Sometimes SPDY/2, Sometimes SPDY/3.1?

Server NGINX
1

Hello Everyone,

We have been running SPDY/2 for months and months without issue and
recently
upgraded to 1.5.10 for SPDY/3.1 support. However, we are having an issue
where sometimes our site reports SPDY/2 and sometimes it reports
SPDY/3.1 in
Chrome’s net-internals and the Chrome spdy extension. We use Nginx in
reverse proxy mode and have 4 servers blocks - 2 for HTTP which redirect
to
2 for HTTPS (a production block and a dev block). Both blocks experience
the
same behavior.

Here is an HTTP and HTTPS block:

WWW

upstream www_servers {
ip_hash;
server 10.x.x.x:8080 max_fails=3 fail_timeout=30s;
server 10.x.x.x:8080 max_fails=3 fail_timeout=30s;
}

Directives to enable “front end” SSL

Disable weak SSLv2 and only accept SSLv3 and TLSv1

server {
listen 10.x.x.x:80;
server_name mysite.com;
server_name www.mysite.com;

    location /feed {
            add_header X-Frame-Options SAMEORIGIN;
            proxy_set_header Host $host;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For

$proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header;

proxy_http_version 1.1;

            proxy_pass http://www_servers;
            proxy_intercept_errors on;

error_page 504 @errors;

}

    location / {
            add_header X-Frame-Options SAMEORIGIN;
            proxy_set_header Host $host;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_next_upstream error timeout invalid_header;
            proxy_intercept_errors on;

error_page 504 @errors;

            rewrite ^ https://$server_name$request_uri permanent;
    }

}

server {
listen 10.x.x.x:443 default_server spdy ssl;
ssl on;
ssl_certificate /path/to/my/ssl.crt;
ssl_certificate_key /path/to/my/ssl/ssl.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1 SSLv3;
ssl_ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA;
ssl_prefer_server_ciphers on;
server_name mysite.com;
server_name www.mysite.com;

    location / {
            add_header X-Frame-Options SAMEORIGIN;
            proxy_set_header Host $host;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For

$proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header;
proxy_intercept_errors on;

error_page 504 @errors;

proxy_http_version 1.1;

            proxy_pass http://www_servers;
    }

}

Can anyone provide any guidance on why this may be happening?

Posted at Nginx Forum:

2

Hello!

On Tue, Feb 11, 2014 at 09:59:52AM -0500, mevans336 wrote:

Hello Everyone,

We have been running SPDY/2 for months and months without issue and recently
upgraded to 1.5.10 for SPDY/3.1 support. However, we are having an issue
where sometimes our site reports SPDY/2 and sometimes it reports SPDY/3.1 in
Chrome’s net-internals and the Chrome spdy extension. We use Nginx in
reverse proxy mode and have 4 servers blocks - 2 for HTTP which redirect to
2 for HTTPS (a production block and a dev block). Both blocks experience the
same behavior.

Either you have more than one server, or you’ve forgot to stop old
nginx master process during upgrade.

http://nginx.org/en/docs/control.html#upgrade


Maxim D.
http://nginx.org/

3

Bingo, I issued a -USR2 but a ps shows both the old and new master
processes
listening. Thanks Maxim.

Posted at Nginx Forum: