Forest header image

Symfony Finland
Random things on PHP, Symfony and web development

What is HTTP/2 and how to deploy it?

For people working with web sites and web applications, there is never a lack of new things to learn. HTTP/2 is one of these things. It will be in a very significant role in both the lives of developers and users of all web services. Somewhat contrarily it won't change anything to the users of these. Or even the developers.

Software communicates over mutually agreed standards, which are known as protocols. For web servers and browsers the most common one of these is HTTP. This protocol has been used since the 1990's and the common version in use (HTTP 1.1) came into use in 1999.

As you may guess, web technology has taken leaps and bounds since the turn of the millenium. Underneath it all is still this same, fifteen year old means of communications. It's been tuned up a bit, abused and bypassed with tricks, but is mostly unchanged.

HTTP/2 is a practical way forward

At it's heart HTTP (HyperText Transfer Protocol) is still a way of sending text from the server to the browser. Sending images, videos and other resources have been built on top of this. The ideal way to improve the flow of this data would be to introduce a whole new protocol and not build on HTTP at all.

HTTP, however, is so wide spread that replacing it is not feasible. It is being used by billions of people and devices around the planet and it will remain around for a very long time, regardless of it's shortcomings. This is why the way forward was decided to be a new version of the protocol (HTTP/2). It was finalised in 2015 and is an evolution of the older protocol.

Under the hood there is a lot of new and complicated things, but it is designed so that for the end user or web developers this is complexity is masked very well. It's a practical solution, that is capable of offering significant improvements such as:

  • Improved data transfer: Data is transmitted in now binary form and the HTTP header data is compressed
  • Improved sending of multiple resources: Many messages (files, stylesheets, images, etc.) are sent within a single pipeline instead of individual pipes
  • The server can push the browser data without request: Traditionally the browser must request each resource, but with HTTP/2 Server Push the browser can push the essential data related to a resource (such as stylesheets for a web page) at request time

These improvements won't enable ground breaking new functionalities, but significantly improve the lower level functions done at each page load on a site. As and end result browsing the web in a congested mobile network will be faster as a whole.

Encryption has been used for secure communications in web banks and online stores for a long time. When you are browsing a secure site, only you and the server can read the sent messages. The changes in HTTP/2 are quite significant and widespread firewalls and other networking infrastructure might consider this as malicious traffic.

This is why HTTP/2 has a de-facto requirement of using encryption as secure HTTPS traffic is supported by the network infrastructure. The added benefit of course is security, but the reasoning behind is to make sure HTTP/2 traffic flows everywhere, unrestricted.

HTTP/2 is not dependent on any used content management system, operating system or programming language. It functions on a level underneath the web development languages. The benefits are apparent when the network connection is slow or unreliable.

Taking HTTP/2 into use

The new version of HTTP will transparently replace the older version. This site, for example, uses HTTP/2 but you won't necessarily know that it does. The clearest indication is that it is secured with encryption. Encryption is not a hard requirement for HTTP/2, but since browsers don't support unencrypted HTTP/2 traffic it's a de-facto requirement.

Taking advantage of HTTP/2 requires three things:

  1. The browser supports HTTP/2
  2. The web server supports HTTP/2
  3. There is a secure connection between the server and the browser

A large portion of web users will upgrade to HTTP/2 through standard system updates. Most browsers already support it and are evergreen (continuously updating). For example Microsoft Edge, Google Chrome and Mozilla Firefox users are HTTP/2 ready - and have been for a number of months.

Popular open source web servers such as Apache and Nginx will use HTTP/2 as a default in the future. Currently many Linux distributions come with older versions of these servers and system administrators need to specifically enable HTTP/2 and encryption, but as time moves on this will become the standard configuration.

Older web servers or reverse proxys can use a HTTP/2 capable server to offload SSL traffic, for example using the H2O web server. You can also use H2O at full scale for serving PHP over HTTP/2.

Adding encryption is not hard or expensive, but it has not been a default step in launch processes. Nowadays it's an easier sell as it a factor in Search Engine Ranking Algorithms affecting SEO and the soon available free SSL certificates from Let's Encrypt.

HTTP/2 is an evolution, not a revolution. It's a change that touches everyone, but only a few of us need to think about it.

Written by Jani Tarvainen on Thursday November 12, 2015
Permalink - Tags: http2, h2o, nginx, apache, varnish

« The face of Symfony: User Interfaces - Flarum, a modern PHP forum platform »