1 nghttp2 - HTTP/2 C Library
2 ==========================
4 This is an implementation of the Hypertext Transfer Protocol version 2
7 The framing layer of HTTP/2 is implemented as a reusable C
8 library. On top of that, we have implemented an HTTP/2 client, server
9 and proxy. We have also developed load test and benchmarking tools for
12 An HPACK encoder and decoder are available as a public API.
14 An experimental high level C++ library is also available.
16 We have Python bindings of this library, but we do not have full
22 We have implemented `RFC 7540 <https://tools.ietf.org/html/rfc7540>`_
23 HTTP/2 and `RFC 7541 <https://tools.ietf.org/html/rfc7541>`_ HPACK -
24 Header Compression for HTTP/2
26 The nghttp2 code base was forked from the spdylay
27 (https://github.com/tatsuhiro-t/spdylay) project.
32 The following endpoints are available to try out our nghttp2
35 * https://nghttp2.org/ (TLS + ALPN/NPN)
37 This endpoint supports ``h2``, ``h2-16``, ``h2-14``, ``spdy/3.1``
38 and ``http/1.1`` via ALPN/NPN and requires TLSv1.2 for HTTP/2
41 * http://nghttp2.org/ (HTTP Upgrade and HTTP/2 Direct)
43 ``h2c`` and ``http/1.1``.
48 The following package is required to build the libnghttp2 library:
52 To build and run the unit test programs, the following package is
57 To build the documentation, you need to install:
59 * sphinx (http://sphinx-doc.org/)
61 To build and run the application programs (``nghttp``, ``nghttpd`` and
62 ``nghttpx``) in the ``src`` directory, the following packages are
69 ALPN support requires OpenSSL >= 1.0.2 (released 22 January 2015).
71 To enable the SPDY protocol in the application program ``nghttpx`` and
72 ``h2load``, the following package is required:
76 To enable ``-a`` option (getting linked assets from the downloaded
77 resource) in ``nghttp``, the following package is required:
81 The HPACK tools require the following package:
85 To build sources under the examples directory, libevent is required:
87 * libevent-openssl >= 2.0.8
89 To mitigate heap fragmentation in long running server programs
90 (``nghttpd`` and ``nghttpx``), jemalloc is recommended:
94 libnghttp2_asio C++ library requires the following packages:
96 * libboost-dev >= 1.54.0
97 * libboost-thread-dev >= 1.54.0
99 The Python bindings require the following packages:
104 If you are using Ubuntu 14.04 LTS (trusty), run the following to install the needed packages::
106 sudo apt-get install make binutils autoconf automake autotools-dev libtool pkg-config \
107 zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev libevent-dev libjansson-dev \
108 libjemalloc-dev cython python3.4-dev
110 spdylay is not packaged in Ubuntu, so you need to build it yourself:
111 http://tatsuhiro-t.github.io/spdylay/
116 Building from git is easy, but please be sure that at least autoconf 2.68 is
125 To compile the source code, gcc >= 4.8.3 or clang >= 3.4 is required.
129 Mac OS X users may need the ``--disable-threads`` configure option to
130 disable multi-threading in nghttpd, nghttpx and h2load to prevent
131 them from crashing. A patch is welcome to make multi threading work
132 on Mac OS X platform.
134 Notes for building on Windows (Mingw/Cygwin)
135 --------------------------------------------
137 Under Mingw environment, you can only compile the library, it's
138 ``libnghttp2-X.dll`` and ``libnghttp2.a``.
140 If you want to compile the applications(``h2load``, ``nghttp``,
141 ``nghttpx``, ``nghttpd``), you need to use the Cygwin environment.
143 Under Cygwin environment, to compile the applications you need to
144 compile and install the libev first.
146 Secondly, you need to undefine the macro ``__STRICT_ANSI__``, if you
147 not, the functions ``fdopen``, ``fileno`` and ``strptime`` will not
150 the sample command like this::
152 $ export CFLAGS="-U__STRICT_ANSI__ -I$libev_PREFIX/include -L$libev_PREFIX/lib"
153 $ export CXXFLAGS=$CFLAGS
157 If you want to compile the applications under ``examples/``, you need
158 to remove or rename the ``event.h`` from libev's installation, because
159 it conflicts with libevent's installation.
161 Building the documentation
162 --------------------------
166 Documentation is still incomplete.
168 To build the documentation, run::
172 The documents will be generated under ``doc/manual/html/``.
174 The generated documents will not be installed with ``make install``.
176 The online documentation is available at
177 https://nghttp2.org/documentation/
182 Unit tests are done by simply running ``make check``.
187 We have the integration tests for the nghttpx proxy server. The tests are
188 written in the `Go programming language <http://golang.org/>`_ and uses
189 its testing framework. We depend on the following libraries:
191 * https://github.com/bradfitz/http2
192 * https://github.com/tatsuhiro-t/go-nghttp2
193 * https://golang.org/x/net/spdy
195 To download the above packages, after settings ``GOPATH``, run the
196 following command under ``integration-tests`` directory::
200 To run the tests, run the following command under
201 ``integration-tests`` directory::
205 Inside the tests, we use port 3009 to run the test subject server.
207 Migration from v0.7.15 or earlier
208 ---------------------------------
210 nghttp2 v1.0.0 introduced several backward incompatible changes. In
211 this section, we describe these changes and how to migrate to v1.0.0.
