HTTP/2 is a new generation of HTTP protocols that can improve site performance and user experience, and it is time for Fundebug to upgrade HTTP/2, although it is a little late.
It is easy to upgrade HTTP/2 by changing one line of Nginx configuration. However, it is not enough for engineers to only know How. They also need to understand Why, which requires sufficient prior research. What is HTTP/2? And post-mortem analysis (4. Does upgrading HTTP/2 really improve performance?). .
1. What is HTTP/2?
HTTP/2 is a new HTTP protocol, which was released in 2015.
As with many other Web technology standards, it is Still Google that is driving the HTTP/2 standard. When Google launched Chrome, it said it was going to push the Web forward, and it did. (lesson 5: How Chrome works?)
According to W3Techs, 41.3 percent of websites worldwide have used HTTP/2 as of October 26, 2019.
According to Can I Use, most browsers support HTTP/2:
HTTP/2 has the following features:
- HTTP/2 is a binary protocol
Photo source:Valentin V. Bartenev
As you can see from the figure above, HTTP/1.1 transmits text data, while HTTP/2 transmits binary data, improving data transmission efficiency.
- HTTP/2 supports TCP connection multiplexing
Photo source:Factory.hr
As can be seen from the figure above, HTTP 1.1 requires separate TCP connections for different HTTP requests, whereas HTTP/2 can reuse the same TCP connection for multiple HTTP requests.
Remember that 3 handshakes are required to establish a TCP connection, plus 4 handshakes for TLS, which adds up to 7 handshakes. If you can reuse the TCP connection, you can reduce this extra overhead.
- HTTP/2 compresses the request Header
Photo source:Operational reality
As shown in the figure above, the Header of the second request is only different :path, so the compression space is quite significant.
The HPACK algorithm for Headers compression itself may seem complicated (and not difficult), but the idea is simple: if we make 100 requests in the browser, their User-Agent does not change, so why do we need to transmit the long string repeatedly? Just record it in a dictionary once!
- HTTP/2 supports Server Push
Photo source:lujjjh
As can be seen from the figure above, when the client requests HTML from the Server, the Server Push Server can return CSS, JS and other resources that the HTML depends on in advance, which can save the time of parsing HTML and requesting resources, thus shortening the loading time of the page.
2. How to upgrade HTTP/2?
We use Nginx as a Reverse Proxy for the front page and back end interfaces. It is very simple to update HTTP/2 by modifying the Nginx configuration file.
Note that enabling HTTP/2 on Nginx requires Nginx 1.9.5 or higher (inclusive) and OpenSSL 1.0.2 or higher (inclusive). Run the nginx -v command to view the nginx version information:
nginx -V nginx version: Nginx /1.12.1 BUILT by GCC 6.3.0 20170516 (Debian 6.3.0-18) Built with OpenSSL 1.1.0f 25 May 2017 TLS SNI support Enabled configure arguments: --prefix=/etc/nginx --sbin3-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='- g - O2 - fdebug - prefix - map = / data/builder/debuild/nginx - 1.12.1 debian/debuild - base/nginx - 1.12.1 =. -specs=/usr/share/dpkg/no-pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-specs=/usr/share/dpkg/no-pie-link.specs -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
Copy the code
Nginx version 1.12.1 and OpenSSL version 1.1.0F meet the requirements.
Also, although the HTTP/2 standard does not require encryption, all browsers require HTTP/2 to be encrypted, so only HTTPS can upgrade HTTP/2.
If you haven’t used HTTPS yet, check out my blog: How to quickly masturbate a free HTTPS certificate.
If all the preconditions are correct (Nginx>=1.9.5, OpenSSL>=1.0.2, HTTPS), just change the configuration 1 line, add http2 after the listen directive:
server
{
listen 443 ssl http2;
server_name www.fundebug.com;
}
Copy the code
Delete HTTP/2 from Nginx. Delete HTTP/2 from Nginx.
curl -sI https://www.fundebug.com HTTP/2 200 server: nginx/1.12.1 Date: Mon, 07 Oct 2019 00:12:53 GMT Content-Type: text/ HTML; charset=UTF-8 content-length: 4892 x-powered-by: Express accept-ranges: bytes cache-control: public, max-age=0 last-modified: Sun, 06 Oct 2019 23:07:25 GMT etag: W/"131c-16da353dbc8"
vary: Accept-Encoding
strict-transport-security: max-age=15768001
Copy the code
3. HTTP/2 causes an OPTIONS request failure in Safari
After updating HTTP/2, users using Safari cannot access Fundebug:
Our front-end exception monitoring plug-in caught this error:
The **/ API /members/login** interface failed.
