nginx KTLS and HTTP/2 performance degradation

[Maxim Dounin]

Hello!

On Thu, Sep 08, 2022 at 04:58:24PM +0300, Noam Cvikel wrote:

> Late to the party. We've seen the same results over here when using sendfile
> with HTTP/2. You can increase it from 8k to 16 frames using http2_chunk_size
> but that still won't be good performance when dealing with files that aren't
> tiny.
> 
> Really glad I found this thread, and I appreciate the clarification Maxim.
> One thing I ponder though, shouldn't it be beneficial to have a directive to
> toggle Sendfile on/off specifically for HTTP/2?
> It would be nice to allow a location to Sendfile over HTTP/1.1 by still
> respond to HTTP/2 requests.

As long as you have HTTP/2 enabled, it hardly make sense to 
optimize things for anything but HTTP/2, since most of the clients 
will use HTTP/2 anyway.

If you really do care, a readily available solution might be to 
rewrite to a different location with sendfile enabled.  For 
example:

    server {
        listen 443 ssl http2;

        location / {
            if ($server_protocol != 'HTTP/2.0') {
                rewrite ^(.*) /sendfile$1 last;
            }

            sendfile off;
        }

        location /sendfile/ {
            alias html/;
            sendfile on;
        }
    }

I don't think it worth the effort though.

Alternatively, a dedicated HTTP/1.x-only server for large 
downloads with sendfile enabled might be the way to go.  This 
will ensure that kernel TLS and SSL_sendfile() can be effectively 
used for all clients.

-- 
Maxim Dounin
http://mdounin.ru/