From 8289b3e47d8ee985127ff6488221e752e9764b20 Mon Sep 17 00:00:00 2001 From: Christophe Jaillet Date: Sun, 24 Jun 2018 19:42:08 +0000 Subject: [PATCH] xforms git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834266 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/expr.html.en | 12 ++-- docs/manual/expr.xml.fr | 2 +- docs/manual/expr.xml.meta | 2 +- docs/manual/howto/http2.html.en | 95 ++++++++++++++++++++++++++++---- docs/manual/howto/http2.xml.es | 2 +- docs/manual/howto/http2.xml.fr | 2 +- docs/manual/howto/http2.xml.meta | 2 +- 7 files changed, 96 insertions(+), 21 deletions(-) diff --git a/docs/manual/expr.html.en b/docs/manual/expr.html.en index 69446bf7ad..defcd92a64 100644 --- a/docs/manual/expr.html.en +++ b/docs/manual/expr.html.en @@ -201,7 +201,7 @@ listfunction ::= listfuncname "(" word ")"REMOTE_HOST The host name of the remote host REMOTE_USER - The name of the authenticated user, if any (not available during <If >) + The name of the authenticated user, if any (not available during <If>) REMOTE_IDENT The user name set by mod_ident SERVER_NAME @@ -222,7 +222,7 @@ listfunction ::= listfuncname "(" word ")"The configured AuthType (e.g. "basic") CONTENT_TYPE - The content type of the response (not available during <If >) + The content type of the response (not available during <If>) HANDLER The name of the handler creating the response @@ -236,7 +236,7 @@ listfunction ::= listfuncname "(" word ")""on" if the connection uses IPv6, "off" otherwise REQUEST_STATUS - The HTTP error status of the request (not available during <If >) + The HTTP error status of the request (not available during <If>) REQUEST_LOG_ID The error log id of the request (see ErrorLogFormat) @@ -434,10 +434,12 @@ listfunction ::= listfuncname "(" word ")"Same as req, but header names will not be added to the Vary header resp - Get HTTP response header + Get HTTP response header (most response headers will not yet be set + during <If>) reqenv Lookup request environment variable (as a shortcut, - v can also be used to access variables). + v can also be used to access variables). + ordering osenv Lookup operating system environment variable diff --git a/docs/manual/expr.xml.fr b/docs/manual/expr.xml.fr index 705d4d9c5d..3960022ead 100644 --- a/docs/manual/expr.xml.fr +++ b/docs/manual/expr.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/expr.xml.meta b/docs/manual/expr.xml.meta index d5a2e5e1a5..ea324a8bb2 100644 --- a/docs/manual/expr.xml.meta +++ b/docs/manual/expr.xml.meta @@ -8,6 +8,6 @@ en - fr + fr diff --git a/docs/manual/howto/http2.html.en b/docs/manual/howto/http2.html.en index 3f4ca9b567..fb3a4f11fb 100644 --- a/docs/manual/howto/http2.html.en +++ b/docs/manual/howto/http2.html.en @@ -37,10 +37,12 @@
  • HTTP/2 in Apache httpd
  • Build httpd with HTTP/2 support
  • Basic Configuration
    • +
  • MPM Configuration
  • Clients
  • Useful tools to debug HTTP/2
  • Server Push
    • -

    See also

    +
  • Early Hints
    • +

    See also

    top

    The HTTP/2 protocol

    @@ -72,7 +74,7 @@

    HTTP/2 in Apache httpd

    The HTTP/2 protocol is implemented by its own httpd module, aptly named - mod_http2. It implements the complete set + mod_http2. It implements the complete set of features described by RFC 7540 and supports HTTP/2 over cleartext (http:), as well as secure (https:) connections. The cleartext variant is named 'h2c', the secure one 'h2'. For h2c it allows the direct @@ -84,8 +86,8 @@

    Build httpd with HTTP/2 support

    -

    mod_http2 uses the library of nghttp2 - as its implementation base. In order to build mod_http2 you need at least version 1.2.1 of +

    mod_http2 uses the library of nghttp2 + as its implementation base. In order to build mod_http2 you need at least version 1.2.1 of libnghttp2 installed on your system.

