Re: Contrib: http2 per server (was re: [nginx] support http2 per server)

2017-10-02 Thread David Freedman
Not that anybody has responded yet, but please find an important improvement over this patch: -if (hc->addr_conf->http2 && !sscf->h2) { +if (r->http_version == NGX_HTTP_VERSION_20 && !sscf->h2) { Full patch (with this improvement included) below: diff -r 6b6e15bbda92 -r

Contrib: http2 per server (was re: [nginx] support http2 per server)

2017-09-19 Thread David Freedman
Following on from the previous thread on this ( http://mailman.nginx.org/pipermail/nginx-devel/2017-June/010079.html ) , and after discussion with the original author < hongzhidao at gmail.com > , I'd like to present the patches we are using. Please note the following improvements /

Re: [nginx] support http2 per server

2017-06-09 Thread 洪志道
Hi, Valentin. Please confirm again, thanks. diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Mon May 29 23:33:38 2017 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Fri Jun 09 07:15:50 2017 -0400 @@ -234,6 +234,13 @@

Re: [nginx] support http2 per server

2017-06-09 Thread 洪志道
Get it, thanks. On Fri, Jun 9, 2017 at 7:45 PM, Valentin V. Bartenev wrote: > On Friday 09 June 2017 13:40:23 洪志道 wrote: > > Hi, Valentin. > > > > " > > Also please note that with your patch clients are still able to > > negotiate HTTP/2 even if nginx doesn't announce it. > > "

Re: [nginx] support http2 per server

2017-06-09 Thread Valentin V. Bartenev
On Friday 09 June 2017 13:40:23 洪志道 wrote: > Hi, Valentin. > > " > Also please note that with your patch clients are still able to > negotiate HTTP/2 even if nginx doesn't announce it. > " > > Two points: > 1. The patch forbids the clients explicitly not support HTTP/2 doing v2 ( >

Re: [nginx] support http2 per server

2017-06-08 Thread 洪志道
Hi, Valentin. " Also please note that with your patch clients are still able to negotiate HTTP/2 even if nginx doesn't announce it. " Two points: 1. The patch forbids the clients explicitly not support HTTP/2 doing v2 ( ngx_http_v2_init). How to follow you mean of "with the patch, clients

Re: [nginx] support http2 per server

2017-06-08 Thread Neil Craig
WRT the below, he H2 RFC includes a new status code to deal with thus, 421: https://tools.ietf.org/html/rfc7540#section-9.1.2 Client support is poor right no so it'd be good if sending 421 was optional perhaps. Cheers Sent from my iPhone On 8 Jun 2017, at 18:17, 洪志道

Re: [nginx] support http2 per server

2017-06-08 Thread 洪志道
Thanks. On Fri, Jun 9, 2017 at 1:09 AM, Valentin V. Bartenev wrote: > On Friday 09 June 2017 00:08:06 洪志道 wrote: > > " > > > >For "https" resources, connection reuse additionally depends on > >having a certificate that is valid for the host in the URI. The > >

Re: [nginx] support http2 per server

2017-06-08 Thread Valentin V. Bartenev
On Friday 09 June 2017 00:08:06 洪志道 wrote: > " > >For "https" resources, connection reuse additionally depends on >having a certificate that is valid for the host in the URI. The >certificate presented by the server MUST satisfy any checks that the >client would perform when

Re: [nginx] support http2 per server

2017-06-08 Thread 洪志道
" For "https" resources, connection reuse additionally depends on having a certificate that is valid for the host in the URI. The certificate presented by the server MUST satisfy any checks that the client would perform when forming a new TLS connection for the host in the URI. "

Re: [nginx] support http2 per server

2017-06-08 Thread Valentin V. Bartenev
On Thursday 08 June 2017 23:19:23 洪志道 wrote: > It sounds right. > > According to the same situation, how does http2 protocol force other > virtual servers to process certificate (ssl handshake). > > Example: > > server { > listen 443 http2; > a.com; > ssl_certi; > } > > server

Re: [nginx] support http2 per server

2017-06-08 Thread 洪志道
It sounds right. According to the same situation, how does http2 protocol force other virtual servers to process certificate (ssl handshake). Example: server { listen 443 http2; a.com; ssl_certi; } server { listen 443 http2; b.com; ssl_certi; } We assume sni is

Re: [nginx] support http2 per server

2017-06-08 Thread Valentin V. Bartenev
On Thursday 08 June 2017 12:07:29 洪志道 wrote: > Hi! > Now, http2 is enabled globally for 'listen' directive with ip:port. > It seems it's possible to enable by server with sni, alpn, npn. > Take a look, please. > [..] How will "sni, alpn, npn" prevent browser from asking other virtual servers

Re: [nginx] support http2 per server

2017-06-08 Thread 洪志道
Sorry for the typo. diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Mon May 29 23:33:38 2017 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Wed Jun 07 12:17:34 2017 -0400 @@ -234,6 +234,13 @@ offsetof(ngx_http_ssl_srv_conf_t,

[nginx] support http2 per server

2017-06-07 Thread 洪志道
Hi! Now, http2 is enabled globally for 'listen' directive with ip:port. It seems it's possible to enable by server with sni, alpn, npn. Take a look, please. diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Mon May 29 23:33:38 2017 +0300 +++