using http2 (via security advisor) -- files being sent twice?

[larryk]

via the nginx log files, i see same IP, same timestamp, etc....

twice for the same file/image/etc. the 1st is http 1.1 and the 2nd is http 2.0 ?
one is apache, one is nginx

example:

2017-03-19 13:26:42 Access 216.145.157.92 200 GET /wp-content/uploads/pic.jpg HTTP/1.1  Mozilla/5.0 (Linux; Android 6.0.1; SM-G920V Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36 518 Apache SSL/TLS access

2017-03-19 13:26:42 Access 216.145.157.92 200 GET /wp-content/uploads/pic.jpg HTTP/2.0  Mozilla/5.0 (Linux; Android 6.0.1; SM-G920V Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36 37.5 K nginx SSL/TLS access

and this i've seen some vhost ONLY have http1 or only http2

what or why is this happening?
what is causing this type of double file processing?
it seems in some cases, the vhost is working twice as hard because its send a file twice?

thanks

 

[Bitpalast]

Do you see these two entries immediately after a request was made and do they appear in the Apache access_log, or isn't it rather the case the at the time of the request, the Apache request is logged to access_log and the Nginx request to proxy_access_log?

 

[larryk]

thanks... i was just making sure:

• Apache access (access_log). This log records all HTTP requests processed by the Apache web server.
• Apache ssl access (access_ssl_log). This log records all HTTPS requests processed by the Apache web server.
• Apache error (error_log). This log contains diagnostic information. It also records any errors that the Apache web server encounters in processing requests.
• nginx access (proxy_access_log). This log records all HTTP requests processed by the nginx proxy web server.
• nginx ssl access (proxy_access_ssl_log). This log records all HTTPS requests processed by the nginx proxy web server.
• nginx error (proxy_error_log). This log contains diagnostic information. It also records any errors that the nginx proxy web server encounters in processing requests.

So Peter to answer your question:
yes... both entries happen at same time.

the Apache SSL/TLS access entry is for http/1.1
the nginx SSL/TLS access entry is for http/2.0

its the same person, same file, same time... its like a redirect or something? That seems very counter-productive from a speed point of view?

right?

 

[UFHH01]

Hi larryk,

its like a redirect or something? That seems very counter-productive from a speed point of view?

right?

Could you pls. explain, why you think that redirects are "counter-productive", when you use the webserver combination "nginx-apache" on your server?

 

[larryk]

well...

when I was looking into using http2 (the main reason was better speed, faster page load times?)...
http2 seemed like a good option (and you get extra benefits)

After I turned it on, I saw the double log entries for the same file and thought that was odd? I didn't know if that is HOW http2 works
or if I have something wrong (or maybe that is how the vhost was configured).

Is http2 supposed to service the same file twice? To me, once is efficient and twice is not. That seems logical, is it not?
maybe i have something wrong?

The odd thing to me -- and this comes as maybe I'm missing something or not knowledgeable enough ---
its not on every site? I don't see every file, on every site being served twice?

thanks for any clarification or explaining why http2 is supposed to serve a single file twice?

 

[larryk]

say... part of my answer is http2 is only for https. right?
so if not using https, the site can not use http2

i'm still unclear about a file being served twice

 

[UFHH01]

Hi larryk,

pls. consider not to post such questions in a "plesk-related" subforum, due to the fact, that your questions have got nothing to do with Plesk itself - it's a question of YOUR, UNIQUE webserver configuration. Consider to use the forum: => Home > Forum > General Discussion > Open Topics

In addition, pls. note as well, that it is very essential to post YOUR webserver configuation files ( apache AND nginx - and don't forget the additional directives! ) and you should be aware, that without any version and compile informations from your used webservers ( apache and nginx ), you would never get a decent discussion in behalf of your questions - answers will only be theories here and this again is absolutely not "plesk-related".

 

[larryk]

my server:
OS ‪CentOS Linux 7.2.1511 (Core)‬
Product Plesk Onyx
Version 17.0.17 Update #19, last updated on Mar 15, 2017 03:52 AM

the OP (vhost example) has this config:
- fpm application served by nginx
- proxy mode is checked
- smart static files processing is checked
- preferred domain is www.domain.com
- SSL/TLS support is checked
- using a SSL cert

below is the additional nginx directives
gzip on;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;

keepalive_timeout 50;
keepalive_requests 1000;
proxy_http_version 1.1;
proxy_set_header Connection "";

if (!-f $request_filename){
set $rule_1 1$rule_1;
}
if (!-d $request_filename){
set $rule_1 2$rule_1;
}
if ($rule_1 = "21"){

rewrite ^/wp-admin/(.*)\.php$ /wp-admin/$1.php last;
rewrite /. /index.php last;

}


-----
no other "custom config" was done... it was all default plesk stuff. If plesk didn't do it.. I didn't either.

anything else you want to know about this domain's config?

thanks for the help

 

[Bitpalast]

The interesting part that I see in this case is that a request is FIRST processed by Apache, THEN by Nginx. The first however does not actually deliver the picture, but only a header (at least according to the size of the returned data mentioned). I'd like to understand this better.

 

[larryk]

Thanks Peter... me too

I would agree (after you said it)... I didn't pay attention to the file size at first.

one thing that stands out to me as not correct, is the: proxy_http_version 1.1;
I forget where I got that from, but... guessing its not necessary anymore?


UFHH01,
I'm confused on how this is not a plesk related topic? I'm using the settings/config which you can select in plesk and using a plesk extension to turn on http2. So for 80% of
my config, ANYONE using plesk could be in the same exact situation. Are you saying my few directives, which ANYONE would use... makes my whole thread "not plesk related" ?


If I'm doing something wrong, I would love to fix it.

thanks

 

[UFHH01]

Hi larryk,

I'm confused on how this is not a plesk related topic?

Your apache version for example ( and how it's compiled ) is not part of Plesk. It's either shipped by your vendor, or by your desired repository-source.
In addition, your thread is a theoretical discussion, how apache and nginx ( AND the depending configuration files ) can be configured in order to tweak them to your unique desires, while Plesk offers only a worldwide standart ( standarts, defined by package vendors! ) configuration.

Btw., as suggested above, you will need far more informations, as you already provided afterwards, in order to be able to discuss that in a "Open topic" - thread.