OPTIONS request failed after investigation:
Curl -x OPTIONS https://api.fundebug.com/api/members/login - v * Trying 120.77.45.162... * TCP_NODELAYset
* Connected to api.fundebug.com (120.77.45.162) port 443 (# 0)Offering H2 * ALPN, Offering HTTP /1.1 * Cipher Selection: ALL:! EXPORT:! EXPORT40:! EXPORT56:! aNULL:! LOW:! RC4:@STRENGTH * successfullysetcertificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: TLSv1.2 (OUT), TLS Handshake, Client Hello (1): TLSv1.2 (IN), TLS Handshake, Server Hello (2): TLSv1.2 (IN), TLS Handshake, Certificate (11): TLSv1.2 (IN), TLS Handshake, Server Key Exchange (12) TLSv1.2 (IN), TLS Handshake, Server Finished (14): TLSv1.2 (OUT), TLS Handshake, Client Key Exchange (16) TLSv1.2 (OUT), TLS Change Cipher, Client Hello (1): * TLSv1.2 (OUT), TLS Handshake, Finished (20): TLSv1.2 (IN), TLS Change Cipher, Client Hello (1): * TLSv1.2 (IN), TLS Handshake, Finished (20): * SSL connection using TLSv1.2 / ecdhe-rSA-AES128-GMM-sha256 * ALPN, server accepted to use H2 * server certificate: * subject: CN=api.fundebug.com * start date: Sep 15 16:38:43 2019 GMT * expire date: Dec 14 16:38:43 2019 GMT * subjectAltName: host"api.fundebug.com" matched cert's "api.fundebug.com" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fcfbb80ce00)
> OPTIONS /api/members/login HTTP/2
> Host: api.fundebug.com
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [content-length], value: [0]
* HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
Copy the code
Curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl
* http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [content-length], value: [0]
Copy the code
Comment out the Content-Length configuration of the OPTIONS request in the Nginx configuration file, and the problem is solved:
if ($request_method = "OPTIONS")
{
add_header Access-Control-Allow-Origin *;
add_header 'Access-Control-Max-Age' 86400;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
add_header 'Access-Control-Allow-Headers' 'token, reqid, nid, host, x-real-ip, x-forwarded-ip, event-type, event-id, accept, content-type';
# add_header 'Content-Length' 0; // It must be commented out, otherwise HTTP/2 will report an error
add_header 'Content-Type' 'text/plain, charset=utf-8';
return 200;
}
Copy the code
HTTP/2 has special handling of headers, which is probably the root cause of the error, and I’ll cover this in more detail in my next blog post.
4. Does upgrading HTTP/2 really improve performance?
In theory, HTTP/2 should improve site performance, but what is the reality? Can HTTP/2 really improve performance? If so, how much?
So, I used Chrome to record the loading time of the Fundebug home page before and after the HTTP/2 upgrade, and calculated the average loading time of 5 times (in mm) as shown in the following table:
The HTTP version | DOMContentLoaded | Load | Finish |
---|---|---|---|
HTTP / 1.1 | 1.572 | 4.342 | 5.138 |
HTTP/2 | 1.0004 | 4.102 | 4.288 |
HTTP/2 significantly improves the loading time of the home page, as well as DOMContentLoaded, Load, and Finish times.
A total of 2 lines of Nginx configuration change can improve page access performance, how nice!
reference
- Module ngx_http_v2_module
- HTTP/2 Frequently Asked Questions
- The past and present of HTTP
- The HTTP/2 Module in NGINX
- HTTP/2: the difference between HTTP/1.1, benefits and how to use it
- HPACK: the silent killer (feature) of HTTP/2
- HTTP/2 Server Push