Want to subscribe to topics you're interested in?
Become a Member

Beta Branch Nginx HTTP/2 & OpenSSL 1.1.0 patch updates

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jun 23, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no it's a nginx patch released by Cloudflare for nginx users like ourselves :)

     
  2. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    10:50 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    I am using LibreSSL

    So just add NGINX_HPACK='y' into in persistent config file at /etc/centminmod/custom_config.inc and recompile nginix.
    That would be all?
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup that's all you need to do with 123.09beta01 :)
     
  4. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    10:50 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    I think it's installed OK.
    Thanks @eva2000
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:50 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Wondering why Nginx don't use this patch or add their own solution for this?
     
    Last edited: Jun 29, 2017
  6. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    all unknown answers hence probably why not added to Nginx yet. But Valentin from Nginx is looking into possibility of adding it Re: [PATCH] HTTP/2: add support for HPACK encoding

     
  7. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:50 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Also can i enable it with no issues if i do not use https yet?

    I know it will do nothing until i enable https but i am just wondering if it can cause any issues ?
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    should be ok.. but as i said unknown hence disabled by default :)
     
  9. upgrade81

    upgrade81 Member

    295
    17
    18
    Sep 5, 2016
    CH
    Ratings:
    +30
    Local Time:
    10:50 PM
    1.17
    10.3
    Hello, I did not understand if using the version 123.09beta01, I have to insert in the custom_config also NGINX_PATCH = 'y'

    currently it is like this:

    NGINX_DYNAMICTLS = 'y'
    NGINX_HPACK = 'y'
    OPENSSL_VERSION = '1.1.0g'
    LIBRESSL_SWITCH = 'n'
    CLANG = 'n'
    DEVTOOLSETSEVEN = 'y'

    thank you
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no need as NGINX_PATCH='y' is default already in centmin.sh
     
  11. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    11:50 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Is this ok to test it?
    Also does HPACK cause any issues with old versions of internet explorer or Safari?
     
  12. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  13. anthony parsons

    anthony parsons Premium Member Premium Member

    79
    20
    8
    Feb 12, 2017
    Ratings:
    +24
    Local Time:
    8:50 AM
    1.22.0
    10.4.26
    Soooo, with default beta current install that uses openssl 1.1.0, this is not required?

    Or can still be used, simply by adding NGINX_HPACK = 'y' to custom config and rebuilding NGINX?
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you can enable it for OpenSSL 1.1.0h which is current version if you want though benefits are minimal unless you have alot of traffic (millions of visitors/day).
     
  15. anthony parsons

    anthony parsons Premium Member Premium Member

    79
    20
    8
    Feb 12, 2017
    Ratings:
    +24
    Local Time:
    8:50 AM
    1.22.0
    10.4.26
    So if I enable Brotli, which changes to libressl, is that the same outcome? Not really essential unless millions of visitors daily?
     
  16. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ?? Enabling brotli doesn't change Nginx's OpenSSL usage in 123.09beta01
     
  17. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Checking that Cloudflare HPACK patch still works on Nginx 1.15.2 + OpenSSL 1.1.0i to improve header compression savings on repeated requests :)

    looking good for HPACK full encoding patch with persistent config set with /etc/centminmod/custom_config.inc
    Code (Text):
    NGINX_HPACK='y'
    

    to enable Cloudflare's HPACK full encoding patch for Nginx 1.15.2+ - check for --with-http_v2_hpack_enc in nginx -V output
    h2load HTTP/2 HTTPS test for HPACK improved header space savings on repeated runs
    Code (Text):
    url=https://http2.domain.com
    
    for i in $(seq 1 20); do echo "h2load run $i"; h2load $url -n $i | tail -6 | head -1; done
    h2load run 1
    traffic: 6.69KB (6848) total, 189B (189) headers (space savings 36.36%), 6.44KB (6592) data
    h2load run 2
    traffic: 13.15KB (13470) total, 201B (201) headers (space savings 66.16%), 12.88KB (13184) data
    h2load run 3
    traffic: 19.62KB (20092) total, 213B (213) headers (space savings 76.09%), 19.31KB (19776) data
    h2load run 4
    traffic: 26.09KB (26714) total, 225B (225) headers (space savings 81.06%), 25.75KB (26368) data
    h2load run 5
    traffic: 32.55KB (33336) total, 237B (237) headers (space savings 84.04%), 32.19KB (32960) data
    h2load run 6
    traffic: 39.02KB (39958) total, 249B (249) headers (space savings 86.03%), 38.63KB (39552) data
    h2load run 7
    traffic: 45.49KB (46580) total, 261B (261) headers (space savings 87.45%), 45.06KB (46144) data
    h2load run 8
    traffic: 51.96KB (53202) total, 273B (273) headers (space savings 88.51%), 51.50KB (52736) data
    h2load run 9
    traffic: 58.42KB (59824) total, 285B (285) headers (space savings 89.34%), 57.94KB (59328) data
    h2load run 10
    traffic: 64.89KB (66446) total, 297B (297) headers (space savings 90.00%), 64.38KB (65920) data
    h2load run 11
    traffic: 71.36KB (73068) total, 309B (309) headers (space savings 90.54%), 70.81KB (72512) data
    h2load run 12
    traffic: 77.82KB (79690) total, 321B (321) headers (space savings 90.99%), 77.25KB (79104) data
    h2load run 13
    traffic: 84.29KB (86312) total, 333B (333) headers (space savings 91.38%), 83.69KB (85696) data
    h2load run 14
    traffic: 90.76KB (92934) total, 345B (345) headers (space savings 91.70%), 90.13KB (92288) data
    h2load run 15
    traffic: 97.22KB (99556) total, 357B (357) headers (space savings 91.99%), 96.56KB (98880) data
    h2load run 16
    traffic: 103.69KB (106178) total, 369B (369) headers (space savings 92.23%), 103.00KB (105472) data
    h2load run 17
    traffic: 110.16KB (112800) total, 381B (381) headers (space savings 92.45%), 109.44KB (112064) data
    h2load run 18
    traffic: 116.62KB (119422) total, 393B (393) headers (space savings 92.65%), 115.88KB (118656) data
    h2load run 19
    traffic: 123.09KB (126044) total, 405B (405) headers (space savings 92.82%), 122.31KB (125248) data
    h2load run 20
    traffic: 129.56KB (132666) total, 417B (417) headers (space savings 92.98%), 128.75KB (131840) data
    
     
  18. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    7:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+