213 ALPN protocol ID is now ``h2`` and ``h2c``
214 ++++++++++++++++++++++++++++++++++++++++++
216 Previously we announced ``h2-14`` and ``h2c-14``. v1.0.0 implements
217 final protocol version, and we changed ALPN ID to ``h2`` and ``h2c``.
218 The macros ``NGHTTP2_PROTO_VERSION_ID``,
219 ``NGHTTP2_PROTO_VERSION_ID_LEN``,
220 ``NGHTTP2_CLEARTEXT_PROTO_VERSION_ID``, and
221 ``NGHTTP2_CLEARTEXT_PROTO_VERSION_ID_LEN`` have been updated to
224 Basically, existing applications do not have to do anything, just
225 recompiling is enough for this change.
227 Use word "client magic" where we use "client connection preface"
228 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
230 We use "client connection preface" to mean first 24 bytes of client
231 connection preface. This is technically not correct, since client
232 connection preface is composed of 24 bytes client magic byte string
233 followed by SETTINGS frame. For clarification, we call "client magic"
234 for this 24 bytes byte string and updated API.
236 * ``NGHTTP2_CLIENT_CONNECTION_PREFACE`` was replaced with
237 ``NGHTTP2_CLIENT_MAGIC``.
238 * ``NGHTTP2_CLIENT_CONNECTION_PREFACE_LEN`` was replaced with
239 ``NGHTTP2_CLIENT_MAGIC_LEN``.
240 * ``NGHTTP2_BAD_PREFACE`` was renamed as ``NGHTTP2_BAD_CLIENT_MAGIC``
242 The alreay deprecated ``NGHTTP2_CLIENT_CONNECTION_HEADER`` and
243 ``NGHTTP2_CLIENT_CONNECTION_HEADER_LEN`` were removed.
245 If application uses these macros, just replace old ones with new ones.
246 Since v1.0.0, client magic is sent by library (see next subsection),
247 so client application may just remove these macro use.
249 Client magic is sent by library
250 +++++++++++++++++++++++++++++++
252 Previously nghttp2 library did not send client magic, which is first
253 24 bytes byte string of client connection preface, and client
254 applications have to send it by themselves. Since v1.0.0, client
255 magic is sent by library via first call of ``nghttp2_session_send()``
256 or ``nghttp2_session_mem_send()``.
258 The client applications which send client magic must remove the
261 Remove HTTP Alternative Services (Alt-Svc) related code
262 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
264 Alt-Svc specification is not finalized yet. To make our API stable,
265 we have decided to remove all Alt-Svc related API from nghttp2.
267 * ``NGHTTP2_EXT_ALTSVC`` was removed.
268 * ``nghttp2_ext_altsvc`` was removed.
270 We have already removed the functionality of Alt-Svc in v0.7 series
271 and they have been essentially noop. The application using these
272 macro and struct, remove those lines.
274 Use nghttp2_error in nghttp2_on_invalid_frame_recv_callback
275 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
277 Previously ``nghttp2_on_invalid_frame_recv_cb_called`` took the
278 ``error_code``, defined in ``nghttp2_error_code``, as parameter. But
279 they are not detailed enough to debug. Therefore, we decided to use
280 more detailed ``nghttp2_error`` values instead.
282 The application using this callback should update the callback
283 signature. If it treats ``error_code`` as HTTP/2 error code, update
284 the code so that it is treated as ``nghttp2_error``.
286 Receive client magic by default
287 +++++++++++++++++++++++++++++++
289 Previously nghttp2 did not process client magic (24 bytes byte
290 string). To make it deal with it, we had to use
291 ``nghttp2_option_set_recv_client_preface()``. Since v1.0.0, nghttp2
292 processes client magic by default and
293 ``nghttp2_option_set_recv_client_preface()`` was removed.
295 Some application may want to disable this behaviour, so we added
296 ``nghttp2_option_set_no_recv_client_magic()`` to achieve this.
298 The application using ``nghttp2_option_set_recv_client_preface()``
299 with nonzero value, just remove it.
301 The application using ``nghttp2_option_set_recv_client_preface()``
302 with zero value or not using it must use
303 ``nghttp2_option_set_no_recv_client_magic()`` with nonzero value.
305 Client, Server and Proxy programs
306 ---------------------------------
308 The ``src`` directory contains the HTTP/2 client, server and proxy programs.
313 ``nghttp`` is a HTTP/2 client. It can connect to the HTTP/2 server
314 with prior knowledge, HTTP Upgrade and NPN/ALPN TLS extension.
