oparoz
October 9, 2016, 10:28pm
1
I’ve just done some testing on a public link share and it shows that there is nothing to gain by enabling HTTP/2 on Nextcloud.
Feel free to add your own benchmarks
Test sample
Test page is a public link containing 33 images for a total of 6.7MB
HTTP/1.1
# h2load --h1 -n1000 -c100 -m10 -t4 https://1.2.3.4/index.php/s/I1io5BUJZgr4prJ
starting benchmark...
spawning thread #0: 25 total client(s). 250 total requests
spawning thread #1: 25 total client(s). 250 total requests
spawning thread #2: 25 total client(s). 250 total requests
spawning thread #3: 25 total client(s). 250 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Server Temp Key: ECDH P-384 384 bits
Application protocol: http/1.1
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done
finished in 45.91s, 21.78 req/s, 371.52KB/s
requests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 1000 2xx, 0 3xx, 0 4xx, 0 5xx
traffic: 16.66MB (17465960) total, 1.05MB (1096160) headers (space savings 0.00%), 15.52MB (16274000) data
min max mean sd +/- sd
time for request: 729.16ms 45.60s 24.69s 13.08s 56.40%
time for connect: 118.60ms 410.70ms 293.58ms 80.39ms 68.00%
time to 1st byte: 830.27ms 7.30s 4.21s 1.91s 50.00%
req/s : 0.22 0.27 0.23 0.01 78.00%
HTTP/2
# h2load -n1000 -c100 -m10 -t4 https://1.2.3.4/index.php/s/I1io5BUJZgr4prJstarting benchmark...
spawning thread #0: 25 total client(s). 250 total requestsspawning thread #1: 25 total client(s). 250 total requests
spawning thread #2: 25 total client(s). 250 total requests
spawning thread #3: 25 total client(s). 250 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Server Temp Key: ECDH P-384 384 bits
Application protocol: h2
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done
finished in 45.42s, 22.01 req/s, 359.33KB/s
requests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 1000 2xx, 0 3xx, 0 4xx, 0 5xx
traffic: 15.94MB (16714466) total, 408.95KB (418766) headers (space savings 62.03%), 15.52MB (16274000) data
min max mean sd +/- sd
time for request: 1.20s 45.32s 24.40s 12.78s 58.50%
time for connect: 20.16ms 516.52ms 314.71ms 151.49ms 63.00%
time to 1st byte: 1.31s 29.03s 14.86s 9.41s 60.00%
req/s : 0.22 0.58 0.35 0.13 56.00%
1 Like
Here is mine using similar testing parameters.
First test http/1.1
h2load --h1 -n1000 -c100 -m10 -t4 https://censored.ext/index.php/s/3GhomRIn5NATm7X
starting benchmark…
spawning thread #0: 25 total client(s). 250 total requests
spawning thread #1: 25 total client(s). 250 total requests
spawning thread #2: 25 total client(s). 250 total requests
spawning thread #3: 25 total client(s). 250 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES128-GCM-SHA256
Server Temp Key: ECDH P-256 256 bits
Application protocol: http/1.1
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done
finished in 3.07s, 325.45 req/s, 167.49KB/s
requests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 0 2xx, 1000 3xx, 0 4xx, 0 5xx
traffic: 514.65KB (527000) total, 272.46KB (279000) headers (space savings 0.00%), 173.83KB (178000) data
min max mean sd +/- sd
time for request: 45.50ms 664.70ms 181.05ms 181.47ms 78.10%
time for connect: 386.41ms 2.75s 2.49s 237.78ms 93.00%
time to 1st byte: 435.62ms 3.02s 2.65s 270.86ms 82.00%
req/s : 3.25 22.90 3.88 1.92 99.00%
Now testing with HTTP/2
h2load -n1000 -c100 -m10 -t4 https://censored.ext/index.php/s/3GhomRIn5NATm7X
starting benchmark…
spawning thread #0: 25 total client(s). 250 total requests
spawning thread #1: 25 total client(s). 250 total requests
spawning thread #2: 25 total client(s). 250 total requests
spawning thread #3: 25 total client(s). 250 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES128-GCM-SHA256
Server Temp Key: ECDH P-256 256 bits
Application protocol: h2
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done
finished in 3.27s, 305.59 req/s, 116.36KB/s
requests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 0 2xx, 1000 3xx, 0 4xx, 0 5xx
traffic: 380.76KB (389900) total, 184.57KB (189000) headers (space savings 29.74%), 173.83KB (178000) data
min max mean sd +/- sd
time for request: 47.05ms 1.52s 176.05ms 339.82ms 94.00%
time for connect: 1.21s 3.17s 2.65s 370.37ms 92.00%
time to 1st byte: 2.71s 3.22s 2.83s 67.88ms 91.00%
req/s : 3.06 3.68 3.53 0.09 91.00%
1 Like
janar
October 10, 2016, 3:41pm
3
Hey,
i enabled my Ubuntu server 16.04.1 module http2, but when i show page inception - network and protocol, then i see there only http/1.1.
