Ubuntu
nginx package

Why is HTTP/2 Disabled?

Asked by Alex Poth

I have spent a good amount of time searching and going through archives to try and find the reasoning behind why HTTP/2 support is disabled in Nginx for the upcoming 16.04 release.

All I can find is it is disabled for a security mandate, but cannot find that discussion, nor the reason why anywhere.

Can HTTP/2 not at least be enabled for the extras package so we have the choice to enable it?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu nginx Edit question
Assignee:
Thomas Ward Edit question
Solved by:
Thomas Ward
Solved:
Last query:
Last reply:
Revision history for this message
Best Thomas Ward (teward) said : 		#1

You didn't look hard enough.

https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1510096/comments/2 is the mandate from the Security team that came down, specifically targeting the Merge request.

There is also an ongoing discussion for enabling HTTP/2 post-release via SRU, on the Ubuntu Release mailing list, where an ad-hoc discussion between myself, Robie Basak (of Canonical), Seth Arnold (of the Security Team), and Marc Deslauriers (of the Security Team) discussed HTTP/2 and why we don't enable it, and the long term plan for HTTP/2. That conversation is in the attachment on this message: https://lists.ubuntu.com/archives/ubuntu-release/2016-January/003499.html

In short, though, the Security team doesn't always publish every reason for something being disabled. Will HTTP/2 be enabled in Xenial at some point? Almost certain of it. In the mean time, however, it's remaining disabled, and if you want HTTP/2 you can utilize the NGINX Mainline PPA which has HTTP/2 enabled in the -full and -extras flavors: https://launchpad.net/~nginx/+archive/ubuntu/development (This PPA is also maintained by myself, and matches the Ubuntu Xenial nginx version, but does not disable HTTP/2 nor does it introduce Ubuntu specific changes introduced with the merge).

Revision history for this message
Alex Poth (alex-poth) said : 		#2

Thanks for the comprehensive reply, I'm not very experienced with searching on here so google let me down on not finding that.

It is good to hear that it could be enabled at some point, we prefer to stick with the distro provided packages where possible, but I have two aging servers which will need upgrading and it is just planning ahead when/which distro to ensure we are up to date, secure but also with ability to use the latest features such as HTTP/2 in the next couple of years, without requiring another distro/major version change.

Revision history for this message
Alex Poth (alex-poth) said : 		#3

Thanks Thomas Ward, that solved my question.

Revision history for this message
Thomas Ward (teward) said : 		#4

I will add to this: It is entirely possible HTTP/2 will be enabled after Xenial release, if the Release/SRU teams have no issue with this for nginx. To that end, you will need to ahve the `xenial-updates` repository enabled after release to be sure you get an NGINX version that has HTTP/2 included in it, once Xenial releases.

Revision history for this message
AnOctet (anoctet) said : 		#6

Thank you Thomas! This information is quite essential for my research.

Revision history for this message
Seth Arnold (seth-arnold) said : 		#7

Thomas and the nginx team have convinced me that nginx's http/2 implementation is widely used and mature enough to enable before 16.04 LTS release.

Thanks

Revision history for this message
AnOctet (anoctet) said : 		#8

So, I may conclude that nginx HTTP/2 module will be available in 16.04 LTS release. Am I right?

Revision history for this message
Thomas Ward (teward) said : 		#9

CORPARIT:

Currently, there is a pending 1.9.13 upload that needs Release team review before I can upload it - it doesn't have HTTP/2 enabled. I'm planning to make another upload soon after that (the relevant teams know the details) and that next upload for Xenial will have HTTP/2 support re-added to the packages.

Revision history for this message
AnOctet (anoctet) said : 		#10

Thank you! Happy that it will come in LTS version.

Revision history for this message
Alex Poth (alex-poth) said : 		#11

Great news, sounds like I can upgrade our ageing 12.04 web server sooner rather than later :)