Join the community today
Become a Member

Nginx First Alpha Patch for Nginx HTTP/2 support

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Aug 12, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Look what I found first nginx HTTP/2 alpha patch posted at The HTTP/2 protocol implementation :D

    Readme at http://nginx.org/patches/http2/README.txt




    @RoldanLT @Matt @pamamolf @Steve Tozer @jeffwidman @BamaStangGuy @Andy @Tracy Perry @deltahf @SneakyDave @BoostN @hungphutho will like this.

    Looking to work into the patch into 123.09beta01 branch :D

    Update: 8 way webpagetest comparison with Nginx HTTP/2 v1 and v2 patch vs SPDY vs HTTP/1.1

    wpt-8way-compare-00.png
     
    Last edited: Aug 15, 2015
  2. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    6:23 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    wow that's great !!! :)
     
  3. Andy

    Andy Active Member

    542
    89
    28
    Aug 6, 2014
    Ratings:
    +132
    Local Time:
    10:23 AM
    Woo :)
    I'm going to try this on my small boards as soon as George get it working.
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    working on the integration into 123.09beta01 right this moment :D
     
  5. Andy

    Andy Active Member

    542
    89
    28
    Aug 6, 2014
    Ratings:
    +132
    Local Time:
    10:23 AM
    Ok. I will wait to update my centminmod to 09beta in... 30 minutes? ;)
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    6:23 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    He need also time to test it so it will be better to let him do the magic and we can try it later :)
     
  7. KeVo

    KeVo Active Member

    180
    71
    28
    May 28, 2014
    Ratings:
    +101
    Local Time:
    10:23 AM
    1.11.x
    10.1.18
    This is what's ultimately going to replace SPDY, right?
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    testing privately now :)
    soon if private testing goes well :)

    yup SSL - Google dropping SPDY in favor of HTTP 2 | Centmin Mod Community
     
  9. KeVo

    KeVo Active Member

    180
    71
    28
    May 28, 2014
    Ratings:
    +101
    Local Time:
    10:23 AM
    1.11.x
    10.1.18
    Alright, I was planning on getting an SSL cert for my site soon, but I think I'm gonna hold off on it for a bit now. :)
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    If you're using Centmin Mod 1.2.3-eva2000.08 stable release (123.08stable branch) and have setup git environment via centmin.sh menu option 23 submenu 1. Then switching from 123.08stable branch to 123.09beta01 branch is easy via centmin.sh menu option 23 submenu option 3 (you can switch between 123.09beta01 back to 123.08 stable via same submenu option 3 too).

    launch centmin.sh via cmd shortcut = centmin or via command in SSH below
    Code:
    cd  /usr/local/src/centminmod
    ./centmin.sh
    If you already have centmin.sh option 23 submenu option 1 setup for git environment, go straight to centmin.sh option 23 submenu option 3. If you have yet to run centmin.sh option 23 submenu option 1, follow guide at centminmod.com/upgrade.html.

    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu 
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + WP Super Cache
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 23
    --------------------------------------------------------
    centmin.sh option 23 submenu option 3 will list out all available remote branches on github in date descending order with most recently updated remote branch at top and prompt you to enter the branchname you want to switch to which in this case is 123.09beta01

    Code:
    --------------------------------------------------------
            Centmin Mod Updater Sub-Menu
    --------------------------------------------------------
    1). Setup Centmin Mod Github Environment
    2). Update Centmin Mod Current Branch
    3). Update Centmin Mod Newer Branch
    4). Back to Main menu
    --------------------------------------------------------
    Enter option [ 1 - 4 ] 3
    --------------------------------------------------------
    
    Update Centmin Mod to newer branch via git
    You need to input the name of the branch
    List of current remote branches by descending date order
    
