Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx First Alpha Patch for Nginx HTTP/2 support

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Aug 12, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    hmm Nginx 1.9.5 might totally remove SPDY module so HTTP/2 only so no going back nginx: 257b51c37c5a ?
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    3,696
    357
    83
    May 31, 2014
    Ratings:
    +687
    Local Time:
    9:25 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I think is better to remove SPDY at all and use only HTTP/2 !
     
  4. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah long term wise is best :)

    just means I need to backport Nginx HTTP/2 routines to 123.08stable otherwise updating to Nginx 1.9.5 will fail if you have SPDY existing sites
     
    • Like Like x 1
  5. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  6. Matt

    Matt Moderator Staff Member

    856
    381
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +597
    Local Time:
    7:25 AM
    1.5.15
    MariaDB 10.2
    Just updated myself, worked perfectly with the back port into 123.08stable
     
    • Like Like x 1
  7. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    cheers @Matt thanks for feedback :)

    Finally Nginx HTTP/2 is upon us ! Just wish they would add HTTP/2 server push support like in H2O web server etc. It's really what separates SPDY SSL compared to HTTP/2 SSL - HTTP/2 server push is a huge part of that. But Nginx HTTP/2 implement is missing Server push.
     
  8. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Decided to update this forum's Centmin Mod 123.08stable to Nginx HTTP/2 too unfortunately ran into a problem with nginx to able to serve my forums.. error log had

    Code:
    2015/09/18 15:51:22 [info] 26299#26299: [ngx_pagespeed 1.9.32.6-7321] No threading detected. Own threads: 1 Rewrite, 1 Expensive Rewrite.
    2015/09/18 15:51:22 [alert] 25641#25641: *0 open socket #33 left in connection 5
    2015/09/18 15:51:22 [alert] 25641#25641: aborting
    2015/09/18 15:51:22 [alert] 25640#25640: *0 open socket #31 left in connection 5
    2015/09/18 15:51:22 [alert] 25640#25640: aborting
    2015/09/18 15:51:22 [alert] 25639#25639: *0 open socket #29 left in connection 5
    2015/09/18 15:51:22 [alert] 25639#25639: aborting
    2015/09/18 15:52:02 [info] 26358#26358: [ngx_pagespeed 1.9.32.6-7321] No threading detected. Own threads: 1 Rewrite, 1 Expensive Rewrite.
    2015/09/18 15:52:02 [alert] 26312#26312: *0 open socket #31 left in connection 5
    2015/09/18 15:52:02 [alert] 26312#26312: aborting
    2015/09/18 15:52:02 [alert] 26313#26313: *0 open socket #33 left in connection 5
    2015/09/18 15:52:02 [alert] 26313#26313: aborting
    2015/09/18 15:52:02 [alert] 26311#26311: *0 open socket #29 left in connection 5
    2015/09/18 15:52:02 [alert] 26311#26311: aborting
    
    So switched back to SPDY SSL

    edit: weirdest thing clearing my cookies in browser fixed the problem !
     
    Last edited: Sep 19, 2015
  9. Andy

    Andy Active Member

    456
    73
    28
    Aug 6, 2014
    Ratings:
    +101
    Local Time:
    2:25 AM
    I read you have to add "aso threads;" in your nginx conf.
     
  10. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    in relation to my error ? or you asking a question ?

    i think for my forums having issue with ngx_pagespeed and HTTP/2 for some reason

    edit: weirdest thing clearing my cookies in browser fixed the problem !
     
    Last edited: Sep 19, 2015
  11. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    With Nginx HTTP/2 version 6 patch doing some HTTP/2 tests

    Code:
    curl --http2 -I https://centminmod.com
    HTTP/2.0 200
    content-type:text/html; charset=utf-8
    vary:Accept-Encoding
    server:nginx centminmod
    alternate-protocol:443:npn-spdy/3
    public-key-pins:pin-sha256="oGbPgwR7vxLMpWdDIy+gc/Z0YD0EYCblHDCCgNQg9W8="; pin-sha256="KrRz+515ViRd/gdl7yGWCW1R4CFAAeMIBHp0JTNk8qc="; max-age=604800; includeSubDomains
    date:Sat, 19 Sep 2015 13:12:23 GMT
    x-page-speed:centminmod.com PageSpeed
    cache-control:max-age=0, no-cache
    Code:
    h2i centminmod.com
    Connecting to centminmod.com:443 ...
    Connected to 162.211.65.18:443
    Negotiated protocol "h2"
    [FrameHeader SETTINGS len=18]
      [MAX_CONCURRENT_STREAMS = 128]
      [INITIAL_WINDOW_SIZE = 2147483647]
      [MAX_FRAME_SIZE = 16777215]
    [FrameHeader WINDOW_UPDATE len=4]
      Window-Increment = 2147418112
    Code:
    /usr/local/http2-15/bin/openssl s_client -alpn h2 -host centminmod.com -port 443
    
