Category Archives: Nginx

http/2 adoption in India is currently very poor

Nginx with http/2 and usability problems

So Nginx released the mainline version 1.9.5 and then 1.9.6 with an experimental http/2 module. For those using spdy, the upgrade in itself should be simple, by simply replacing “spdy” with “http2” in the listen directive in the server configuration. The server will not start till this change is made.

Sadly, what should have been an occasion of great excitement and eager adoption after almost a year of anticipation has turned horribly wrong. Nginx 1.9.5 onwards, http/2 replaces spdy, which means, your server will serve http/2 only and not spdy. Non http/2 enabled users will get plain ssl. Considering that Opera Mini, Blackberry browser, Android browser and Internet Explorer (other than IE11 on Windows 10) don’t implement http/2 and increasing traffic is now mobile, I fail to see how serving the slowest version of your site to mobile browsers and a majority of users was a useful move for a webserver aiming to transform performance. Even Safari browser has http/2 support only in its latest version. That’s quite a chunk of the internet incapable of using the site at the speeds http/2 should be adopted for. Keeping spdy as a fallback would have allowed existing user experience to continue for many visitors. And that too for an experimental module. Server push – that would have added a serious speed boost for many is not implemented yet.

What is more, benchmarks currently show Nginx with spdy3.1 to be faster than Nginx with http/2. Talk of an upgrade that is a serious usability downgrade.

Not only does this effectively prevent me from touching http/2 on Nginx, it actually has me actively hunting for a frontend that will offer http/2 and spdy before offering plain ssl. Most likely nghttpx.

Oh the irony of needing a frontend proxy for a Nginx server because the server has upgraded to http/2. But sadly, given that only little over a third (38.2%) of the traffic in India is http/2 enabled, it is difficult to see how spdy support can be stopped by a webmaster with sites for Indians in the near future. I anticipate needing to support spdy for another year at least. Yes, I know Google will stop supporting spdy from Feb 2016, but those who don’t upgrade and other browsers and apps that aren’t http/2 capable will still need a way to be faster than raw ssl.

Talk of anticipation followed by a damn squib. I even found myself wondering whether Apache2 is worth checking out once more…. but more likely, I’m going to figure out nghttpx unless there is some indication that future upgrades will support spdy as well as http2 for a while.

Disable SSLv3 on Nginx to prevent #POODLE vulnerability

In the wake of POODLE vulnerability discovered in SSLv3, surprising number of people are not sure how to disable SSLv3. So here is how to do it.

In your Nginx SSL configuration, find the line that shows the protocols. It will be something like this:

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

Remove the SSLv3 from it and make it

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

That is all.

This is not relevant if you aren’t using SSL, of course.

Upload Error: client intended to send too large body

If you are using Nginx and are unable to upload files exceeding 1MB or so (most common) and get your error log shows “client intended to send too large body”, then here is the fix.

Edit your Nginx configuration file (which on Debian/Ubuntu will be found at /etc/nginx/nginx.conf) and edit the setting for client_max_body_size to something you can live with. If there is no line for it, add this line:

client_max_body_size 5M;

Obviously, replace 5M (for MB) with a number that makes you happy if your upload is larger.

Enhanced by Zemanta
Nginx logo

Nginx-1.5.6 with ngx_pagespeed (Google Pagespeed module) and ngx_cache_purge

So I got tired of fiddling around with repositories offering builds that compiled ngx_pagespeed with Nginx. I was getting a lot of errors, was using older versions of Nginx and was not able to make the dotdeb repository work.

I was wary of compiling, because I’m a creature of habit, and I like my Nginx installed as a service and other minor pleasures of life (I still haven’t learned to make init scripts :p)

What I have basically done is compiled the latest Nginx (1.5.6 – as of writing this post) along with these two modules I wanted in the place of the Nginx package.

So far, all seems to be working well, and I’m hitting pagespeed scores of 98+ without any noticeable strain on the server. So, for what it is worth, here is what I did.

Step 0: Install dependencies for compiling

Time to become root (better than typing “sudo” for each line.

sudo bash

Enter your password to become root@whatever:~#

Install dependencies for compiling.

apt-get install build-essential zlib1g-dev libpcre3 libpcre3-dev

Step 1: Get the latest ngx_pagespeed

The ngx_pagespeed page gives you the code to install the beta package. I just grabbed the current master download from the button on the right (right-click and copy link 😉 )

You could choose either. I’m not certain the server won’t explode because of whatever I’m doing. So play safe if you want. I just wanted all the fixes already.

This is if you use the recommended beta:

$ cd ~
$ wget
$ unzip # or unzip release-
$ cd ngx_pagespeed-release-
$ wget
$ tar -xzvf # expands to psol/

What I did was:

$ cd ~
$ wget
$ unzip
$ cd ngx_pagespeed-master/
$ wget
$ tar -xzvf # expands to psol/

Step 2: Get the latest ngx_cache_purge

You know the drill by now. Just giving the steps I did:

$ cd ~
$ wget
$ tar -xvf ngx_cache_purge-2.1.tar.gz

I could have used the master here as well, but I wasn’t having too many errors with it, so it seemed an unnecessary risk (yeah, I know kinda late in the day to be cautious).

Now for the tricky part.

Step 3: Configuring Nginx for compiling

What we are going to do in this step is configure the source to build right on top of the existing Nginx package.

