HTTP/2 Out Of The Box

Similar documents
HTTP/2: What You Need to Know. Robert

A New Internet? Introduction to HTTP/2, QUIC and DOH

A Library and Proxy for SPDY

SSL/TLS and HTTP/2 State of the Art in Our Servers Jean-Frederic Clere

What HTTP/2 means to Java Developers?

SSL/TLS and HTTP/2 State of the Art in Our Servers Jean-Frederic Clere

A New Internet? RIPE76 - Marseille May Jordi Palet

Apache Tomcat 9. Preview. Mark Thomas, August Pivotal Software, Inc. All rights reserved.

WebRTC. Why now? What is it? Ilya Grigorik Web Performance Engineer Google

HTTP, WebSocket, SPDY, HTTP/2.0

How To Update My Java Plug In Firefox Ubuntu 10.04

Support Lifecycle Policy

How To Update My Java Plug In Firefox Ubuntu 12.04

RKN 2015 Application Layer Short Summary

Informing Protocol Design Through Crowdsourcing

The Cisco HCM-F Administrative Interface

http2 Background, the protocol, the implementations and the future http.//daniel.haxx.se/http2/ by Daniel Stenberg

Reading nginx CHANGES together

How To Install Java Manually Linux Ubuntu Bit

Website Acceleration with mod_pagespeed

BCW Web Browser Versions and Update Instructions Updated 5/5/2017

LGTM Enterprise System Requirements. Release , August 2018

Testing your TLS version

Solving HTTP Problems With Code and Protocols NATASHA ROONEY

Please Check Your Browser Version and Security Settings for New PCI Compliance

Manual Update Java 7 Version 11 Not Work In

http2 Background, the protocol, the implementations and the future http.//daniel.haxx.se/http2/ by Daniel Stenberg

HTTP/2: Ease the Transition, Remove Implementation Barriers. Robert Haynes Ronnie Dockery

SSL Report: ( )

VA Smalltalk Update. 24 th ESUG Conference Prague, Czech Republic August 23, John O Keefe Chief Technical Officer Instantiations, Inc.

http2 explained Background, the protocol, the implementations and the future by Daniel Stenberg

Adoption, Human Perception, and Performance of HTTP/2 Server Push

Manual Update Java 7 Version 11 Not Working In Chrome

Passive Fingerprinting of HTTP/2 Clients

Spring Framework 5.0 Themes & Trends

Understanding Browsers

Advanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific QUIC

Firefox Manually Update Linux Install Java Plugin Windows Xp

SPDY - A Web Protocol. Mike Belshe Velocity, Dec 2009

Frequently Asked Questions

Schahin Rajab TCP or QUIC Which protocol is most promising for the future of the internet?

Sucuri Webinar Transcription

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

Digitizer operating system support

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

HTTPS Setup using mod_ssl on CentOS 5.8. Jeong Chul. tland12.wordpress.com. Computer Science ITC and RUPP in Cambodia

Manual Update Ubuntu To Command Line

2016 OPSWAT, Inc. All rights reserved. OPSWAT, MetadefenderTM and the OPSWAT logo are trademarks of OPSWAT, Inc.All other trademarks, trade names,

Capable when run in Windows 7 or newer, but not enabled by default. Microsoft IE Desktop versions 9 and 10

kpatch Have your security and eat it too!

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

Release Notes March 2016

University of North Dakota

SHARE THIS WHITEPAPER. Fastest Website Acceleration for New HTTP Protocol with Alteon NG and Advanced HTTP/2 Gateway Whitepaper

Release Notes for Snare Server v6 Release Notes for Snare Server v6

Manual Update Java 7 25 Mac Windows 7 64 Bit

Hypertext Transport Protocol

OpenPrinting Plenary. 15 May 2017 Joint PWG/OpenPrinting Summit F2F Wild Palms Hotel in Sunnyvale, CA

NetSupport Manager v11

Operating System Support Plan for Test Delivery System

CUPS Plenary. Michael Sweet, Apple Inc. August 12, 2013

The Rockefeller University I NFORMATION T ECHNOLOGY E DUCATION & T RAINING. VPN Configuration Guide for Unix/Linux

CONFIGURATION MANUAL. English version

HTTPS is Fast and Hassle-free with Cloudflare

DoH and DoT experience. Ólafur Guðmundsson Marek Vavrusa

Manually Java 7 Update Bit Windows 8

Drupal Frontend Performance & Scalability

Oh yes, wpcache comes with a dashboard wpcache is not Plugin!

How to decide Linux Kernel for Embedded Products. Tsugikazu SHIBATA NEC 20, Feb Embedded Linux Conference 2013 SAN FRANCISCO

CSE 333 Lecture HTTP

Scan Report Executive Summary

WatchGuard Dimension v2.1.1 Update 3 Release Notes

perfsonar: A Look Ahead Andrew Lake, ESnet Mark Feit, Internet2 October 16, 2017

Overview Content Delivery Computer Networking Lecture 15: The Web Peter Steenkiste. Fall 2016

Parallels Remote Application Server 15 Beta Beta Guide

Browser Guide for PeopleSoft

MySQL InnoDB Cluster. New Feature in MySQL >= Sergej Kurakin

Setting up a LAMP server

Can Install Adobe Flash Player Plugin Firefox Ubuntu Terminal

MODERN WEB APPLICATION DEFENSES

Create quick link URLs for a candidate merge Turn off external ID links in candidate profiles... 4