316 It has verbose output mode for framing information. Here is sample
317 output from ``nghttp`` client::
319 $ nghttp -nv https://nghttp2.org
321 The negotiated protocol: h2
322 [ 0.135] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
324 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
325 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
326 [ 0.135] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
327 (dep_stream_id=0, weight=201, exclusive=0)
328 [ 0.135] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
329 (dep_stream_id=0, weight=101, exclusive=0)
330 [ 0.135] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
331 (dep_stream_id=0, weight=1, exclusive=0)
332 [ 0.135] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
333 (dep_stream_id=7, weight=1, exclusive=0)
334 [ 0.135] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
335 (dep_stream_id=3, weight=1, exclusive=0)
336 [ 0.135] send HEADERS frame <length=39, flags=0x25, stream_id=13>
337 ; END_STREAM | END_HEADERS | PRIORITY
338 (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
343 :authority: nghttp2.org
345 accept-encoding: gzip, deflate
346 user-agent: nghttp2/1.0.0-DEV
347 [ 0.135] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
349 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
350 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
351 [ 0.135] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
354 [ 0.165] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
357 [ 0.166] recv (stream_id=13) :status: 200
358 [ 0.166] recv (stream_id=13) date: Fri, 15 May 2015 14:45:22 GMT
359 [ 0.166] recv (stream_id=13) content-type: text/html
360 [ 0.166] recv (stream_id=13) last-modified: Fri, 15 May 2015 14:20:46 GMT
361 [ 0.166] recv (stream_id=13) etag: W/"555600be-1a7f"
362 [ 0.166] recv (stream_id=13) link: </stylesheets/screen.css>; rel=preload; as=stylesheet
363 [ 0.166] recv (stream_id=13) content-encoding: gzip
364 [ 0.166] recv (stream_id=13) server: nghttpx nghttp2/1.0.0-DEV
365 [ 0.166] recv (stream_id=13) via: 1.1 nghttpx
366 [ 0.166] recv (stream_id=13) strict-transport-security: max-age=31536000
367 [ 0.166] recv HEADERS frame <length=166, flags=0x04, stream_id=13>
370 ; First response header
371 [ 0.166] recv (stream_id=13) :method: GET
372 [ 0.166] recv (stream_id=13) :scheme: https
373 [ 0.166] recv (stream_id=13) :path: /stylesheets/screen.css
374 [ 0.166] recv (stream_id=13) :authority: nghttp2.org
375 [ 0.166] recv (stream_id=13) accept-encoding: gzip, deflate
376 [ 0.166] recv (stream_id=13) user-agent: nghttp2/1.0.0-DEV
377 [ 0.166] recv PUSH_PROMISE frame <length=50, flags=0x04, stream_id=13>
379 (padlen=0, promised_stream_id=2)
380 [ 0.166] recv DATA frame <length=2670, flags=0x01, stream_id=13>
382 [ 0.167] recv (stream_id=2) :status: 200
383 [ 0.167] recv (stream_id=2) date: Fri, 15 May 2015 14:45:22 GMT
384 [ 0.167] recv (stream_id=2) content-type: text/css
385 [ 0.167] recv (stream_id=2) last-modified: Fri, 15 May 2015 14:20:46 GMT
386 [ 0.167] recv (stream_id=2) etag: W/"555600be-9845"
387 [ 0.167] recv (stream_id=2) content-encoding: gzip
388 [ 0.167] recv (stream_id=2) server: nghttpx nghttp2/1.0.0-DEV
389 [ 0.167] recv (stream_id=2) via: 1.1 nghttpx
390 [ 0.167] recv (stream_id=2) strict-transport-security: max-age=31536000
391 [ 0.167] recv HEADERS frame <length=32, flags=0x04, stream_id=2>
394 ; First push response header
395 [ 0.196] recv DATA frame <length=8715, flags=0x01, stream_id=2>
397 [ 0.196] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
398 (last_stream_id=2, error_code=NO_ERROR(0x00), opaque_data(0)=[])
400 The HTTP Upgrade is performed like so::
402 $ nghttp -nvu http://nghttp2.org
404 [ 0.137] HTTP Upgrade request
407 Connection: Upgrade, HTTP2-Settings
409 HTTP2-Settings: AAMAAABkAAQAAP__
411 User-Agent: nghttp2/1.0.0-DEV
414 [ 0.156] HTTP Upgrade response
415 HTTP/1.1 101 Switching Protocols
420 [ 0.156] HTTP Upgrade success
421 [ 0.157] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
423 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
424 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
425 [ 0.157] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
426 (dep_stream_id=0, weight=201, exclusive=0)
