一、环境简要说明
#访问请求过程
用户(浏览器) ——> 防火墙映射 ——> nginx ——> app服务(java)
http2是什么,简单来说是继HTTP1.1版本之后的新版HTTP协议,支持二进制分帧、多路复用、首部压缩等最新的特性,能够大幅度提高Web性能,降低数据交互延迟。详细查看HTTP2
多路复用降低了tcp连接数量
二、问题排查与解决
用户通过浏览器请求文件上传,前端页面采用多进程分片上传。浏览器已经产生了6个upload请求,但只能创建一个 Establish 的 CTP 连接,从而上传速度达不到预期。用户上传截图如下
从防火前也只能获取到一个会话信息。
<span style="background-color:#f4f5f7"><span style="color:#172b4d">Session ID: 6026715, Policy name: to-10-40-42-7-port47653/443, Timeout: 1788, Valid
In: x.x.x.x/13539 --> 10.40.42.7/47317;tcp, Conn Tag: 0x0, If: ae1.0, Pkts: 2030533, Bytes: 3037112366,
Out: 10.40.42.7/47317 --> x.x.x.x/13539;tcp, Conn Tag: 0x0, If: ae0.448, Pkts: 513966, Bytes: 21102226,
</span></span>
另外通内网访问越过防火墙映射,同一时间也只收到一个 SYN 包,图如下
至此推断,可能是服务端(nginx)配置造成只能创建一个 Establish 的 CTP 连接,通过检查nginx配置文件,nginx启用 http2多路复用了
# 开启 listen 47317 ssl http2;
# 关闭 listen 47317 ssl ;
关闭 https 后 通过ss 命令查看 服务器连接数变为6,正常数量。
问题延伸
为什么会出现HTTP/1.1 会有多个连接 HTTP/2只有一个连接
浏览器在使用 HTTP/1.1 时对每个域名会有6~8个连接的限制,具体取决于浏览器,Chrome 默认是6个 这允许每个域最多 6-8 个并发请求,使用 HTTP/2,浏览器每个域名只打开 1 个连接。但是,得益于 HTTP/2 协议的多路复用特性,每个域的并发请求数不限于 6-8 个,实际上是无限的
https://stackoverflow.com/questions/16852690/sseeventsource-why-no-more-than-6-connections?noredirect=1&lq=1
nginx从什么时候开始支持 HTTP/2
从1.9.5 开始支持HTTP/2
The ssl parameter (0.7.14) allows specifying that all connections accepted on this port should work in SSL mode. This allows for a more compact configuration for the server that handles both HTTP and HTTPS requests.The http2 parameter (1.9.5) configures the port to accept HTTP/2 connections. Normally, for this to work the ssl parameter should be specified as well, but nginx can also be configured to accept HTTP/2 connections without SSL.
The ngx_http_v2_module module (1.9.5) provides support for HTTP/2 and supersedes the ngx_http_spdy_module module.
SPDY 协议旨在通过压缩、多路复用和优先级来缩短网页的加载时间和提高安全性
The spdy parameter (1.3.15-1.9.4) allows accepting SPDY connections on this port. Normally, for this to work the ssl parameter should be specified as well, but nginx can also be configured to accept SPDY connections without SSL.
proxy_http_version 是什么 配置1.1 为什么不生效
proxy_http_version 是nginx向上游app 服务器的通信协议版本控制
客户端--> nginxA--> proxy_http_version--> C(nodejs)
http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
Nginx proxy 从 1.1.4 版本开始开始支持HTTP/1.1,
Syntax: proxy_http_version 1.0 | 1.1;
Default:
proxy_http_version 1.0;
Context: http, server, location
This directive appeared in version 1.1.4.
Sets the HTTP protocol version for proxying. By default, version 1.0 is used. Version 1.1 is recommended for use with keepalive connections and NTLM authentication.
nginx代理与后端为什么不使用HTTP/2.0
官方是解释是 HTTP/2 的主要好处是它允许在单个连接中多路复用多个请求,对低延迟网络(例如上游连接)没有太多好处。增加的复杂程度 https://serverfault.com/questions/765258/use-http-2-0-between-nginx-reverse-proxy-and-backend-webserverQ: Will you support HTTP/2 on the upstream side as well, or only support HTTP/2 on the client side? A: At the moment, we only support HTTP/2 on the client side. You can’t configure HTTP/2 with proxy_pass. [Editor – In the original version of this post, this sentence was incorrectly transcribed as “You can configure HTTP/2 with proxy_pass.” We apologize for any confusion this may have caused.] But what is the point of HTTP/2 on the backend side? Because as you can see from the benchmarks, there’s not much benefit in HTTP/2 for low‑latency networks such as upstream connections. Also, in NGINX you have the keepalive module, and you can configure a keepalive cache. The main performance benefit of HTTP/2 is to eliminate additional handshakes, but if you do that already with a keepalive cache, you don’t need HTTP/2 on the upstream side.
nginx不做控制 为什么服务端默认接收客户端请求是HTTP/1.1
一般主流的浏览器 如Chrome,默认请求是http/1.1,如果客户端发送 HTTP/1.0 请求,则 HTTP/1.0 响应或 HTTP/1.1 都可以接受,但首选 HTTP/1.1。 RFC 2616 https://www.rfc-editor.org/rfc/rfc2616#section-3.1 Applications that are at least conditionally compliant with this specification SHOULD use an HTTP-Version of "HTTP/1.1" in their messages, and MUST do so for any message that is not compatible with HTTP/1.0. For more details on when to send specific HTTP-Version values, see RFC 2145. https://serverfault.com/questions/442960/nginx-ignoring-clients-http-1-0-request-and-respond-by-http-1-1
注意:
如果服务器开启了 http2 且 服务器上 nginx上配置多个 server (站点),只要其中一个server 开启了http2 ,其他全部默认为http2。