    2015-08-11 04:33:56 +1000 30 hours ago  master
    2015-08-11 04:33:56 +1000 30 hours ago  master
    2015-08-11 04:33:32 +1000 30 hours ago  123.08stable
    2015-08-11 04:31:59 +1000 30 hours ago  123.09beta01
    2015-07-26 22:47:23 +1000 2 weeks ago   123.08beta03
    2015-07-26 02:36:30 +1000 2 weeks ago   123.08beta03redis
    2015-07-16 07:46:33 +1000 4 weeks ago   123.08beta03-el7ffmpeg-fix
    2015-07-10 19:59:08 +1000 5 weeks ago   123.07stable
    2015-06-29 13:57:14 +1000 6 weeks ago   123.08beta03curl743
    2015-06-14 13:15:27 +1000 8 weeks ago   123.08beta03-rtmp
    2015-06-10 00:47:37 +1000 9 weeks ago   123.08beta03-libresslclang
    2015-06-09 21:28:18 +1000 9 weeks ago   123.08beta03clang
    2015-06-03 21:13:57 +1000 2 months ago  123.08beta03libressl
    2015-05-27 15:54:13 +1000 3 months ago  123.08centos7beta02
    2015-03-25 03:45:39 +1000 5 months ago  123.08zerodown
    2015-03-10 16:52:37 +1000 5 months ago  123.08centos7beta01
    2014-06-23 17:08:44 +1000 1 year, 2 months ago  123.06stable
            ->
    
    Enter the branch name you want to switch to i.e. 123.08beta03 : 123.09beta01
    
    download github.com centmin mod 123.09beta01 branch repo
    Cloning into 'centminmod'...
    Switched to a new branch '123.09beta01'
    Branch 123.09beta01 set up to track remote branch 123.09beta01 from origin.
    
    list all available local branches
            git branch -a
    * 123.09beta01
      master
      remotes/origin/123.06stable
      remotes/origin/123.07stable
      remotes/origin/123.08beta03
      remotes/origin/123.08beta03-el7ffmpeg-fix
      remotes/origin/123.08beta03-libresslclang
      remotes/origin/123.08beta03-rtmp
      remotes/origin/123.08beta03clang
      remotes/origin/123.08beta03curl743
      remotes/origin/123.08beta03libressl
      remotes/origin/123.08beta03redis
      remotes/origin/123.08centos7beta01
      remotes/origin/123.08centos7beta02
      remotes/origin/123.08stable
      remotes/origin/123.08zerodown
      remotes/origin/123.09beta01
      remotes/origin/HEAD -> origin/master
      remotes/origin/master
    
    list git log last commit
            git log -a
    commit 0e558d19dd419ab6050c7c67a7e7ec8e7737153c
    Author: George Liu <MAIL>
    Date:   Tue Aug 11 04:31:59 2015 +1000
    
        update downloads/svr-setup.zip
    
    to update centmin mod 123.09beta01 branch repo via git
            cd /usr/local/src/centminmod
            git stash
            git pull
            chmod +x centmin.sh
    
    Then hit submenu option 4 to go back to main menu on centmin.sh and then hit centmin.sh menu option 24 to exit. Then you need to change into the directory again for /usr/local/src/centminmod as it's a new directory under 123.09beta01 code
    Code:
    cd  /usr/local/src/centminmod
    type git log -2 to confirm that the last git commit was for http/2 update
    Code:
    git log -2
    commit 0e558d19dd419ab6050c7c67a7e7ec8e7737153c
    Author: George Liu <MAIL>
    Date:   Tue Aug 11 04:31:59 2015 +1000
    
        update downloads/svr-setup.zip
    unfortunately you won't see that commit on public github branch of 123.09beta01 yet as I am testing it via my private git branch first

    upload_2015-8-12_11-25-52.png

    Once you see the commit update via git log -2 command, you can run centmin.sh menu option 4 to upgrade nginx.

    Code:
    git log -2
    commit c0a20554b12572b8533aeb0c8b90a336b6466373
    Author: George Liu <MAIL>
    Date:   Wed Aug 12 11:23:58 2015 +1000
    
        if NGINX_HTTP2=y then ensure Nginx SPDY module is disabled via NGINX_SPDY=n
    
    commit 64354f3f9520317d411ebefd0cdff64e94a1ee9b
    Author: George Liu <MAIL>
    Date:   Wed Aug 12 10:41:14 2015 +1000
    
        first steps for nginx http/2 patch integration in 123.09beta01
    
    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu   
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + WP Super Cache
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    And then once upgrade complete follow guide at Announcing an Early Alpha Patch for HTTP/2 - NGINX and change SPDY SSL vhost listen line

    from
    Code:
    spdy ssl
    to
    Code:
    http2 ssl
    and restart Nginx

    Remember this is Alpha quality Nginx http/2 patch so be careful to only use it on test server and not production sites. Read Announcing an Early Alpha Patch for HTTP/2 - NGINX for more details. Unfortunately, server push feature isn't supported in alpha patch nor will it be in first production release of Nginx with HTTP/2 support - sad as that is one of the key benefits of HTTP/2 that differentiate it from SPDY.