427 [ 0.157] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
428 (dep_stream_id=0, weight=101, exclusive=0)
429 [ 0.157] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
430 (dep_stream_id=0, weight=1, exclusive=0)
431 [ 0.157] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
432 (dep_stream_id=7, weight=1, exclusive=0)
433 [ 0.157] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
434 (dep_stream_id=3, weight=1, exclusive=0)
435 [ 0.157] send PRIORITY frame <length=5, flags=0x00, stream_id=1>
436 (dep_stream_id=11, weight=16, exclusive=0)
437 [ 0.157] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
439 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
440 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
441 [ 0.157] recv (stream_id=1) :status: 200
442 [ 0.157] recv (stream_id=1) date: Fri, 15 May 2015 14:46:08 GMT
443 [ 0.157] recv (stream_id=1) content-type: text/html
444 [ 0.157] recv (stream_id=1) content-length: 6783
445 [ 0.157] recv (stream_id=1) last-modified: Fri, 15 May 2015 14:20:46 GMT
446 [ 0.157] recv (stream_id=1) etag: "555600be-1a7f"
447 [ 0.157] recv (stream_id=1) link: </stylesheets/screen.css>; rel=preload; as=stylesheet
448 [ 0.157] recv (stream_id=1) accept-ranges: bytes
449 [ 0.157] recv (stream_id=1) server: nghttpx nghttp2/1.0.0-DEV
450 [ 0.157] recv (stream_id=1) via: 1.1 nghttpx
451 [ 0.157] recv HEADERS frame <length=157, flags=0x04, stream_id=1>
454 ; First response header
455 [ 0.157] recv (stream_id=1) :method: GET
456 [ 0.157] recv (stream_id=1) :scheme: http
457 [ 0.157] recv (stream_id=1) :path: /stylesheets/screen.css
458 [ 0.157] recv (stream_id=1) host: nghttp2.org
459 [ 0.157] recv (stream_id=1) user-agent: nghttp2/1.0.0-DEV
460 [ 0.157] recv PUSH_PROMISE frame <length=49, flags=0x04, stream_id=1>
462 (padlen=0, promised_stream_id=2)
463 [ 0.157] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
466 [ 0.161] recv DATA frame <length=6783, flags=0x01, stream_id=1>
468 [ 0.162] recv (stream_id=2) :status: 200
469 [ 0.162] recv (stream_id=2) date: Fri, 15 May 2015 14:46:08 GMT
470 [ 0.162] recv (stream_id=2) content-type: text/css
471 [ 0.162] recv (stream_id=2) content-length: 38981
472 [ 0.162] recv (stream_id=2) last-modified: Fri, 15 May 2015 14:20:46 GMT
473 [ 0.162] recv (stream_id=2) etag: "555600be-9845"
474 [ 0.162] recv (stream_id=2) accept-ranges: bytes
475 [ 0.162] recv (stream_id=2) server: nghttpx nghttp2/1.0.0-DEV
476 [ 0.162] recv (stream_id=2) via: 1.1 nghttpx
477 [ 0.162] recv HEADERS frame <length=36, flags=0x04, stream_id=2>
480 ; First push response header
481 [ 0.191] recv DATA frame <length=16384, flags=0x00, stream_id=2>
482 [ 0.215] recv DATA frame <length=7952, flags=0x00, stream_id=2>
483 [ 0.215] send WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
484 (window_size_increment=33322)
485 [ 0.238] send WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=2>
486 (window_size_increment=33549)
487 [ 0.238] recv DATA frame <length=14645, flags=0x01, stream_id=2>
489 [ 0.238] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
492 [ 0.238] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
493 (last_stream_id=2, error_code=NO_ERROR(0x00), opaque_data(0)=[])
495 Using the ``-s`` option, ``nghttp`` prints out some timing information for
496 requests, sorted by completion time::
498 $ nghttp -nas https://nghttp2.org/
499 ***** Statistics *****
502 responseEnd: the time when last byte of response was received
503 relative to connectEnd
504 requestStart: the time just before first byte of request was sent
505 relative to connectEnd. If '*' is shown, this was
507 process: responseEnd - requestStart
508 code: HTTP status code
509 size: number of bytes received as response body without
513 see http://www.w3.org/TR/resource-timing/#processing-model
517 id responseEnd requestStart process code size request path
518 13 +37.19ms +280us 36.91ms 200 2K /
519 2 +72.65ms * +36.38ms 36.26ms 200 8K /stylesheets/screen.css
520 17 +77.43ms +38.67ms 38.75ms 200 3K /javascripts/octopress.js
521 15 +78.12ms +38.66ms 39.46ms 200 3K /javascripts/modernizr-2.0.js
523 Using the ``-r`` option, ``nghttp`` writes more detailed timing data to
524 the given file in HAR format.
529 ``nghttpd`` is a multi-threaded static web server.
531 By default, it uses SSL/TLS connection. Use ``--no-tls`` option to
534 ``nghttpd`` only accepts HTTP/2 connections via NPN/ALPN or direct
535 HTTP/2 connections. No HTTP Upgrade is supported.
537 The ``-p`` option allows users to configure server push.
539 Just like ``nghttp``, it has a verbose output mode for framing
540 information. Here is sample output from ``nghttpd``::
542 $ nghttpd --no-tls -v 8080
543 IPv4: listen 0.0.0.0:8080
545 [id=1] [ 1.521] send SETTINGS frame <length=6, flags=0x00, stream_id=0>
547 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
548 [id=1] [ 1.521] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
550 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
551 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
552 [id=1] [ 1.521] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
555 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=3>
556 (dep_stream_id=0, weight=201, exclusive=0)
557 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=5>
558 (dep_stream_id=0, weight=101, exclusive=0)
559 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=7>
560 (dep_stream_id=0, weight=1, exclusive=0)
561 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=9>
562 (dep_stream_id=7, weight=1, exclusive=0)
563 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=11>
564 (dep_stream_id=3, weight=1, exclusive=0)
565 [id=1] [ 1.521] recv (stream_id=13) :method: GET
566 [id=1] [ 1.521] recv (stream_id=13) :path: /
567 [id=1] [ 1.521] recv (stream_id=13) :scheme: http
568 [id=1] [ 1.521] recv (stream_id=13) :authority: localhost:8080
569 [id=1] [ 1.521] recv (stream_id=13) accept: */*
570 [id=1] [ 1.521] recv (stream_id=13) accept-encoding: gzip, deflate
571 [id=1] [ 1.521] recv (stream_id=13) user-agent: nghttp2/1.0.0-DEV
572 [id=1] [ 1.521] recv HEADERS frame <length=41, flags=0x25, stream_id=13>
573 ; END_STREAM | END_HEADERS | PRIORITY
574 (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
576 [id=1] [ 1.521] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
579 [id=1] [ 1.521] send HEADERS frame <length=86, flags=0x04, stream_id=13>
582 ; First response header
584 server: nghttpd nghttp2/1.0.0-DEV
586 cache-control: max-age=3600
587 date: Fri, 15 May 2015 14:49:04 GMT
588 last-modified: Tue, 30 Sep 2014 12:40:52 GMT
589 [id=1] [ 1.522] send DATA frame <length=10, flags=0x01, stream_id=13>
591 [id=1] [ 1.522] stream_id=13 closed
592 [id=1] [ 1.522] recv GOAWAY frame <length=8, flags=0x00, stream_id=0>
593 (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
594 [id=1] [ 1.522] closed
599 ``nghttpx`` is a multi-threaded reverse proxy for HTTP/2, SPDY and
600 HTTP/1.1, and powers http://nghttp2.org and supports HTTP/2 server
603 ``nghttpx`` implements `important performance-oriented features
604 <https://istlsfastyet.com/#server-performance>`_ in TLS, such as
605 session IDs, session tickets (with automatic key rotation), OCSP
606 stapling, dynamic record sizing, ALPN/NPN, forward secrecy and SPDY &
609 ``nghttpx`` has several operational modes:
611 ================== ============================ ============== =============
612 Mode option Frontend Backend Note
613 ================== ============================ ============== =============
614 default mode HTTP/2, SPDY, HTTP/1.1 (TLS) HTTP/1.1 Reverse proxy
615 ``--http2-proxy`` HTTP/2, SPDY, HTTP/1.1 (TLS) HTTP/1.1 SPDY proxy
616 ``--http2-bridge`` HTTP/2, SPDY, HTTP/1.1 (TLS) HTTP/2 (TLS)
617 ``--client`` HTTP/2, HTTP/1.1 HTTP/2 (TLS)
618 ``--client-proxy`` HTTP/2, HTTP/1.1 HTTP/2 (TLS) Forward proxy
619 ================== ============================ ============== =============
621 The interesting mode at the moment is the default mode. It works like
622 a reverse proxy and listens for HTTP/2, SPDY and HTTP/1.1 and can be
623 deployed as a SSL/TLS terminator for existing web server.
625 The default mode, ``--http2-proxy`` and ``--http2-bridge`` modes use
626 SSL/TLS in the frontend connection by default. To disable SSL/TLS,
627 use the ``--frontend-no-tls`` option. If that option is used, SPDY is
628 disabled in the frontend and incoming HTTP/1.1 connections can be
629 upgraded to HTTP/2 through HTTP Upgrade.
631 The ``--http2-bridge``, ``--client`` and ``--client-proxy`` modes use
632 SSL/TLS in the backend connection by default. To disable SSL/TLS, use
633 the ``--backend-no-tls`` option.
635 ``nghttpx`` supports a configuration file. See the ``--conf`` option and
636 sample configuration file ``nghttpx.conf.sample``.
638 In the default mode, (without any of ``--http2-proxy``,
639 ``--http2-bridge``, ``--client-proxy`` and ``--client`` options),
640 ``nghttpx`` works as reverse proxy to the backend server::
642 Client <-- (HTTP/2, SPDY, HTTP/1.1) --> nghttpx <-- (HTTP/1.1) --> Web Server
645 With the ``--http2-proxy`` option, it works as a so called secure proxy (aka
648 Client <-- (HTTP/2, SPDY, HTTP/1.1) --> nghttpx <-- (HTTP/1.1) --> Proxy
649 [secure proxy] (e.g., Squid, ATS)
651 The ``Client`` in the above example needs to be configured to use
652 ``nghttpx`` as secure proxy.
654 At the time of this writing, Chrome is the only browser which supports
655 secure proxy. One way to configure Chrome to use a secure proxy is
656 to create a proxy.pac script like this:
658 .. code-block:: javascript
660 function FindProxyForURL(url, host) {
661 return "HTTPS SERVERADDR:PORT";
664 ``SERVERADDR`` and ``PORT`` is the hostname/address and port of the
665 machine nghttpx is running on. Please note that Chrome requires a valid
666 certificate for secure proxy.
