Hello,
My netlify app: arpitdalal.netlify.app is not serving over HTTP/2 and I am not talking about the server push.
My curl:
curl -I https://arpitdalal.netlify.app
HTTP/1.1 200 OK
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 15 Oct 2020 15:03:42 GMT
Etag: “7f515d3426259d5676fa6643537ecbc3-ssl”
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Age: 0
Connection: keep-alive
Server: Netlify
X-NF-Request-ID: 9d9ce386-3281-440e-a475-d59467b0d192-5029328
What are the requirements to serve my app over HTTP/2?
Hi, @arpitdalal. I’m not able to reproduce this. It is HTTP/2 when I test:
$ curl -I https://arpitdalal.netlify.app/
HTTP/2 200
cache-control: public, max-age=0, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 19 Oct 2020 04:54:14 GMT
etag: "ca60d669c65bc51f4c1a5daf7bf5b235-ssl"
link: <https://arpitdalal.dev/>; rel="canonical"
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 0
server: Netlify
x-nf-request-id: 6837315e-40d1-4c00-a8f3-aac769ba3524-10928744
If you use a newer version of curl
does the same thing occur? (I’m showing 7.55.1 was used.)
Hello @luke. I am very surprised that you got HTTP/2. I just did a test right now and my results still show HTTP/1.1.
My curl on netlify domain:
curl -I https://arpitdalal.netlify.app
HTTP/1.1 200 OK
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 19 Oct 2020 11:08:28 GMT
Etag: "ca60d669c65bc51f4c1a5daf7bf5b235-ssl"
Link: <https://arpitdalal.dev/>; rel="canonical"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Age: 0
Connection: keep-alive
Server: Netlify
X-NF-Request-ID: f8a2f1c0-9691-4663-93c2-9ed689a51aac-23233056
Curl on my custom domain:
curl -I https://arpitdalal.dev
HTTP/1.1 200 OK
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 19 Oct 2020 11:08:05 GMT
Etag: "ca60d669c65bc51f4c1a5daf7bf5b235-ssl"
Strict-Transport-Security: max-age=31536000
Age: 0
Connection: keep-alive
Server: Netlify
X-NF-Request-ID: c1aca0a5-c71f-4e9d-87cd-a1fc5430f8b6-19247271
My curl version is also 7.55.1
curl -V
curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL
Release-Date: [unreleased]
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL
I also ran curl on a couple of online tools, from which one gave me HTTP/1.1 and another gave me HTTP/2. What is it depending on? I am not aware if it is the OS or some other factor.
Hi, @arpitdalal. Our CDN nodes support HTTP/2 and HTTP/1.1. Which is used is dependent on the client itself. It is possible that, while your curl
version is newer than 7.33.0, you local system still doesn’t have a libcurl
with HTTP/2 support. This could just be a limitation of your local curl
version.
You can also manually specify HTTP/2 with the --http2
option like so:
curl --http2 -I https://arpitdalal.dev/
From the curl
man page:
--http2
(HTTP) Tells curl to use HTTP version 2.
See also --no-alpn. --http2 requires that the underlying libcurl was built to support HTTP/2. This option overrides --http1.1 and -0,
--http1.0 and --http2-prior-knowledge. Added in 7.33.0.
Here is a curl
example showing curl
offering both “http/1.1” and “h2” (and the server responds with HTTP/2):
$ curl -svo /dev/null -I https://arpitdalal.dev
* Trying 104.248.78.23...
* TCP_NODELAY set
* Connected to arpitdalal.dev (104.248.78.23) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [228 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [102 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2575 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.arpitdalal.dev
* start date: Oct 15 21:59:57 2020 GMT
* expire date: Jan 13 21:59:57 2021 GMT
* subjectAltName: host "arpitdalal.dev" matched cert's "arpitdalal.dev"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fea22808200)
> HEAD / HTTP/2
> Host: arpitdalal.dev
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 150)!
< HTTP/2 200
< cache-control: public, max-age=0, must-revalidate
< content-length: 0
< content-type: text/html; charset=UTF-8
< date: Wed, 21 Oct 2020 02:55:17 GMT
< etag: "b12a92ed215c4cd064bd736848f3708f-ssl"
< strict-transport-security: max-age=31536000
< age: 0
< server: Netlify
< x-nf-request-id: 65432924-b963-4670-b084-4d011256d147-7597780
<
* Connection #0 to host arpitdalal.dev left intact
* Closing connection 0
The curl
command above logs offering both version here:
* ALPN, offering h2
* ALPN, offering http/1.1
Our CDN node responded with HTTP/2 here:
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
You can also get even more detailed debugging information by using the --trace
option (with a filename) like so:
curl --trace curl-debugging-output.txt -I https://arpitdalal.dev/
The trace output will be in the file named “curl-debugging-output.txt” after that command above is run.
Please let us know if there are other questions about this and/or if it still doesn’t work with the --http2
option used.