Nextcloud supports HTTP/2 ?
oparoz
October 10, 2016, 3:42pm
4
This has nothing to do with Nextcloud itself. You need to enable it for the virtualhost serving Nextcloud.
janar
October 10, 2016, 4:02pm
5
I tested my server support HTTP/2 and are enabled, but braowser source network protocol show HTTP/1.1 wierd…
@longsleep also tested this a bit, and unless we start using HTTP2 priorities I think it was actually slower.
groovy
October 10, 2016, 4:12pm
7
@janar , can you post the output of curl -v -k https://yourserver.com (the -k just ignores the certificate, if you aren’t using your real domain). should return something like this:
curl -v -k https://localhost
Rebuilt URL to: https://localhost/
Trying 127.0.0.1…
TCP_NODELAY set
Connected to localhost (127.0.0.1) port 443 (#0 )
ALPN, offering h2
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.2 (OUT), TLS header, Certificate Status (22):
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS change cipher, Client hello (1):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
ALPN, server accepted to use h2
Server certificate:
subject: CN=myserver.com
start date: Sep 29 05:48:00 2016 GMT
expire date: Dec 28 05:48:00 2016 GMT
issuer: C=US; O=Let’s Encrypt; CN=Let’s Encrypt Authority X3
SSL certificate verify ok.
*** Using HTTP2, server supports multi-use**
*** Connection state changed (HTTP/2 confirmed)**
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0x2400400)
janar
October 10, 2016, 4:29pm
8
When i use this command i not see no rows http/2
groovy
October 10, 2016, 4:36pm
9
Then your apache isn’t configured for HTTP/2. Which version of apache are you using? HTTP/2 support was enabled at 2.4.17, IIRC.
oparoz
October 10, 2016, 4:39pm
10
Yep. I just wanted to add some public content because people blindly enable it thinking it’s a magic bullet
janar
October 10, 2016, 4:44pm
11
Server version: Apache/2.4.23 (Ubuntu)
Server built: 2016-10-06T12:23:41
oparoz
October 10, 2016, 4:49pm
12
@janar , you still need to compile http2 support in (if you compile your stack)
janar
October 10, 2016, 4:53pm
13
this site answer:
https://tools.keycdn.com/http2-test
Yeah! mysiteurl supports HTTP/2.0.
the best improvement I had was enabling gzip compression for .CSS and .js (with Nginx)… The Nextcloud login page was displayed within 3s instead of 4s…
tested with www.webpagetest.org , quite interesting for performance comparison !
@nickvergessen Yes, though we have played with it a bit more and if the http2 server is limiting the number of parallel streams (eg. like https://github.com/spreedbox/spreedbox-webserver/blob/e2973a3b2c4f6644102dceebb95b1acfe0ae4cdf/files/etc/nginx/conf.d/http2.conf ) h2 is similar to http1.1 and gives some benefits regarding amount of tcp connections and tls handshakes.
Hi @Guillaume ,
I thought that gzip compression for .CSS and .js (apache2 mod_deflate module) was not recommended for OC/NC and i have read somewhere (don’t remember where) it can affect DAVDroid syncing…
Could you confirm enabling it has no side effects ? Thank you !
Hello Akhenaton,
I tried gzip compression with NGINX, and I don’t use Davdroid…
I did not noticed any side effects
I know it’s not recommended to use mod_deflate per several ownCloud bug reports. However, I see no side affects with css/js compression enabled. DAVdroid works fine too. Then again I’m using Nginx instead of Apache.
Doesn’t turning on compression make your webserver vulnerable to http://breachattack.com/ ? Isn’t that the reason why compression is not recommended for OC/NC?
1 Like
@Guillaume and @grouchysysadmin Thanks for your responses
@Bernie_O Yes, i’ve read also some nasty things with the mod_deflate module and compression enabled…
Oh well, i was trying to tweak my server to respond a little quicker… Nextcloud is really a bit slow… even with PHP7.