the "http2" parameter requires ngx_http_v2_module

Bug #1552949 reported by AnOctet
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Hi everyone!

Since version 1.9.5 Nginx have HTTP/2 support. However, even most recent build of NGINX xenial package do not have it:

root@ubuntu:~# nginx -t
nginx: [emerg] the "http2" parameter requires ngx_http_v2_module in /etc/nginx/sites-enabled/default:17
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx site still do not provide a package for xenial (and it is clear why) http://nginx.org/en/linux_packages.html#mainline

I believe, it is urgent feature for upcoming 5 years.

Tags: http2 nginx
AnOctet (anoctet)
description: updated
Revision history for this message
Thomas Ward (teward) wrote :
Changed in nginx (Ubuntu):
status: New → Won't Fix
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I've asked teward to keep HTTP/2 disabled in nginx for a little while.

We certainly want HTTP/2 support in 16.04 LTS but (a) http/2 is very new (b) http/2 is based on design patterns that have proved to be very difficult to implement without security issues. So I hope to offer http/2 support in nginx via an SRU shortly after 16.04 LTS is released.

Security issues in complex software is a given; part of my role on the security team is balancing new features against security risks. I'd feel immensely better about offering http/2 to our users after the wider security community has had some time to find 'easy' issues. (I say this with full respect for what the nginx team have built; I suspect they feel similarly otherwise they would have already released 1.10 with http/2 a first-class citizen.)

I wish the timing were a little different: however, both nginx and 16.04 LTS are aiming for roughly the same date, so there's no easy way to get the wider coverage I'd like http/2 to get before we ship our next LTS release. If you'd like to contribute, please consider running e.g. https://github.com/c0nrad/http2fuzz against nginx mainline releases or nginx hg tip builds.

Thanks

Revision history for this message
AnOctet (anoctet) wrote :

Dear Seth Arnold (seth-arnold) and Thomas Ward (teward) Thank you for your fast responses I appreciate it!

I was need NGINX for my research project of the HTTP/2 and forward HTTP proxy. Actually, the behaviour of last one when it cooperates with old HTTP/1.1 and new HTTP/2 under high load. It would be easy if I had all the same servers (1xPROXY and 1xWEB) based on NGINX from repository of upcoming new version of popular server OS. However, I can still roll back to willy or even trusty and install packages from NGINX it self. In worth case scenario, I can try nghttp2 package ( a bit outdated in xenial repository), less preferable due only static file support.

Thank you.

P.S.: https://github.com/c0nrad/http2fuzz pretty interesting tool, I need to get familiar with it.

Revision history for this message
Alex Poth (alex-poth) wrote :

I've currently been testing Debian 8 Jessie, with the debian backport of Nginx 1.9.10, with great success on HTTP/2.

The good thing is that HTTP/2 support is not entirely new, being the HTTP/2 itself is based on SPDY, Nginx were able to use the existing SPDY implementation for HTTP/2 support, so although HTTP/2 has only been out since Sept 15, it is based on a module released in Feb 2014.

As far as I know, SPDY has been enabled since Ubuntu 15.04.

If HTTP/2 is continuing to be disabled, does there need to be a note in relation to there being no support for SPDY or HTTP/2 moving forward? Users who upgrade from an older release would be advised by Nginx to swap "spdy" with "http2", but that obviously won't work if the module is disabled, where previously SPDY was enabled in the package.

Revision history for this message
Thomas Ward (teward) wrote :

We will have a section in the release notes regarding HTTP/2 support for nginx not being available at release time, most likely. We will address that bit closer to Xenial release, however.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.