3

Environment:

  • Ubuntu 16.04 LTS
  • Nginx version: nginx/1.10.3 (Ubuntu)
  • OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016

Simple Description:

I have configured nginx to use http2, and some of my requests are using http2, however, some of my requests are using http1.1 instead.

Nginx Configuration:

I use exactly the same configuration as Mozilla generator suggest

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /path/to/signed_cert_plus_intermediates;
    ssl_certificate_key /path/to/private_key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    resolver <IP DNS resolver>;

    ....
}

And my special configuration looks like:

server_name mydomain;

set $root myrootpath;
root  $root;

location / {
        try_files $uri /index.html;
}

location /api/ {
        proxy_pass http://127.0.0.1:5000/api/;
        proxy_redirect default;
}

location /page/ {
        proxy_pass http://127.0.0.1:5000/page/;
        proxy_redirect default;
}

More Details: The http request to /api and /page can use http2 correctly, but when the browser request static resources like images or .js files under / or /static, it will use http1.1, I attached picture enter image description here

after I clear the cache, and still those static resources are requested via http1.1. However, the response status code is 304 this time enter image description here I searched google and do not find the answer, people said OpenSSL and nginx version may cause http2 problem, but my version has no such problem, and it works for /api and /page route request. So what's the problem?

Improve this question
4
  • The column that shows the number of bytes also has (from.... If you enlarge the column, does it say (from disk/memory cache) ? If so, it may just be that the protocol is defaulted to http/1.1 because the resource has not really been requested over the network, but retrieved from the cache. Commented Nov 22, 2017 at 9:43
  • Yes, it is (from disk/memory cache), however, after I clear the cache, most of static resources still use http1.1. I add another picture in the question Commented Nov 22, 2017 at 14:01
  • Are these resources requested using the https scheme to the same domain that serves HTTP/2 ? What browser are you using ? If you use a different browser, do you see the same behavior ? I ask because it is not uncommon for browsers to make some request with HTTP/1.1 for statistic purposes, so comparing 2 browsers may tells whether it's a glitch of a specific browser or not. Commented Nov 22, 2017 at 18:03
  • sbordet, I only tried with Chrome. And the problem has been resolved as BazzaDP said. After I 'disable cache' in Developer tools of Chrome, all resources are loaded over HTTP/2. And those resources have been requested before I configure the HTTP/2, and I think that's the reason why it always request from cache via http1.1. Anyway, thank you! Commented Nov 23, 2017 at 1:57

1 Answer 1

Reset to default
2

As @sbordet said the requests that were not served by HTTP/2 in the first screenshot were served from the disk cache and were presumably downloaded using HTTP/1.1 originally, hence why that’s what they show.

The requests that were not downloaded by HTTP/2 in the second screenshot were either the same or were 304 Not Modified requests - so the original version from the disk cache was loaded and it was presumably loaded from HTTP/1.1.

Clear your cache properly or, if using Chrome tick the “Disable cache” option in Developer Tools network and reload and they should all be loaded over HTTP/2.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

BazzaDP, you're right. After I 'Disable cache', all resources are loaded over HTTP/2. Thanks a lot.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.