Resolved ERR_SPDY_PROTOCOL_ERROR

[Milos Popovic]

Hi to all, I have a problem with my sites with SSL - (Let's encrypt).

For some images, I have a problem: ERR_SPDY_PROTOCOL_ERROR on Chrome.
I try to solve this with:
Incomplete list of default ssl_ciphers with HTTP/2 support enabled
But no result.

I have a Plesk Onyx 17.5.3.

 

[IgorG]

I have a Plesk Onyx 17.5.3.

What about upgrade to 17.8?

This is a Plesk bug with ID #PPPM-7570 that is already fixed in Plesk Onyx 17.8.

 

[Milos Popovic]

Hi, I try, but plesk show me only this - 17.5.3 version, and no option to upgrade to 17.8.?

 

[Brujo]

Hi, I try, but plesk show me only this - 17.5.3 version, and no option to upgrade to 17.8.?

Well I assume you have in plesk panel > Tools & Settings > Update and Upgrade Settings > Plesk release tiers > General release (Recommended) selected
at the moment the update to 17.8 will be available only if you select early adopter in plesk panel. But also read carefuly what early Adopter mean...

What about upgrade to 17.8?

@IgorG - any ETA when it will be available in general tier ?

 

[IgorG]

any ETA when it will be available in general tier ?

Very soon

 

[Milos Popovic]

Hi I upgrade Plesk, but problem was not solved. Again I have ERR_SPDY_PROTOCOL_ERROR. Now version of plesk was: Plesk Onyx 17.8.9
Does anyone have idea what is problem?

 

[IgorG]

Do you have something in "Additional nginx directives" for your site?
If not, try to add following:

# Enable HSTS (HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=15768000";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
proxy_hide_header X-Powered-By;

 

[Milos Popovic]

Hi IgorG, thank you for reply, I try this but this not solve problem.
This problem is for all sites on server who have SSL.

This is my nginx conf:
--------------------------------------
#user nginx;

worker_processes auto;

#worker_rlimit_nofile 8192;


#error_log /var/log/nginx/error.log;

#error_log /var/log/nginx/error.log notice;

#error_log /var/log/nginx/error.log info;


#pid /var/run/nginx.pid;


include /etc/nginx/modules.conf.d/*.conf;


events {

worker_connections 4092;

# optmized to serve many clients with each thread, essential for linux -- for testing environment

use epoll;


# accept as many connections as possible, may flood worker connections if set too low -- for testing environment

multi_accept on;

}



http {


open_file_cache max=20000 inactive=20s;

open_file_cache_valid 30s;

open_file_cache_min_uses 2;

open_file_cache_errors on;


proxy_send_timeout 1200s;

proxy_read_timeout 1200s;

proxy_buffering off;

fastcgi_send_timeout 10;

fastcgi_read_timeout 10;

include mime.types;

default_type application/octet-stream;


#log_format main '$remote_addr - $remote_user [$time_local] "$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';


#access_log /var/log/nginx/access.log main;


# to boost I/O on HDD we can disable access logs

access_log off;


# copies data between one FD and other from within the kernel

# faster then read() + write()

sendfile on;


# send headers in one peace, its better then sending them one by one

tcp_nopush on;


# don't buffer data sent, good for small data bursts in real time

tcp_nodelay on;

#sendfile on;

#tcp_nopush on;


# allow the server to close connection on non responding client, this will free up memory

reset_timedout_connection on;


# request timed out -- default 60

#client_body_timeout 10;


# if client stop responding, free up memory -- default 60

send_timeout 2;


# server will close connection after this time -- default 75

keepalive_timeout 30;


# number of requests client can make over keep-alive -- for testing environment

keepalive_requests 100000;


#gzip on;

#gzip_disable "MSIE [1-6]\.(?!.*SV1)";


gzip on;

gzip_min_length 10240;

gzip_proxied expired no-cache no-store private auth;

gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml;

gzip_disable msie6;

server_tokens off;


#############

# limit the number of connections per single IP

limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;


# limit the number of requests for a given session

limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;


# zone which we want to limit by upper values, we want limit whole server

server {

listen 127.0.0.1;

server_name localhost;


limit_conn conn_limit_per_ip 10;

limit_req zone=req_limit_per_ip burst=10 nodelay;

}


# if the request body size is more than the buffer size, then the entire (or partial)

# request body is written into a temporary file

client_body_buffer_size 128k;

client_max_body_size 8m;

# headerbuffer size for the request header from client -- for testing environment

client_header_buffer_size 3m;


# maximum number and size of buffers for large headers to read from client request

large_client_header_buffers 4 256k;


# read timeout for the request body from client -- for testing environment

client_body_timeout 2m;


# how long to wait for the client to send a request header -- for testing environment

client_header_timeout 2m;

#############


include /etc/nginx/conf.d/*.conf;

}


# override global parameters e.g. worker_rlimit_nofile

include /etc/nginx/*global_params;

--------------------------------------

 

[Milos Popovic]

I solve this:
just add into .htaccess:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS