

Nginx 1.5.10 released with SPDY 3.1 support - jvt
http://nginx.org/en/CHANGES?1.5.10

======
d0ugie
Nice, Nginx!

Anyone know if this version of Nginx comes with SPDY enabled?

If so can it be installed with SPDY enabled in binaries through package
managers, and if not, should 1.5.10 be compiled using --with-http_ssl_module
and --with-http_spdy_module in order to take advantage of this?

If someone compiles 1.5.10 without that argument and then one day decides he
wants to light up SPDY, does he need to recompile Nginx or is there a quicker
solution? Thanks!

~~~
bungle
Yes, it works with their official packages, at least. Just updated today.

Here is the basic config I'm using with it:

    
    
      listen                        x.x.x.x:443 default_server deferred spdy;
      listen                        [x:x:x:x::x]:443 default_server deferred spdy ipv6only=on;
      spdy_headers_comp             7;
      ssl                           on;
      ssl_certificate               /etc/ssl/private/x.crt;
      ssl_certificate_key           /etc/ssl/private/x.key;
      ssl_trusted_certificate       /etc/ssl/private/x.trust;
      ssl_protocols                 TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers                   EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
      ssl_prefer_server_ciphers     on;
      ssl_stapling                  on;
      ssl_stapling_verify           on;
      resolver                      8.8.8.8 x.x.x.x
      add_header                    Strict-Transport-Security "max-age=15768000; includeSubDomains";
      add_header                    X-Frame-Options   DENY;
      add_header                    Alternate-Protocol  443:npn-spdy/3;

~~~
nodesocket
What does the following header do?

    
    
        add_header                    Alternate-Protocol  443:npn-spdy/3;
    

Also, what exactly does deferred do on the listen directive?

~~~
conductor
This is from the section 3.3.1 of SPDY Protocol - Draft 2 [0]:

"When a server receives a non-SPDY request which could have been served via
SPDY, it should append a Alternate-Protocol header into the response stream.
Note that it is valid to have multiple Alternate-Protocols headers. The field-
value can also be specified as a comma-separated list, as per RFC2616 section
4.2."

And you can read about "deferred" here:
[https://stackoverflow.com/questions/8449058/what-does-the-
de...](https://stackoverflow.com/questions/8449058/what-does-the-deferred-
option-mean-in-nginxs-listen-directive)

[0] - [http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-
dra...](http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft2)

~~~
elithrar
> And you can read about "deferred" here:
> [https://stackoverflow.com/questions/8449058/what-does-the-
> de...](https://stackoverflow.com/questions/8449058/what-does-the-deferred-
> option-mean-in-nginxs-listen-directive)

Thanks for the link; I'm curious as to the downsides however (the article
linked in the article doesn't fully cover them), and a Google search doesn't
yield anything concrete (i.e. deferred on vs. off).

------
fafner
Just in time for Firefox 27 with SPDY 3.1 support [https://www.mozilla.org/en-
US/firefox/27.0/releasenotes/](https://www.mozilla.org/en-
US/firefox/27.0/releasenotes/)

------
BobVerg
There are official Linux packages with the latest version:
[http://nginx.org/en/linux_packages.html#mainline](http://nginx.org/en/linux_packages.html#mainline)

~~~
IgorPartola
Don't see the latest version at
[http://nginx.org/packages](http://nginx.org/packages), at least for Ubuntu.
It's still showing up as 1.4.4.

~~~
spindritf
It's here
[http://nginx.org/packages/mainline/](http://nginx.org/packages/mainline/)

There are two branches: stable[1] and mainline[2]. The cool new stuff goes to
mainline first.

[1]
[http://nginx.org/en/linux_packages.html#stable](http://nginx.org/en/linux_packages.html#stable)

[2]
[http://nginx.org/en/linux_packages.html#mainline](http://nginx.org/en/linux_packages.html#mainline)

------
wiremine
I'm still new to SPDY, although I'm going to check it out with this release.
Are there any best practices or recommendations for running SPDY in production
alongside HTTP?

~~~
bitskits
Nothing comes to mind. It runs alongside HTTPS (not HTTP), and in my
experience "just works" if a client supports it. In Nginx, its a simple flag
flip in the sites-available file.

------
vbtechguy
Nginx SPDY 3.1 working fine at
[https://blog.centminmod.com/250](https://blog.centminmod.com/250) :)

