Discover Centmin Mod today
Register Now

Nginx First Alpha Patch for Nginx HTTP/2 support

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Aug 12, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  2. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    hmm Nginx 1.9.5 might totally remove SPDY module so HTTP/2 only so no going back nginx: 257b51c37c5a ?
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    2:12 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    I think is better to remove SPDY at all and use only HTTP/2 !
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah long term wise is best :)

    just means I need to backport Nginx HTTP/2 routines to 123.08stable otherwise updating to Nginx 1.9.5 will fail if you have SPDY existing sites
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. Matt

    Matt Well-Known Member

    929
    415
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +671
    Local Time:
    12:12 AM
    1.5.15
    MariaDB 10.2
    Just updated myself, worked perfectly with the back port into 123.08stable
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    cheers @Matt thanks for feedback :)

    Finally Nginx HTTP/2 is upon us ! Just wish they would add HTTP/2 server push support like in H2O web server etc. It's really what separates SPDY SSL compared to HTTP/2 SSL - HTTP/2 server push is a huge part of that. But Nginx HTTP/2 implement is missing Server push.
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Decided to update this forum's Centmin Mod 123.08stable to Nginx HTTP/2 too unfortunately ran into a problem with nginx to able to serve my forums.. error log had

    Code:
    2015/09/18 15:51:22 [info] 26299#26299: [ngx_pagespeed 1.9.32.6-7321] No threading detected. Own threads: 1 Rewrite, 1 Expensive Rewrite.
    2015/09/18 15:51:22 [alert] 25641#25641: *0 open socket #33 left in connection 5
    2015/09/18 15:51:22 [alert] 25641#25641: aborting
    2015/09/18 15:51:22 [alert] 25640#25640: *0 open socket #31 left in connection 5
    2015/09/18 15:51:22 [alert] 25640#25640: aborting
    2015/09/18 15:51:22 [alert] 25639#25639: *0 open socket #29 left in connection 5
    2015/09/18 15:51:22 [alert] 25639#25639: aborting
    2015/09/18 15:52:02 [info] 26358#26358: [ngx_pagespeed 1.9.32.6-7321] No threading detected. Own threads: 1 Rewrite, 1 Expensive Rewrite.
    2015/09/18 15:52:02 [alert] 26312#26312: *0 open socket #31 left in connection 5
    2015/09/18 15:52:02 [alert] 26312#26312: aborting
    2015/09/18 15:52:02 [alert] 26313#26313: *0 open socket #33 left in connection 5
    2015/09/18 15:52:02 [alert] 26313#26313: aborting
    2015/09/18 15:52:02 [alert] 26311#26311: *0 open socket #29 left in connection 5
    2015/09/18 15:52:02 [alert] 26311#26311: aborting
    
    So switched back to SPDY SSL

    edit: weirdest thing clearing my cookies in browser fixed the problem !
     
    Last edited: Sep 19, 2015
  9. Andy

    Andy Active Member

    543
    89
    28
    Aug 6, 2014
    Ratings:
    +133
    Local Time:
    6:12 PM
    I read you have to add "aso threads;" in your nginx conf.
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    in relation to my error ? or you asking a question ?

    i think for my forums having issue with ngx_pagespeed and HTTP/2 for some reason

    edit: weirdest thing clearing my cookies in browser fixed the problem !
     
    Last edited: Sep 19, 2015
  11. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    With Nginx HTTP/2 version 6 patch doing some HTTP/2 tests

    Code:
    curl --http2 -I https://centminmod.com
    HTTP/2.0 200
    content-type:text/html; charset=utf-8
    vary:Accept-Encoding
    server:nginx centminmod
    alternate-protocol:443:npn-spdy/3
    public-key-pins:pin-sha256="oGbPgwR7vxLMpWdDIy+gc/Z0YD0EYCblHDCCgNQg9W8="; pin-sha256="KrRz+515ViRd/gdl7yGWCW1R4CFAAeMIBHp0JTNk8qc="; max-age=604800; includeSubDomains
    date:Sat, 19 Sep 2015 13:12:23 GMT
    x-page-speed:centminmod.com PageSpeed
    cache-control:max-age=0, no-cache
    Code:
    h2i centminmod.com
    Connecting to centminmod.com:443 ...
    Connected to 162.211.65.18:443
    Negotiated protocol "h2"
    [FrameHeader SETTINGS len=18]
      [MAX_CONCURRENT_STREAMS = 128]
      [INITIAL_WINDOW_SIZE = 2147483647]
      [MAX_FRAME_SIZE = 16777215]
    [FrameHeader WINDOW_UPDATE len=4]
      Window-Increment = 2147418112
    Code:
    /usr/local/http2-15/bin/openssl s_client -alpn h2 -host centminmod.com -port 443
    