    Also applying HTTP/2 patch removes SPDY so you can't use SPDY anymore.
    End result is Nginx 1.9.3 compiled with --with-http_v2_module = HTTP/2 support

    Testing HTTP/2 via /usr/bin/nv command line Nginx vhost setup method. I'll setup a new domain on Centmin Mod Nginx = newdomain.com

    nv command options
    Code:
    nv
    
    Usage: /usr/bin/nv [-d yourdomain.com] [-s y|n] [-u ftpusername]
    
      -d  yourdomain.com or subdomain.yourdomain.com
      -s  ssl self-signed create = y or n
      -u  your FTP username
    
      example:
    
      /usr/bin/nv -d yourdomain.com -s y -u ftpusername
    actual setup with self-signed SSL certificate
    Code:
    centminmod]# nv -d newdomain.com -s y -u ftpuser01
    ---------------------------------------------------------------
    Nginx Vhost Setup...
    ---------------------------------------------------------------
    
    
    FTP password auto generated: s0HYZLxlGBzTdTFfZK30Z
    
    Password:
    Enter it again:
    ---------------------------------------------------------------
    SSL Vhost Setup...
    ---------------------------------------------------------------
    
    ---------------------------------------------------------------
    Generating self signed SSL certificate...
    Generating a 2048 bit RSA private key
    .........................................................................+++
    ...........................................................................................................................+++
    writing new private key to 'newdomain.com.key'
    -----
    Signature ok
    subject=/C=US/ST=California/L=Los Angeles/O=newdomain.com/CN=newdomain.com
    Getting Private key
    ---------------------------------------------------------------
    Generating dhparam.pem file - can take a few minutes...
    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    ...+........................................++*++*
    dhparam file generation time: 60.644767904
    
    -------------------------------------------------------------
    Restarting nginx (via systemctl):  Job for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.
                                                               [FAILED]
    systemctl restart pure-ftpd.service
    
    -------------------------------------------------------------
    FTP hostname : IPADDRESS
    FTP port : 21
    FTP mode : FTP (explicit SSL)
    FTP Passive (PASV) : ensure is checked/enabled
    FTP username created for newdomain.com : ftpuser01
    FTP password created for newdomain.com : s0HYZLxlGBzTdTFfZK30Z
    -------------------------------------------------------------
    vhost for newdomain.com created successfully
    
    domain: http://newdomain.com
    vhost conf file for newdomain.com created: /usr/local/nginx/conf/conf.d/newdomain.com.conf
    
    vhost ssl for newdomain.com created successfully
    
    domain: https://newdomain.com
    vhost ssl conf file for newdomain.com created: /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    /usr/local/nginx/conf/ssl_include.conf created
    Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt
    SSL Private Key: /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key
    SSL CSR File: /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.csr
    
    upload files to /home/nginx/domains/newdomain.com/public
    vhost log files directory is /home/nginx/domains/newdomain.com/log
    
    -------------------------------------------------------------
    Current vhost listing at: /usr/local/nginx/conf/conf.d/
    
                  
    Apr 3   01:58   798    ssl.conf
    Apr 3   01:58   1.1K   demodomain.com.conf
    Apr 5   07:48   1.1K   newdomain1.com.conf
    Aug 12  01:15   1.4K   virtual.conf
    Aug 12  01:34   1.6K   newdomain.com.conf
    Aug 12  01:34   3.3K   newdomain.com.ssl.conf
    
    -------------------------------------------------------------
    Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/newdomain.com
    
                  
    Aug 12  01:33   1.7K   newdomain.com.key
    Aug 12  01:33   1005   newdomain.com.csr
    Aug 12  01:33   1.2K   newdomain.com.crt
    Aug 12  01:34   424    dhparam.pem
    