    When you ./configure you Apache httpd source tree, you need to give it '--enable-http2' as additional argument to trigger the build of the module. @@ -94,7 +96,7 @@ to configure.

    While that should do the trick for most, they are people who might prefer a statically linked nghttp2 in this module. For those, the option --enable-nghttp2-staticlib-deps - exists. It works quite similar to how one statically links openssl to mod_ssl.

    + exists. It works quite similar to how one statically links openssl to mod_ssl.

    Speaking of SSL, you need to be aware that most browsers will speak HTTP/2 only on https: URLs, so you need a server with SSL support. But not only that, you will need a SSL library that supports the ALPN extension. If OpenSSL is the library you use, you need @@ -104,7 +106,7 @@

    Basic Configuration

    -

    When you have a httpd built with mod_http2 you need some +

    When you have a httpd built with mod_http2 you need some basic configuration for it becoming active. The first thing, as with every Apache module, is that you need to load it:

    LoadModule http2_module modules/mod_http2.so
    @@ -129,7 +131,13 @@

    This allows only HTTP/1 on connections, except SSL connections to test.example.org which offer HTTP/2.

    Choose a strong SSLCipherSuite

    -

    The SSLCipherSuite needs to be configured with a strong TLS cipher suite. The current version of mod_http2 does not enforce any cipher but most clients do so. Pointing a browser to a h2 enabled server with a inappropriate cipher suite will force it to simply refuse and fall back to HTTP 1.1. This is a common mistake that is done while configuring httpd for HTTP/2 the first time, so please keep it in mind to avoid long debugging sessions! If you want to be sure about the cipher suite to choose please avoid the ones listed in the HTTP/2 TLS blacklist.

    +

    The SSLCipherSuite needs to be configured with + a strong TLS cipher suite. The current version of mod_http2 does not enforce any cipher but most + clients do so. Pointing a browser to a h2 enabled server with a inappropriate + cipher suite will force it to simply refuse and fall back to HTTP 1.1. This is a common mistake + that is done while configuring httpd for HTTP/2 the first time, so please keep it in mind to avoid + long debugging sessions! If you want to be sure about the cipher suite to choose please avoid + the ones listed in the HTTP/2 TLS blacklist.

    The order of protocols mentioned is also relevant. By default, the first one is the most preferred protocol. When a client offers multiple choices, the one most to the @@ -151,12 +159,32 @@ ordering will decide.

    A last thing: the protocols you configure are not checked for correctness or spelling. You can mention protocols that do not exist, so there is no need - to guard Protocols with any IfModule checks.

    + to guard Protocols with any + <IfModule> checks.

    For more advanced tips on configuration, see the modules section about dimensioning and how to manage multiple hosts with the same certificate.

    top
    +

    MPM Configuration

    + + +

    HTTP/2 is supported in all multi-processing modules that come with httpd. However, if + you use the prefork mpm, there will be severe restrictions.

    +

    In prefork, mod_http2 will only process one request at at time + per connection. But clients, such as browsers, will send many requests at the same time. + If one of these takes long to process (or is a long polling one), the other requests will + stall.

    +

    mod_http2 will not work around this limit by default. The reason is that + prefork is today only chosen, if you run processing engines that are not + prepared for multi-threading, e.g. will crash with more than one request.

    +

    If your setup can handle it, configuring event mpm is nowadays + the best one (if supported on your platform).

    +

    If you are really stuck with prefork and want multiple requests, + you can tweak the H2MinWorkers to make + that possible. If it breaks, however, you own both parts.

    +
    top
    +

    Clients

    Almost all modern browsers support HTTP/2, but only over SSL connections: Firefox (v43), @@ -190,7 +218,10 @@

  • h2load - useful to stress-test your server.

