X
    Categories: Hosting News

HTTP/2 Now Available on all shared/cloud servers at SiteGround

The Internet as we all know it today wouldn’t have existed without the HTTP protocol. It is the heart and soul that pumps content to all of us. It makes it possible for us to read the latest news, order stuff online, watch videos on YouTube and get to our favourite websites on all types of devices - workstations with 27-inch displays, laptops, mobile phones, tablets and even e-readers that offer browsing capabilities. Sadly, that protocol has not been changed since 1999 when version 1.1 was released so, when HTTP/2 was released earlier this year, it was a source of major excitement. Of course, the SiteGround team has immediately started working on it and we are now happy to announce that all our shared and cloud servers support HTTP/2.

Why HTTP needed an update?

Modern websites/apps make hundreds of HTTP requests and HTTP 1.1 is not well designed for the performance needs of the modern web and the constantly growing requirements of the users. During the last 16 years many new technologies emerged and web developers got really creative in terms of going around and jumping over the limitations of HTTP 1.1. However, it was time for the protocol itself to change and introduce some new features that will speed up all sites on the Internet.

What’s new in HTTP/2?

HTTP/2 is based on SPDY and is focused on performance improvements. It offers the following enhancements:

Multiplexing For Faster Data Transfer

Modern websites/apps require the web browsers to make many request to render a web page. In the beginning HTTP/1.0 allowed only one request to be made via a single TCP connection. With HTTP/1.1 this was addressed so browsers can make multiple requests to load many resources simultaneously. Unfortunately, another problem called head-of-line blocking was not resolved.

When HTTP/1.1 is used the requests flow is usually the following: the browser sends a request and needs to wait for the response of the server in order to send the next request. Modern websites have over 100 objects and even when browsers use multiple connections this way of handling requests can add up a lot of time because of head-of-line blocking.

The solution introduced in HTTP/2 is called multiplexing. It gives us a simple way to request and receive multiple web objects at a time through a single connection. It is the solution for the head-of-line blocking problem. HTTP/2 resolves this problem by using frames. Every frame contains meta information about requests/responses which allows one connection to be used for simultaneous delivery without causing confusion about which response is associated with which request. Here is an example how HTTP/2 handles the same three requests that we showed in the previous diagram:

As you can see from the second diagram when HTTP/2 is used the user sends multiple requests and can receive them in whatever order. Thus, pages load faster. For example, the server needed more time to handle the second request but the delivery of the third object was not blocked.

Compression Of Headers For Transferring Less Data

The second big improvement added by HTTP/2 is related to HTTP headers. Clients use headers to inform servers what information is needed and in what format the information could be delivered to them. For example, a web browser usually sends headers to inform the servers that it supports gzip compressed data. Cookies are also communicated via headers and the size of some cookies can get really big.

The problem is headers do not change much between requests. Also, with HTTP/1.1 headers have to be provided for every single request, which of course is pointless when headers do not change. Now HTTP/2 not only sends headers per connection, but it also offers compression. This means that an average web page that contains ~80-90 objects can now be loaded much faster because the web browser will need just one round trip to send all of the headers for all of the objects.

Prioritization For Proper Page Rendering

The third problem which HTTP/2 solves is caused by multiplexing and headers compression. Some objects are more important than others. For example, the CSS objects for a site should be delivered in the beginning, so that the site could be properly displayed. If multiplexing is used you cannot be sure that the CSS will be delivered before the rest of the objects.

The designers of the protocol, decided to address this issue in the protocol itself. Clients are able to communicate with the server and indicate priorities for certain objects and this way the web servers can make decisions about which objects should be delivered first to the clients. Since the protocol itself supports prioritization this means that web developers should not worry about changes that need to be made to their apps. The modern web browsers will take care of prioritization and handling of data streams in HTTP/2.

HTTP/2 Needs SSL/TLS

All web server implementations support HTTP/2 when it is used over an encrypted connection. This means you need an SSL for your website in order to take advantage of HTTP/2.

You can find more about HTTP/2 here: https://http2.github.io/faq/

Is HTTP/2 already in use?

HTTP/2 is already alive and you have probably already using it on your end if you’re using a modern browser such as all of the latest versions of Chrome, Firefox, Opera and Edge support HTTP/2.

Now all SiteGround shared/cloud servers support HTTP/2. Please note that clients that have private SSL certificates (see above: encryption is a must when HTTP/2 is used) can immediately take advantage of the new cool performance optimizations offered by HTTP/2.

Daniel Kanchev: My challenging job is closely related to all kinds of Free and Open-Source Software products (some of my favorites are WordPress, Joomla!, Magento, Varnish and Apache mod_security). As a Web security and performance freak I am always hyper focused on solving all kinds of issues and improving our services.

View Comments

    • Hi Luis and thanks for your comment! We are considering using SNI + letsencrypt.org in order to allow people to install multiple certificates on one hosting account. I hope that soon we'll be able to do this on our shared servers. The technical implementation is the easy part. However, before we officially add SNI support we would like to perform extensive tests to make sure that everything will work as expected.

  • Hello Daniel,

    That really good news !
    Letsencrypt.org also involved in, great !
    Have you give it a try already on lets encrypt ?
    What do you think about it ?