Moving your website to HTTPS - HSTS, TLS, HPKP, CSP and friends

Alongside Windows 8.1

What is new in syslog-ng Premium Edition 6 LTS

TLS 1.2 Browser Compatibility

More on Testing and Large Scale Web Apps

owncloud Android App Manual

Apache Manually Install Ubuntu On Windows 7 From Usb

Lecture 1 Niyaz M. Salih

Using SourceTree on the Development Server

Kernel driver maintenance : Upstream vs. Industry

SOFTWARE UNIT 1 PART B C O M P U T E R T E C H N O L O G Y ( S 1 O B J A N D O B J 3-2)

Why would I want too? There are many ways a bootable memory stick might come in useful:

When Chrome Isn t Chrome

Operating System Support Plan for Test Delivery System

Software Distribution and Package Management

HTTP HyperText Transfer Protocol


Lassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017

In confidence. Internet Filtering (Lightspeed Systems): SSL filtering Apple Mac Configuration (Scripted) Version: 1.1 Date: 31 July 2017

Transcription:

HTTP/2 Out Of The Box Can you get it with stable Linux? Sergej Kurakin

HTTP/2 was published at May 14, 2015 HTTP 1.1 was standardized in 1997 - it s 18 years old! HTTP/2 was published at May 14, 2015 as RFC 7540. According to W3Techs, as of April 2016 7.1% of the top 10 million websites supported HTTP/2. On July 28, 2016 we have 8.9% of all websites using HTTP/2 On July 30, 2016 we have 9% of all websites using HTTP/2

What is so exciting in HTTP/2?

HTTP/2 Benefits Compatible with HTTP 1.1 Focused on performance: Data compression of HTTP headers HTTP/2 Server Push Pipelining of requests Fixing the head-of-line blocking problem in HTTP 1.x Multiplexing multiple requests over a single TCP connection

HTTP/2 Antipatterns Domain sharding Concatenated assets Inline resources

If you want to know more: https://http2.github.io/ https://en.wikipedia.org/wiki/http/2 https://tools.ietf.org/html/rfc7540 https://http2.akamai.com/ https://www.smashingmagazine.com/2016/02/getting-ready-for-http2/ https://www.cloudflare.com/http2/

Exciting, isn t it? You work over new project. You have plenty of small files: JS, CSS and images. You can throw away a lot of routine like JS/CSS concatenation and sprite generation.

Can you adopt HTTP/2?

First try with NGINX On August 5, 2015 NGINX announced an Early Patch for mainline. So the first experiment was: try to compile NGINX with Patch try to run it with self-signed certificates see how it works

It compiles and HTTP/2 works!

But you can t apply it... NGINX mainline is not so stable as stable You need to patch source You need to compile by yourself Too much work and responsibility - you must support your custom version until desired feature will become stable. Harder to implement automated setup with Puppet.

You don t want to use unstable and untested software

Stable Linux only! You want stability of your infrastructure. You may be limited in using only stable Linux. You don t want to compile manually too much software. You don t want to deal with dozen software repositories you don t trust on 100%. You even might be limited to some Linux distribution only.

So we moved to SPDY with SSL at that moment.

Page load speed increase was huge!

And we were happy!!!1!

Second try with NGINX On April 26, 2016 NGINX released stable version 1.10.0 with HTTP/2 support. Upgrade was seamless: 1. Install new NGINX version from stable repository 2. Change spdy to http2 in NGINX config 3. Restart NGINX

Voilà - everything works!

Well, almost...

One day everything went wrong... It was just an ordinary day in May, 2016 Front-End Developers with: Microsoft Internet Explorer 11 Microsoft Edge Google Chrome Canary reported that HTTP/2 is not working. But it was working on: Chromium, Google Chrome and Firefox.

And you are in situation like...

And you start searching for the issue...

And you missed notes about OpenSSL version!

And this is mentioned everywhere!

World is Changing Transition from HTTP 1.1 or SPDY to HTTP/2 is in progress. Browsers are constantly updated. HTTP Servers are constantly updated. Linux software is constantly updated. New Linux versions are released.

Notable change in browsers Dropping SPDY support. Dropping HTTP/2 with NPN (Next Protocol Negotiation). Implementing HTTP/2 with ALPN (Application-Layer Protocol Negotiation).

ALPN is Required by HTTP/2 RFC 7301

Our Issue We use HTTP/2 over TLS. We use Debian 7. We have OpenSSL version 1.0.1 which supports only NPN (Next Protocol Negotiation). Some older browsers might still work with this protocol. Newer browsers require ALPN (Application-Layer Protocol Negotiation) for HTTP/2 and it is available only in OpenSSL 1.0.2.

Some day every browser will move to ALPN *** This slide was added at May 15, 2016

*** Browser already moved to ALPN This slide was added at August 2, 2016

So we are a bit doomed.

Let look on other Linux distributions and OpenSSL versions

OpenSSL on stable Linux Version 1.0.1 Debian 7, 8 Ubuntu 14.04 Fedora 22 CentOS 7 opensuse 13.2 Linux Mint 17.3 Version 1.0.2 Debian 8 backports Ubuntu 15.10, 16.04 Fedora 23, 24 -- -- Linux Mint 18

Solutions if you have OpenSSL 1.0.1 Find trusted repository with OpenSSL 1.0.2. Download source of OpenSSL 1.0.2 and compile manually. Change your distribution to which has OpenSSL 1.0.2. HTTP/2 and SSL termination on host with different Linux distribution that has OpenSSL 1.0.2.

Make your choice

Discussion Sergej Kurakin Work @mail: sergej.kurakin@nfq.lt Personal @mail: sergej@kurakin.info https://www.linkedin.com/in/sergejkurakin

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback