HTTP/2, yes or no?

ℹ️ Support
1

I’ve just done some testing on a public link share and it shows that there is nothing to gain by enabling HTTP/2 on Nextcloud.

Feel free to add your own benchmarks :slight_smile:

Test sample

Test page is a public link containing 33 images for a total of 6.7MB

HTTP/1.1

# h2load --h1 -n1000 -c100 -m10 -t4 https://1.2.3.4/index.php/s/I1io5BUJZgr4prJ
starting benchmark...
spawning thread #0: 25 total client(s). 250 total requests
spawning thread #1: 25 total client(s). 250 total requests
spawning thread #2: 25 total client(s). 250 total requests
spawning thread #3: 25 total client(s). 250 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Server Temp Key: ECDH P-384 384 bits
Application protocol: http/1.1
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done

finished in 45.91s, 21.78 req/s, 371.52KB/s
requests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 1000 2xx, 0 3xx, 0 4xx, 0 5xx
traffic: 16.66MB (17465960) total, 1.05MB (1096160) headers (space savings 0.00%), 15.52MB (16274000) data
                     min         max         mean         sd        +/- sd
time for request:   729.16ms      45.60s      24.69s      13.08s    56.40%
time for connect:   118.60ms    410.70ms    293.58ms     80.39ms    68.00%
time to 1st byte:   830.27ms       7.30s       4.21s       1.91s    50.00%
req/s           :       0.22        0.27        0.23        0.01    78.00%

HTTP/2

# h2load -n1000 -c100 -m10 -t4 https://1.2.3.4/index.php/s/I1io5BUJZgr4prJstarting benchmark...
spawning thread #0: 25 total client(s). 250 total requestsspawning thread #1: 25 total client(s). 250 total requests
spawning thread #2: 25 total client(s). 250 total requests
spawning thread #3: 25 total client(s). 250 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Server Temp Key: ECDH P-384 384 bits
Application protocol: h2
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done

finished in 45.42s, 22.01 req/s, 359.33KB/s
requests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 1000 2xx, 0 3xx, 0 4xx, 0 5xx
traffic: 15.94MB (16714466) total, 408.95KB (418766) headers (space savings 62.03%), 15.52MB (16274000) data
                     min         max         mean         sd        +/- sd
time for request:      1.20s      45.32s      24.40s      12.78s    58.50%
time for connect:    20.16ms    516.52ms    314.71ms    151.49ms    63.00%
time to 1st byte:      1.31s      29.03s      14.86s       9.41s    60.00%
req/s           :       0.22        0.58        0.35        0.13    56.00%
1 Like
2

Here is mine using similar testing parameters.

First test http/1.1

h2load --h1 -n1000 -c100 -m10 -t4 https://censored.ext/index.php/s/3GhomRIn5NATm7X
starting benchmark…
spawning thread #0: 25 total client(s). 250 total requests
spawning thread #1: 25 total client(s). 250 total requests
spawning thread #2: 25 total client(s). 250 total requests
spawning thread #3: 25 total client(s). 250 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES128-GCM-SHA256
Server Temp Key: ECDH P-256 256 bits
Application protocol: http/1.1
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done

finished in 3.07s, 325.45 req/s, 167.49KB/s
requests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 0 2xx, 1000 3xx, 0 4xx, 0 5xx
traffic: 514.65KB (527000) total, 272.46KB (279000) headers (space savings 0.00%), 173.83KB (178000) data
min max mean sd +/- sd
time for request: 45.50ms 664.70ms 181.05ms 181.47ms 78.10%
time for connect: 386.41ms 2.75s 2.49s 237.78ms 93.00%
time to 1st byte: 435.62ms 3.02s 2.65s 270.86ms 82.00%
req/s : 3.25 22.90 3.88 1.92 99.00%

