Engine Yard Developer Center

HTTP/2 is coming to Engine Yard

HTTP/2 published as RFC 7540 during May 2015.

This version of HTTP protocol enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients. This newer version of HTTP protocol is an alternative to, but does not obsolete, the HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged.

Today (November 2017), HTTP/2 is supported by all major browsers apart from Opera Mini. A more detailed table can be found here.

Prerequisites

In order to use HTTP/2 on Engine Yard the following are required: 

  • An environment running 16.06 Technology Stack (also known as V5). Older stacks are not supported.
  • Nginx version >=1.9.5. Version stable-v5-3.0.34 of Engine Yard stack comes with nginx 1.12.1 as default. For older stack V5 versions you can use an overlay recipe to install nginx 1.12.1
  • Engine Yard's "http2" custom recipe to enable HTTP/2 support on haproxy and nginx  
  • An SSL certificate for your app is also a prerequisite. You can obtain and install one using instructions on this KB article. Although the standard itself does not require usage of encryption, browsers are only supporting HTTP/2 over TLS, thus making encryption de facto mandatory. 

How it works

Given that DNS resolves to an EIP which is attached to application master of the environment (23.21.70.143 in the diagram below), user traffic will reach application master exclusively. Application master is responsible (by utilising haproxy) for the following:

  1. Redirect HTTP to HTTPs protocol. See Limitations below for more information.
  2. Terminate SSL. Traffic encryption stops here.
  3. Choose whether HTTP/1.1 or HTTP/2 is to be used by examining Application Layer Protocol Negotiation field from the incoming connection.

http2_diagram.png

 

Note: Application Master on the diagram above also runs nginx and it will serve traffic the same way Application Instance #1 and Application Instance #2 do.

 

Limitations

  1. Haproxy is now running on TCP mode. Client IP address is still forwarded to nginx though.
  2. Unencrypted HTTP is no longer supported. Requests to port 80 will be redirected (HTTP 301 - Moved Permanently) to HTTPs version of the URL. HTTP/2 will be used if it is supported by the browser.
  3. SSL is terminated on haproxy which runs on application master. Traffic between application master and application instances is unencrypted. Given that each environment usually resides within a VPC, this does not pose any security risk.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Article is closed for comments.

Powered by Zendesk