HTTP/2
or also named HTTP/2.0 is the second major version of the HTTP network protocol used by the World Wide Web since HTTP1/1. It is based on Google’s SPDY protocol. HTTP/2 is the new version of HyperText Transport Protocol
(HTTP), which was released as an IETF standard in early 2015. HTTP/2 support is now
available in some web servers. Nginx was the first web-server that began to support HTTP/2.
HTTP/2 is closely tied to SSL. While SSL is not required by the HTTP/2 specification, all web
browsers released so far will only run HTTP/2 if a website also uses SSL. HTTP/2 speeds up
SSL-enabled websites and makes web applications simpler.
HTTP/2 5 key features:
• Single, Persistent Connection – Only one connection is used for each web page, as
shown in the figure. The same connection is used as long as the web page is open.
• Multiplexing – Requests and replies are prioritized and multiplexed onto separate
streams within the single connection. When the connection is stable, “head of line
blocking” – making every transfer wait for all previous transfers to complete – is
eliminated.
• Header Compression and Binary Encoding – Headers are compressed using a new,
separate, secure standard, HPACK compression, which reduces the amount of data
crossing the network. Header information is sent in compact, binary format, not as
plain text.
• Prioritization – Requests are assigned levels of dependency and requests at the same
level are prioritized. The server uses this information to order and assign resources to
fulfilling requests.
• SSL Encryption – HTTP/2 allows you to add SSL support with, in some cases, no
performance penalty, making your site more secure.
Nginx since 1.9.5 is HTTP/2 enabled by default.
To check your nginx is HTTP/2 enabled:
1 |
# nginx -V |
configure arguments must contains “-with-http_v2_module”
example:
1 2 3 4 5 |
nginx version: nginx/1.9.6 built by gcc 4.7.2 (Debian 4.7.2-5) built with OpenSSL 1.0.1e 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_dav_module --add-module=nginx-dav-ext-module-0.0.3 --add-module=echo-nginx-module-0.57 --add-module=simpl-ngx_devel_kit-b62f5a3 --add-module=kyprizel-testcookie-nginx-module-fa546e2 --add-module=openresty-lua-nginx-module-7b1ff62 --with-http_geoip_module --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' --with-ld-opt=-Wl,-z,relro --with-ipv6 |
For HTTP/2-enabled version of NGINX, do the following:
1. Add the http2 parameter and, if not already in place, the ssl parameter, to existing
listen directives – but first, add a URL redirector for HTTP/1.x:
1 2 3 4 5 6 7 8 9 10 11 12 |
server { listen 80; server_name nginx.com; return 301 https://www.nginx.com$request_uri; } server { listen 443 ssl http2; ssl_certificate /path/to/server.crt; ssl_certificate_key /path/to/server.key; … } |
2. Restart NGINX:
1 |
# nginx -s reload |
To test your web-site you can use http://http2.loadimpact.com/