Geek Answers Handbook

How do HTTP / 2 and CNAME work together?

I do not know how to ask him, so I will try to explain with an example.

I have these resources on the example.com server, HTTP/2 :

 //example.com/css/file.css //example.com/js/file.js //example.com/images/file.png

I want to download one of these files through the domain alias cdn.example2.com , which points to the domain example.com . So, the actual resources inside HTML should look like this:

 //example.com/css/file.css //cdn.example2.com/js/file.js -> points to //example.com/js/file.js //example.com/images/file.png

My question is: are all the resources in the second example loaded by the browser through one connection, since they will be loaded when there are no aliases?

Thanks for the help.

+7
apache nginx dns cname
source share
2 answers

If the aliases allow different IP addresses, it is not possible to load resources on the same connection (the so-called "reuse of the connection" over HTTP / 2, if I'm not mistaken). This is a problem with the CDN from here.

But for your peace of mind and full satisfaction of the CDN, reusing the connection is a difficult task, and you may not have it, even if all your domains allow the same IP address, as in your case.

To be future proof, you can make sure that your sites are configured with certificates configured correctly to enable reuse of the connection.

In the current versions of Firefox and Chrome, I did not observe reuse of connections even after carefully issuing certificates and, of course, Iā€™m sure that these two domains point to the same IP address.

And just food for thought: HTTP / 2 over TLS requires SNI , which only happens when a connection is opened. Therefore, when you first connect to the same domain, for example example.com, the server receives SNI data. But the server will not receive such data if the same connection is reused to send a request to cdn.example.com. Some servers or usage scenarios may be sensitive to this asymmetry, and this may have something to do with how browsers use (or not) connection reuse. But these are only your speculations ...

+4
source

The specification does not require reuse, but it explicitly contains information about when reuse is acceptable ā€” for example, two hosts that resolve the same IP address.

https://tools.ietf.org/html/rfc7540#section-9.1.1

Connections made on the source server, either directly or through a tunnel created using the CONNECT method (section 8.3), MAY
be reused for queries with several different URI permissions
Components. A connection can be reused as long as the origin server is authoritative (section 10.1). For TCP connections without TLS,
it depends on what the host decided on the same IP address.

For https resources, reusing a connection also depends on having a certificate valid for the host in the URI.
the certificate provided by the server SHOULD satisfy any checks that the client will work when creating a new TLS connection for the host
in the URI.

+4
source

More articles:


All Articles