why part of my http requests do not use http2

Question

Environment:

• Ubuntu 16.04 LTS
• Nginx version: nginx/1.10.3 (Ubuntu)
• OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016

Simple Description:

I have configured nginx to use http2, and some of my requests are using http2, however, some of my requests are using http1.1 instead.

Nginx Configuration:

I use exactly the same configuration as Mozilla generator suggest

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /path/to/signed_cert_plus_intermediates;
    ssl_certificate_key /path/to/private_key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    resolver <IP DNS resolver>;

    ....
}

And my special configuration looks like:

server_name mydomain;

set $root myrootpath;
root  $root;

location / {
        try_files $uri /index.html;
}

location /api/ {
        proxy_pass http://127.0.0.1:5000/api/;
        proxy_redirect default;
}

location /page/ {
        proxy_pass http://127.0.0.1:5000/page/;
        proxy_redirect default;
}

More Details: The http request to /api and /page can use http2 correctly, but when the browser request static resources like images or .js files under / or /static, it will use http1.1, I attached picture

after I clear the cache, and still those static resources are requested via http1.1. However, the response status code is 304 this time I searched google and do not find the answer, people said OpenSSL and nginx version may cause http2 problem, but my version has no such problem, and it works for /api and /page route request. So what's the problem?

Answer 1

As @sbordet said the requests that were not served by HTTP/2 in the first screenshot were served from the disk cache and were presumably downloaded using HTTP/1.1 originally, hence why that’s what they show.

The requests that were not downloaded by HTTP/2 in the second screenshot were either the same or were 304 Not Modified requests - so the original version from the disk cache was loaded and it was presumably loaded from HTTP/1.1.

Clear your cache properly or, if using Chrome tick the “Disable cache” option in Developer Tools network and reload and they should all be loaded over HTTP/2.