Join the community today
Register Now

Beta Branch Nginx HTTP/2 & OpenSSL 1.1.0 patch updates

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jun 23, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    no it's a nginx patch released by Cloudflare for nginx users like ourselves :)
     
    • Informative Informative x 1
  2. Sunka

    Sunka Well-Known Member

    1,025
    284
    83
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +462
    Local Time:
    2:54 AM
    Nginx 1.15.0
    MariaDB 10.2.15
    I am using LibreSSL

    So just add NGINX_HPACK='y' into in persistent config file at /etc/centminmod/custom_config.inc and recompile nginix.
    That would be all?
     
  3. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yup that's all you need to do with 123.09beta01 :)
     
    • Winner Winner x 2
  4. Sunka

    Sunka Well-Known Member

    1,025
    284
    83
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +462
    Local Time:
    2:54 AM
    Nginx 1.15.0
    MariaDB 10.2.15
    I think it's installed OK.
    Thanks @eva2000
     
    • Agree Agree x 1
  5. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    3:54 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Wondering why Nginx don't use this patch or add their own solution for this?
     
    Last edited: Jun 29, 2017
  6. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    all unknown answers hence probably why not added to Nginx yet. But Valentin from Nginx is looking into possibility of adding it Re: [PATCH] HTTP/2: add support for HPACK encoding

     
    • Informative Informative x 1
  7. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    3:54 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Also can i enable it with no issues if i do not use https yet?

    I know it will do nothing until i enable https but i am just wondering if it can cause any issues ?
     
  8. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    should be ok.. but as i said unknown hence disabled by default :)
     
  9. upgrade81

    upgrade81 Premium Member Premium Member

    172
    9
    18
    Sep 5, 2016
    Italy
    Ratings:
    +13
    Local Time:
    2:54 AM
    1.13.8
    10
    Hello, I did not understand if using the version 123.09beta01, I have to insert in the custom_config also NGINX_PATCH = 'y'

    currently it is like this:

    NGINX_DYNAMICTLS = 'y'
    NGINX_HPACK = 'y'
    OPENSSL_VERSION = '1.1.0g'
    LIBRESSL_SWITCH = 'n'
    CLANG = 'n'
    DEVTOOLSETSEVEN = 'y'

    thank you
     
  10. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    no need as NGINX_PATCH='y' is default already in centmin.sh
     
    • Like Like x 2
  11. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    3:54 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Is this ok to test it?
    Also does HPACK cause any issues with old versions of internet explorer or Safari?
     
  12. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  13. anthony parsons

    anthony parsons Premium Member Premium Member

    77
    18
    8
    Feb 12, 2017
    Ratings:
    +22
    Local Time:
    12:54 PM
    Current yum stable
    10.1
    Soooo, with default beta current install that uses openssl 1.1.0, this is not required?

    Or can still be used, simply by adding NGINX_HPACK = 'y' to custom config and rebuilding NGINX?
     
  14. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    you can enable it for OpenSSL 1.1.0h which is current version if you want though benefits are minimal unless you have alot of traffic (millions of visitors/day).
     
    • Like Like x 1
  15. anthony parsons

    anthony parsons Premium Member Premium Member

    77
    18
    8
    Feb 12, 2017
    Ratings:
    +22
    Local Time:
    12:54 PM
    Current yum stable
    10.1
    So if I enable Brotli, which changes to libressl, is that the same outcome? Not really essential unless millions of visitors daily?
     
  16. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    ?? Enabling brotli doesn't change Nginx's OpenSSL usage in 123.09beta01
     
    • Like Like x 1
  17. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Checking that Cloudflare HPACK patch still works on Nginx 1.15.2 + OpenSSL 1.1.0i to improve header compression savings on repeated requests :)

    looking good for HPACK full encoding patch with persistent config set with /etc/centminmod/custom_config.inc
    Code (Text):
    NGINX_HPACK='y'
    

    to enable Cloudflare's HPACK full encoding patch for Nginx 1.15.2+ - check for --with-http_v2_hpack_enc in nginx -V output
    h2load HTTP/2 HTTPS test for HPACK improved header space savings on repeated runs
    Code (Text):
    url=https://http2.domain.com
    
    for i in $(seq 1 20); do echo "h2load run $i"; h2load $url -n $i | tail -6 | head -1; done
    h2load run 1
    traffic: 6.69KB (6848) total, 189B (189) headers (space savings 36.36%), 6.44KB (6592) data
    h2load run 2
    traffic: 13.15KB (13470) total, 201B (201) headers (space savings 66.16%), 12.88KB (13184) data
    h2load run 3
    traffic: 19.62KB (20092) total, 213B (213) headers (space savings 76.09%), 19.31KB (19776) data
    h2load run 4
    traffic: 26.09KB (26714) total, 225B (225) headers (space savings 81.06%), 25.75KB (26368) data
    h2load run 5
    traffic: 32.55KB (33336) total, 237B (237) headers (space savings 84.04%), 32.19KB (32960) data
    h2load run 6
    traffic: 39.02KB (39958) total, 249B (249) headers (space savings 86.03%), 38.63KB (39552) data
    h2load run 7
    traffic: 45.49KB (46580) total, 261B (261) headers (space savings 87.45%), 45.06KB (46144) data
    h2load run 8
    traffic: 51.96KB (53202) total, 273B (273) headers (space savings 88.51%), 51.50KB (52736) data
    h2load run 9
    traffic: 58.42KB (59824) total, 285B (285) headers (space savings 89.34%), 57.94KB (59328) data
    h2load run 10
    traffic: 64.89KB (66446) total, 297B (297) headers (space savings 90.00%), 64.38KB (65920) data
    h2load run 11
    traffic: 71.36KB (73068) total, 309B (309) headers (space savings 90.54%), 70.81KB (72512) data
    h2load run 12
    traffic: 77.82KB (79690) total, 321B (321) headers (space savings 90.99%), 77.25KB (79104) data
    h2load run 13
    traffic: 84.29KB (86312) total, 333B (333) headers (space savings 91.38%), 83.69KB (85696) data
    h2load run 14
    traffic: 90.76KB (92934) total, 345B (345) headers (space savings 91.70%), 90.13KB (92288) data
    h2load run 15
    traffic: 97.22KB (99556) total, 357B (357) headers (space savings 91.99%), 96.56KB (98880) data
    h2load run 16
    traffic: 103.69KB (106178) total, 369B (369) headers (space savings 92.23%), 103.00KB (105472) data
    h2load run 17
    traffic: 110.16KB (112800) total, 381B (381) headers (space savings 92.45%), 109.44KB (112064) data
    h2load run 18
    traffic: 116.62KB (119422) total, 393B (393) headers (space savings 92.65%), 115.88KB (118656) data
    h2load run 19
    traffic: 123.09KB (126044) total, 405B (405) headers (space savings 92.82%), 122.31KB (125248) data
    h2load run 20
    traffic: 129.56KB (132666) total, 417B (417) headers (space savings 92.98%), 128.75KB (131840) data
    
     
    • Like Like x 2
  18. eva2000

    eva2000 Administrator Staff Member

    36,905
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,436
    Local Time:
    11:54 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    • Like Like x 1
..