668 Then run Chrome with the following arguments::
670 $ google-chrome --proxy-pac-url=file:///path/to/proxy.pac --use-npn
672 With ``--http2-bridge``, it accepts HTTP/2, SPDY and HTTP/1.1
673 connections and communicates with the backend in HTTP/2::
675 Client <-- (HTTP/2, SPDY, HTTP/1.1) --> nghttpx <-- (HTTP/2) --> Web or HTTP/2 Proxy etc
678 With ``--client-proxy``, it works as a forward proxy and expects
679 that the backend is an HTTP/2 proxy::
681 Client <-- (HTTP/2, HTTP/1.1) --> nghttpx <-- (HTTP/2) --> HTTP/2 Proxy
682 [forward proxy] (e.g., nghttpx -s)
684 The ``Client`` needs to be configured to use nghttpx as a forward
685 proxy. The frontend HTTP/1.1 connection can be upgraded to HTTP/2
686 through HTTP Upgrade. With the above configuration, one can use
687 HTTP/1.1 client to access and test their HTTP/2 servers.
689 With ``--client``, it works as a reverse proxy and expects that
690 the backend is an HTTP/2 Web server::
692 Client <-- (HTTP/2, HTTP/1.1) --> nghttpx <-- (HTTP/2) --> Web Server
695 The frontend HTTP/1.1 connection can be upgraded to HTTP/2
696 through HTTP Upgrade.
698 For the operation modes which talk to the backend in HTTP/2 over
699 SSL/TLS, the backend connections can be tunneled through an HTTP proxy.
700 The proxy is specified using ``--backend-http-proxy-uri``. The
701 following figure illustrates the example of the ``--http2-bridge`` and
702 ``--backend-http-proxy-uri`` options to talk to the outside HTTP/2
703 proxy through an HTTP proxy::
705 Client <-- (HTTP/2, SPDY, HTTP/1.1) --> nghttpx <-- (HTTP/2) --
707 --===================---> HTTP/2 Proxy
708 (HTTP proxy tunnel) (e.g., nghttpx -s)
713 The ``h2load`` program is a benchmarking tool for HTTP/2 and SPDY.
714 The SPDY support is enabled if the program was built with the spdylay
715 library. The UI of ``h2load`` is heavily inspired by ``weighttp``
716 (https://github.com/lighttpd/weighttp). The typical usage is as
719 $ h2load -n100000 -c100 -m100 https://localhost:8443/
720 starting benchmark...
721 spawning thread #0: 100 concurrent clients, 100000 total requests
723 Cipher: ECDHE-RSA-AES128-GCM-SHA256
724 Server Temp Key: ECDH P-256 256 bits
736 finished in 771.26ms, 129658 req/s, 4.71MB/s
737 requests: 100000 total, 100000 started, 100000 done, 100000 succeeded, 0 failed, 0 errored
738 status codes: 100000 2xx, 0 3xx, 0 4xx, 0 5xx
739 traffic: 3812300 bytes total, 1009900 bytes headers, 1000000 bytes data
740 min max mean sd +/- sd
741 time for request: 25.12ms 124.55ms 51.07ms 15.36ms 84.87%
742 time for connect: 208.94ms 254.67ms 241.38ms 7.95ms 63.00%
743 time to 1st byte: 209.11ms 254.80ms 241.51ms 7.94ms 63.00%
745 The above example issued total 100,000 requests, using 100 concurrent
746 clients (in other words, 100 HTTP/2 sessions), and a maximum of 100 streams
747 per client. With the ``-t`` option, ``h2load`` will use multiple native
748 threads to avoid saturating a single core on client side.
752 **Don't use this tool against publicly available servers.** That is
753 considered a DOS attack. Please only use it against your private
759 The ``src`` directory contains the HPACK tools. The ``deflatehd`` program is a
760 command-line header compression tool. The ``inflatehd`` program is a
761 command-line header decompression tool. Both tools read input from
762 stdin and write output to stdout. Errors are written to stderr.
763 They take JSON as input and output. We (mostly) use the same JSON data
764 format described at https://github.com/http2jp/hpack-test-case.
766 deflatehd - header compressor
767 +++++++++++++++++++++++++++++
769 The ``deflatehd`` program reads JSON data or HTTP/1-style header fields from
770 stdin and outputs compressed header block in JSON.
772 For the JSON input, the root JSON object must include a ``cases`` key.
773 Its value has to include the sequence of input header set. They share
774 the same compression context and are processed in the order they
775 appear. Each item in the sequence is a JSON object and it must
776 include a ``headers`` key. Its value is an array of JSON objects,
777 which includes exactly one name/value pair.
788 { ":method": "GET" },
794 { ":method": "POST" },
802 With the ``-t`` option, the program can accept more familiar HTTP/1 style
803 header field blocks. Each header set is delimited by an empty line:
814 The output is in JSON object. It should include a ``cases`` key and its
815 value is an array of JSON objects, which has at least the following keys:
818 The index of header set in the input.
821 The sum of the length of the name/value pairs in the input.
824 The length of the compressed header block.
826 percentage_of_original_size
827 ``input_length`` / ``output_length`` * 100
830 The compressed header block as a hex string.
833 The input header set.
836 The header table size adjusted before deflating the header set.
849 "percentage_of_original_size": 30.303030303030305,
850 "wire": "01881f3468e5891afcbf83868a3d856659c62e3f",
853 ":authority": "example.org"
865 "user-agent": "nghttp2"
868 "header_table_size": 4096
875 "percentage_of_original_size": 13.513513513513514,
876 "wire": "88448504252dd5918485",
879 ":authority": "example.org"
891 "user-agent": "nghttp2"
894 "header_table_size": 4096
900 The output can be used as the input for ``inflatehd`` and
903 With the ``-d`` option, the extra ``header_table`` key is added and its
904 associated value includes the state of dynamic header table after the
905 corresponding header set was processed. The value includes at least
909 The entry in the header table. If ``referenced`` is ``true``, it
910 is in the reference set. The ``size`` includes the overhead (32
911 bytes). The ``index`` corresponds to the index of header table.
