
Using nghttp2 to work around Nginx HTTP/2 bugs - okket
https://blog.crashed.org/fixing-nginx-bugs-with-nghttp2/
======
leesalminen
> Specifically, the "stable" version of nginx can't do HTTP/2 POST on any
> current browser without nginx dropping and resetting the connection.

I hit this bug a while back. StackOverflow responders said I was crazy. I went
to trac.nginx.org and while preparing a bug report, I saw that it had already
been reported just a day prior. Felt good knowing I was not crazy, and there
was a bug in nginx.

~~~
yeukhon
Do you have this SO post?

~~~
mdadm
I second this. A quick Google search didn't reveal the SO post, so now I'm
more curious.

------
blfr
_Specifically, the "stable" version of nginx_

Is there any reason not to use mainline? This is what nginx recommend, it's
not a -dev at all. I haven't been bitten yet anyway.

[http://nginx.org/en/linux_packages.html](http://nginx.org/en/linux_packages.html)

~~~
Rafert
Exactly, nginx stable is more like a LTS branch. See
[https://www.nginx.com/blog/nginx-1-6-1-7-released/](https://www.nginx.com/blog/nginx-1-6-1-7-released/)
which also mentions "Note that stable does not mean more reliable or more bug-
free. In fact, the mainline is generally regarded as more reliable because we
port all bug fixes to it, and not just critical fixes as for the stable
branch. [..] We recommend that in general you deploy the NGINX mainline branch
at all times."

------
therealmarv
I've read that Cloudflare open sourced their nginx http/2+spdy implementation
for nginx [https://blog.cloudflare.com/open-sourcing-our-nginx-
http-2-s...](https://blog.cloudflare.com/open-sourcing-our-nginx-http-2-spdy-
code/) I would rather give Cloudflare's modified nginx a shot than not using
nginx at all.
[https://github.com/cloudflare/sslconfig/pull/36](https://github.com/cloudflare/sslconfig/pull/36)

------
Svenskunganka
For those of you that absolutely need strong HTTP/2 support, I highly
recommend checking out H2O[0]. It has much less features than NGINX, but is
very lightweight and has good performance with low resource footprint.

[0]: [https://h2o.examp1e.net/](https://h2o.examp1e.net/)

~~~
aw3c2
[https://caddyserver.com/](https://caddyserver.com/) ! With Let's Encrypt
built-in.

~~~
therealmarv
interesting project. Never heard of it before.

------
secure
nghttpx could be used to support server push (see
[https://nghttp2.org/documentation/nghttpx.1.html#server-
push](https://nghttp2.org/documentation/nghttpx.1.html#server-push)), which
nginx does not currently support (see
[https://stackoverflow.com/questions/33537199/does-the-
nginx-...](https://stackoverflow.com/questions/33537199/does-the-nginx-
http-2-module-support-server-push)) — neat!

------
breakingcups
Wait, so the advice to fix my end-all-be-all HTTP proxy application is to run
another proxy in front of it?

------
andrewguy9
Why not just turn off http2 support in config until stable has good support?

~~~
omginternets
Exactly what I was wondeirng. Can one really speak of a _need_ for HTTP2
rather than a yearning desire, at most?

~~~
coldtea
Yes, anybody who runs a large site and gets far better performance out of it
for the majority by now of clients who support it.

~~~
omginternets
I'm replying to your post, specifically, but the other comments seem to be
making the same point: HTTP2 confers a performance advantage.

So I repeat my question: is this speed advantage _stricto-sensu_ necessary?
Why can't one "just" spin up a few more EC2 instances until this is fixed?

Is there a case in which HTTP2 is necessary, and HTTP1 just won't cut it? I
think that's the sense of the original question, and I think it's a valid
question when talking about hacking one's way around bugs that are going to
get fixed anyway.

I'm open to being wrong about this, but I'm surprised at the resistance to
this question.

~~~
MichaelGG
The perf advantage is in user loading times. HTTP1 won't cut it, and no amount
of hardware on the server will, either.

Just adding "SPDY" to nginx on some customer sites was enough to reduce load
times by double digit %. (10-30 IIRC)

I think SPDY might be a workaround for a bit; it's still supported this year
right?

~~~
coldtea
> _I think SPDY might be a workaround for a bit; it 's still supported this
> year right?_

No, Nginx dropped it (they only offer HTTP2 since 1.9.5) and Chrome dropped it
from the client too this year IIRC.