    -------------------------------------------------------------
    Commands to remove newdomain.com
    
    rm -rf /usr/local/nginx/conf/conf.d/newdomain.com.conf
    rm -rf /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    rm -rf /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt
    rm -rf /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key
    rm -rf /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.csr
    rm -rf /home/nginx/domains/newdomain.com
    service nginx restart
    -------------------------------------------------------------
    notice how Nginx failed to restart
    Code:
    Restarting nginx (via systemctl):  Job for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.
                                                               [FAILED]
    that is because nv generates the nginx SSL vhost file at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf with listen option spdy ssl and not http2 ssl.
    Code:
    server {
      listen 443 ssl spdy;
      server_name newdomain.com www.newdomain.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      add_header Alternate-Protocol  443:npn-spdy/3;
    Also seems a few other options fail
    Code:
     Starting nginx: nginx: [emerg] unknown directive "spdy_headers_comp" in /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf:30
    so comment out that setting on line 30 of /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    Code:
      #spdy_headers_comp 5;
    so /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf section has
    Code:
    server {
      listen 443 ssl http2;
      server_name newdomain.com www.newdomain.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESG$
      ssl_prefer_server_ciphers   on;
      add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      #spdy_headers_comp 5;
    newdomain_http2_chrome-00.png

    Looks like I will need to also update /usr/bin/nv and centmin.sh menu option 2 auto generation of Nginx vhosts and self-signed certificates to use http2 options as well :)

    edit: updated centmin.sh menu option 2 and /usr/bin/nv command with http2 support too so run centmin.sh once to update /usr/bin/nv to the new version before using /usr/bin/nv.
    Code:
    git log -3
    commit 217bf0098a74e2ccaa7005f9cd120bacfb4b9f87
    Author: George Liu <MAIL>
    Date:   Wed Aug 12 12:09:09 2015 +1000
    
        update inc/nginx_addvhost.inc & tools/nv.sh for HTTP/2 support
    
    commit c0a20554b12572b8533aeb0c8b90a336b6466373
    Author: George Liu <MAIL>
    Date:   Wed Aug 12 11:23:58 2015 +1000
    
        if NGINX_HTTP2=y then ensure Nginx SPDY module is disabled via NGINX_SPDY=n
    
    commit 64354f3f9520317d411ebefd0cdff64e94a1ee9b
    Author: George Liu <MAIL>
    Date:   Wed Aug 12 10:41:14 2015 +1000
    
        first steps for nginx http/2 patch integration in 123.09beta01
    confirm new /usr/bin/nv works by creating a new Nginx vhost site on domain = newdomain2.com

    Code:
    nv -d newdomain2.com -s y -u ftpuser02
    ---------------------------------------------------------------
    Nginx Vhost Setup...
    ---------------------------------------------------------------
    
    
    FTP password auto generated: BBNlkTdLhi3vv7L7gM2Zk
    
    Password:
    Enter it again:
    ---------------------------------------------------------------
    SSL Vhost Setup...
    ---------------------------------------------------------------
    
    ---------------------------------------------------------------
    Generating self signed SSL certificate...
    Generating a 2048 bit RSA private key
    ......................................................................................+++
    ..+++
    writing new private key to 'newdomain2.com.key'
    -----
    Signature ok
    subject=/C=US/ST=California/L=Los Angeles/O=newdomain2.com/CN=newdomain2.com
    Getting Private key
    ---------------------------------------------------------------
    Generating dhparam.pem file - can take a few minutes...
    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    .............+........+..........++*++*
    dhparam file generation time: 33.354539701
    
    -------------------------------------------------------------
    Restarting nginx (via systemctl):                          [  OK  ]
    systemctl restart pure-ftpd.service
    
    -------------------------------------------------------------
    FTP hostname : IPADDRESS
    FTP port : 21
    FTP mode : FTP (explicit SSL)
    FTP Passive (PASV) : ensure is checked/enabled
    FTP username created for newdomain2.com : ftpuser02
    FTP password created for newdomain2.com : BBNlkTdLhi3vv7L7gM2Zk
    -------------------------------------------------------------
    vhost for newdomain2.com created successfully
    
    domain: http://newdomain2.com
    vhost conf file for newdomain2.com created: /usr/local/nginx/conf/conf.d/newdomain2.com.conf
    
    vhost ssl for newdomain2.com created successfully
    
    domain: https://newdomain2.com
    vhost ssl conf file for newdomain2.com created: /usr/local/nginx/conf/conf.d/newdomain2.com.ssl.conf
    /usr/local/nginx/conf/ssl_include.conf created
    Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.crt
    SSL Private Key: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.key
    SSL CSR File: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.csr
    
    upload files to /home/nginx/domains/newdomain2.com/public
    vhost log files directory is /home/nginx/domains/newdomain2.com/log
    
    -------------------------------------------------------------
    Current vhost listing at: /usr/local/nginx/conf/conf.d/
    
                        
    Apr 3   01:58   798    ssl.conf
    Apr 3   01:58   1.1K   demodomain.com.conf
    Apr 5   07:48   1.1K   newdomain1.com.conf
    Aug 12  01:15   1.4K   virtual.conf
    Aug 12  01:34   1.6K   newdomain.com.conf
    Aug 12  01:39   3.3K   newdomain.com.ssl.conf
    Aug 12  02:14   1.6K   newdomain2.com.conf
    Aug 12  02:14   3.3K   newdomain2.com.ssl.conf
    
    -------------------------------------------------------------
    Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/newdomain2.com
    
                        
    Aug 12  02:13   1.7K   newdomain2.com.key
    Aug 12  02:13   1009   newdomain2.com.csr
    Aug 12  02:13   1.2K   newdomain2.com.crt
    Aug 12  02:14   424    dhparam.pem
    
    -------------------------------------------------------------
    Commands to remove newdomain2.com
    
    rm -rf /usr/local/nginx/conf/conf.d/newdomain2.com.conf
    rm -rf /usr/local/nginx/conf/conf.d/newdomain2.com.ssl.conf
    rm -rf /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.crt
    rm -rf /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.key
    rm -rf /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.csr
    rm -rf /home/nginx/domains/newdomain2.com
    service nginx restart
    -------------------------------------------------------------
    check contents of /usr/local/nginx/conf/conf.d/newdomain2.com.ssl.conf
    Code:
    server {
      listen 443 ssl http2;
      server_name newdomain2.com www.newdomain2.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/newdomain2.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      #spdy_headers_comp 5;
      ssl_buffer_size 1400;
    restart nginx = works :D
    Code:
    ngxrestart
    Restarting nginx (via systemctl):                          [  OK  ]
    newdomain2_http2_chrome-00.png
     
    Last edited: Aug 12, 2015
  11. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    6:23 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    What about phpmyadmin?

    It will work with it as it is require https ...?
     
  12. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you'll need to edit /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf and change listen line from ssl spdy to ssl http2 and comment out spdy_headers_comp line as well
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  14. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah readme has more options !

     
  15. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Well folks get it while it's baked fresh and hot Commits ยท centminmod/centminmod ยท GitHub :D

    Code:
    --------------------------------------------------------
            Centmin Mod Updater Sub-Menu             
    --------------------------------------------------------
    1). Setup Centmin Mod Github Environment
    2). Update Centmin Mod Current Branch
    3). Update Centmin Mod Newer Branch
    4). Back to Main menu
    --------------------------------------------------------
    Enter option [ 1 - 4 ] 3
    --------------------------------------------------------
    
    Update Centmin Mod to newer branch via git
    You need to input the name of the branch
    List of current remote branches by descending date order
    
    2015-08-12 12:09:09 +1000 65 minutes ago        123.09beta01
    2015-08-11 04:33:56 +1000 33 hours ago  master
    2015-08-11 04:33:56 +1000 33 hours ago  master
    2015-08-11 04:33:32 +1000 33 hours ago  123.08stable
    2015-07-26 22:47:23 +1000 2 weeks ago   123.08beta03
    2015-07-26 02:36:30 +1000 2 weeks ago   123.08beta03redis
    2015-07-16 07:46:33 +1000 4 weeks ago   123.08beta03-el7ffmpeg-fix
    2015-07-10 19:59:08 +1000 5 weeks ago   123.07stable
    2015-06-29 13:57:14 +1000 6 weeks ago   123.08beta03curl743
    2015-06-14 13:15:27 +1000 8 weeks ago   123.08beta03-rtmp
    2015-06-10 00:47:37 +1000 9 weeks ago   123.08beta03-libresslclang
    2015-06-09 21:28:18 +1000 9 weeks ago   123.08beta03clang
    2015-06-03 21:13:57 +1000 2 months ago  123.08beta03libressl
    2015-05-27 15:54:13 +1000 3 months ago  123.08centos7beta02
    2015-03-25 03:45:39 +1000 5 months ago  123.08zerodown
    2015-03-10 16:52:37 +1000 5 months ago  123.08centos7beta01
    2014-06-23 17:08:44 +1000 1 year, 2 months ago  123.06stable
            ->
    
