nginx.git/src/http, branch release-1.19.10 nginx Changed keepalive_requests default to 1000 (ticket #2155). 2021-04-07T21:16:30+00:00 Maxim Dounin mdounin@mdounin.ru 2021-04-07T21:16:30+00:00 eb52de83114e8d98722cd17ec8435c47956b6315 It turns out no browsers implement HTTP/2 GOAWAY handling properly, and large enough number of resources on a page results in failures to load some resources. In particular, Chrome seems to experience errors if loading of all resources requires more than 1 connection (while it is usually able to retry requests at least once, even with 2 connections there are occasional failures for some reason), Safari if loading requires more than 3 connections, and Firefox if loading requires more than 10 connections (can be configured with network.http.request.max-attempts, defaults to 10). It does not seem to be possible to resolve this on nginx side, even strict limiting of maximum concurrency does not help, and loading issues seems to be triggered by merely queueing of a request for a particular connection. The only available mitigation seems to use higher keepalive_requests value. The new default is 1000 and matches previously used default for http2_max_requests. It is expected to be enough for 99.98% of the pages (https://httparchive.org/reports/state-of-the-web?start=latest#reqTotal) even in Chrome. 
It turns out no browsers implement HTTP/2 GOAWAY handling properly, and
large enough number of resources on a page results in failures to load
some resources.  In particular, Chrome seems to experience errors if
loading of all resources requires more than 1 connection (while it
is usually able to retry requests at least once, even with 2 connections
there are occasional failures for some reason), Safari if loading requires
more than 3 connections, and Firefox if loading requires more than 10
connections (can be configured with network.http.request.max-attempts,
defaults to 10).

It does not seem to be possible to resolve this on nginx side, even strict
limiting of maximum concurrency does not help, and loading issues seems to
be triggered by merely queueing of a request for a particular connection.
The only available mitigation seems to use higher keepalive_requests value.

The new default is 1000 and matches previously used default for
http2_max_requests.  It is expected to be enough for 99.98% of the pages
(https://httparchive.org/reports/state-of-the-web?start=latest#reqTotal)
even in Chrome.
Added $connection_time variable. 2021-04-07T21:16:17+00:00 Maxim Dounin mdounin@mdounin.ru 2021-04-07T21:16:17+00:00 497acbd0ed4b3f289bde11de207efb0abd1f6fa6 






Introduced the "keepalive_time" directive.
2021-04-07T21:15:48+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-04-07T21:15:48+00:00

d9996d6f27150bfb9c9c00d77fac940712aa1d28

Similar to lingering_time, it limits total connection lifetime before
keepalive is switched off.  The default is 1 hour, which is close to
the total maximum connection lifetime possible with default
keepalive_requests and keepalive_timeout.





Similar to lingering_time, it limits total connection lifetime before
keepalive is switched off.  The default is 1 hour, which is close to
the total maximum connection lifetime possible with default
keepalive_requests and keepalive_timeout.







HTTP/2: relaxed PRIORITY frames limit.
2021-04-06T23:03:29+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-04-06T23:03:29+00:00

5599731c00bd152f765c7cea24a7d257bf13320c

Firefox uses several idle streams for PRIORITY frames[1], and
"http2_max_concurrent_streams 1;" results in "client sent too many
PRIORITY frames" errors when a connection is established by Firefox.

Fix is to relax the PRIORITY frames limit to use at least 100 as
the initial value (which is the recommended by the HTTP/2 protocol
minimum limit on the number of concurrent streams, so it is not
unreasonable for clients to assume that similar number of idle streams
can be used for prioritization).

[1] https://hg.mozilla.org/mozilla-central/file/32a9e6e145d6e3071c3993a20bb603a2f388722b/netwerk/protocol/http/Http2Stream.cpp#l1270





Firefox uses several idle streams for PRIORITY frames[1], and
"http2_max_concurrent_streams 1;" results in "client sent too many
PRIORITY frames" errors when a connection is established by Firefox.