Now testing with HTTP/2

h2load -n1000 -c100 -m10 -t4 https://censored.ext/index.php/s/3GhomRIn5NATm7X
starting benchmark…
spawning thread #0: 25 total client(s). 250 total requests
spawning thread #1: 25 total client(s). 250 total requests
spawning thread #2: 25 total client(s). 250 total requests
spawning thread #3: 25 total client(s). 250 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES128-GCM-SHA256
Server Temp Key: ECDH P-256 256 bits
Application protocol: h2
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done

finished in 3.27s, 305.59 req/s, 116.36KB/s
requests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 0 2xx, 1000 3xx, 0 4xx, 0 5xx
traffic: 380.76KB (389900) total, 184.57KB (189000) headers (space savings 29.74%), 173.83KB (178000) data
min max mean sd +/- sd
time for request: 47.05ms 1.52s 176.05ms 339.82ms 94.00%
time for connect: 1.21s 3.17s 2.65s 370.37ms 92.00%
time to 1st byte: 2.71s 3.22s 2.83s 67.88ms 91.00%
req/s : 3.06 3.68 3.53 0.09 91.00%

1 Like
3

Hey,
i enabled my Ubuntu server 16.04.1 module http2, but when i show page inception - network and protocol, then i see there only http/1.1.
Nextcloud supports HTTP/2 ?

4

This has nothing to do with Nextcloud itself. You need to enable it for the virtualhost serving Nextcloud.

5

I tested my server support HTTP/2 and are enabled, but braowser source network protocol show HTTP/1.1 wierd…

6

@longsleep also tested this a bit, and unless we start using HTTP2 priorities I think it was actually slower.

7

@janar, can you post the output of curl -v -k https://yourserver.com (the -k just ignores the certificate, if you aren’t using your real domain). should return something like this:

curl -v -k https://localhost

  • Rebuilt URL to: https://localhost/
  • Trying 127.0.0.1…
  • TCP_NODELAY set
  • Connected to localhost (127.0.0.1) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=myserver.com
  • start date: Sep 29 05:48:00 2016 GMT
  • expire date: Dec 28 05:48:00 2016 GMT
  • issuer: C=US; O=Let’s Encrypt; CN=Let’s Encrypt Authority X3
  • SSL certificate verify ok.
    *** Using HTTP2, server supports multi-use**
    *** Connection state changed (HTTP/2 confirmed)**
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • Using Stream ID: 1 (easy handle 0x2400400)
8

When i use this command i not see no rows http/2

9

Then your apache isn’t configured for HTTP/2. Which version of apache are you using? HTTP/2 support was enabled at 2.4.17, IIRC.

10

Yep. I just wanted to add some public content because people blindly enable it thinking it’s a magic bullet :slight_smile:

11

Server version: Apache/2.4.23 (Ubuntu)
Server built: 2016-10-06T12:23:41

12

@janar, you still need to compile http2 support in (if you compile your stack)

13

this site answer:
https://tools.keycdn.com/http2-test
Yeah! mysiteurl supports HTTP/2.0.

14

the best improvement I had was enabling gzip compression for .CSS and .js (with Nginx)… The Nextcloud login page was displayed within 3s instead of 4s…
tested with www.webpagetest.org, quite interesting for performance comparison !

15

@nickvergessen Yes, though we have played with it a bit more and if the http2 server is limiting the number of parallel streams (eg. like https://github.com/spreedbox/spreedbox-webserver/blob/e2973a3b2c4f6644102dceebb95b1acfe0ae4cdf/files/etc/nginx/conf.d/http2.conf) h2 is similar to http1.1 and gives some benefits regarding amount of tcp connections and tls handshakes.

16

Hi @Guillaume,

I thought that gzip compression for .CSS and .js (apache2 mod_deflate module) was not recommended for OC/NC and i have read somewhere (don’t remember where) it can affect DAVDroid syncing…

Could you confirm enabling it has no side effects ? Thank you !

17

Hello Akhenaton,
I tried gzip compression with NGINX, and I don’t use Davdroid…
I did not noticed any side effects

18

I know it’s not recommended to use mod_deflate per several ownCloud bug reports. However, I see no side affects with css/js compression enabled. DAVdroid works fine too. Then again I’m using Nginx instead of Apache.

19

Doesn’t turning on compression make your webserver vulnerable to http://breachattack.com/? Isn’t that the reason why compression is not recommended for OC/NC?

1 Like
20

@Guillaume and @grouchysysadmin Thanks for your responses :slight_smile:

@Bernie_O Yes, i’ve read also some nasty things with the mod_deflate module and compression enabled…

Oh well, i was trying to tweak my server to respond a little quicker… Nextcloud is really a bit slow… even with PHP7.