    Enter the branch name you want to switch to i.e. 123.08beta03 : 123.09beta01
     
    Last edited: Aug 12, 2015
  16. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Just updated my sslspdy.com site to Nginx HTTP/2 and ran into another unsupported option = spdy_keepalive_timeout so commented that out in my Nginx vhost
    Code:
    ngxrestart
    nginx: [emerg] unknown directive "spdy_keepalive_timeout" in /usr/local/nginx/conf/conf.d/sslspdy.com.conf:15
    check for ALPN extension support
    Code:
    openssl s_client -alpn h2-14 -host sslspdy.com -port 443
    
    New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
    Server public key is 256 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305
    
    doesn't seem to show up as it should show something like = ALPN protocol: h2-14
    Code:
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    ALPN protocol: h2-14
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    edit: Ah i see Nginx HTTP/2 advertises the h2 protocol and not h2-14 draft, so need to check for h2
    Code:
    openssl s_client -alpn h2 -host sslspdy.com -port 443 
    
    New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
    Server public key is 256 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    ALPN protocol: h2
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305
    
    check for NPN extension support = Next protocol: (2) h2-14 which shows up
    Code:
    openssl s_client -nextprotoneg h2-14 -host sslspdy.com -port 443
    
    New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
    Server public key is 256 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    Next protocol: (2) h2-14
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305
    
    from Announcing an Early Alpha Patch for HTTP/2 - NGINX

    I think HTTP/2 patch has disabled or broken ngx_pagespeed though as sslspdy.com site had pagespeed enabled but the web site elements aren't being optimised by ngx_pagespeed now after HTTP/2 patch ?

    checking ngx_pagespeed message log and seems to be the case, ngx_pagespeed's fetcher doesn't support HTTP/2 yet I think
    Code:
     lynx -dump localhost/ngx_pagespeed_message | tail -5
    I[Wed, 12 Aug 2015 03:55:45 GMT] [Info] [14047] Cannot fetch url 'https://192.1
    84.89.66/img/110814/ssllabs_ecc_ssl_comodo_trial_02.png': as https is not suppo
    rted
    I[Wed, 12 Aug 2015 03:55:45 GMT] [Info] [14047] Cannot fetch url 'https://192.1
    84.89.66/img/021014/browser_ecc_ssl_comodo_ssl_chacha20_poly1305_cipher_00.png'
    : as https is not supported
    I[Wed, 12 Aug 2015 03:55:45 GMT] [Info] [14047] Cannot fetch url 'https://192.1
    84.89.66/img/021014/ssllabs_ecc_ssl_comodo_chacha20_poly1305ciphers_00.png': as
    https is not supported
    
    submitted bug/issue with ngx_pagespeed folks at Nginx HTTP/2 patch disabled or breaks ngx_pagespeed under SSL ยท Issue #1004 ยท pagespeed/ngx_pagespeed ยท GitHub

    webpagetest.org nice flat waterfall as expected of SPDY or HTTP/2 enabled site :D

    sslspdy_webpagetest_00.png

    HTTP/2 200 response header :)

    sslspdy_webpagetest_01.png

    Connection View = HTTP/2 multiplexing at work = 1 connection to sslspdy.com :)

    sslspdy_webpagetest_02.png
     
    Last edited: Aug 12, 2015
  17. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Couldn't resist, so updated my centminmod.com site's cluster of Nginx servers to HTTP/2 patched version via Centmin Mod 123.09beta01 :)
    Webpagetest.org comparison test for both and looks like Nginx HTTP/2 doing very well so far . Wonder if working Nginx HTTP/2 + ngx_pagespeed would show better results seeing as Nginx SPDY + ngx_pagespeed did.

    centminmodcom-webpagetest-http11-summary.png
    centminmodcom-webpagetest-http2-summary.png

    centminmodcom-webpagetest-00.png centminmodcom-webpagetest-01.png centminmodcom-webpagetest-02.png centminmodcom-webpagetest-03.png centminmodcom-webpagetest-04.png centminmodcom-webpagetest-05.png centminmodcom-webpagetest-06.png
     
  18. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  19. eva2000

    eva2000 Administrator Staff Member

    54,070
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    2:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+