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    ALPN protocol: h2
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    
    Code:
    cipherscan centminmod.com:443
    ....................
    Target: centminmod.com:443
    
    prio  ciphersuite                  protocols              pfs                 curves
    1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                ECDH,P-256,256bits  prime256v1
    2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
    3     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits  prime256v1
    4     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,2048bits         None
    5     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                DH,2048bits         None
    6     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
    7     ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
    8     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
    9     ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
    10    DHE-RSA-AES128-SHA256        TLSv1.2                DH,2048bits         None
    11    DHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
    12    DHE-RSA-AES256-SHA256        TLSv1.2                DH,2048bits         None
    13    DHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
    14    AES128-GCM-SHA256            TLSv1.2                None                None
    15    AES256-GCM-SHA384            TLSv1.2                None                None
    16    AES128-SHA256                TLSv1.2                None                None
    17    AES256-SHA256                TLSv1.2                None                None
    18    AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
    19    AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
    
    Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
    TLS ticket lifetime hint: 3600
    OCSP stapling: supported
    Cipher ordering: server
    
    Fallbacks required:
    big-SSLv3 config not supported, connection failed
    big-TLSv1.0 no fallback req, connected: TLSv1 ECDHE-RSA-AES128-SHA
    big-TLSv1.1 no fallback req, connected: TLSv1.1 ECDHE-RSA-AES128-SHA
    big-TLSv1.2 no fallback req, connected: TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
    Code:
    nghttp -nas https://centminmod.com:443
    ***** Statistics *****
    
    Request timing:
      responseEnd: the  time  when  last  byte of  response  was  received
                   relative to connectEnd
    requestStart: the time  just before  first byte  of request  was sent
                   relative  to connectEnd.   If  '*' is  shown, this  was
                   pushed by server.
          process: responseEnd - requestStart
             code: HTTP status code
             size: number  of  bytes  received as  response  body  without
                   inflation.
              URI: request URI
    
    see http://www.w3.org/TR/resource-timing/#processing-model
    
    sorted by 'complete'
    
