NGINX Plus now fully supports HTTP/2

Earlier, we released the NGINX Plus R7 that supported the HTTP/2 protocol. As the latest standard for the HTTP protocol, HTTP/2 is designed to deliver higher performance and security for today's Web applications. (LCTT: Open source version of NGINX 1.95 also supports HTTP/2.) ）

The HTTP/2 protocol implemented by NGINX Plus can seamlessly interface with existing websites and applications. Just a little change, no matter what browser the user chooses, NGINX Plus will provide the best experience for both http/1.x and HTTP/2.

To support HTTP/2, you only need to pass the optional NGINX?PLUS?HTTP2 package. The Nginx?plus and Nginx?plus?extras packages support the SPDY protocol, which is currently recommended for production sites because it is supported by most browsers and the code is quite mature.

Why use HTTP/2?

HTTP/2 makes data transfer more efficient and more secure for your application. HTTP/2 has five more performance features than http/1.x:

Full Reuse – on a connection that remains active (keepalive), http/1.1 forces the request to be processed in strict order. A request must end before the next request begins. HTTP/2 eliminates this requirement, allowing parallel and disorderly ordering to process requests.

single, persistent connection – because HTTP/2 allows full reuse of requests, all objects on a Web page can be downloaded in parallel through a single connection. In http/1.x, multiple connections are used to download resources in parallel, resulting in inefficient use of the underlying TCP protocol.

binary encoded –header information is sent in a compact binary format instead of plain text format, saving the transmission bytes.

Header compression –headers uses a dedicated HPACK compression algorithm to compress, which further reduces the bytes of data transmitted over the network.

SSL/TLS encryption – in HTTP/2, the use of SSL/TLS is enforced. There is no enforcement in the RFC, which allows plain text http/2, but all Web browsers that currently implement HTTP/2 only support encryption. SSL/TLS can make your site more secure and use HTTP/2 to improve performance and reduce the performance loss of the encryption and decryption process.

NGINX Plus How to implement HTTP/2

Our HTTP/2 implementation is based on SPDY support, and it has been widely deployed (using the Nginx or Nginx Plus website for nearly 75% of the SPDY). When you deploy HTTP/2 with NGINX Plus, you rarely change the configuration of your application. This section discusses how NGINX plus can support HTTP/2.

A HTTP/2 Gateway

NGINX Plus as a HTTP/2 gateway. It communicates with HTTP/2, a client Web browser that supports HTTP/2, and uses http/1.x (or FastCGI, scgi, Uwsgi, and so on) to convert HTTP/2 requests for communication to the backend server. – Depending on the protocol you are currently using).

Backwards compatibility

Over time, you need to support both HTTP/2 and http/1.x. At the time this article was written, more than 50% of users used WEB browsers that already supported HTTP/2, but that also meant that nearly 50% had not yet used them.

In order to support both http/1.x and Http/2,nginx Plus, the Next Protocol negotiation (NPN) extension on TLS is implemented. When a Web browser connects to the server, it sends a list of supported protocols to the server side. If the browser supports a list of protocols that include H2-that is, Http/2,nginx Plus will use HTTP/2 to connect to the browser. If the browser does not support NPN or does not have H2,nginx Plus in the Send supported Protocols list, it will continue to fall back to http/1.x.

Steering HTTP/2

NGINX will help you to seamlessly transition to using HTTP/2 as much as possible. This section describes how to enable support for HTTP/2 by making changes to your app, which requires only a few changes to the NGINX Plus configuration.

Pre-conditions

Upgrade to Nginx plus R7 using the NGINX?PLUS?HTTP2 package. Note There are no Nginx?plus?extras packages that support the HTTP/2 version.

Redirect all traffic to SSL/TLS

If your app is not using SSL/TLS encryption, it's a good time to enable it now. Encrypting your app can protect you from spies and other middlemen. Some search engines even improve the ranking of encrypted sites in search results. The following configuration block redirects all normal HTTP requests to the encrypted version of the Web site.

server {

Listen 80;

Location/{

Return 301 https://$host $request_uri;

}

}

Enable HTTP/2

To enable support for HTTP/2, simply add the HTTP2 parameter to all listen directives and include the SSL parameter, because the browser does not support unencrypted HTTP/2 requests.

server {

Listen 443 SSL HTTP2 default_server;

Ssl_certificate SERVER.CRT;

Ssl_certificate_key Server.key;

...

}

If necessary, restart the NGINX Plus, for example by running the nginx-s reload command. To verify that HTTP/2 is working correctly, you can use the HTTP/2 and SPDY indicator plugin in Google Chrome and Firefox to check.

Precautions

Before installing the NGINX?PLUS?HTTP2 package, you must remove the SPDY parameter (replace it with HTTP2 and SSL parameters to enable support for HTTP/2) for all listen instructions in the configuration file. After using this package, NGINX Plus will fail to start if the Listen command has the Spdy parameter.

If you are using a WEB application firewall (WAF) on the Nginx plus front end, make sure it resolves the http/2, or move it to the back of Nginx plus.

This version does not support the "Server Push" attribute defined in the HTTP/2 RFC. A later version of NGINX Plus may support it.

NGINX Plus R7 supports both SPDY and HTTP/2 (LCTT: But you can only use one of them at the same time). In a future release, we will discard support for SPDY. Google will abandon SPDY at the beginning of 2016, so it is not necessary to support both agreements.

If Ssl_prefer_server_ciphers is set to ON or the Ciper list defined in Appendix A:tls 1.2 ssl_ciphers Suite Black list is used, the browser appears Handshak E-errors and does not work properly.

Free pick up brother even it education original Linux OPS engineer video/Detailed Linux tutorials, details Inquiry official website customer Service: http://www.itxdl.cn/linux/

or hooking up with Q2430675018.

Welcome to the Linux Communication Group 478068715

NGINX Plus now fully supports HTTP/2