$ # check for the latest version
$ wget
$ tar -xvzf nginx-1.5.6.tar.gz
$ cd nginx-1.5.6/

This assumes you have a Nginx server running (you don’t need to stop it yet. I’ll tell you when) that you want to replace and a preference for organizing the files “as usual” in the Ubuntu/Debian way. I had the added greed of not wanting to invent anything I could recycle – like the lazy habit of “service nginx restart” for example. If not, you could probably install it anywhere. There may be easier ways of doing this.

Remember I am NOT an expert, I am simply a determined person trying to get what I want and making do with my limited knowledge.

Ok. Let’s proceed. Get the configuration of your existing nginx package (for the paths). You could also skip to next step without going through this reasoning and method and only return here if there is a problem.

nginx -V

You want to copy this to a text file somewhere for easy reference.

Now, you have to create the command for configuring using the paths here.

./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log

If you run this command, you will find some alerts going “Not found” in the checking. This is normal, since you don’t need all the things it checks for (indeed some are found on other Operating Systems altogether), but it is a good idea to keep an eye on what’s missing, in case there is a problem…. and there is.

This command will give you all the “Not founds” from that lengthy output. It is the same command, using grep to catch the lines:

./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log | grep 'not found'

The rest seems ok to my inexperienced eye, but “checking for nobody group … not found” is a problem. So we set the user and group to www-data by adding this to our configure line.

--user=www-data --group=www-data

Then we add our modules from steps 1 and 2.

 --add-module=$HOME/ngx_pagespeed-master  --add-module=$HOME/ngx_cache_purge-2.1

And we have our complete line.

Step 4: Configure the build

$ ./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-http_ssl_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --add-module=$HOME/ngx_pagespeed-master  --add-module=$HOME/ngx_cache_purge-2.1

I have no idea what you will do if you get errors. Comment here, and I’ll see if I have ideas. This should build smoothly on a standard Ubuntu server (I tried on three, all three worked).

Hopefully all went well, and we make the build.

$ make

Now for the other tricky part.

Step 5: Stop your existing Nginx server

Find out where the Nginx files and folders are

$ whereis nginx
nginx: /usr/sbin/nginx /etc/nginx /usr/share/nginx

Check and doublecheck that these are the same folders we are configuring. Not the end of the world if you get it wrong, but you’ll probably get errors with the init script and will have to either make a new one or hack it. Sure they are the right folders?

Now stop the server.

$ service nginx stop

Move your configuration folder somewhere safe.

$ mv /etc/nginx ~

Delete the existing install (we have simply stopped the server, not removed the package). Remember the locations we got in the whereis? add them all to a delete command. (yes, I know we moved the configuration folder somewhere safe, just doing a lazy copy-paste)

$ rm -rf /usr/sbin/nginx /etc/nginx /usr/share/nginx

Step 6: Install the compiled Nginx in the place of the files we removed

Time to install the make we did earlier.

$ make install

Step 7: Add a line to fastcgi_params

Edit the new fastcgi_params file /etc/nginx/fastcgi_params and add

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

This line gets added when you install from a package. The source doesn’t have it. No idea why.

If you don’t do this, you’ll get blank pages and a lot of frustration trying to figure out why your server isn’t working. Then you’ll get superstitious over masquerading builds as packages and so on. (Don’t ask how I know) So don’t forget.

Step 8: Return the configuration files to their respective places in /etc/nginx

Move or copy or create the files in sites-available, symlink them to sites-enabled, and so on. The usual stuff.

If you don’t return your original nginx.conf here and choose to use the new one, please remember to add in the http block:

        # Virtual Host Configs
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

Your earlier package installed by Ubuntu/Debian would have configured the folders automatically, but the source does not have this structure, so you will have to include the files (or paste their contents here – messy) or returning the server blocks into position will *still* not load them and leave you puzzled.

Tweak to taste. The old files worked as they were, for me. I was able to start my new server with a downtime of less than 2 minutes after I had these steps lined up and ready to copy-paste.

Start/restart server.

If there are problems with emerg not being able to bind to port, just do

pkill nginx

and start it

service nginx start


My pageload time went from 20+seconds for first page load (I wish I had a screenshot) to under 1s for first pageload right off the bat – this is before configuring pagespeed, and frankly, with this performance, I’ll leave pagespeed unconfigured if it so much as whimpers.

So maybe it was all for nothing, unless you count installing Nginx-1.5.6 with the conveniences of a package before it hit the repositories 😉

Note: When it is time for an update, there may be issues. I have no idea what will happen, but worst comes worst, I can

apt-get remove nginx


apt-get install nginx



unless a better option has hit the repositories by then.

I will also post urgent updates here if anything goes wrong. So far as I can see, this is working as a dream.

Also note: There may be changes in performance over the next couple of days as I fiddle around trying to configure stuff. Not a reflection of end result if you suddenly find the blog slow. Work in progress.

Enhanced by Zemanta

Redirect www to non-www on Nginx

How to redirect the version of your website to version on Nginx?

Here is how. You basically have to make two server blocks. The block with your normal configuration should be the version you want, the version you want to redirect should have a simple rewrite rule alone.

For example, to redirect to, you set up your server blocks like this:
server {
rewrite ^(.*)$1 permanent;

server {
# Your
# normal
# server
# configuration
# goes
# here