HTTP/2 C library and tools

Nghttp2 v1.9.0

We released nghttp2 v1.9.0.

This release adds new callback functions to libnghttp2 for better debugging, and potential performance enhancements. We refactored nghttpx basic interface, and it gets many powerful features in this release. We fixed several bugs in h2load when it is used against HTTP/1.1 server. We also now have cmake build support.

New callback functions for better debugging and performance

We have added 2 new callback functions. nghttp2_error_callback is a callback that tells application about the detailed error message for human consumption. This is intended for debugging purpose.

The 2nd new callback function is nghttp2_on_header_callback2. This function is similar to existing nghttp2_on_header_callback. The crucial difference between these two is that new callback uses reference counted buffers for header field name/value. Application can increase their reference count by nghttp2_rcbuf_incref, and store its reference without copying the content. When its usage is done, don’t forget to call nghttp2_rcbuf_decref. Previously, the buffer storing header field name/value is owned solely by libnghttp2 library, and application has to copy them out if it wants to retain them for future use.

We also added new API function nghttp2_http2_strerror. This function returns text version of HTTP/2 error code (e.g., PROTOCOL_ERROR). This is useful to output debugging information about error code contained in RST_STREAM or GOAWAY frame.

We added new option nghttp2_option_set_no_auto_ping_ack, which disables automatic ping reply. Application can submit ping reply using nghttp2_submit_ping with NGHTTP2_FLAG_ACK in flags parameter.

cmake build, and more

Peter Wu has done a stellar job to add cmake build support for nghttp2. According to the PR documents, cmake build is faster than autotool build. It also supports Windows build at least for libnghttp2.

Jan-E fixed several rough edges in Makefile.msvc.

h2load bug fixes

We fixed 2 bugs in h2load when HTTP/1.1 is used. The first bug is that it did not try to connect to server again. This happens if server shutdowns the connection if it serves certain number of requests. This kind of behaviour is enabled by default for some server software.

The 2nd bug is that initial max concurrent streams was too large, and it causes undefined behaviour if -m option is not used.

nghttpx: better configuration for frontend/backend protocol and encryption

In this release, we reworked nghttpx command-line (and thus its configuration) interface. Previously, it had --http2-bridge, --client, and --client-proxy options to change its major mode. But they were quite inflexible, and became obstacles when we are extending nghttpx features. To ensure the further feature enhancements, they have been removed. Now nghttpx gets much simpler, and only has 2 modes: default mode, and HTTP/2 proxy mode (-s option). The removed modes can be achieved using other options. Read Migration from nghttpx v1.8.0 or earlier to know how to migrate from earlier release.

Now backend connections are not encrypted by default regardless of the used protocol. The exciting new feature is that backend protocol can be specified per routing pattern basis. Also the TLS can be enabled per routing pattern as well:


With above configuration, requests to /httpbin/ are routed to unix:/var/unix/httpbinsv via HTTP/1.1 protocol over cleartext TCP. The other requests are routed to via HTTP/2 protocol over TLS. tls keyword in --backend option enables encryption.

We now allow wildcard in routing pattern in --backend option. When we write:


All requests which have host (or :authority) header field whose suffix is are routed to

Since the previous release, nghttpx has got multiple frontend addresses support. Now its feature has been extended, and TLS can be enabled or disabled per frontend address. This means that single nghttpx instance finally can serve both TLS and non-TLS contents:


With the above configuration, nghttpx listens to port 443 for incoming TLS connection. It also listens to port 80, but this time for incoming cleartext connection. no-tls keyword in --frontend option disables encryption. --frontend-no-tls options has been removed in favor of no-tls keyword.

The encryption for memcached connections has been available since the previous release. In this release, we changed how to enable TLS. Now we use similar syntax for --frontend option. To enable TLS over memcached connection to get TLS ticket keys, use the following configuration:


In the above configuration, the tls keyword enables encryption.

nghttpx supports server push with Link header field with rel=preload. Now it recognizes nopush target attribute (see preload).

There are several deprecated options. If they are used, nghttpx will output warning level logging message. Please be careful for them, and they may contain the idea how to migrate to the new or existing other options.