    • Chrome offers detailed HTTP/2 logs on its connections via the - special net-internals page. There is also an interesting extension for Chrome and Firefox to visualize when your browser is using HTTP/2.

    + special net-internals page. There is also an + interesting extension for Chrome + and Firefox + to visualize when your browser is using HTTP/2.

    top

    Server Push

    @@ -211,7 +242,7 @@

    To summarize: there is no one good strategy on how to make best use of this feature of HTTP/2 and everyone is still experimenting. So, how do you experiment with it in Apache httpd?

    -

    mod_http2 inspect response header for Link headers +

    mod_http2 inspect response header for Link headers in a certain format:

    Link </xxx.css>;rel=preload, </xxx.js>; rel=preload
    @@ -237,10 +268,52 @@

    There are people thinking about how a client can tell a server what it already has, so PUSHes for those things can be avoided, but this is all highly experimental right now.

    -

    Another experimental draft that has been implemented in mod_http2 +

    Another experimental draft that has been implemented in mod_http2 is the Accept-Push-Policy Header Field where a client can, for each request, define what kind of PUSHes it accepts.

    +

    + PUSH might not always trigger the request/response/performance that one expects or + hopes for. There are various studies on this topic to be found on the web that explain + benefits and weaknesses and how different features of client and network influence + the outcome. For example: just because the server PUSHes a resource does not mean + a browser will actually use the data.

    +

    The major thing that influences the response being PUSHed is the request that was + simulated. The request URL for a PUSH is given by the application, but where do the + request headers come from? For example, will the PUSH request a accept-language + header and if yes with what value?

    +

    Apache will look at the original request (the one that triggered the PUSH) and copy the + following headers over to PUSH requests: user-agent, accept, + accept-encoding, accept-language, cache-control.

    +

    All other headers are ignored. Cookies will also not be copied over. PUSHing resources + that require a cookie to be present will not work. This can be a matter of debate. But + unless this is more clearly discussed with browser, let's err on the side of caution and + not expose cookie where they might oridinarily not be visible.

    +
    top
    +
    +

    Early Hints

    + +

    An alternative to PUSHing resources is to send Link headers to the + client before the response is even ready. This uses the HTTP feature called "Early Hints" and + is described in RFC 8297.

    +

    In order to use this, you need to explicitly enable it on the server via

    + 
    H2EarlyHints on
    + +

    (It is not enabled by default since some older browser tripped on such responses.)

    +

    If this feature is on, you can use the directive H2PushResource to + trigger early hints and resource PUSHes:

    + 
    <Location /xxx.html>
+    H2PushResource /xxx.css
+    H2PushResource /xxx.js
+</Location>
    + +

    This will send out a "103 Early Hints" response to a client as soon + as the server starts processing the request. This may be much early than + the time the first response headers have been determined, depending on your web + application.

    +

    If H2Push is enabled, this will also start the PUSH right after the + 103 response. If H2Push is disabled however, the 103 response will be send + nevertheless to the client.

    Available Languages:  en  | diff --git a/docs/manual/howto/http2.xml.es b/docs/manual/howto/http2.xml.es index 3cdf7c5e61..54db5d3d6d 100644 --- a/docs/manual/howto/http2.xml.es +++ b/docs/manual/howto/http2.xml.es @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/howto/http2.xml.fr b/docs/manual/howto/http2.xml.fr index 92ed9474c2..25925d3105 100644 --- a/docs/manual/howto/http2.xml.fr +++ b/docs/manual/howto/http2.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/howto/http2.xml.meta b/docs/manual/howto/http2.xml.meta index cd0a8de064..9b93a6fba0 100644 --- a/docs/manual/howto/http2.xml.meta +++ b/docs/manual/howto/http2.xml.meta @@ -9,6 +9,6 @@ en es - fr + fr -- 2.40.0