CloudFlare 正式推出 HTTP/2,可以與 SPDY 同時混搭

CloudFlare 推出了 HTTP/2 服務,與其他 CDN 業者不一樣的地方在於,他可以同時接受 HTTP/2 與 SPDY:「HTTP/2 is here! Goodbye SPDY? Not quite yet」。

CloudFlare 拿自家的 www.cloudflare.com 官網測試,顯示 HTTP/2 的效能比 SPDY 又好了不少:

Access via HTTP Protocol VersionAverage Page Load time
HTTP 1.x9.07 sec.
SPDY/3.17.06 sec.
HTTP/24.27 sec.

在正式上 HTTP/2 前,有 80.38% 對 www.cloudflare.com 的 SSL/TLS 連線是 SPDY:

During the week before our HTTP/2 launch, 80.38% of all SSL/TLS connections to our own website at www.cloudflare.com were made over SPDY/3.1.

上線後其實沒有想像中的高:

Protocol VersionPercentage of Hits
HTTP 1.x19.36%
SPDY/3.157.02%
HTTP/223.62%

這也說明了為什麼 CloudFlare 要推出 SPDY + HTTP/2 的服務:

Why choose, if you can have both? Today CloudFlare is introducing HTTP/2 support for all customers using SSL/TLS connections, while still supporting SPDY. There is no need to make a decision between SPDY or HTTP/2. Both are automatically there for you and your customers.

剛剛連到後台確認,由於本來已經打開 SPDY 的使用者會自動開啟 HTTP/2,這表示全球 HTTP/2 的使用率會馬上拉高很多,有太多資源掛在 CloudFlare 上:(像是 cdnjs.com,剛剛確認也已經是 HTTP/2 了)

If you are a customer on the Free or Pro plan, there is no need to do anything at all. Both SPDY and HTTP/2 are already enabled for you.

Customers on Business and Enterprise plans can enable HTTP/2 within the "Network" application of the CloudFlare Dashboard.

nginx 1.9.6 釋出

nginx 的官網上可以直接看到連結,點進 CHANGES 後可以看到兩項關於 HTTP/2 的修正:

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2.
       Thanks to Piotr Sikora and Denis Andzakovic.

    *) Bugfix: the $server_protocol variable was empty when using HTTP/2.

    *) Bugfix: backend SSL connections in the stream module might be timed
       out unexpectedly.

    *) Bugfix: a segmentation fault might occur in a worker process if
       different ssl_session_cache settings were used in different virtual
       servers.

    *) Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
       appeared in 1.9.4.
       Thanks to Kouhei Sutou.

    *) Bugfix: time was not updated when the timer_resolution directive was
       used on Windows.

    *) Miscellaneous minor fixes and improvements.
       Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.

關於 HTTP/2 的錯誤修正意外的少 (畢竟 1.9.5 是第一個正式版),看起來 codebase 已經穩下來了?話說 NGINX Mainline 這邊是不打算更新了嗎...

HTTP/2 的流量已經超過 HTTP/1.1 (HTTPS 流量)

KeyCDN 是目前幾個有支援 HTTP/2 的 CDN 其中一個,所以有這個數字可以看:「HTTP/2 Statistics: KeyCDN Report on HTTP/2 Distribution」。可以看到 HTTPS 流量中,HTTP/2 的流量已經超過 HTTP/1.1:

另外有個有趣的數據,是 Google Chrome 上 HTTPS 的比率比 HTTP 高出不少:

其中 2013 年的突起據作者猜測是 Facebook 轉 HTTPS 化:「Secure browsing by default」,不過時間軸好像對不起來,也許要再找看看有什麼大型網站在那個時間點做了什麼事情...

Apache 2.4.17:內建支援 HTTP/2

Zite 上突然看到 mod_h2 的文章,想說不是早就放出來很久了嗎... 仔細看才發現是 Apache HTTP Server 2.4.17 發行了:「how to h2 in apache」。

Support for HTTP/2 is finally being released with Apache httpd 2.4.17! This pages gives advice on how to build/deploy/configure it. The plan is to update this as people find out new things (read: bugs) or give recommendations on what works best for them.