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    ALPN protocol: h2
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    
    Code:
    cipherscan centminmod.com:443
    ....................
    Target: centminmod.com:443
    
    prio  ciphersuite                  protocols              pfs                 curves
    1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                ECDH,P-256,256bits  prime256v1
    2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
    3     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits  prime256v1
    4     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,2048bits         None
    5     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                DH,2048bits         None
    6     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
    7     ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
    8     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
    9     ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
    10    DHE-RSA-AES128-SHA256        TLSv1.2                DH,2048bits         None
    11    DHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
    12    DHE-RSA-AES256-SHA256        TLSv1.2                DH,2048bits         None
    13    DHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
    14    AES128-GCM-SHA256            TLSv1.2                None                None
    15    AES256-GCM-SHA384            TLSv1.2                None                None
    16    AES128-SHA256                TLSv1.2                None                None
    17    AES256-SHA256                TLSv1.2                None                None
    18    AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
    19    AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
    
    Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
    TLS ticket lifetime hint: 3600
    OCSP stapling: supported
    Cipher ordering: server
    
    Fallbacks required:
    big-SSLv3 config not supported, connection failed
    big-TLSv1.0 no fallback req, connected: TLSv1 ECDHE-RSA-AES128-SHA
    big-TLSv1.1 no fallback req, connected: TLSv1.1 ECDHE-RSA-AES128-SHA
    big-TLSv1.2 no fallback req, connected: TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
    Code:
    nghttp -nas https://centminmod.com:443
    ***** Statistics *****
    
    Request timing:
      responseEnd: the  time  when  last  byte of  response  was  received
                   relative to connectEnd
    requestStart: the time  just before  first byte  of request  was sent
                   relative  to connectEnd.   If  '*' is  shown, this  was
                   pushed by server.
          process: responseEnd - requestStart
             code: HTTP status code
             size: number  of  bytes  received as  response  body  without
                   inflation.
              URI: request URI
    
    see http://www.w3.org/TR/resource-timing/#processing-model
    
    sorted by 'complete'
    
