Use HTTP/2.0 between nginx reverse-proxy and backend webserver

nginx reverse-proxy http2

I use nginx as a reverse-ssl-proxy in front of a backend webserver that is capable of doing HTTP/2.0.

I noticed that nginx proxies the requests to the backend server via HTTP/1.1 rather than HTTP/2.0. Is it possible to tell nginx to use an un-encrypted HTTP/2.0 connection instead? Would this increase performance?


Solution 1:

Found this: https://trac.nginx.org/nginx/ticket/923

There are no plans to implement HTTP/2 support in the proxy module in the foreseeable future

Excerpt from a mail referenced in the ticket:

There is almost no sense to implement it, as the main HTTP/2 benefit is that it allows multiplexing many requests within a single connection, thus [almost] removing the limit on number of simalteneous requests - and there is no such limit when talking to your own backends. Moreover, things may even become worse when using HTTP/2 to backends, due to single TCP connection being used instead of multiple ones.

Solution 2:

Sadly nginx not support proxy to a http/2 backend server, referenced from https://www.nginx.com/blog/http2-module-nginx/#QandA

Q: Will you support HTTP/2 on the upstream side as well, or only support HTTP/2 on the client side?

A: At the moment, we only support HTTP/2 on the client side. You can’t configure HTTP/2 with proxy_pass. [Editor – In the original version of this post, this sentence was incorrectly transcribed as “You can configure HTTP/2 with proxy_pass.” We apologize for any confusion this may have caused.]

But what is the point of HTTP/2 on the backend side? Because as you can see from the benchmarks, there’s not much benefit in HTTP/2 for low‑latency networks such as upstream connections.

Also, in NGINX you have the keepalive module, and you can configure a keepalive cache. The main performance benefit of HTTP/2 is to eliminate additional handshakes, but if you do that already with a keepalive cache, you don’t need HTTP/2 on the upstream side.

Solution 3:

As of version 1.13.9 http2 is supported for server pushes.

One way is to define a list of assets that you would like pushed back upon a request to a specific location using the http2_push statement.

A second way is to let nginx intercept the response and push the link tags with the preload attribute using the http2_push_preload statement.

More details in the blog post that @malix referenced in the comments of the OP

Related

How does one get tomcat to bind to ipv4 address?
Determine if filesystem or partition is mounted RO or RW via Bash Script?
How do you avoid network conflict with VPN internal networks?
NTFS file owner is able to delete a file with read permission
Unable to access vsftpd from public ip
Persistence of local SSDs of EC2 instances
How can I crontably reboot a Linux host upon network failure? [closed]
What was linux/unix time standard before inventing epoch? [closed]
fsck.vfat auto repair on error
Website not being served (NGINX, Ubuntu)
How to improve initialization (start up) time for AWS EC2?
For DNS and SSL do I need a separate certificate for every (DNS RR) A record?