912 The ``name`` is the header field name and the ``value`` is the
916 The sum of the spaces entries occupied, this includes the
920 The maximum header table size.
923 The sum of the spaces entries occupied within
924 ``max_deflate_size``.
927 The maximum header table size the encoder uses. This can be smaller
928 than ``max_size``. In this case, the encoder only uses up to first
929 ``max_deflate_size`` buffer. Since the header table size is still
930 ``max_size``, the encoder has to keep track of entries outside the
931 ``max_deflate_size`` but inside the ``max_size`` and make sure
932 that they are no longer referenced.
945 "percentage_of_original_size": 30.303030303030305,
946 "wire": "01881f3468e5891afcbf83868a3d856659c62e3f",
949 ":authority": "example.org"
961 "user-agent": "nghttp2"
964 "header_table_size": 4096,
969 "name": "user-agent",
997 "name": ":authority",
998 "value": "example.org",
1005 "deflate_size": 226,
1006 "max_deflate_size": 4096
1013 "output_length": 10,
1014 "percentage_of_original_size": 13.513513513513514,
1015 "wire": "88448504252dd5918485",
1018 ":authority": "example.org"
1030 "user-agent": "nghttp2"
1033 "header_table_size": 4096,
1045 "name": "user-agent",
1061 "referenced": false,
1068 "referenced": false,
1073 "name": ":authority",
1074 "value": "example.org",
1081 "deflate_size": 269,
1082 "max_deflate_size": 4096
1088 inflatehd - header decompressor
1089 +++++++++++++++++++++++++++++++
1091 The ``inflatehd`` program reads JSON data from stdin and outputs decompressed
1092 name/value pairs in JSON.
1094 The root JSON object must include the ``cases`` key. Its value has to
1095 include the sequence of compressed header blocks. They share the same
1096 compression context and are processed in the order they appear. Each
1097 item in the sequence is a JSON object and it must have at least a
1098 ``wire`` key. Its value is a compressed header block as a hex string.
1102 .. code-block:: json
1112 The output is a JSON object. It should include a ``cases`` key and its
1113 value is an array of JSON objects, which has at least following keys:
1116 The index of the header set in the input.
1119 A JSON array that includes decompressed name/value pairs.
1122 The compressed header block as a hex string.
1125 The header table size adjusted before inflating compressed header
1130 .. code-block:: json
1137 "wire": "01881f3468e5891afcbf83868a3d856659c62e3f",
1140 ":authority": "example.org"
1152 "user-agent": "nghttp2"
1155 "header_table_size": 4096
1160 "wire": "88448504252dd5918485",
1169 "user-agent": "nghttp2"
1175 ":authority": "example.org"
1178 "header_table_size": 4096
1183 The output can be used as the input for ``deflatehd`` and
1186 With the ``-d`` option, the extra ``header_table`` key is added and its
1187 associated value includes the state of the dynamic header table after the
1188 corresponding header set was processed. The format is the same as
1191 libnghttp2_asio: High level HTTP/2 C++ library
1192 ----------------------------------------------
1194 libnghttp2_asio is C++ library built on top of libnghttp2 and provides
1195 high level abstraction API to build HTTP/2 applications. It depends
1196 on the Boost::ASIO library and OpenSSL. Currently libnghttp2_asio
1197 provides both client and server APIs.
1199 libnghttp2_asio is not built by default. Use the ``--enable-asio-lib``
1200 configure flag to build libnghttp2_asio. The required Boost libraries
1207 The server API is designed to build an HTTP/2 server very easily to utilize
1208 C++11 anonymous functions and closures. The bare minimum example of
1209 an HTTP/2 server looks like this:
1213 #include <nghttp2/asio_http2_server.h>
1215 using namespace nghttp2::asio_http2;
1216 using namespace nghttp2::asio_http2::server;
1218 int main(int argc, char *argv[]) {
1219 boost::system::error_code ec;
1222 server.handle("/", [](const request &req, const response &res) {
1223 res.write_head(200);
1224 res.end("hello, world\n");
1227 if (server.listen_and_serve(ec, "localhost", "3000")) {
1228 std::cerr << "error: " << ec.message() << std::endl;
1232 Here is sample code to use the client API:
1238 #include <nghttp2/asio_http2_client.h>
1240 using boost::asio::ip::tcp;
1242 using namespace nghttp2::asio_http2;
1243 using namespace nghttp2::asio_http2::client;
1245 int main(int argc, char *argv[]) {
1246 boost::system::error_code ec;
1247 boost::asio::io_service io_service;
1249 // connect to localhost:3000
1250 session sess(io_service, "localhost", "3000");
1252 sess.on_connect([&sess](tcp::resolver::iterator endpoint_it) {
1253 boost::system::error_code ec;
1255 auto req = sess.submit(ec, "GET", "http://localhost:3000/");
1257 req->on_response([](const response &res) {
1258 // print status code and response header fields.