另外在「Apache HTTP Server 2.4.17 Released」這邊可以看到公告,不過官方每次改版都直接改掉這個檔案 (沒有存檔),如果要看歷史紀錄的話到 Internet Archive: Wayback Machine 的頁面上看吧:「https://web.archive.org/web/*/https://www.apache.org/dist/httpd/Announcement2.4.html」。

這樣兩個主流 web server 都支援 HTTP/2 了,接下來最主要的問題是 Android 對 HTTP/2 的支援度:「HTTP/2 protocol」,要等舊版逐漸淘汰掉...

把 blog.gslin.org 換上 HTTP/2

在「nginx 1.9.5:支援 HTTP/2!」這邊提到 nginx 支援 HTTP/2,不過過了一個禮拜,比較知名的 PPA「NGINX Mainline」一直沒更新,維持在 1.9.4 版 (只支援 SPDY)。

這幾天一直找資料,在 chris lea 的 PPA「nginx-devel」這邊看到 1.9.5 的版本,就先暫時改裝了。

裝完後把設定檔裡的 spdy 字串改成 http2 就可以用了,比預期中簡單不少,然後重新啟動後連上去就可以看到藍色 icon 了:

收工解決... (樂)

nginx 1.9.5:支援 HTTP/2!

前幾天 nginx 釋出 1.9.5 版,支援 HTTP/2 (ngx_http_v2_module):「NGINX Open Source 1.9.5 Released with HTTP/2 Support」。

不過預設是沒有編進去的,需要用 --with-http_v2_module 開起來:

This module is not built by default, it should be enabled with the --with-http_v2_module configuration parameter.

要注意的是,由於是透過 ALPN 實作,需要 OpenSSL 1.0.2 之後的版本:

Note that accepting HTTP/2 connections over TLS requires the “Application-Layer Protocol Negotiation” (ALPN) TLS extension support, which is available only since OpenSSL version 1.0.2. Using the “Next Protocol Negotiation” (NPN) TLS extension for this purpose (available since OpenSSL version 1.0.1) is not guaranteed.

不過 PPANGINX Mainline 這邊還沒更新到 1.9.5,反正 SPDY 現在的佔有率還是比 HTTP/2 高,再等等吧...

nginx 的 HTTP/2

在「Announcing NGINX Plus R7」這邊 nginx 透漏了目前 HTTP/2 的進度。

NGINX Plus 是商業版本,這次將釋出 HTTP/2 功能:

NGINX Plus now provides a fully supported implementation of the new HTTP/2 web standard. NGINX Plus can be deployed as a front-end HTTP/2 gateway and accelerator for both new and existing web services.

而 open source 版本也將會在 NGINX Plus R7 版釋出後放出:

Based on user testing from the alpha-level patch, and with the early support from corporate co-sponsors Automattic and Dropbox, the final open source version of HTTP/2 will become available following the release of R7.

如同之前提到的,nginx 的實作上會將 HTTP/2 與 SPDY 分開,所以 package 是分開的:

HTTP/2 support is available in the optional nginx‑plus‑http2 package only. The nginx‑plus and nginx‑plus‑extras packages provide SPDY support and are currently recommended for production sites because of wider browser support and code maturity.

至於 open source 版本會怎麼規劃就等看看了...

Adobe 的 Typekit 推廣 HTTPS only

AdobeTypekit 宣佈之後的 embed code 預設就會是 HTTPS only:「Font loading update: All HTTPS, all the time」。

主要的原因是出自於最近發現的安全問題,攻擊者可以藉由字型處理的 security issue 攻擊,而導入 HTTPS 後可以降低這部分的風險:

We’ve made this change as a response to the recent vulnerabilities and exploits in the OpenType and TrueType font formats. A malicious attacker could use these vulnerabilities to modify a Typekit font while it is being transmitted from our servers to your browser. Serving fonts (and other resources) over HTTPS ensures that the communication channel between your browser and our servers is not compromised and fonts are delivered in a secure way.

就目前看起來,use.typekit.net 還是使用 EdgeCast 的 CDN 服務,在 HTTPS 上還是沒有 SPDY 或是 HTTP/2,對效能的影響還是要測試過才知道...

CloudFlare 開始測試 HTTP/2

CloudFlare 宣佈開始測試 HTTP/2 了:「Test all the things: IPv6, HTTP/2, SHA-2」。

網站是 https://http2.cloudflare.com/,如果有裝 HTTP/2 and SPDY indicator 的人應該會看到藍色的閃電:

原來的站則是綠色的 SPDY/3.1:

接下來就是花時間等待了。