NGINX Plus now fully supports HTTP/2

Source: Internet
Author: User
Tags rfc

Earlier, we released the NGINX Plus R7 that supported the HTTP/2 protocol. As the latest standard for the HTTP protocol, HTTP/2 is designed to deliver higher performance and security for today's Web applications. (LCTT: Open source version of NGINX 1.95 also supports HTTP/2.) )

NGINX Plus The implementation of the HTTP/2 protocol can seamlessly interface with existing websites and applications. Just a little change, no matter what browser the user chooses, NGINX Plus will provide the best experience for both http/1.x and HTTP/2.

to support HTTP/2 only through optional nginx plus HTTP2 Package. Nginx Plus plus extras The package supports the SPDY protocol, which is currently recommended for production sites because it is supported by most browsers and the code is fairly mature.

Why use HTTP/2?

HTTP/2 make data transfer more efficient and more secure for your application. HTTP/2 has five more performance features than http/1.x:

Full Reuse – On a connection that remains active (keepalive), http/1.1 forces the request to be processed in strict order. A request must end before the next request begins. HTTP/2 eliminates this requirement, allowing parallel and disorderly ordering to process requests.

single, persistent connection – Because HTTP/2 allows full reuse of requests, all objects on a Web page can be downloaded in parallel through a single connection. In http/1.x, multiple connections are used to download resources in parallel, resulting in inefficient use of the underlying TCP protocol.

Binary encoding –header information is sent in a compact binary format, rather than plain text format, saving transmission bytes.

Header Compression –headers uses a dedicated HPACK compression algorithm to compress, which further reduces the bytes of data transmitted over the network.

SSL/TLS Encrypt – in Http/2, the use of SSL/TLS is mandatory. There is no enforcement in the RFC, which allows plain text http/2, but all Web browsers that currently implement HTTP/2 only support encryption. SSL/TLS can make your site more secure and use HTTP/2 to improve performance and reduce the performance loss of the encryption and decryption process.

NGINX Plus How to implement HTTP/2

Our HTTP/2 implementation is based on SPDY support, and it has been widely deployed (using the Nginx or Nginx Plus website for nearly 75% of the SPDY). When you deploy HTTP/2 with NGINX Plus, you rarely change the configuration of your application. This section discusses how NGINX plus can support HTTP/2.

A HTTP/2 Gateway

NGINX Plus as a HTTP/2 gateway. It communicates with HTTP/2, a client Web browser that supports HTTP/2, and uses http/1.x (or FastCGI, scgi, Uwsgi, and so on) to convert HTTP/2 requests for communication to the backend server. – Depending on the protocol you are currently using).

Backwards compatibility

Over time, you need to support both HTTP/2 and http/1.x. At the time this article was written, more than 50% of users used WEB browsers that already supported HTTP/2, but that also meant that nearly 50% had not yet used them.

In order to support both http/1.x and Http/2,nginx Plus, the Next Protocol negotiation (NPN) extension on TLS is implemented. When a Web browser connects to the server, it sends a list of supported protocols to the server side. If the browser supports a list of protocols that include H2-that is, Http/2,nginxplus will use HTTP/2 to connect to the browser. If the browser does not support NPN or does not h2,nginxplus in the Send supported Protocols list, it will continue to fall back to http/1.x.

Steering HTTP/2

NGINX the company will do its best to help you seamlessly transition to using HTTP/2. This section describes how to enable support for HTTP/2 by making changes to your app, which requires only a few changes to the NGINX Plus configuration.

Pre-conditions

upgrade to Nginx plus R7 using the Nginx plus HTTP2 package. Note that there is no support for the HTTP/2 version of the NginxplusExtras package.

Redirect all traffic to SSL/TLS

If your app is not using SSL/TLS encryption, it's a good time to enable it now. Encrypting your app can protect you from spies and other middlemen. Some search engines even improve the ranking of encrypted sites in search results. The following configuration block redirects all normal HTTP requests to the encrypted version of the Web site.

server {

Listen 80;

Location/{

Return 301 https://$host $request_uri;

}

}

Enable HTTP/2

To enable support for HTTP/2, simply add the HTTP2 parameter to all listen directives and include the SSL parameter, because the browser does not support unencrypted HTTP/2 requests.

server {

Listen 443 SSL HTTP2 default_server;

Ssl_certificate SERVER.CRT;

Ssl_certificate_key Server.key;

...

}

If necessary, restart the Nginx Plus, for example by running the nginx-s reload command. To verify that HTTP/2 is working correctly, you can use the HTTP/2 and SPDY indicator plugin in Google Chrome and Firefox to check.

Precautions

Before installing the Nginxplushttp2 Package, you must remove the SPDY parameter after all listen instructions in the configuration file (using HTTP2 and SSL parameter to replace it to enable support for HTTP/2). After using this package, NGINX Plus will fail to start if the Listen command has the Spdy parameter.

If you're using a WEB application firewall (WAF) at the Nginxplus front end, make sure it resolves the http/2, or move it behind NGINX Plus.

This version does not support the "Server Push" attribute defined in the HTTP/2 RFC. A later version of NGINX Plus may support it.

NGINX Plus R7 supports both SPDY and HTTP/2 (LCTT: But you can only use one of them at the same time). In a future release, we will discard support for SPDY. Google will abandon SPDY at the beginning of 2016, so it is not necessary to support both agreements.

If Ssl_prefer_server_ciphers is set to ON or the Ssl_ciphers list defined in Appendix a:tls1.2 ciper Suite Black list is used, the browser appears handshake- Errors and does not work properly.

Free pick up Brother Lian IT Education Original Linux Maintenance Engineer video/Detailed Linux tutorials, details of the website customer service: http://www.lampbrother.net/linux/

or hooking up with Q2430675018.

Welcome to the Linux Communication Group 478068715


NGINX Plus now fully supports HTTP/2

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.