    Congrats and best Regards,

  • Hey Daniel,
    ok ... thy, but ...
    ... another question: reading the Nginx docu, HTTP/2 is only supported for Nginx >= 1.9.5 (mainline / experimental) Version. So, you run a "backportet HTTP/2 on Nginx 1.8.x", or a "unstable Nginx 1.9.x" ? :)

    Best,
    Martin

    • We use a custom Nginx version which has been compiled by our colleagues from the DevOps department. The custom version is a stable release of the popular web server and it offers HTTP/2 support. We release new versions of our own Nginx when new features are added to the official Nginx releases.

  • Hello Daniel and thank you very much for this feature, this article and all your replies.

    I have a SSL certificate (provided by GlobalSign via Siteground) for one of my main domains on my Cloud server (I believe it's included also after 1 year), and for this I understand I don't have to do anything (except to make my default WP url https now), and it's already supported.

    Now I have a question about all the other domains which are pointing there. Some have their own cPanel accounts, and some are addons or parked domains on top of them. And it's constantly changing as I add a domain when I get a new client on my WP Multisite.

    In one of your replies, you mention you will offer soon possibility of SNI with letsencrypt certificates.

    Q1 : Am I right that it's now available? I can see "Needs SNI?" under Manage SSL in cPanel.
    I see Letsencrypt opened to public beta on Dec 3 2015, and I see Siteground on their major sponsors! (congrats and thx btw)
    https://letsencrypt.org/2015/12/03/entering-public-beta.html

    Q2 : And can I add multiple domains for all my addons/parked domains, in all the cPanel accounts (not only main) ? and how?

    Q3 : And should I replace the one provided by GlobalSign, for my main domain by one also from Letsencrypt in order to have them all SNI?
    Maybe that's too many questions and I should open a support ticket? but I thought other readers might be interested to read this.

    Thank you very much in advance
    Patricia

    • Hi Patricia and thank you for all the questions! For now you should keep the GlobalSign SSL certificate. We are still working on the LetsEncrypt implementation for cPanel. Once it is ready you'll be able to use a tool which will allow you to setup new SSL certificates directly from the cPanel. This means that currently you cannot take advantage of HTTP/2 for all of your domains. However, this will change once we finalize the SNI + LetsEncrypt implementation. There will be probably a new blog post once this is done. Thanks for your patience!

        • During the first request the browser and the server will exchange information about which version of HTTP is supported by both and then the site will be loaded. This means that if your browser supports only HTTP 1.1 then the site will be loaded via 1.1.

  • Hi Hristo,

    I am so glad you guys are working on allowing multiple ssl installations for the Gogeek plan.

    Otherwise I had to move away from Siteground (which I rather not do)...

    • Yes, there's been a demand for this feature and we'll do our best to make it available right after the New Year :)

      • Also as a side note, i was getting my head around the 1 ssl cert per account on GoGeek with your support team and pre sales team this morning and no-one mentioned that it was being worked on and to sit tight.

        • Both are part of a single project that I really hope we will complete in less than a month...fingers crossed here because it requires tons of testing and hard ETA is difficult to give.

      • Do you have an ETA on this. Some of my clients are requesting this and some sites I'm holding off from migrating from UKWSD into my GoGeek account due to the 1 ssl cert limit per account.

  • Hello Hristo,

    I have 2 GoGeek accounts with SiteGround and it is my desire to be able to upgrade all the websites on the hosting with LetsEncrypt.

    I believe it is the right thing to do for my customers and it could give me a competitive advantage through 2016.

    I look forward to more news from you and your team.

    A happy SiteGround customer.

    • Thanks for the kind words! We definitelly have tons of new stuff prepared and I hope we will soon have good news :)

  • once the SNI + LetsEncrypt integration happens, will you still need a dedicated IP on your account? I think right now, it's a $30 setup fee for a 3rd party SSL cert, a $30 setup fee for a dedicated IP, plus the yearly cost of the dedicated IP.

    I'm assuming since LetsEncrypt is a 3rd party cert, there will still be a setup fee? If so, if you have multiple LetsEncrypt SSLs that you want on the same account, will there just be one setup fee or will there be a separate setup fee for each cert?

    I'm looking forward to the SNI + LetsEncrypt integration happening soon.

    • No, LetsEncryp will be completely free of charge and you will not need a dedicated IP address to use those certificate. Dedicated IP addressess will remain requirement only for the regular SSL certificates that we provide to our customers.

      • Thanks for the clarification Hristo - Having just upgraded to a Cloud account, I have a question about the dedicated IP fro SSL and HTTP/2. As I set up client websites on my cloud account, each with their own cpanel, will I need to purchase a dedicated IP (and the private certificate) to provide HTTP/2 for each of them?

        • Hello Gregg and thank you for the excellent question! Once we are done with the implementation of Let's Encrypt our systems will also become fully SNI compliant. This means that you'll be able to install more than one SSL per IP address. For more information about SNI check the following Wikipedia article:

          https://en.wikipedia.org/wiki/Server_Name_Indication

  • Is HTTP/2 available with Let's Encript? I see it's available on KeyCDN using Let's Encript.

    Very exciting technology.

    • Hello Henry, once you install Let’s Encrypt, the visitors who access your website through https and use a modern browser that supports HTTP/2 will receive your content served through faster HTTP/2 protocol.