1259 std::cerr << "HTTP/2 " << res.status_code() << std::endl;
1260 for (auto &kv : res.header()) {
1261 std::cerr << kv.first << ": " << kv.second.value << "\n";
1263 std::cerr << std::endl;
1265 res.on_data([](const uint8_t *data, std::size_t len) {
1266 std::cerr.write(reinterpret_cast<const char *>(data), len);
1267 std::cerr << std::endl;
1271 req->on_close([&sess](uint32_t error_code) {
1272 // shutdown session after first request was done.
1277 sess.on_error([](const boost::system::error_code &ec) {
1278 std::cerr << "error: " << ec.message() << std::endl;
1284 For more details, see the documentation of libnghttp2_asio.
1289 The ``python`` directory contains nghttp2 Python bindings. The
1290 bindings currently provide HPACK compressor and decompressor classes
1291 and an HTTP/2 server.
1293 The extension module is called ``nghttp2``.
1295 ``make`` will build the bindings and target Python version is
1296 determined by the ``configure`` script. If the detected Python version is not
1297 what you expect, specify a path to Python executable in a ``PYTHON``
1298 variable as an argument to configure script (e.g., ``./configure
1299 PYTHON=/usr/bin/python3.4``).
1301 The following example code illustrates basic usage of the HPACK compressor
1302 and decompressor in Python:
1304 .. code-block:: python
1309 deflater = nghttp2.HDDeflater()
1310 inflater = nghttp2.HDInflater()
1312 data = deflater.deflate([(b'foo', b'bar'),
1314 print(binascii.b2a_hex(data))
1316 hdrs = inflater.inflate(data)
1319 The ``nghttp2.HTTP2Server`` class builds on top of the asyncio event
1320 loop. On construction, *RequestHandlerClass* must be given, which
1321 must be a subclass of ``nghttp2.BaseRequestHandler`` class.
1323 The ``BaseRequestHandler`` class is used to handle the HTTP/2 stream.
1324 By default, it does nothing. It must be subclassed to handle each
1325 event callback method.
1327 The first callback method invoked is ``on_headers()``. It is called
1328 when HEADERS frame, which includes the request header fields, has arrived.
1330 If the request has a request body, ``on_data(data)`` is invoked for each
1331 chunk of received data.
1333 Once the entire request is received, ``on_request_done()`` is invoked.
1335 When the stream is closed, ``on_close(error_code)`` is called.
1337 The application can send a response using ``send_response()`` method.
1338 It can be used in ``on_headers()``, ``on_data()`` or
1339 ``on_request_done()``.
1341 The application can push resources using the ``push()`` method. It must be
1342 used before the ``send_response()`` call.
1344 The following instance variables are available:
1347 Contains a tuple of the form (host, port) referring to the
1351 Stream ID of this stream.
1354 Scheme of the request URI. This is a value of :scheme header
1358 Method of this stream. This is a value of :method header field.
1361 This is a value of :authority or host header field.
1364 This is a value of :path header field.
1366 The following example illustrates the HTTP2Server and
1367 BaseRequestHandler usage:
1369 .. code-block:: python
1371 #!/usr/bin/env python
1376 class Handler(nghttp2.BaseRequestHandler):
1378 def on_headers(self):
1379 self.push(path='/css/bootstrap.css',
1380 request_headers = [('content-length', '3')],
1384 self.push(path='/js/bootstrap.js',
1386 request_headers = [('content-length', '10')],
1390 self.send_response(status=200,
1391 headers = [('content-type', 'text/plain')],
1392 body=io.BytesIO(b'nghttp2-python FTW'))
1394 ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
1395 ctx.options = ssl.OP_ALL | ssl.OP_NO_SSLv2
1396 ctx.load_cert_chain('server.crt', 'server.key')
1398 # give None to ssl to make the server non-SSL/TLS
1399 server = nghttp2.HTTP2Server(('127.0.0.1', 8443), Handler, ssl=ctx)
1400 server.serve_forever()
1405 [This text was composed based on 1.2. License section of curl/libcurl
1408 When contributing with code, you agree to put your changes and new
1409 code under the same license nghttp2 is already using unless stated and
1412 When changing existing source code, do not alter the copyright of
1413 the original file(s). The copyright will still be owned by the
1414 original creator(s) or those who have been assigned copyright by the
1417 By submitting a patch to the nghttp2 project, you (or your employer, as
1418 the case may be) agree to assign the copyright of your submission to us.
1419 .. the above really needs to be reworded to pass legal muster.
1420 We will credit you for your
1421 changes as far as possible, to give credit but also to keep a trace
1422 back to who made what changes. Please always provide us with your
1423 full real name when contributing!
1425 See `Contribution Guidelines
1426 <https://nghttp2.org/documentation/contribute.html>`_ for more