Hacker News new | comments | ask | show | jobs | submit login

PSA: If you're running a HTTP/2 server like NGINX on the 14.04 LTS you'll want to upgrade to this release.

Google Chrome will no longer support HTTP/2 on vanilla 14.04 after May 15th [0], even if you're using the latest official upstream NGINX packages. This is because 14.04 ships with a version of OpenSSL that does not support the ALPN extension (prior to OpenSSL 1.0.2 you're limited to NPN, now deprecated). There was a bit of back-and-forth about the exact date, as the change was originally scheduled for earlier. However, Chrome decided to specifically push back the date so that there would be an Ubuntu LTS release available with the required support [1]. If you're still stuck on SPDY, that's going to be dropped too, so there's really no good reason not to simply use HTTP/2 at this point.

[0] http://blog.chromium.org/2016/02/transitioning-from-spdy-to-...

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=557197

It looks like Ubuntu 16.04 comes with Nginx 1.9.15, which is both not the latest stable release (it's a development, aka MAINLINE, release, although Nginx development branch is pretty stable) and it's one minor version ahead of Nginx's own development PPA, which is at 1.9.14.

The ppa[1] notes there's a newer version[2] also

[1] https://launchpad.net/~nginx/+archive/ubuntu/development [2] https://launchpad.net/ubuntu/+source/nginx/1.9.15-0ubuntu1

No, many people get this wrong. Mainline is stable, and http://hg.nginx.org/nginx/ is dev. The labeled stable version is for distros that have strict upgrade policies.

nginx recommends using mainline over stable: "We recommend that in general you deploy the NGINX mainline branch at all times." [1]

[1]: https://www.nginx.com/blog/nginx-1-6-1-7-released/

In the release notes they mention that they will upgrade to Nginx 1.10 when it is released: https://wiki.ubuntu.com/XenialXerus/ReleaseNotes#Nginx

> It looks like Ubuntu 16.04 comes with Nginx 1.9.15, which is both not the latest stable release (it's a development, aka MAINLINE, release, although Nginx development branch is pretty stable)

The stable branch will fork from the mainline branch shortly. The version shipped in 16.04 is very close to what the stable will be, because the fork hadn't taken place before 16.04's release. I expect there to be very few changes, which is why (as someone else pointed out) we expect to update 16.04 to the stable branch as soon as it is available.

> The ppa[1] notes there's a newer version[2] also

That's just noting that the version released in 16.04 is newer than the version provided in the PPA.

> Nginx's own development PPA

Actually it's a PPA maintained by a team that care about Nginx's availability in Ubuntu. In this case, the uploads to that PPA were made by the very same person who looks after the official Ubuntu Nginx packages available to Ubuntu users by default.

If you use 14.04, you usually upgrade at the first point release to 16.04.01, not now at 16.04.00. Only 15.10 will immediately suggest an update.

Is this outdated or not applicable to servers?

That is correct, upgrades are not enabled between LTS releases at this time, also for servers AFAIK.

Either way, personally I would never upgrade a server in place these days. Treat your servers like cattle not pets: Rebuild from new base image, validate, put into LB/proxy, terminate old stack.

This. Our upgrade path was changing a variable in our packer config.

Literally the easiest upgrade ever.

You should hold off doing in-place upgrades using "do-release-upgrade" until 16.04.1 (due August/September).

However, you can also "upgrade" your stack by building a new image using 16.04 from scratch, and that doesn't need to wait until 16.04.1.

You can also force the upgrade with do-release-upgrade -d

For some softwares like Nginx you should use official repo from the Nginx team and not rely on your distro repos.


If you re-read the parent comment even using the official repo from n nginx team you will be impacted. The issue is with OpenSSL not nginx.

Care to explain why? There is a huge amount of provisioning and deployment software that relies on distro repos.

To be clear though, at the moment (before May 15th), there is still better browser support for SPDY than for HTTP/2:

http://caniuse.com/#feat=spdy (77.39% global)

http://caniuse.com/#feat=http2 (70.15% global)

Why isn't just upgrading OpenSSL to version 1.0.2 enough? Seems easier than a wholesale OS upgrade.

With OpenSSL's complete lack of anything resembling a stable ABI, and it's popularity, there is no meaningful difference between an OpenSSL upgrade and a wholesale OS upgrade.

Is http2 supported on xenial now? It wasn't as of beta1 -- http2 was considered 'experimental' and wasn't included in the builds. We're using the PPA instead.

My understanding is that HTTP2 support in Apache was held out of Xenial but may be included later.[0] nginx in Xenial does have HTTP/2 support but no SPDY.

[0] https://wiki.ubuntu.com/XenialXerus/ReleaseNotes#HTTP.2F2_su...

Xenial seems to include nginx 1.9.15 and OpenSSL 1.0.2, so it should fully support HTTP/2. Personally I would still use the official upstream nginx packages.

IIRC, xenial beta1 included nginx 1.9.12 with http2 explicitly disabled.

Fortunately the support was enabled in the final release: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1565043

> Google Chrome will no longer support HTTP/2 on vanilla 14.04 after May 15th

Doe this mean 14.04 with Apache 2.2 is affected? Their blog doesnt explain and leave plenty of people confused...

I don't think so. If it was, half the internet would go down for Chrome users.

Apache 2.2 is not impacted as it does not support HTTP/2, only SPDY via an optional module (which will stop working).

Even in cases where a HTTP/2 or SPDY connection will no longer be established for Chrome users, the browser will fall back to HTTP 1.1. Unless you're using specific HTTP/2 features, the main impact will be decreased performance.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact