1
Tutorials and FAQs / NGINX with NextCloud and HTTP2
« on: July 08, 2023, 08:41:16 pm »
Hi,
Long time reader and first time poster. I have been using Opnsense for sometime and I always used HAProxy to set up access. Its worked well but me being me i like to change things up and I am partial to Nginx.
I setup Nginx in the normal way (following the tutorial here: https://forum.opnsense.org/index.php?topic=19305.0) and got communication working. For some reason if I use firefox to access NextCloud it works fine. If I use IOS or OSX Safari or even Curl it gives me an HTTP/2 error:
I read online somewhere about a similar scenario with AWS LB and Nginx. Basically the LB was downgrading the original HTTP/2 request so Nginx would send out an upgrade response. AWS would forward the upgrade response back to the client which would just drop the connection because its already using HTTP/2.
Just to sanity check the services of Apache and Nextcloud I switched back from Nginx to HAProxy and it basically immediately started working again. I am not able to find any HTTP/2 settings in Nginx GUI and im not sure what I can do. It may well be the functionality is missing form the GUI.
-------------------------------------------- Update from within the new post --------------------------
I was drafting the above post to ask for help but I saw this comment posted 7 years ago (https://trac.nginx.org/nginx/ticket/923):
So still going to post this incase someone is trying to figure this out. If you arent able to hit your HTTP/2 services from Safari but can with Firefox this might be why. Nginx allows you to use streams which has some host header inspection options but I've spent a whole day on this and I am ready to give up. I cant find the relevant options in the GUI and I dont want to start modifying configs now. Maybe someone else will have more luck?
I need to route multiple mixed services either i have to disable HTTP/2 (a quick google search doesnt really come up with much, most people are trying to enable HTTP/2 on nextcloud) or just go back to HAProxy. Kind of a shame i wanted to use the basic waf rules which will have to done on an individual service level now.
Long time reader and first time poster. I have been using Opnsense for sometime and I always used HAProxy to set up access. Its worked well but me being me i like to change things up and I am partial to Nginx.
I setup Nginx in the normal way (following the tutorial here: https://forum.opnsense.org/index.php?topic=19305.0) and got communication working. For some reason if I use firefox to access NextCloud it works fine. If I use IOS or OSX Safari or even Curl it gives me an HTTP/2 error:
Code: [Select]
curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
I read online somewhere about a similar scenario with AWS LB and Nginx. Basically the LB was downgrading the original HTTP/2 request so Nginx would send out an upgrade response. AWS would forward the upgrade response back to the client which would just drop the connection because its already using HTTP/2.
Just to sanity check the services of Apache and Nextcloud I switched back from Nginx to HAProxy and it basically immediately started working again. I am not able to find any HTTP/2 settings in Nginx GUI and im not sure what I can do. It may well be the functionality is missing form the GUI.
-------------------------------------------- Update from within the new post --------------------------
I was drafting the above post to ask for help but I saw this comment posted 7 years ago (https://trac.nginx.org/nginx/ticket/923):
Quote
There are no plans to implement HTTP/2 support in the proxy module in the foreseeable future, see detailed answer here. If you want to use nginx to balance multiple servers, consider using the stream module to do this.
So still going to post this incase someone is trying to figure this out. If you arent able to hit your HTTP/2 services from Safari but can with Firefox this might be why. Nginx allows you to use streams which has some host header inspection options but I've spent a whole day on this and I am ready to give up. I cant find the relevant options in the GUI and I dont want to start modifying configs now. Maybe someone else will have more luck?
I need to route multiple mixed services either i have to disable HTTP/2 (a quick google search doesnt really come up with much, most people are trying to enable HTTP/2 on nextcloud) or just go back to HAProxy. Kind of a shame i wanted to use the basic waf rules which will have to done on an individual service level now.