  ssl_ciphers EECDH+CHACHA20-draft:EECDH+CHACHA20:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA;
  ssl_prefer_server_ciphers   on;
  #######################add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header  X-Content-Type-Options "nosniff";
  #add_header X-Frame-Options DENY;
  #######################spdy_headers_comp 5;
  ssl_buffer_size 1400;
  ssl_session_tickets on;
 
  #enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-trusted.crt; 

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/pijanitvor.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/pijanitvor.com/log/error.log;

  root /home/nginx/domains/pijanitvor.com/public;

  location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$uri&$args;
       include /usr/local/nginx/conf/blockbots.conf;
    }

### ORIGINAL ###
#location /internal_data/ {
#        internal;
#        allow 127.0.0.1;
#        allow 94.237.29.18;
#        deny all;
#    }
### START Xon addon za attachment ###
    location ^~ /internal_data/ {
        add_header Etag $upstream_http_etag;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        internal;
        allow 127.0.0.1;
        allow 94.237.29.18;
    }
### END Xon addon za attachment ###
    
    location /library/ {
        internal;
        allow 127.0.0.1;
        allow 94.237.29.18;
        deny all;
    }
 
  # prevent access to ./directories and files
        location ~ (?:^|/)\. {
   deny all;
        } 


  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

knguyen2015 · Aug 27, 2017

Does anyone have sample configuration for WordPress? I'm trying to figure it out with this module but no luck.

eva2000 · Aug 27, 2017

as you can see from https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/#post-50650 haven't been able to get this to work myself.

Log in / Register

Forums

Welcome to Centmin Mod Community

Beta Branch add HTTP/2 push optional patch support via NGINX_HTTPPUSH variable

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Sunka Well-Known Member

knguyen2015 New Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Beta Branch add HTTP/2 push optional patch support via NGINX_HTTPPUSH variable

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Sunka Well-Known Member

knguyen2015 New Member

eva2000 Administrator Staff Member

.