0

I just was debugging a site (with Lighthouse 3.2.0) for which I had http/2 enabled on the nginx (1.15.9 / official docker image) proxy with 

listen 443 ssl http2;

but Lighthouse still said that all resources were loaded via http/1.1, when I found out that nearly all my other sites, which are also delivered over this nginx proxy, pass the http2 test (and in fact all resources are delivered via h2 for those sites).

However, all their listen stanzas definitely only have

listen 443 ssl;

and there is only one site in the whole config with http2.

So what could be going on here? I'm more interested in why h2 seems to be enabled although I have never configured it than the one site which isn't delivering it (maybe this is due the fact that there is a node.js on the other side of the proxy_pass or something else...).
Is http2 a default for newer nginx versions regardless of the listen stanza? I couldn't find anything like that in the docs...

Jey DWork
  • 187
  • 1
  • 3
  • 11

1 Answers1

4

Discussed here: https://stackoverflow.com/questions/40987592/can-i-enable-http-2-for-specific-server-blocks-virtual-hosts-only-on-nginx

Basically once you enable HTTP/2 on one listen directive all of them in the same ip/port get HTTP/2. In theory SNI would allow the server to see the virtual host requested (at least for SNI-enabled clients on TLSv1 or above) and then respond with ALPN settings appropriate to that virtual host, but that is complex and in practice most servers don’t differentiate this way and reuse the same SSL/TLS settings on all shared virtual hosts on that IP/Port.

I can’t explain though, at least not without more information, why lighthouse thought your HTTP/2 vhost was only HTTP/1.1 though.

Barry Pollard
  • 4,591
  • 15
  • 26