Fix is to relax the PRIORITY frames limit to use at least 100 as
the initial value (which is the recommended by the HTTP/2 protocol
minimum limit on the number of concurrent streams, so it is not
unreasonable for clients to assume that similar number of idle streams
can be used for prioritization).

[1] https://hg.mozilla.org/mozilla-central/file/32a9e6e145d6e3071c3993a20bb603a2f388722b/netwerk/protocol/http/Http2Stream.cpp#l1270







Gzip: updated handling of zlib variant from Intel.
2021-04-05T01:07:17+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-04-05T01:07:17+00:00

4af67214ad3d7f0f525bea777d5a43aa7a702ecf

In current versions (all versions based on zlib 1.2.11, at least
since 2018) it no longer uses 64K hash and does not force window
bits to 13 if it is less than 13.  That is, it needs just 16 bytes
more memory than normal zlib, so these bytes are simply added to
the normal size calculation.





In current versions (all versions based on zlib 1.2.11, at least
since 2018) it no longer uses 64K hash and does not force window
bits to 13 if it is less than 13.  That is, it needs just 16 bytes
more memory than normal zlib, so these bytes are simply added to
the normal size calculation.







Gzip: support for zlib-ng.
2021-04-05T01:06:58+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-04-05T01:06:58+00:00

e3797a66a3d8213b5c34cafca5a8882b152fc2c2












Fixed handling of already closed connections.
2021-03-28T14:45:39+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-03-28T14:45:39+00:00

179c79ce8afd459acffa50e6dabc60b0b7d9a014

In limit_req, auth_delay, and upstream code to check for broken
connections, tests for possible connection close by the client
did not work if the connection was already closed when relevant
event handler was set.  This happened because there were no additional
events in case of edge-triggered event methods, and read events
were disabled in case of level-triggered ones.

Fix is to explicitly post a read event if the c->read->ready flag
is set.





In limit_req, auth_delay, and upstream code to check for broken
connections, tests for possible connection close by the client
did not work if the connection was already closed when relevant
event handler was set.  This happened because there were no additional
events in case of edge-triggered event methods, and read events
were disabled in case of level-triggered ones.

Fix is to explicitly post a read event if the c->read->ready flag
is set.







Upstream: fixed broken connection check with eventport.
2021-03-28T14:45:37+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-03-28T14:45:37+00:00

8885c45e1ead18c1fc9325e372069ec9c55e5938

For connection close to be reported with eventport on Solaris,
ngx_handle_read_event() needs to be called.





For connection close to be reported with eventport on Solaris,
ngx_handle_read_event() needs to be called.







Upstream: fixed non-buffered proxying with eventport.
2021-03-28T14:45:35+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-03-28T14:45:35+00:00

9104757a7d9adfced7c77396167e3e68bd11867c

For new data to be reported with eventport on Solaris,
ngx_handle_read_event() needs to be called after reading response
headers.  To do so, ngx_http_upstream_process_non_buffered_upstream()
now called unconditionally if there are no prepread data.  This
won't cause any read() syscalls as long as upstream connection
is not ready for reading (c->read->ready is not set), but will result
in proper handling of all events.





For new data to be reported with eventport on Solaris,
ngx_handle_read_event() needs to be called after reading response
headers.  To do so, ngx_http_upstream_process_non_buffered_upstream()
now called unconditionally if there are no prepread data.  This
won't cause any read() syscalls as long as upstream connection
is not ready for reading (c->read->ready is not set), but will result
in proper handling of all events.







HTTP/2: improved handling of "keepalive_timeout 0".
2021-03-25T22:44:57+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-03-25T22:44:57+00:00

1f5271cd61a102514070c0d22ce5001cf0a70d61

Without explicit handling, a zero timer was actually added, leading to
multiple unneeded syscalls.  Further, sending GOAWAY frame early might
be beneficial for clients.

Reported by Sergey Kandaurov.





Without explicit handling, a zero timer was actually added, leading to
multiple unneeded syscalls.  Further, sending GOAWAY frame early might
be beneficial for clients.

Reported by Sergey Kandaurov.