HTTP/2 published as RFC 7540 during May 2015.
This version of HTTP protocol enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients. This newer version of HTTP protocol is an alternative to, but does not obsolete, the HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged.
Today (November 2017), HTTP/2 is supported by all major browsers apart from Opera Mini. A more detailed table can be found here.
In order to use HTTP/2 on Engine Yard the following are required:
- An environment running 16.06 Technology Stack (also known as V5). Older stacks are not supported.
Nginx version >=1.9.5. Version
stable-v5-3.0.34of Engine Yard stack comes with nginx 1.12.1 as default. For older stack V5 versions you can use an overlay recipe to install
- Engine Yard's "http2" custom recipe to enable HTTP/2 support on
An SSL certificate for your app is also a prerequisite. You can obtain and install one using instructions on this KB article. Although the standard itself does not require usage of encryption, browsers are only supporting HTTP/2 over TLS, thus making encryption de facto mandatory.
How it works
Given that DNS resolves to an EIP which is attached to application master of the environment (126.96.36.199 in the diagram below), user traffic will reach application master exclusively. Application master is responsible (by utilising
haproxy) for the following:
- Redirect HTTP to HTTPs protocol. See Limitations below for more information.
- Terminate SSL. Traffic encryption stops here.
- Choose whether HTTP/1.1 or HTTP/2 is to be used by examining Application Layer Protocol Negotiation field from the incoming connection.
Note: Application Master on the diagram above also runs
nginx and it will serve traffic the same way Application Instance #1 and Application Instance #2 do.
- Haproxy is now running on TCP mode. Client IP address is still forwarded to
- Unencrypted HTTP is no longer supported. Requests to port 80 will be redirected (HTTP 301 - Moved Permanently) to HTTPs version of the URL. HTTP/2 will be used if it is supported by the browser.
- SSL is terminated on
haproxywhich runs on application master. Traffic between application master and application instances is unencrypted. Given that each environment usually resides within a VPC, this does not pose any security risk.