    id  responseEnd requestStart  process code size request path
    13    +78.25ms       +263us  77.98ms  200  29K /
    15    +89.03ms     +66.35ms  22.68ms  200   9K /img/favicon.ico
    19   +106.37ms     +66.36ms  40.02ms  200  38K /js/jquery.min.js+bootstrap.min.js.pagespeed.jc.Cd39AMnoIp.js
    21   +106.76ms     +66.36ms  40.40ms  200   7K /js/hover-dropdown-menu.js+jquery.hover-dropdown-menu-addon.js+jquery.easing.1.3.js.pagespeed.jc.vy5S6wKQse.js
    23   +119.30ms     +66.36ms  52.94ms  200  24K /js/bootstrapValidator.min.js.pagespeed.jm.YU3KUlvaHb.js
    25   +119.54ms     +66.36ms  53.18ms  200   6K /js/custom.js.pagespeed.jm.q-StvNlmtR.js
    17   +188.11ms     +66.35ms 121.76ms  200 110K /css/A.localfonts.css+font-awesome.min.css+bootstrap.min.css+hover-dropdown-menu.css+icons-set8.css+animate.min.css+style.css+responsive.css+color.css,Mcc.2FS93mcO_5.css.pagespeed.cf.RT14_H8niI.css
    Code:
    nghttp -nv https://centminmod.com:443
    [  0.048] Connected
    The negotiated protocol: h2
    [  0.081] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
              (niv=3)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):128]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):2147483647]
              [SETTINGS_MAX_FRAME_SIZE(0x05):16777215]
    [  0.081] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
              (window_size_increment=2147418112)
    [  0.081] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
              (niv=2)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
    [  0.081] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
              (dep_stream_id=0, weight=201, exclusive=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
              (dep_stream_id=0, weight=101, exclusive=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
              (dep_stream_id=0, weight=1, exclusive=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
              (dep_stream_id=7, weight=1, exclusive=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
              (dep_stream_id=3, weight=1, exclusive=0)
    [  0.081] send HEADERS frame <length=41, flags=0x25, stream_id=13>
              ; END_STREAM | END_HEADERS | PRIORITY
              (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
              ; Open new stream
              :method: GET
              :path: /
              :scheme: https
              :authority: centminmod.com
              accept: */*
              accept-encoding: gzip, deflate
              user-agent: nghttp2/1.3.2-DEV
    [  0.097] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.158] recv (stream_id=13) :status: 200
    [  0.158] recv (stream_id=13) content-type: text/html; charset=utf-8
    [  0.158] recv (stream_id=13) vary: Accept-Encoding
    [  0.158] recv (stream_id=13) server: nginx centminmod
    [  0.158] recv (stream_id=13) alternate-protocol: 443:npn-spdy/3
    [  0.158] recv (stream_id=13) public-key-pins: pin-sha256="oGbPgwR7vxLMpWdDIy+gc/Z0YD0EYCblHDCCgNQg9W8="; pin-sha256="KrRz+515ViRd/gdl7yGWCW1R4CFAAeMIBHp0JTNk8qc="; max-age=604800; includeSubDomains
    [  0.158] recv (stream_id=13) date: Sat, 19 Sep 2015 13:07:19 GMT
    [  0.158] recv (stream_id=13) x-page-speed: centminmod.com PageSpeed
    [  0.158] recv (stream_id=13) cache-control: max-age=0, no-cache
    [  0.158] recv (stream_id=13) content-encoding: gzip
    [  0.158] recv HEADERS frame <length=407, flags=0x04, stream_id=13>
              ; END_HEADERS
              (padlen=0)
              ; First response header
    [  0.159] recv DATA frame <length=8192, flags=0x00, stream_id=13>
    [  0.174] recv DATA frame <length=8192, flags=0x00, stream_id=13>
    [  0.174] recv DATA frame <length=8192, flags=0x00, stream_id=13>
    [  0.174] recv DATA frame <length=10, flags=0x00, stream_id=13>
    [  0.174] recv DATA frame <length=5986, flags=0x01, stream_id=13>
              ; END_STREAM
    [  0.174] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
              (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
     
  12. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Tested this forum's Nginx HTTP/2 on Android 4.4.2 with native Android 30 browser and works fine so maybe fears of Android browser's HTTP/2 compatibility is not that bad ? :)
     
  13. rdan

    rdan Well-Known Member

    5,444
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    8:12 AM
    Mainline
    10.2
    I think this is not needed anymore on HTTP/2:
    Code:
    add_header Alternate-Protocol  443:npn-spdy/3;
    All the sites using Nginx w/ patch HTTP/2 don't have that header included and it works fine.
    Even on nginx blog, it's not mentioned.
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah i suspect that's the case.. but no sites mention removing it either heh

    edit: updated 123.09beta01 and removed it if HTTP/2 is in use remove Alternate-Protocol 443:npn-spdy/3 if HTTP/2 is in use · centminmod/centminmod@c1318fe · GitHub :)
     
    Last edited: Sep 21, 2015
  15. rdan

    rdan Well-Known Member

    5,444
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    8:12 AM
    Mainline
    10.2
    Facebook is probably using Nginx Plus since they support HTTP/2 now :).
     
  16. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    strange i still see SPDY/3.1 for my facebook pages :)
     
  17. rdan

    rdan Well-Known Member

    5,444
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    8:12 AM
    Mainline
    10.2
    SPDY 3.1 again now :D
    Maybe they are on testing process.
     
  18. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah they can probably roll out HTTP/2 to XX% of traffic only :)
     
  19. Tracy Perry

    Tracy Perry Active Member

    280
    118
    43
    Aug 24, 2014
    Texas
    Ratings:
    +210
    Local Time:
    6:12 PM
    1.21.6
    MariaDB 10.3.36
    Hmm... wonder if it's working? :p

    Screen-Shot-2015-09-29-at-2.33.50-AM.jpg
     
  20. eva2000

    eva2000 Administrator Staff Member

    54,331
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    10:12 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    welcome to the Nginx HTTP/2 club :D