    id  responseEnd requestStart  process code size request path
    13    +78.25ms       +263us  77.98ms  200  29K /
    15    +89.03ms     +66.35ms  22.68ms  200   9K /img/favicon.ico
    19   +106.37ms     +66.36ms  40.02ms  200  38K /js/jquery.min.js+bootstrap.min.js.pagespeed.jc.Cd39AMnoIp.js
    21   +106.76ms     +66.36ms  40.40ms  200   7K /js/hover-dropdown-menu.js+jquery.hover-dropdown-menu-addon.js+jquery.easing.1.3.js.pagespeed.jc.vy5S6wKQse.js
    23   +119.30ms     +66.36ms  52.94ms  200  24K /js/bootstrapValidator.min.js.pagespeed.jm.YU3KUlvaHb.js
    25   +119.54ms     +66.36ms  53.18ms  200   6K /js/custom.js.pagespeed.jm.q-StvNlmtR.js
    17   +188.11ms     +66.35ms 121.76ms  200 110K /css/A.localfonts.css+font-awesome.min.css+bootstrap.min.css+hover-dropdown-menu.css+icons-set8.css+animate.min.css+style.css+responsive.css+color.css,Mcc.2FS93mcO_5.css.pagespeed.cf.RT14_H8niI.css
    Code:
    nghttp -nv https://centminmod.com:443
    [  0.048] Connected
    The negotiated protocol: h2
    [  0.081] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
              (niv=3)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):128]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):2147483647]
              [SETTINGS_MAX_FRAME_SIZE(0x05):16777215]
    [  0.081] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
              (window_size_increment=2147418112)
    [  0.081] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
              (niv=2)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
    [  0.081] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
              (dep_stream_id=0, weight=201, exclusive=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
              (dep_stream_id=0, weight=101, exclusive=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
              (dep_stream_id=0, weight=1, exclusive=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
              (dep_stream_id=7, weight=1, exclusive=0)
    [  0.081] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
              (dep_stream_id=3, weight=1, exclusive=0)
    [  0.081] send HEADERS frame <length=41, flags=0x25, stream_id=13>
              ; END_STREAM | END_HEADERS | PRIORITY
              (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
              ; Open new stream
              :method: GET
              :path: /
              :scheme: https
              :authority: centminmod.com
              accept: */*
              accept-encoding: gzip, deflate
              user-agent: nghttp2/1.3.2-DEV
    [  0.097] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.158] recv (stream_id=13) :status: 200
    [  0.158] recv (stream_id=13) content-type: text/html; charset=utf-8
    [  0.158] recv (stream_id=13) vary: Accept-Encoding
    [  0.158] recv (stream_id=13) server: nginx centminmod
    [  0.158] recv (stream_id=13) alternate-protocol: 443:npn-spdy/3
    [  0.158] recv (stream_id=13) public-key-pins: pin-sha256="oGbPgwR7vxLMpWdDIy+gc/Z0YD0EYCblHDCCgNQg9W8="; pin-sha256="KrRz+515ViRd/gdl7yGWCW1R4CFAAeMIBHp0JTNk8qc="; max-age=604800; includeSubDomains
    [  0.158] recv (stream_id=13) date: Sat, 19 Sep 2015 13:07:19 GMT
    [  0.158] recv (stream_id=13) x-page-speed: centminmod.com PageSpeed
    [  0.158] recv (stream_id=13) cache-control: max-age=0, no-cache
    [  0.158] recv (stream_id=13) content-encoding: gzip
    [  0.158] recv HEADERS frame <length=407, flags=0x04, stream_id=13>
              ; END_HEADERS
              (padlen=0)
              ; First response header
    [  0.159] recv DATA frame <length=8192, flags=0x00, stream_id=13>
    [  0.174] recv DATA frame <length=8192, flags=0x00, stream_id=13>
    [  0.174] recv DATA frame <length=8192, flags=0x00, stream_id=13>
    [  0.174] recv DATA frame <length=10, flags=0x00, stream_id=13>
    [  0.174] recv DATA frame <length=5986, flags=0x01, stream_id=13>
              ; END_STREAM
    [  0.174] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
              (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
     
    • Informative Informative x 1
  12. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Tested this forum's Nginx HTTP/2 on Android 4.4.2 with native Android 30 browser and works fine so maybe fears of Android browser's HTTP/2 compatibility is not that bad ? :)
     
    • Informative Informative x 1
  13. rdan

    rdan Well-Known Member

    4,856
    1,160
    113
    May 25, 2014
    Ratings:
    +1,740
    Local Time:
    3:25 PM
    Mainline
    10.2
    I think this is not needed anymore on HTTP/2:
    Code:
    add_header Alternate-Protocol  443:npn-spdy/3;
    All the sites using Nginx w/ patch HTTP/2 don't have that header included and it works fine.
    Even on nginx blog, it's not mentioned.
     
  14. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah i suspect that's the case.. but no sites mention removing it either heh

    edit: updated 123.09beta01 and removed it if HTTP/2 is in use remove Alternate-Protocol 443:npn-spdy/3 if HTTP/2 is in use · centminmod/[email protected] · GitHub :)
     
    Last edited: Sep 21, 2015
    • Like Like x 1
  15. rdan

    rdan Well-Known Member

    4,856
    1,160
    113
    May 25, 2014
    Ratings:
    +1,740
    Local Time:
    3:25 PM
    Mainline
    10.2
    Facebook is probably using Nginx Plus since they support HTTP/2 now :).
     
    • Like Like x 1
  16. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    strange i still see SPDY/3.1 for my facebook pages :)
     
  17. rdan

    rdan Well-Known Member

    4,856
    1,160
    113
    May 25, 2014
    Ratings:
    +1,740
    Local Time:
    3:25 PM
    Mainline
    10.2
    SPDY 3.1 again now :D
    Maybe they are on testing process.
     
  18. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah they can probably roll out HTTP/2 to XX% of traffic only :)
     
  19. Tracy Perry

    Tracy Perry Active Member

    213
    87
    28
    Aug 24, 2014
    Texas
    Ratings:
    +145
    Local Time:
    1:25 AM
    1.11.5
    MariaDB 10.0.28
    Hmm... wonder if it's working? :p

    Screen-Shot-2015-09-29-at-2.33.50-AM.jpg
     
    • Like Like x 1
  20. eva2000

    eva2000 Administrator Staff Member

    43,060
    9,779
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,096
    Local Time:
    5:25 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    welcome to the Nginx HTTP/2 club :D